The session initiation protocol (SIP) is the most widely used signaling protocol for controlling communication on the internet, establishing, maintaining, and terminating the sessions. The services that are enabled by SIP are equally applicable in the world of wireless communication. Recently, Tsai proposed an efficient nonce-based authentication scheme for SIP. In this paper, we do a cryptanalysis of Tsai's scheme and show that Tsai's scheme is vulnerable to the password guessing attack and stolen-verifier attack. Furthermore, Tsai's scheme does not provide known-key secrecy and perfect forward secrecy. We also propose a novel and secure mutual authentication scheme based on elliptic curve discrete logarithm problem for SIP which is immune to the presented attacks.