Date Added: Sep 2009
In 2008, Tsai proposed an efficient nonce-based authentication scheme for Session Initiation Protocol (SIP). The current paper, however, demonstrates that Tsai's authentication scheme is still vulnerable to off-line password guessing attacks, Denning-Sacco attack and stolen-verifier attacks, and does not provide perfect forward secrecy. The authors also propose a new secure and efficient authentication scheme based on the elliptic curve discrete logarithm problem (ECDLP) for SIP in order to overcome such security problems. In 1999, Internet Engineering Task Force (IETF) proposed the Session Initiation Protocol (SIP) for the IP-based telephony protocol. Because SIP is a text-based peer-to-peer protocol, it uses Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP).