An Improved Lightweight Privacy Preserving Authentication Scheme for SIP-Based-VoIP Using Smart Card

In the past few years, secure information sharing became very popular in the area of immigration, military applications, healthcare, education, foreign affairs, etc. As secure communication utilizes both wireless and wired communication mechanizations for exchanging sensitive information, security and privacy of the information exchange cannot be easily compromised. To moderate the security, integrity, authenticity, and privacy issues related to information exchange, numerous authentication mechanisms have been recommended by different researchers in the literature in recent times, but these are vulnerable to prospective security flaws such as masquerade, insider, replay, impersonation, password guessing, server spoofing, denial-of-service attacks and, in addition, have failed to deliver mutual authentication.
In the past few years we have also witnessed a balanced growth in the acceptance of VoIP (Voice over IP) facilities because the numerous Web and VoIP applications depend on huge and extremely distributed infrastructures to process requests from millions of users in an appropriate manner. Due to their extraordinary desires, these large-scale internet applications have frequently surrendered security for other objectives such as performance, scalability and availability. As a result, these applications have characteristically favored weaker, but well-organized security mechanisms in their foundations. Session Initiation Protocol (SIP) is an application and presentation layers signaling protocol that initiates, modifies, and terminates IP-based multimedia sessions. Implementing SIP for secure communication has been a topic of study for the past decade, and several proposals are available in the research domain. However, security aspects are not addressed in most of these proposals, because SIP is exposed to several threats and faces security issues at these layers. Probes for SIP (Session Initiation Protocol) servers have been conveyed for many years.
To gather more details about these activities the author has designed a scheme for SIP servers in a network and composed data about some popular attacks. Furthermore, he explains his interpretations and guidance on how to prevent these attacks from being successful. Biometrics, a new field of research, has also been dealt with in this research by means of a "three-factor authentication scheme", in which one factor is biometrics.

Leseprobe
Text Sample:
Chapter 1 Introduction:
1.1 Overview:
In this era of computing and the globalization [1], people depend more and more on computer networks (Internet) compared to traditional communication. In both commercial and private sector information sharing is an essential task. So information authentication is vital for each participant. Since data authentication depends on complex cryptographic functions and algorithms for initiating the session, it is useful to discuss the authenticity of information among the participants and strongly appropriate to have a secure and robust mutual authentication scheme which can guarantee both content and correctness of the message. Authenticity of data refers to the protection of sensitive personal information from un-authorized user or changes made by an attacker, intercept and modifying the content of the message, capture and disturb the flow of data. Therefore, many authentication schemes have been proposed by different researchers at different times for the security of data.
In network communication (Internet), a major issue is the exchange of information confirmation of indigenous and foreigner consumer in the insecure distributed environment. Categorically, authentic users are extra controlling over the attackers [2]; subsequently they retain information in the internal system that is not obtainable to the impostor. Therefore, several inaccessible consumer authentication schemes are proposed for the exchange information. These protocols claimed that they are more powerful against different attacks, but these schemes still pose weakness. The authentication schemes presented so for, to preserve the security of the exchanged information, are classified as under:
1.1.1 One-Factor Authentication Scheme:
The user has a secure PIN code for authenticity. The encryption and decryption of PIN code are done by some complex cryptographic algorithms. One-factor authentication scheme was introduced by Lamport in 1981 [1] to preserve the security of information. Later on, different password based authentication schemes were presented by different researchers for various applications.
1.1.2 Two-Factor Authentication Scheme:
Soon it was understood that a single-factor authentication scheme can easily be broken and therefore fails to survive fully against different attacks. The main idea for two factor authentication schemes was put forward from password-based authentication scheme. Therefore, scholars [3] introduced two factor methods for authentication to achieve more security of information exchange. In different schemes, smart card is used as a second factor together with the password for the authentication of exchanging information.
1.1.3 Three-Factor Authentication Scheme:
Though, two factor authentication schemes provide enough security yet many issues are still there. Thus, researchers [3] expressed three factors authentication schemes in which biometrics in addition to password and smart card used to ensure the communication among the users to become more secure.
However, multi-factor authentication schemes are also introduced by some researchers for authenticity. But these schemes cannot be implemented due to lack of resources, counterfeit utilization of available resources and maximum communication and computational cost. The systems of today encourage lightweight operations for security, in which random numbers and a simple hash function are used.
As already discussed, keeping in view the importance of network security for the exchange of sensitive personal information over the communication line, more efforts are necessary to protect data from unauthorized user so that the legitimate users can easily access all information in open networks. As available resources in network environment are limited, it is necessary to design such cryptographic functions and mechanisms that can exactly communicate and authenticate the legal users. Some of the cryptographic mechanisms are as u