A secure and efficient SIP authentication scheme for converged VoIP networks

Session Initiation Protocol (SIP) has been widely used in current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a powerful signaling protocol that controls communications on the Internet for establishing, maintaining and terminating sessions. The services that are enabled by SIP are equally applicable to mobile and ubiquitous computing. This paper demonstrates that recently proposed SIP authentication schemes are insecure against attacks such as off-line password guessing attacks, Denning-Sacco attacks and stolen-verifier attacks. In order to overcome such security problems, a new secure and efficient SIP authentication scheme in a converged VoIP network based on elliptic curve cryptography (ECC) is proposed and it works to exploit the key block size, speed, and security jointly.