Authentication improvements for the session initiation protocol

This paper presents a new robust mutual authentication scheme known as SA-SIP for the protection of Session Initiation Protocol (SIP) in VoIP systems. This scheme differs in incorporating an additional version of the Secure PAKE that makes it possible to achieve mutual authentication while avoiding storing secret information on clients. This innovation helps to solve a critical issue of physical attacks on credentials stored during the traditional authentication process. The importance of this work, therefore, is to perform enhancement to both security and performance in SIP-based VoIP systems. First, since PAKE is incorporated in the proposed scheme, some of the attacks such as man-in-the-middle, impersonation, registration hijacking, and denial of service are eliminated but at the same time, the existing security of VoIP is also improved by eliminating the vulnerability of existing systems where credentials are usually stored. Second, the scheme is proven theoretically using the formal tool, ProVerif. Finally, the result of the performance analysis is that SA-SIP still has low computational complexity which makes the proposed scheme suitable for deployment in practical systems. Thus, by providing both security and performance characteristics SA-SIP has the advantage of being an effective and high-impact change in VoIP security.