Weakness in Zhang et al.’s authentication protocol for session initiation protocol

Abstract

Authentication is the most security service required by Session Initiation Protocol (SIP). In recently years, Zhang et al. proposed for the first time an efficient and flexible authentication protocol for SIP using smart card and Elliptic Curve Cryptography. But, in 2014, Zhang et al. showed that their latest proposed protocol is vulnerable to impersonation attack. In order to improve their protocol, Zhang et al. proposed a second protocol. However, in this work we demonstrate that Zhang et al.’s protocol is vulnerable to server spoofing attack. Furthermore to overcome the weakness of Zhang et al.’s protocol we propose an improved and secured SIP authentication and key exchange protocol. The security analysis shows that our proposed protocol can resist to various attack including server spoofing attack.