A Robust and Efficient Three-Factor Authentication and Session Key Agreement Mechanism for SIP

Session Initiation Protocol (SIP), which is an IP based telephony protocol, is used mainly for the purpose of starting, sustaining and ending sessions related to multimedia communications on the Internet. The SIP protocol, which works on the top of TCP or UDP, is basically an open text-based protocol. Hence, to ensure security is of utmost importance. The original SIP used HTTP-digest based challenge-response authentication process. However, HTTP digest-based authentication is insecure and pre-existing user configuration on the remote server is needed. Moreover, it provides only one-way message authentication and replay protection, but not the support message integrity and confidentiality. Although, quite a few three factor SIP protocols using password, smartcard and biometric are existing in the literature, however, none of them are robust against known attacks. In this paper, a robust and cost-efficient VoIP based three-factor SIP is proposed based on the computational Diffie-Hellman problem.