Modified Authenticated Key Exchange Protocol for SIP Using ECC
The authentication procedure in Session Initiation Protocol (SIP), an IETF standard protocol for initiating an interactive user session, typically uses HTTP digest authentication, which is vulnerable to many known attacks. To cope with the problems, Wu et al. proposed a New Authenticated Key Exchange (NAKE) protocol for SIP based on the Elliptic Curve Cryptosystem. However, this paper shows that the NAKE is insecure against the off-line password guessing attack and proposes a Modified Authenticated Key Exchange (MAKE) protocol for SIP. The MAKE fits neatly in the SIP protocols as described in RFC 3261.