By Topic

Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Heasuk Jo ; Sch. of Inf. & Commun. Eng., Sungkyunkwan Univ., Suwon, South Korea ; Yunho Lee ; Mijin Kim ; Seungjoo Kim
more authors

The session initiation protocol (SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IP-based telephony environment.Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol.Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line password-guessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.

Published in:

INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on

Date of Conference:

25-27 Aug. 2009