Abstract:
In order to provide user anonymity in SIP (session initialization protocol) authentication protocol and improve the security performance of the protocol, a new anonymous SIP authentication protocol is proposed by combining challenge/response mechanism, elliptic curve cryptography and password authentication. The protocol only uses few point multiplication operations of elliptic curve cryptography, which not only ensures the security of authentication, but also effectively reduces the overall amount of computation. The protocol introduces high-entropy random number in the authentication process. The authentication parties use three handshakes of challenge/response mechanism to realize two-way authentication, and generate the key required for subsequent sessions at the same time. Through the BAN (Burrows, Abadi and Needham) logic analysis of the protocol and the informal analysis aim at many known attacks, it is proved that the protocol has high security performance. Compared with the efficiency of related protocols, the protocol authentication process requires less computation.