Skip to Main Content
The session initiation protocol (SIP) is considered as the dominant signaling protocol for calls over the Internet. However, how to authenticate each other and agree on a session key has not been efficiently solved. In 2007, Wang and Zhang proposed a key agreement protocol and a new authentication and key agreement mechanism for SIP. In this paper, we prove that Wang and Zhang's key agreement protocol is insecure due to its susceptibility to the key replacement attack. Moreover, we have also realized that their protocol do not satisfy the perfect forward secrecy and known session-specific temporary information security attribute. Based on this, we propose an enhanced protocol and a new mutually authenticated key agreement protocol for SIP, Compared with the Wangand Zhang's scheme for SIP regarding the robustness and computation overheads, our scheme is more efficient and thus is more suitable for SIP.