Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol

Authentication is an important security requirement for session initiation protocol (SIP). The conventional authentication method for SIP is HTTP Digest authentication which is insecure against several security attacks. Hence, several authentication schemes have been proposed for SIP. Most recently, Jiang et al. and Yeh et al. proposed two separate authentication and key agreement schemes for SIP using smart cards. The present paper shows that Jiang et al.'s scheme is vulnerable to user impersonation attacks and Yeh et al.'s scheme is insecure against offline password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned drawbacks, this paper proposes a new two-factor authentication and key agreement scheme for SIP. Security and performance analyses show that the proposed scheme not only enhances the security, but also improves the efficiency.