Skip to main content

Biometrics based authentication scheme for session initiation protocol


Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when compared to other related protocols.


The session initiation protocol (SIP) is an application layer controlling protocol for creation, modification and termination of Voice over Internet Protocol (VoIP) sessions with one or more participants. With the rapid growth of VoIP users, SIP is used in both the wireless and the wired networks widely. Originally, SIP authentication scheme is derived from HTTP digest authentication (Franks et al. 1999), which cannot resist server-spoofing attack and password guessing attack (Yang et al. 2005). Since then, various user authentication schemes for SIP have been proposed.

In 2005, Yang et al. (2005) proposed a new SIP authentication scheme based on Diffie-Hellman key exchange protocol, but Huang and Wei (2006) found that Yang et al.’s scheme has high computational costs and proposed an efficient SIP scheme. To improve the efficiency, Durlanik and Sogukpinar (2005) and Wu et al. (2009) also proposed SIP authentication protocols using the Elliptic Curve Cryptography (ECC), respectively. Unfortunately, Yang et al.’s and Huang et al.’s schemes suffer from the off-line password guessing attack (Jo et al. 2009), while Durlanik et al.’s and Wu et al.’s schemes are vulnerable to the Denning-Sacco attack and the off-line password guessing attack (Yoon et al. 2010b). Yoon et al. (2010b) presented an improved scheme to overcome these weaknesses. But Liu and Koenig pointed out that Yoon et al.’s SIP authentication scheme is still insecure against the off-line password guessing attack and the insider attack (Liu and Koenig 2011). Applying one-way hash function and the fast logic operations like exclusive-or, Tsai (2009) proposed a nonce based SIP authentication scheme. Later on, Yoon et al. (2010a) demonstrated that their scheme is vulnerable to Denning-Sacco attack, off-line password guessing attack and stolen-verifier attack, and proposed a new SIP authentication scheme. In 2012, Xie (2012) demonstrated that Yoon et al.’s scheme is still vulnerable to stolen-verifier attack and off-line password guessing attack, and proposed an improvement of Yoon et al.’s scheme, but Farash and Attari (2013) found that Xie’s protocol is also insecure against impersonation attack and off-line password guessing attack, and then they proposed an improved scheme to resolve these problems.

Recently, to enhance the performance and secrecy, Arshad and Ikram (2013) proposed an ECC-based SIP authentication protocol in 2013. But Tang and Liu (2013), He et al. (2012) and Pu et al. (2013) pointed out that Arshad et al.’s protocol is vulnerable to off-line password guessing attack. They also developed new schemes to enhance the security of Arshad et al.’s scheme. Later, Irshad et al. (2014) demonstrated that Tang et al.’s scheme cannot resist the server impersonation attack if an adversary can obtain the user’s password, and they proposed an improved protocol using ECC. Recently, Zhang et al. (2014) proposed a new password-based SIP authentication protocol, but Tu et al. (2015), Irshad et al. (2015) and Wu et al. (2013) showed that Zhang et al.’s protocol is vulnerable to the impersonation attack, and they proposed improved protocols respectively. After that, Arshad and Nikooghadam (2016) showed that Irshad et al.’s scheme is still vulnerable to impersonation attack. Farash (2016) and Mishra et al. (2016) found that Tu et al.’s protocol cannot resist the impersonation attack, and also presented improved schemes. It is worth mentioning that Mishra et al.’s scheme is a three-factor SIP authentication scheme, but it does not achieve perfect forward secrecy. Very recently, Chaudhry et al. (2015b) found that Tu et al.’s scheme is vulnerable to server impersonation attack. Moreover, both Tu et al.’s and Farash’s improved schemes cannot protect user’s privacy and suffer from replay and denial of services attacks. To enhance the security, they proposed a privacy preserving authentication scheme for SIP. Kumari et al. (2015) argued that Farash’s protocol cannot withstand impersonation attack, password guessing attack, and session-specific temporary information attack. Further, Kumari et al. proposed an improved protocol to fix the weaknesses of Farash’s protocol.

Many of above mentioned session initiation protocols are based on either password or both of password and smart card. However, password based protocol may suffer from password guessing attack, and smart card based protocol may suffer from smart card stolen attack by extracting information stored in smart card, even if the smart card is designed for achieving a certain level of tamper resistance (Witteman 2002). In order to solve password guessing attack and smart card stolen attack for SIP authentication scheme, we use user’s biometrics to protect user’s password and the sensitive information in smart card, since user’s biometrics have many advantages, such as it is difficult to be fabricated, distributed, lost, forgotten, guessed or copied (Li and Hwang 2010). On the other hand, fuzzy extractor can always output the same random string if the input biometrics has sufficient similarity to the stored biometrics (Dodis et al. 2004). Therefore, in this paper, we propose a biometrics-based SIP authentication scheme, and use pi calculus (Abadi and Fournet 2001) based formal verification tool ProVerif (Abadi et al. 2009) to prove authentication and security of the proposed protocol.

The rest of the paper is organized as follows. In “Biometrics-based SIP authentication scheme” section, we propose our Biometrics-based SIP authentication scheme. Security analysis and formal verification are given in “Security analysis and formal verification” section. “Security and performance comparisons” section compares the security and performance of our protocol to existing ones, and we conclude the paper in “Conclusions” section.

Biometrics-based SIP authentication scheme

A biometrics based SIP authentication scheme is proposed in this section, which consists of three phases: registration, login and authentication, and password change. In this section, we first describe the construction of the fuzzy extractor, then we give the scheme specification of the proposed biometrics based SIP.

Fuzzy extractor

Fuzzy extractor contains a pair of randomized procedures 〈“generate” (Gen), “reproduce” (Rep)〉. The procedure Gen is designed for inputting users’ biometrics BIO, and then outputting a random and uniform string \(\eta\) as secret information as well as a random auxiliary string \(\lambda\) as public information, namely, Gen(BIO) = (\(\eta,\lambda\)). The procedure Rep takes the biometrics \(BIO^{*}\) and the auxiliary string \(\lambda\) as inputs. Even if the inputted \(BIO^{*}\) has slightly difference with BIO, as long as the difference is less than the threshold, the procedure Rep will generate the same string η, namely, Rep(\(BIO^{*}, \lambda)=\eta\). Though we cannot always get the same biometrics due to the impact of noisy data when sampling, fuzzy extractor can overcome this problem. Readers may refer to Dodis et al. (2004), Yang and Yang (2009) for the detailed introduction of fuzzy extractor. The notations used in this paper are given in Table 1.

Table 1 The notations


A legal user \(U_{i}\) must register in the remote server S beforehand by performing the following steps, as shown in Algorithm 1.

Step 1.:

The user \(U_{i}\) chooses a password \(pw_{i}\), a random number \(a_{i} \in Z_{n}^{*}\), computes \(M = h(a_{i} \left\| {pw_{i}} \right.)\) and sends the register message \(\left\{{ID_{i},M} \right\}\) to S via a secure channel.

Step 2.:

After S receives the register request message \(\left\{{ID_{i},M} \right\}\), S computes \(R = M \oplus h(ID_{i} \left\| x\right.)\), stores R into a smart card and sends it to U i through a secure channel.

Step 3.:

After U i obtains the smart card, he or she enters his or her biometrics \(BIO_{i}\) on a specific device and computes Gen(\(BIO_{i})=(\eta,\lambda)\), \(B = a_{i} \oplus h\left(\eta \right)\), \(C = h(ID_{i} \left\| {pw_{i}} \right\|a_{i})\) and stores B, C and λ into the smart card. Thus, the smart card contains \(\{B,C,\lambda,R\}\).

figure a

Login and authentication

In this phase, U i and S can be authenticated by each other and establish the session key. The process is shown in Algorithm 2.

Step 1.:

The user \(U_{i}\) inserts his or her smart card into a card reader, inputs his or her identity \(ID_{i}\) and password \(pw_{i}\), and enters biometrics \(BIO_{i}^{*}\). The smart card selects a random number \(b \in Z_{n}^{*}\), computes Rep(\(BIO_{i}^{*}\),\(\lambda)\,=\,\eta\), \(a_{i} = B \oplus h\left(\eta \right)\), and \(C^{\prime} = h(ID_{i} \left\| {pw_{i}} \right\|a_{i})\). Then, the smart card checks whether \(C^{\prime}\) is equal to C. If they are not equal, the protocol is terminated; otherwise, compute \(D = bP\), \(D^{\prime} = R \oplus h(a_{i} \| pw_{i}) = h(ID_{i} \|x)\) and \(F = h(ID_{i} \left\|D\right\|D^{\prime})\). At last, \(U_{i}\) sends the message \(REQUEST\left\{{ID_{i},D,F} \right\}\) to S.

Step 2.:

When the server S receives \(REQUEST\left\{{ID_{i},D,F} \right\}\), S computes \(D^{\prime\prime} = h(ID_{i} \left\| x \right.)\) and checks if \(F\) and \(h(ID_{i} \left\|D\right\|D^{\prime\prime})\) are equal. If they are not equal, S rejects the request; otherwise, S randomly chooses two numbers \(u,t \in Z_{n}^{*}\), computes H = uP, \(K = u \cdot h(ID_{i} \left\| {x)D} \right.\), \(SK = h(ID_{i}\left\|t\right\|K)\) and \(Auth_{s} = h(D\left\|K\right\|D^{\prime\prime}\left\|t\right\|SK\left\|H\right.)\). Finally, S sends the message \(CHALLENGE\left\{{realm,Auth_{s},H,t} \right\}\) to U i .

Step 3.:

When the user \(U_{i}\) receives \(CHALLENGE\left\{{realm,Auth_{s},H,t} \right\}\), he or she computes \(K = bD^{\prime}H\) and \(SK = h(ID_{i} \|t\|K)\). Then \(U_{i}\) checks if \(Auth_{s}\) and \(h(D\|K\|D^{\prime}\|t\|SK\left\|H\right.)\) are equal. \(U_{i}\) terminates the protocol if they are not equal; otherwise, \(U_{i}\) computes \(Auth_{u} = h(ID_{i} \left\| {realm} \right\|K\left\| {D^{\prime}} \right\|t\left\| {SK} \right\|H\left\| D \right.)\) and sends the message \(RESPONSE\left\{{ID_{i},realm,Auth_{u}} \right\}\) to S.

Step 4.:

When the server S receives \(RESPONSE\left\{{ID_{i},realm,Auth_{u}} \right\}\), it checks whether \(Auth_{u}\) is equal to \(h(ID_{i} \left\| {realm} \right\|K\left\| {D^{\prime\prime}} \right\|t\left\| {SK} \right\|H\left\| D \right.)\). If so, S and \(U_{i}\) established the session key SK .

figure b

Password change

The user \(U_{i}\) inserts his or her smart card into a terminal, inputs his \(ID_{i}\), old password \(pw_{i}\), new password \(pw_{i}^{new}\), chooses a random number \(a_{i}^{new} \in Z_{n}^{*}\) and enters biometrics \(BIO_{i}^{*}\) on a specific device. Then the smart card computes Rep(\(BIO_{i}^{*}\),\(\lambda) = \eta\), \(a_{i} = B \oplus h\left(\eta \right)\). After this, the smart card verifies \(h(ID_{i} \left\| {pw_{i}} \right\|a_{i}) = C\). If it does not hold, the smart card rejects the request; otherwise, the smart card computes \(R^{new} = h\left( {a_{i}^{new} \left\| {pw_{i}^{new} } \right.} \right) \oplus R \oplus h\left( {a_{i} \left\| {pw_{i} } \right.} \right)\), \(B^{new} = a_{i}^{new} \oplus h\left(\eta \right)\) and \(C^{new} = h(ID_{i} \left\| pw_{i}^{new} \right\|a_{i}^{new})\), and replaces \((R,B,C)\) with \((R^{new},B^{new},C^{new})\).

Security analysis and formal verification

In this section, we will analyze the security of the proposed scheme.

Formal verification

In order to prove the security of cryptographic protocols, there are some available formal verification tools, such as BAN logic (Burrows et al. 1989), AVISPA (Armando et al. 2005) and ProVerif. In this section, we prove secrecy and authentication using ProVerif, because it is performed automatically and efficiently, and can detect errors easily. ProVerif makes use of Dolev-Yao model (Dolev and Yao 1983) and supports many cryptographic primitives, including digital signature, symmetric and asymmetric encryption, hash function, and so on.

There’re two types of channels in the formal model: a public channel for transmitting general protocol messages and private channel for transmitting smart card data between user and his smart card. The definition of these channels is given as below:

  • free cch: channel.

  • free sch: channel [private].

The variables and constants used in the protocol are defined as follows:

  • const P: bitstring.

  • const BIO_i: bitstring.

  • const pw_i: bitstring.

  • const x: bitstring.

  • free SK’: bitstring [private].

  • free SK: bitstring [private].

The functions used in the protocol are defined as follows:

  • fun sco(bitstring, bitstring): bitstring.

  • fun Gen(bitstring): bitstring.

  • fun Rep(bitstring, bitstring): bitstring.

  • fun xor(bitstring, bitstring): bitstring.

  • fun mult(bitstring, bitstring): bitstring.

  • fun h(bitstring): bitstring.

Function sco, xor, mult, h represent bound symbol, exclusive or operation, scalar multiplication and hash function in the protocol, and function Gen and Rep are fuzzy extractor algorithms. The algebraic properties of these functions are modeled as the following equation and reduction:

  • equation forall m: bitstring, n: bitstring; xor(xor(m, n), n) = m.

  • In order to prove authentication, two events are defined as follows:

  • event UserAuthed(bitstring).

  • event UserStarted(bitstring).

The process part defines the action of participants and models the protocol as the parallel executions of them. According to the protocol, the following is the core message sequence for our protocol:

  • Message 1: User \(U_{i}\)  → Server \(S\): \(REQUEST\left\{{ID_{i},D,F} \right\}\)

  • Message 2: Server \(S\)  → User \(U_{i}\): \(CHALLENGE\left\{{realm,Auth_{s},H,t} \right\}\)

  • Message 3: User \(U_{i}\)  → Server \(S\): \(RESPONSE\left\{{ID_{i},realm,Auth_{u}} \right\}\)

The actions of user \(U_{i}\) are composed of computing and then sending message 1 to S, waiting until he or she receives message 2 from S, computing and sending message 3 to S. We define user \(U_{i}\) as below:

figure c

The actions of the server \(S\) are composed of receiving message 1 from \(U_{i}\), computing and sending message 2 to \(U_{i}\), waiting until he receives message 3 from \(U_{i}\), and then verifying the message 3. We define the server as below:

figure d

The protocol is defined as the parallel executions of the two participants:

  • process !U_i| S

In order to verify mutual authentication and the session key security, we define the following queries for checking the events’ correspondence and the attacker queries respectively:

  • query id: bitstring; inj-event(UserAuthed(id)) ==> inj-event(UserStarted(id)).

  • query attacker(SK).

  • query attacker(SK’).

The above code is performed in the latest version 1.90 of ProVerif to show that the correspondence query is true and the two attacker queries are not true. That is, the authentication property and security are satisfied, referring to the Fig. 1.

Fig. 1
figure 1

Verification result of the protocol

Security analysis

Session key security

Due to the impossibility of solving the computational Diffie-Hellman (CDH) problem, an adversary can neither know \(h(ID_{i} \left\|x\right.)\) nor compute ubP from bP and uP. That is, the adversary cannot compute the session key \(SK = h(ID_{i} \left\|t\right\|uh(ID_{i} \left\|x\right.)bP)\).

Mutual authentication

The user \(U_{i}\) and the server S can authenticate each other by checking the correctness of F, \(Auth_{u}\) and \(Auth_{s}\), respectively. Without the knowledge of \(h(ID_{i} \left\|x\right.)\), no one except the user and the server can compute \(Auth_{u}\) and \(Auth_{s}\).

Replay attack

An adversary may intercept the request message \(REQUEST\left\{{ID_{i},D,F} \right\}\) and replay to the server, where \(D = bP\), \(D^{\prime} = h(ID_{i} \left\|x\right.)\) and \(F = h(ID_{i} \left\|D\right\|D^{\prime})\). Without the knowledge of b, he or she cannot generate the correct response message \(RESPONSE\left\{{ID_{i},realm,Auth_{u}} \right\}\) after receiving the server’s message \(CHALLENGE\left\{{realm,Auth_{s},H,t} \right\}\). Then the server could detect the attack by checking the correctness of \(Auth_{u}\). On the other hand, the adversary may intercept the challenge message \(CHALLENGE\left\{{realm,Auth_{s},H,t} \right\}\) and replay it to the user, where \(K = uh(ID_{i} \left\|x\right.)D\) and \(Auth_{s} = h(D\left\|K\right\|D^{\prime\prime}\left\|t\right\|SK\left\|H\right.)\). As the user generates a new \(D = bP\) for each session, the attack can be detected by checking the correctness of \(Auth_{s}\). Therefore, proposed SIP authentication scheme can resist the replay attack.

Off-line password guessing attack

Suppose that the adversary gets the data \(\left\{{B,C,\lambda,R} \right\}\), where \(B = a_{i} \oplus h\left(\eta \right)\), \(C = h(ID_{i} \left\|pw_{i} \right\|a_{i})\), \(R = h(a_{i} \left\|pw_{i}) \oplus h(ID_{i} \right\|x)\). He could also eavesdrop the message \(REQUEST\left\{{ID_{i},D,F} \right\}\), \(CHALLENGE\left\{{realm,Auth_{s},H,t} \right\}\) and \(RESPONSE\left\{{ID_{i},realm,Auth_{u}} \right\}\) transmitted between \(U_{i}\) and S. The adversary may guess a password \(pw_{i}^{*}\), but without the knowledge of S’s secret key x, he or she can neither compute the random number \(a_{i}\) nor verify if his guessed password is correct or not. Hence, our scheme can resist the off-line password guessing attack.

For similar reasons, our protocol can resist smart card stolen attacks.

Privileged insider attack

In the registration phase of our scheme, \(U_{i}\) chooses the random number \(a_{i}\), the password \(pw_{i}\), and computes the hash value \(h(a_{i} \left\|pw_{i} \right.)\). Then \(U_{i}\) sends the hash value to \(S\). The privileged insider can’t get \(pw_{i}\) as it is protected by the random number \(a_{i}\) and the secure hash function.

Impersonation attack

Without the knowledge of \(S\)’s secret key \(x\), the attacker can neither generate the valid challenge message \(CHALLENGE\left\{{realm,Auth_{s},H,t} \right\}\), where \(Auth_{s} = h(D\left\|K\right\|D^{\prime\prime}\left\|t\right\|SK\left\|H\right.)\) and \(K = uh(ID_{i} \left\|x\right.)D\), nor compute the legal message \(RESPONSE\left\{{ID_{i},realm,Auth_{u}} \right\}\). Note that all messages are transmitted via a secure channel in registration phase, which are supposed to be free of corruption. So our scheme could withstand the impersonation attack.

Stolen-verifier attack

In the proposed scheme, \(S\) only needs to keep its key x secret. No password-verifier table is required to be stored in the server’s database. Therefore, our scheme can resist the stolen-verifier attack.

Man-in-the-middle attack

From the above security analysis, we know that our scheme could provide mutual authentication between \(U_{i}\) and S, and can resist off-line password guessing attack and impersonation attack. Hence, our scheme is secure against the man-in-the-middle attack.

Perfect forward secrecy

In our protocol, the session key is \(SK = h(ID_{i} \left\|t\right\|uh(ID_{i} \left\|x\right.)bP)\), even if an adversary corrupts all secret parameters such as S’s secret key x and \(U_{i}\)’s password \(pw_{i}\), he or she still cannot compute \(uh(ID_{i} \left\|x\right.)bP\) from \(bP\) and \(uP\) due to the intractability of CDH problem. Therefore, the introduced scheme can provide perfect forward secrecy.

Security and performance comparisons

Security and computation cost comparison

The security and computation cost comparisons between the proposed scheme and some related schemes (Zhang et al. 2014; Tu et al. 2015; Irshad et al. 2015; Arshad and Nikooghadam 2016; Farash 2016; Mishra et al. 2016; Chaudhry et al. 2015a; Wu et al. 2015) are given in Tables 2 and 3. For convenience, some notations are defined as follows: SY, H, MI, SM and PA are the operation times of a symmetric key encryption or decryption, hash function, modular inversion, scalar multiplication and point addition over elliptic curve, respectively.

Table 2 Security comparison
Table 3 Computation cost comparison

Very recently, Kilinc and Yanik (2014) have estimated the complexity of various cryptographic operations by using the PBC library. The actual execution time for the above notations of operations are as follows: SY is about 0.0046 ms, H is about 0.0023 ms, MI is about 0.0056 ms (Koblitz et al. 2000), SM is about 2.226 ms, PA is about 0.0288 ms.

From Tables 2 and 3, we can conclude that our scheme enjoys better security than others, and higher efficiency than other related schemes except Mishra et al.’s protocol (Chaudhry et al. 2015a). Unfortunately, Mishra et al.’s protocol cannot provide perfect forward secrecy since the session key is

$$SK = h\left( {username\left\| {h(mk} \right\|username\left\| {N)} \right\||mk \cdot uP)_{x} \left\| {T_{2} } \right\|T_{3} } \right),$$

where \(mk\) is the secret key of the server \(S\), \(T_{2}\) and \(T_{3}\) are timestamps, \(u\) is nonce chosen by the user and \(N\) is registration sign. According to the definition of perfect forward secrecy, if an attacker can know the secret key \(mk\) of \(S\) then he or she can compute the session key \(SK\). Generally, we can use Diffie-Hellman key exchange algorithm to achieve perfect forward secrecy, but it needs more scalar multiplication operations over elliptic curve.

Storage capacity comparison

Since the proposed protocol is developed for applications using smart card, the memory requirement is a key parameter in concern. Therefore, we have also compared the storage capacity of our scheme with other related schemes (Zhang et al. 2014; Tu et al. 2015; Irshad et al. 2015; Arshad and Nikooghadam 2016; Farash 2016; Mishra et al. 2016; Chaudhry et al. 2015a; Wu et al. 2015). We assume that hash function outputs 256 bits, the size of a point on elliptic curve is 164 bits, the length of a random nonce is 128 bits, and the length of an identity is 128 bits. In the proposed scheme, the smart card needs to store \(\{B,C,\lambda,R\}\) which is 256 + 256 + 128 + 256 = 896 bits. The storage capacities of other relevant schemes have been shown in Table 4, which shows that the memory of smart cards needed in all schemes are less than 1 k bit.

Table 4 Storage capacity comparison


In this paper, we propose a secure and efficient biometrics-based SIP authentication scheme. We apply formal verification tools and security analysis against various attacks to show that our proposed scheme achieves both security and authentication. Moreover, the performance evaluation validates that our scheme has very high efficiency in comparison to other related schemes.


  • Abadi M, Fournet C (2001) Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 104–115

  • Abadi M, Blanchet B, Comon-Lundh H (2009) Models and proofs of protocol security: a progress report. Computer aided verification, vol 5643. Springer, Heidelberg, pp 35–49

    Chapter  Google Scholar 

  • Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuellar J et al (2005) The AVISPA tool for the automated validation of internet security protocols and applications. Computer aided verification, vol 3576. Springer, Heidelberg, pp 281–285

    Chapter  Google Scholar 

  • Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178

    Article  Google Scholar 

  • Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl 75(1):181–197

    Article  Google Scholar 

  • Burrows M, Abadi M, Needham RM (1989) A logic of authentication. ACM Trans Comput Syst 8(1):18–36

    Article  Google Scholar 

  • Chaudhry SA, Mahmood K, Naqvi H, Khan MK (2015a) An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J Med Syst 39(11):1–12

    Article  Google Scholar 

  • Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2015b) An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Netw Appl. doi:10.1007/s12083-015-0400-9

    Google Scholar 

  • Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Advances in cryptology-Eurocrypt 2004, vol 3027. Springer, Heidelberg, pp 523–540

    Chapter  Google Scholar 

  • Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  Google Scholar 

  • Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Soc Trans Eng Comput Technol 8:350–353

    Google Scholar 

  • Farash MS (2016) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw Appl 9(1):82–91

    Article  Google Scholar 

  • Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342

    Google Scholar 

  • Franks J, Hallam-Baker PM, Hostetler JL, Lawrence SD, Leach PJ, Luotonen A, Stewart LC (1999) HTTP authentication: basic and digest access authentication. IETF RFC 2617

  • He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429

    Article  Google Scholar 

  • Huang HF, Wei WC (2006) A new efficient authentication scheme for session initiation protocol. Computing 1(2):1–3

    Google Scholar 

  • Irshad A, Sher M, Faisal MS, Ghani A, Hassan MU, Ashraf ChS (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur Commun Netw 7(8):1210–1218

    Article  Google Scholar 

  • Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card. Multimed Tools Appl 74(11):3967–3984

    Article  Google Scholar 

  • Jo H, Lee Y, Kim M, Kim S, Won D (2009) Off-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In: Fifth international joint conference on INC, IMS and IDC, IEEE, Seoul, 25–27 Aug 2009

  • Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023

    Article  Google Scholar 

  • Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Code Crypt 19(2):173–193

    Article  Google Scholar 

  • Kumari S, Chaudhry SA, Wu F, Li X, Farash MS, Khan MK (2015) An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl. doi:10.1007/s12083-015-0409-0

    Google Scholar 

  • Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

  • Liu F, Koenig H (2011) Cryptanalysis of a SIP authentication scheme. Communications and multimedia security, vol 7025. Springer, Heidelberg, pp 134–143

    Chapter  Google Scholar 

  • Mishra D, Das AK, Mukhopadhyay S (2016) A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw Appl 9(1):171–192

    Article  Google Scholar 

  • Pu Q, Wang J, Wu S (2013) Secure SIP authentication scheme supporting lawful interception. Secur Commun Netw 6(3):340–350

    Article  Google Scholar 

  • Tang H, Liu X (2013) Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65(3):321–333

    Article  Google Scholar 

  • Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 9(1):12–16

    Google Scholar 

  • Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl 8(5):903–910

    Article  Google Scholar 

  • Witteman M (2002) Advances in smartcard security. Inf Secur Bull 7(2002):11–22

    Google Scholar 

  • Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Stand Inter 31(2):286–291

    Article  Google Scholar 

  • Wu K, Gong P, Wang J, Yan X, Li P (2013) An improved authentication protocol for session initiation protocol using smart card and elliptic curve cryptography. Rom J Inf Sci Technol 16(4):324–335

    Google Scholar 

  • Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285

    Article  Google Scholar 

  • Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54

    Article  Google Scholar 

  • Yang D, Yang B (2009) A new password authentication scheme using fuzzy extractor with smart card. 2009 International conference on computational intelligence and security, vol 2. IEEE, Beijing, pp 278–282

    Chapter  Google Scholar 

  • Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386

    Article  Google Scholar 

  • Yoon EJ, Shin YN, Jeon IS, Yoo KY (2010a) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213

    Article  Google Scholar 

  • Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010b) A secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33(14):1674–1681

    Article  Google Scholar 

  • Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702

    Google Scholar 

Download references

Authors’ contributions

Conceived and designed the experiments: QX. Performed the experiments: TZX. Analyzed the data: QX and TZX. Contributed reagents/materials/analysis tools: QX. Wrote the paper: QX and TZX. Designed the scheme and wrote the paper: QX and TZX. Verified the authentication and security of the proposed scheme in the latest version 1.9 of ProVerif: TZX. Both authors read and approved the final manuscript.

Author information

Qi Xie is a professor in Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, China. He received his PhD degree in applied mathematics from Zhejiang University, China, in 2005. He was a visiting scholar between 2009 and 2010 at Department of Computer Science, University of Birmingham in UK, and a visiting scholar to the Department of Computer Science at City University of Hong Kong in 2012. His research area is applied cryptography, including digital signatures, authentication and key agreement protocols etc. He has published over 60 research papers in international journals and conferences, and served as co-chair of ISPEC 2012 and ASIACCS 2013. Zhixiong Tang is currently a M.S. candidate of Hangzhou Normal University, China. His research interests include authentication and key exchange protocols.


This research was supported by Natural Science Foundations of Zhejiang Province (No. LZ12F02005), and the Major State Basic Research Development (973) Program of China (No. 2013CB834205).

Competing interests

The authors declare that they have no competing interests.

Author information



Corresponding author

Correspondence to Qi Xie.

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (, which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Xie, Q., Tang, Z. Biometrics based authentication scheme for session initiation protocol. SpringerPlus 5, 1045 (2016).

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI:


  • Authentication
  • Three-factor
  • Key agreement
  • Session initiation protocol