Skip to Main Content
Recently SIP authentication scheme using Elliptic Curve Cryptography has been proposed and it was claimed that scheme is efficient and secure against replay attack, password guessing attack, Man-in-middle Attack, Modification attack, Denning-Sacco attacks and Stolen verifier attack. In addition, it provides mutual authentication between communicating parties and generates a session key agreed between them. This paper shows that the scheme is still insecure. An adversary can easily derive the session key from the intercepted messages.