An Improved Lightweight Privacy Preserving Authentication Scheme for SIP-Based-VoIP Using Smart Card
1st Edition
Published in August 2017
128 pages
978-3-96067-628-7 (ISBN)
Description
In the past few years, secure information sharing became very popular in the area of immigration, military applications, healthcare, education, foreign affairs, etc. As secure communication utilizes both wireless and wired communication mechanizations for exchanging sensitive information, security and privacy of the information exchange cannot be easily compromised. To moderate the security, integrity, authenticity, and privacy issues related to information exchange, numerous authentication mechanisms have been recommended by different researchers in the literature in recent times, but these are vulnerable to prospective security flaws such as masquerade, insider, replay, impersonation, password guessing, server spoofing, denial-of-service attacks and, in addition, have failed to deliver mutual authentication.
In the past few years we have also witnessed a balanced growth in the acceptance of VoIP (Voice over IP) facilities because the numerous Web and VoIP applications depend on huge and extremely distributed infrastructures to process requests from millions of users in an appropriate manner. Due to their extraordinary desires, these large-scale internet applications have frequently surrendered security for other objectives such as performance, scalability and availability. As a result, these applications have characteristically favored weaker, but well-organized security mechanisms in their foundations. Session Initiation Protocol (SIP) is an application and presentation layers signaling protocol that initiates, modifies, and terminates IP-based multimedia sessions. Implementing SIP for secure communication has been a topic of study for the past decade, and several proposals are available in the research domain. However, security aspects are not addressed in most of these proposals, because SIP is exposed to several threats and faces security issues at these layers. Probes for SIP (Session Initiation Protocol) servers have been conveyed for many years.
To gather more details about these activities the author has designed a scheme for SIP servers in a network and composed data about some popular attacks. Furthermore, he explains his interpretations and guidance on how to prevent these attacks from being successful. Biometrics, a new field of research, has also been dealt with in this research by means of a "three-factor authentication scheme", in which one factor is biometrics.
In the past few years we have also witnessed a balanced growth in the acceptance of VoIP (Voice over IP) facilities because the numerous Web and VoIP applications depend on huge and extremely distributed infrastructures to process requests from millions of users in an appropriate manner. Due to their extraordinary desires, these large-scale internet applications have frequently surrendered security for other objectives such as performance, scalability and availability. As a result, these applications have characteristically favored weaker, but well-organized security mechanisms in their foundations. Session Initiation Protocol (SIP) is an application and presentation layers signaling protocol that initiates, modifies, and terminates IP-based multimedia sessions. Implementing SIP for secure communication has been a topic of study for the past decade, and several proposals are available in the research domain. However, security aspects are not addressed in most of these proposals, because SIP is exposed to several threats and faces security issues at these layers. Probes for SIP (Session Initiation Protocol) servers have been conveyed for many years.
To gather more details about these activities the author has designed a scheme for SIP servers in a network and composed data about some popular attacks. Furthermore, he explains his interpretations and guidance on how to prevent these attacks from being successful. Biometrics, a new field of research, has also been dealt with in this research by means of a "three-factor authentication scheme", in which one factor is biometrics.
More details
Other editions
Additional editions
Saeed Ullah Jan
An Improved Lightweight Privacy Preserving Authentication Scheme for SIP-Based-VoIP Using Smart Card
Book
04/2017
Anchor Academic Publishing
€49.99
Shipment within 7-9 days
Person
SAEED ULLAH JAN received PhD degree in Network Security from University of Malakand in 2021. He is working as a Lecturer in Computer Science at Higher Education, Achieves & Libraries Department Govt of Khyber Pakhtunkhwa - Pakistan. He is also working as Coordinator for 09 BS Disciplines in Govt College Wari (Dir Upper) - a far-flung remote area of the province where most of the youngsters have no access to Universities/Institutions for Higher Education. Furthermore, he has conducted research in many areas including Green Computing, Distributed Computing, Privacy-Preserving Parallel Computation, and Drone Security & Authentication. He has published over 10 research articles in prestigious conferences and journals and written an introductory Book in Computer Science for beginners. The Government of Khyber Pakhtunkhwa, Pakistan awarded "Best Teacher Award" for the year 2019-20 out of 11000 College Teachers in 309 public sector colleges in the Province.
Content
- An Improved Lightweight PrivacyPreserving Authentication Schemefor SIP-Based-VoIP Using Smart Card
- Table of Contents
- List of Figures
- List of Tables
- Chapter 1: Introduction
- 1.1 Overview
- 1.2 Cryptology
- 1.3 Voice over Internet Protocol (VoIP)
- 1.4 Smart Card
- 1.5 ProVerif an Automated Software Toolkit
- 1.6 BioHashing Technique
- 1.7 Common Adversary Model (CAM)
- 1.8 XOR (?) Bitwise-Operations
- 1.9 BAN-Logic
- 1.10 Chapter Summary
- Chapter 2: Literature Review
- 2.1 Overview
- 2.2 Kim and Kue Scheme
- 2.3 He et al.'s Scheme
- 2.4 Das et al.'s Scheme
- 2.5 An's Scheme
- 2.6 Park et al.'s Scheme
- 2.7 Zhu-Xu-Feng's Scheme
- 2.8 Song's Scheme
- 2.9 Wu et al.'s Scheme
- 2.10 Lee et al.'s Scheme
- 2.11 Lue et al.'s Scheme
- 2.12 Tsai et al.'s Scheme
- 2.13 Wu-Xu-Xiong Scheme
- 2.14 Lipping Zhang et al.'s Scheme
- 2.15 Zhang et al.'s Scheme
- 2.16 Zhang et al.'s Protocol Analysis
- 2.17 Chapter Summary
- Chapter 3: Proposed Solution
- 3.1 Overview
- 3.2 Proposed Scheme
- 3.3 Chapter Summary
- Chapter 4: Security Analysis
- 4.1 Overview
- 4.2 Formal Security Analysis
- 4.3 Proposed Protocol Analysis
- 4.4 ProVerif Implementation
- 4.5 Informal Security Analysis
- 4.6 Chapter Summary
- Chapter 5: Performance Analysis
- 5.1 Overview
- 5.2 Chapter Summary
- Chapter 6: Conclusion and Future Work
- Bibliography
Text Sample:
Chapter 1 Introduction:
1.1 Overview:
In this era of computing and the globalization [1], people depend more and more on computer networks (Internet) compared to traditional communication. In both commercial and private sector information sharing is an essential task. So information authentication is vital for each participant. Since data authentication depends on complex cryptographic functions and algorithms for initiating the session, it is useful to discuss the authenticity of information among the participants and strongly appropriate to have a secure and robust mutual authentication scheme which can guarantee both content and correctness of the message. Authenticity of data refers to the protection of sensitive personal information from un-authorized user or changes made by an attacker, intercept and modifying the content of the message, capture and disturb the flow of data. Therefore, many authentication schemes have been proposed by different researchers at different times for the security of data.
In network communication (Internet), a major issue is the exchange of information confirmation of indigenous and foreigner consumer in the insecure distributed environment. Categorically, authentic users are extra controlling over the attackers [2]; subsequently they retain information in the internal system that is not obtainable to the impostor. Therefore, several inaccessible consumer authentication schemes are proposed for the exchange information. These protocols claimed that they are more powerful against different attacks, but these schemes still pose weakness. The authentication schemes presented so for, to preserve the security of the exchanged information, are classified as under:
1.1.1 One-Factor Authentication Scheme:
The user has a secure PIN code for authenticity. The encryption and decryption of PIN code are done by some complex cryptographic algorithms. One-factor authentication scheme was introduced by Lamport in 1981 [1] to preserve the security of information. Later on, different password based authentication schemes were presented by different researchers for various applications.
1.1.2 Two-Factor Authentication Scheme:
Soon it was understood that a single-factor authentication scheme can easily be broken and therefore fails to survive fully against different attacks. The main idea for two factor authentication schemes was put forward from password-based authentication scheme. Therefore, scholars [3] introduced two factor methods for authentication to achieve more security of information exchange. In different schemes, smart card is used as a second factor together with the password for the authentication of exchanging information.
1.1.3 Three-Factor Authentication Scheme:
Though, two factor authentication schemes provide enough security yet many issues are still there. Thus, researchers [3] expressed three factors authentication schemes in which biometrics in addition to password and smart card used to ensure the communication among the users to become more secure.
However, multi-factor authentication schemes are also introduced by some researchers for authenticity. But these schemes cannot be implemented due to lack of resources, counterfeit utilization of available resources and maximum communication and computational cost. The systems of today encourage lightweight operations for security, in which random numbers and a simple hash function are used.
As already discussed, keeping in view the importance of network security for the exchange of sensitive personal information over the communication line, more efforts are necessary to protect data from unauthorized user so that the legitimate users can easily access all information in open networks. As available resources in network environment are limited, it is necessary to design such cryptographic functions and mechanisms that can exactly communicate and authenticate the legal users. Some of the cryptographic mechanisms are as under:
1.2 Cryptology:
Crypto is a Latin word meaning secrete [5], it is a branch of mathematics which deals with the study of secrete writing. Cryptology is mainly divided into two sub-areas:
Cryptography: It is the study of information security engineering linked with mathematics. Cryptography provides us the way to trigger the most recent security schemes for information exchange over internet. It allows us to protect the distributed environment but this is very difficult field.
Cryptanalysis: The concept of investigating information security system is subject to learning about the hidden facts of the infrastructure used for information sharing. The term cryptanalysis is used to break cryptographic algorithms and get access to secretes of cipher text, even though the key is not known. The cryptography has the following main types:
1.2.1 Symmetric Cryptography:
In private key cryptography, encryption or decryption is a common technique to confirm message privacy, approval, integrity and authenticity. The encryption procedure converts a quantity or some stream of bits to cipher text subject to private secrete common key [5]. However, the decryption procedures use the same private common key and the cipher text and decipherment of plain text as shown in figure-1. [.].
1.2.2 Key Generation Technique:
The Information Technology Laboratory (ITL) of the National Institute of Standard and Technology (NIST) has sanctioned Federal Information Processing Standard (FIPS) requiring cryptographic procedures that accepted for the Federal Government for USA use [7]. Further, NIST Specialized Proclamations (SPs) provide and suggest some proceedings that contribute the central government departments to put cryptographic algorithms in secure controlling the cryptographic important key generation which is efficiently cryptographic components which include cryptographic procedures is worn for marketable security assistance. So the key generation methodology is a step for showing proof of cryptographic algorithms.
The creation of a key is by means of several methods: RBG "Random Bit Generator" [7] is a method through which one key might be derived from another. For example, sometime a key can be generated from password and password is itself a key used for security of information. Second, private key cryptography is a common key also used for the protection of information and validation of data protection.
Chapter 1 Introduction:
1.1 Overview:
In this era of computing and the globalization [1], people depend more and more on computer networks (Internet) compared to traditional communication. In both commercial and private sector information sharing is an essential task. So information authentication is vital for each participant. Since data authentication depends on complex cryptographic functions and algorithms for initiating the session, it is useful to discuss the authenticity of information among the participants and strongly appropriate to have a secure and robust mutual authentication scheme which can guarantee both content and correctness of the message. Authenticity of data refers to the protection of sensitive personal information from un-authorized user or changes made by an attacker, intercept and modifying the content of the message, capture and disturb the flow of data. Therefore, many authentication schemes have been proposed by different researchers at different times for the security of data.
In network communication (Internet), a major issue is the exchange of information confirmation of indigenous and foreigner consumer in the insecure distributed environment. Categorically, authentic users are extra controlling over the attackers [2]; subsequently they retain information in the internal system that is not obtainable to the impostor. Therefore, several inaccessible consumer authentication schemes are proposed for the exchange information. These protocols claimed that they are more powerful against different attacks, but these schemes still pose weakness. The authentication schemes presented so for, to preserve the security of the exchanged information, are classified as under:
1.1.1 One-Factor Authentication Scheme:
The user has a secure PIN code for authenticity. The encryption and decryption of PIN code are done by some complex cryptographic algorithms. One-factor authentication scheme was introduced by Lamport in 1981 [1] to preserve the security of information. Later on, different password based authentication schemes were presented by different researchers for various applications.
1.1.2 Two-Factor Authentication Scheme:
Soon it was understood that a single-factor authentication scheme can easily be broken and therefore fails to survive fully against different attacks. The main idea for two factor authentication schemes was put forward from password-based authentication scheme. Therefore, scholars [3] introduced two factor methods for authentication to achieve more security of information exchange. In different schemes, smart card is used as a second factor together with the password for the authentication of exchanging information.
1.1.3 Three-Factor Authentication Scheme:
Though, two factor authentication schemes provide enough security yet many issues are still there. Thus, researchers [3] expressed three factors authentication schemes in which biometrics in addition to password and smart card used to ensure the communication among the users to become more secure.
However, multi-factor authentication schemes are also introduced by some researchers for authenticity. But these schemes cannot be implemented due to lack of resources, counterfeit utilization of available resources and maximum communication and computational cost. The systems of today encourage lightweight operations for security, in which random numbers and a simple hash function are used.
As already discussed, keeping in view the importance of network security for the exchange of sensitive personal information over the communication line, more efforts are necessary to protect data from unauthorized user so that the legitimate users can easily access all information in open networks. As available resources in network environment are limited, it is necessary to design such cryptographic functions and mechanisms that can exactly communicate and authenticate the legal users. Some of the cryptographic mechanisms are as under:
1.2 Cryptology:
Crypto is a Latin word meaning secrete [5], it is a branch of mathematics which deals with the study of secrete writing. Cryptology is mainly divided into two sub-areas:
Cryptography: It is the study of information security engineering linked with mathematics. Cryptography provides us the way to trigger the most recent security schemes for information exchange over internet. It allows us to protect the distributed environment but this is very difficult field.
Cryptanalysis: The concept of investigating information security system is subject to learning about the hidden facts of the infrastructure used for information sharing. The term cryptanalysis is used to break cryptographic algorithms and get access to secretes of cipher text, even though the key is not known. The cryptography has the following main types:
1.2.1 Symmetric Cryptography:
In private key cryptography, encryption or decryption is a common technique to confirm message privacy, approval, integrity and authenticity. The encryption procedure converts a quantity or some stream of bits to cipher text subject to private secrete common key [5]. However, the decryption procedures use the same private common key and the cipher text and decipherment of plain text as shown in figure-1. [.].
1.2.2 Key Generation Technique:
The Information Technology Laboratory (ITL) of the National Institute of Standard and Technology (NIST) has sanctioned Federal Information Processing Standard (FIPS) requiring cryptographic procedures that accepted for the Federal Government for USA use [7]. Further, NIST Specialized Proclamations (SPs) provide and suggest some proceedings that contribute the central government departments to put cryptographic algorithms in secure controlling the cryptographic important key generation which is efficiently cryptographic components which include cryptographic procedures is worn for marketable security assistance. So the key generation methodology is a step for showing proof of cryptographic algorithms.
The creation of a key is by means of several methods: RBG "Random Bit Generator" [7] is a method through which one key might be derived from another. For example, sometime a key can be generated from password and password is itself a key used for security of information. Second, private key cryptography is a common key also used for the protection of information and validation of data protection.
