Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol

Jo Heasuk; Lee Yunho; Kim Mijin; Kim Seungjoo; Won Dongho

doi:10.1109/NCM.2009.251

Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol

Jo Heasuk, Lee Yunho, Kim Mijin, Kim Seungjoo, Won Dongho

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

37 Citations (Scopus)

Abstract

The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.

Original language	English
Title of host publication	NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC
Pages	618-621
Number of pages	4
DOIs	https://doi.org/10.1109/NCM.2009.251
Publication status	Published - 2009
Externally published	Yes
Event	NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications - Seoul, Korea, Republic of Duration: 2009 Aug 25 → 2009 Aug 27

Publication series

Name	NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

Other

Other	NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications
Country/Territory	Korea, Republic of
City	Seoul
Period	09/8/25 → 09/8/27

Keywords

Authentication
Key agreement
Security
Session initiation protocol

ASJC Scopus subject areas

Computer Graphics and Computer-Aided Design
Computer Science Applications
Software

Access to Document

10.1109/NCM.2009.251

Cite this

Heasuk, J., Yunho, L., Mijin, K., Seungjoo, K., & Dongho, W. (2009). Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. In NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC (pp. 618-621). [5331801] (NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC). https://doi.org/10.1109/NCM.2009.251

Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. / Heasuk, Jo; Yunho, Lee; Mijin, Kim et al.
NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC. 2009. p. 618-621 5331801 (NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Heasuk, J, Yunho, L, Mijin, K, Seungjoo, K & Dongho, W 2009, Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. in NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC., 5331801, NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC, pp. 618-621, NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications, Seoul, Korea, Republic of, 09/8/25. https://doi.org/10.1109/NCM.2009.251

@inproceedings{bfd8ba68d6644a13aca73fd36b454dbe,

title = "Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol",

abstract = "The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.",

keywords = "Authentication, Key agreement, Security, Session initiation protocol",

author = "Jo Heasuk and Lee Yunho and Kim Mijin and Kim Seungjoo and Won Dongho",

year = "2009",

doi = "10.1109/NCM.2009.251",

language = "English",

isbn = "9780769537696",

series = "NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC",

pages = "618--621",

booktitle = "NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC",

note = "NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications ; Conference date: 25-08-2009 Through 27-08-2009",

}

TY - GEN

T1 - Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol

AU - Heasuk, Jo

AU - Yunho, Lee

AU - Mijin, Kim

AU - Seungjoo, Kim

AU - Dongho, Won

PY - 2009

Y1 - 2009

N2 - The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.

AB - The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.

KW - Authentication

KW - Key agreement

KW - Security

KW - Session initiation protocol

UR - http://www.scopus.com/inward/record.url?scp=73549097525&partnerID=8YFLogxK

U2 - 10.1109/NCM.2009.251

DO - 10.1109/NCM.2009.251

M3 - Conference contribution

AN - SCOPUS:73549097525

SN - 9780769537696

T3 - NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

SP - 618

EP - 621

BT - NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

T2 - NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications

Y2 - 25 August 2009 through 27 August 2009

ER -

Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this