The session initiation protocol (SIP) is an authentication protocol used in 3G mobile networks. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Yoon et al. later pointed out that the scheme of Tsai is vulnerable to off-line password guessing attack, DenningSacco attack, and stolen-verifier attack and does not support perfect forward secrecy (PFS). Yoon et al. further proposed a new scheme with PFS. In this paper, we show that the scheme of Yoon et al. is still vulnerable to stolen-verifier attack and may also suffer from off-line password guessing attack. We then propose several countermeasures for solving these problems. In addition, we propose a new security-enhanced authentication scheme for SIP. Our scheme also maintains low computational complexity.

• 出版日期2012-1
• 单位杭州师范大学