Session Initiation Protocol (SIP) based Voice over Internet Protocol (VoIP) services has attained much attention over the last decade. SIP is an extensively used Internet protocol for real time communication and establishment of media sessions. However, it is vulnerable to several security attacks due to its open architecture and text-based nature of SIP messages. Also, the inherent vulnerabilities of the underlying transport protocols such as TCP, SCTP and UDP renders SIP exposed to some serious security flaws. One of these is the protocol’s weak authentication scheme that leads to a number of attacks including registration hijacking, impersonating a server, message tampering, session teardown, Dos etc. This paper discusses various security attacks and their impact on VoIP communication. A novel authentication scheme based on Needham Schroeder authentication protocol is also proposed along with the defenses it provides against various security attacks.

 

Published In : IJCSN Journal Volume 3, Issue 4

Date of Publication : 01 August 2014

Pages : 162 - 170

Figures : 09

Tables : 01

Publication Link : An Authentication Scheme for SIP using Needham Schroeder Authentication Protocol

 

 

 

Natalia Chaudhary : is a student of BS(Hons) in Computer Science at Kinnaird College for Women University Lahore.

Rabia Sirhindi : has received a BS(Hons) in Computer Science from University of Punjab and MS in Information Security from National University of Sciences and Technology. She is presently serving as Lecturer at Kinnaird College for Women University Lahore.

 

 

 

 

 

 

 

VoIP

session initiation protocol

TCP

UDP

SCTP

Needham Schroeder authentication protocol

SIP is vulnerable to several attacks due to weak authentication mechanism of SIP. Previously proposed solutions are vulnerable to some attacks along with password guessing attack. In this paper, a secure authentication scheme is proposed which is based on Needham Schroeder protocol. Various attacks on this protocol and their solutions are illustrated. This protocol guards against many attacks including replay attack, message tampering attack and impersonation attacks as described in this paper. Also it provides security against password guessing attack too.

 

 

 

 

 

 

 

 

 

[1] Alan B. Johnston, SIP:Understanding the Session Initiation Protocol (Second Edition), ISBN- 9781580536561, Artech House Inc, 2003.

[2] D. Donohue, D. Mallory, K. Salhoff, Session Initiation Protocol, Cisco Press, 2006. http://www.ciscopress.com/articles/article.asp?p=664148

[3] The SIP Servlet Tutorial, Sun Microsystems, Network Circle Santa Clara, CA 95054, U.S.A, 2009. http://docs.oracle.com/cd/E19355-01/820- 3007/gfnfb/index.html

[4] J. Rosenberg, et al., SIP: Session Initiation Protocol, RFC 3261, 2002. http://tools.ietf.org/html/rfc3261

[5] M. Collier, “VoIP Vulnerabilities”, SecureLogix Corporation, 2005.

[6] S. El Sawda and P. Urien, “SIP Security Attacks and Solutions: A state-of- the-art review”, in IEEE, 2006, Vol. 2, pp. 3187 – 3191.

[7] A. Roach, “Session Initiation Protocol (SIP)-Specific Event Notification”, RFC 3265, 2002. http://tools.ietf.org/html/rfc3265

[8] G. Asghar and Q. Jawed Azmi, “Security issues of SIP”, M.S. Thesis no: MEE10:74, Department Of Telecommunication Systems, Blekinge Institute Of Technology School Of Engineering, 2010.

[9] H. Belaoud, J. El Abbadi, A. Habban, “Survey Of Sip Authentication Mechanisms”, Journal of Theoretical and Applied Information Technology, Vol. 58. No. 2, 2013.

[10] E.J. Yoon, E.K. Ryu, K.Y. Yoo, “Attacks and Solutions of Yang et al.’s Protected Password Changing Scheme”, Informatica, , Vol. 16 No.2, pp. 285–294, 2005.

[11] R. Zhang, X. Wang, R. Farley, X.Yang, X. Jiang, “On the Feasibility of Launching the Man-In-The-Middle Attacks on VoIP from Remote Attackers”, in ASIACCS '09 Proceedings of the 4th International Symposium on Information, Computer, and Communications Security , 2009, pp. 61-69.

[12] E.J. Yoon, K.Y. Yoo, C. Kim, Y.S. Hong, M. Jo, “A secure and efficient SIP authentication scheme for converged VoIP networks”, Computer Communications, Vol. 33, 2010, pp. 1674-1681.

[13] R. Hande, “Password Cracking– Online vs. Offline Password Cracking”,Scribd, 2012.

[14] J. Franks, HTTP Authentication basic and digest access authentication, IETF RFC2617, 1999.

[15] Niemi, A., et al., “Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA)”, RFC 3310, 2002. http://www.hjp.at/doc/rfc/rfc3310.html

[16] C. C. Yang, R. C. Wang, and W. T. Liu, "Secure authentication scheme for session initiation protocol”, in Computers & Security, 2005, Vol. 24, pp. 381-386.

[17] A. Durlanik and I. Sogukpinar, “SIP authentication scheme using ECDH”, International Journal of Computer, Information, Mechatronics, Systems Science and Engineering, Vol. 1, No.8, 2007.

[18] L. Wu, Y. Zhang, F. Wang, "A new provably secure authentication and key agreement protocol for SIP using ECC", Computer Standards & Interfaces, Vol. 31, 2009, pp. 286–291.

[19] R. Arshad, N. Ikram, "A novel mutual authentication scheme for session initiation protocol based on elliptic curve cryptography”, in 13th International Conference on Advanced Communication Technology (ICACT), 2011, Vol. 13, pp. 705-710.

[20] H. Tang, X. Liu, "Cryptanalysis of Arshad et al.’s ECCbased mutual authentication scheme for session initiation protocol", Multimedia Tools and Applications, Vol. 65, 2013, pp. 321-333.

[21] S.S. Mousavi-nik, M.H. Yaghmaee-moghaddam and M.B. Ghaznavi-ghoushch, “Proposed SecureSIP Authentication Scheme based on Elliptic Curve Cryptography”, International Journal of Computer Applications, Vol. 58, No.8, 2012, pp. 25-30.

[22] J. L. Tsai, “Efficient nonce-based authentication scheme for session initiation protocol”, International Journal of Network Security, Vol. 8, No. 3, 2009, pp. 312- 316.

[23] J. Ring, K.K. R. Cho, E. Foo, M.H. Looi, “A new authentication mechanism and key agreement protocol for SIP using identitybased cryptography”, in Information Technology Security Conference, 2006, pp. 61–72.

[24] H.H. Kilinc, Y. Allaberdiyev, T. Yanik, “Performance Evaluation of ID Based Authentication Methods in the SIP Protocol”, in proceeding of Application of Information and Communication Technologies (AICT), 2009, pp. 1-6.

[25] R. Yu, J. Yuan, G. Du, P. Li, "An identity-based mechanism for enhancing SIP security", in IEEE 3rd International Conference on Software Engineering and Service Science (ICSESS), 2012, pp. 447-451.

[26] D. Geneiatakis, C. Lambrinoudakis, “A lightweight protection mechanism against signaling attacks in a SIPBased VoIP environment”, Telecommunication Systems, Vol. 36, 2008, pp. 153–159.

[27] T. Guillet, R. Moalla, A. Serhrouchni, A. Obaid, "SIP authentication based on HOTP”, in International Conference on Information, Communications and Signal Processing (ICICS), 2009, pp. 1-4, 8-10.

[28] Y.P. Liao, S.S Wang, “A new secure password authenticated key agreement scheme for SIP using selfcertified public keys on elliptic curves”, Computer Communications, Vol. 33, Issue 3, 2009, pp. 372-380.

[29] M. Kumar, A. Tuli, R. Tuli, “Secure Communication Using Needham-Schroeder Protocol”, CPMR-IJT, Vol. 1, No. 1, 2011.

[30] Introduction to Networks and Security, Lecture 29, CSE331, 2006. http://www.cis.upenn.edu/~cse331/lectures/CSE331- 29.pdf

[31] G. Lowe, “An attack on the Needham-Schroeder publickey authentication protocol”, Information Processing Letters archive, Vol. 56, Issue 3, 1995, pp. 131 - 133.

[32] M. Abadi and R. Needham, “Prudent Engineering Practice for Cryptographic Protocols”, IEEE Transactions on Software Engineering Vol.22, No.1, 1996, pp. 6-15.

[33] W.H. Yang, J.C. Shen, S.P. Shie, “Designing authentication protocols against guessing attacks”, Technical Report 2(3), Institute of Information & Computing Machinery, Taiwan, 1999.