Abstract
Recently, Lu et al. presented a mutual authentication scheme for Session Initiation Protocol. Lu et al. claimed their scheme provides safeguard against familiar attacks and offers efficient authentication facility. However, this paper divulges that the scheme of Lu et al. is prone to server and user impersonation attacks. Additionally, the scheme of Lu et al. implicates correctness concerns. Consequently, an enhanced scheme is proposed, not only to resolve correctness concerns but also to provide robustness against server and user impersonation attacks. The proposed scheme makes use of a user-specific secret parameter to deal with the security and correctness issues. The formal and informal security analysis proves the robustness and efficiency of the proposed scheme against all familiar attacks. Furthermore, security analysis is also substantiated through popular automated tool PROVERIF. Copyright (C) 2016 John Wiley & Sons, Ltd.