Session initiation protocol (SIP), a widely used signal protocol for controlling multimedia communication sessions, is under numerous attacks when performing the authentication steps between the user and server. So secure authentication schemes are needed to be presented for SIP. Recently, Arshad et al. advanced novel schemes for SIP using elliptic curve cryptography (ECC) and claimed their schemes can resist various attacks. However, Lu et al. found that Arshad et al.’s scheme cannot resist trace and key-compromise impersonation attacks; hence, it cannot provide proper mutual authentication. Meanwhile, an enhanced scheme was advanced by Lu et al. and they stated that their scheme can stand up to possible known attacks. Nevertheless, in this paper, we conclude that Arshad and Nikooghadam’s scheme is insecure against impersonation attack and Lu et al.’s scheme is still vulnerable to impersonation attack. To overcome these weaknesses of their schemes, we present a novel anonymous ECC-based scheme for SIP. Security analysis and performance analysis show that our proposed scheme can resist various known attacks and efficient in the meantime.

中文翻译：

---

SIP的基于匿名和高效ECC的身份验证方案

会话发起协议（SIP）是一种广泛使用的用于控制多媒体通信会话的信号协议，在执行用户与服务器之间的身份验证步骤时，受到了多种攻击。因此，需要为SIP提供安全的身份验证方案。最近，Arshad等人。使用椭圆曲线密码学（ECC）的SIP的高级新颖方案，并声称它们的方案可以抵抗各种攻击。但是，Lu等。发现Arshad等人的方案无法抵抗跟踪和密钥妥协的模拟攻击。因此，它不能提供适当的相互认证。同时，Lu等人提出了一种增强的方案。他们表示，他们的方案可以抵御可能的已知攻击。不过，在本文中，我们得出的结论是，Arshad和Nikooghadam的方案对假冒攻击不安全，Lu等人的方案仍然容易受到假冒攻击。为了克服其方案的这些弱点，我们提出了一种用于SIP的新型基于匿名ECC的方案。安全性分析和性能分析表明，本文提出的方案能够同时抵抗各种已知的攻击并且高效。