Bibliography for CIV2SIP

# Bibliography for Key Exchange for E2E secure Voice Communications (CIV2SIP) ###### tags: `bibliography` ## [SoK: An Analysis of End-to-End Encryption and Authentication Ceremonies in Secure Messaging Systems](https://dl.acm.org/doi/pdf/10.1145/3558482.3581773) * **Authors**: Mashari Alatawi, and Nitesh Saxena * **Venue**: WiSec '23: Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks * The paper first introduces the most popular End-to-End Encrypted (E2EE) apps including their underlying E2EE messaging protocols, namely: * Off-the-Record (OTR) * Signal * Apple's iMessage * Telegram's MTProto protocol * ZRTP - Then, it investigate and systematize E2EE features of these apps, including their underlying authentication ceremonies. * The evaluation shows that all current E2EE apps, particularly when operating in opportunistic E2EE mode, are incapable of repelling active man-in-the-middle (MitM) attacks. In addition, none of the current E2EE apps provide better and more usable authentication ceremonies, resulting in insecure E2EE communications against active MitM attacks. ###### tages: `E2E AKE` ----------- ## [3AKEP: Triple-authenticated key exchange protocol for peer-to-peer VoIP applications](https://www.sciencedirect.com/science/article/pii/S0140366416301347) * **Authors**: Riccardo Pecori, Luca Veltri * **Venue**: Computer Communications, 2016 * The proposed protocol is the combination of Off-the-Record (OTR) and ZRTP protocols. They use DH key exchange and "SIGn-and-MAc" (SIGMA) protocol as well as Short Authentication String (SAS) for authentication. The private key for the signature scheme is derived from the identity of the peer. * The authors compare their protocol with ZRTP. However, the comparison, which is based on the number of exchanged messages and number of round trips, doesn't look fair. Based on the IETF standard for ZRTP, the number of exchanged messages is 10 which also includes the negotiation messages (Hello and Hello Ack) before starting the protocol as well as commit and confirmation messages which also are required for the proposed protocol. However, the authors doesn't count these kind of messages for their protocol and claim that it only needs 3 exchanged messages. * For authentication of the DH Key exchange, two peers either need to be sure that the verification key corresponds to the peer they're talking to; or own "trusted means" to exchange SAS. ###### tags: `E2E AKE` -------------- ------------ ## [AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_reaves.pdf) - **Authors**: Bradley Reaves, Logan Blue, and Patrick Traynor - **Venue**: Usenix 2016 - The authors implemented the TLS handshake over voice channels to share a symmetric key between two parties. The shared master key and the subsequent session keys cannot be used for voice communications because of the narrow bitrate of their implemented channel. However, they can be used to protect client authentication credential meeting the purpose of the paper. ###### tags: `E2E Authentication` -------- ## [Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card](https://onlinelibrary.wiley.com/doi/full/10.1002/dac.2499) - **Authors**: Liping Zhang, Shanyu Tang, and Zhihua Cai - **Venue**: International Journal of Communication Systems - 2014 - This paper presents a password authenticated key agreement protocol between the SIP Client and the SIP server using Smart cards. Thus, it eleminates the need to store the passwords in the SIP server. ###### tags: `Client-Server AKE` ----- ## [A Survey of SIP Authentication and Key Agreement Schemes](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6644333) - **Authors**: H. Hakan Kilinc and Tugrul Yanik - **Venue**: IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 2, SECOND QUARTER 2014 - This paper provides an overview of different authentication and key agreement (AKA) schemes used in Session Initiation Protocol (SIP). - The proposed SIP authentication and key agreement schemes have been divided into four sections: Password Authenticated Key Exchange (PAKE) based, hash and symmetric encryption based, public key cryptography (PKC) based and ID based schemes. - Several SIP AKA schemes has been reviewed in the paper, including the basic digest authentication scheme, mutual authentication, shared-secret authentication, and several public key infrastructure (PKI) based schemes. - The paper further discuss the advantages and disadvantages of each scheme, such as their computational complexity, scalability, and resistance to various types of attacks. - [MD] The paper discusses the key exchnage methods between the client and the server unlike our proposal which is between two clients. - [MD] PAKE is one of the methods that has been discussed in this paper. However, it has not referred to any paper using J-PAKE. To the best of my knowledge, there is no paper that has implemented the J-PAKE for key exchange between client and server. ###### tags: `Client-Server AKE` ------- ## --------------- ## [Introducing a Verified Authenticated Key Exchange Protocol over Voice Channels for Secure Voice Communication](https://pdfs.semanticscholar.org/31c4/746f3928471312375bd47dedd509172cacf9.pdf) - **Authors**: Piotr Krasnowski, Jerome Lebrun and Bruno Martin - **Venue**: 6th International Conference on Information Systems Security and Privacy, INSTICC, Feb 2020, Valletta, Malta - [MD] The proposed protocol is the same as ZRTP. - [MD] The authors didn't compare their protocol with ZRTP. - [MD]Considering that the paper has not been published in a good venue and its contribution is not recogniseable, I suggest ignoring it. ###### tags: `E2E AKE` - -------- ## [Comparison of SIP and H.323 Protocols](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4561304) in The Third International Conference on Digital Telecommunications - Author: Ilija Basicevic, Miroslav Popovic, Dragan Kukolj - The paper discusses the differences and similarities between the SIP and H.323, as well as their advantages and disadvantages. - In section 5, it mentions that "Because SIP proxies along the route of messages need to access some message fields, end-to-end encryption is not acceptable." Even when the target address is SIPS URI, it will achieve hop-to-hop encryption by TLS. [MD] Good point! - Table 2 list Number of Messages Exchanged during Session Establishment in SIP. SIP direct need only 4 negotiation messages to establish a SIP call. - [MD] This paper has not been published in a known venue. - [MD] It offers useful information about the number of messages negotiated in SIP that might be on interest for the implementation. ## [An End-to-End Approach to Host Mobility](http://nms.lcs.mit.edu/papers/e2emobility.pdf) in MobiCom '00: Proceedings of the 6th annual international conference on Mobile computing and networking - Author: Alex C. Snoeren and Hari Balakrishnan - The paper proposes a new protocol called Host Identity Protocol (HIP) to addressing host mobility in IP networks. - In our prototype, we don't use SIP server but a SIP direct to estabilish a SIP call. This paper can be used to support the idea that SIP server/proxy is not necessary for the SIP call routing. It is worth to notice that all papers mention that the intermediate SIP server make the end-to-end encrpyted SIP call impossible. [MD] Good point! ## [Security and delay issues in SIP systems](https://onlinelibrary.wiley.com/doi/epdf/10.1002/dac.1018?saml_referrer) in INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS - Author: Christian Callegari∗,†, Rosario G. Garroppo, Stefano Giordano and Michele Pagano - The paper first discuss the various security threats that SIP systems face, including eavesdropping, impersonation, and denial of service attacks. - Then it lists the applied security mechanisms in the system that can be used to protect against these threats, including HTTP Digest, TLS, S/MIME, IPSec and SRTP and key exchange. - It analyses the delay introduced by each one of the security mechanism, and provides an overview of various delay reduction techniques, including quality of service (QoS) mechanisms, media encoding optimization, and the use of distributed architectures. ## [Secure End-to-End VoIP System Based on Ethereum Blockchain](http://ce.sc.edu/cyberinfra/docs/publications/20180817033654165.pdf) in Journal of Communications Vol. 13, No. 8, August 2018 - Author: Elie F. Kfoury and David J. Khoury - Basically, the authors suggest using blockchain to replace PKI architecture for public key certification and distribution. ## [Secure SIP Signalling Service in IMS network](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6847291) in 2014 9th International Conference on Intelligent Systems: Theories and Applications (SITA-14) - Author: Elmostafa Belmekki; Brahim Raouyane; Abdelhamid Belmekki; Mostafa Bellafkih - The paper discusses the security mechanisms in the system, including HTTP Digest, TLS, S/MIME, IPSec and SRTP and key exchange. - Then the author proposes an improved securing register method for SIP registration. - In the paper, it mentions again that Encryption of all SIP messages end-to-end needs of confidentiality is not appropriate because of network intermediaries who need to see some field headers to route messages correctly: if intermediaries are excluded security associations, the messages are not routable. ## [Security Analysis of VoIP Architecture for Identifying SIP Vulnerabilities](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7021022) in 2014 International Conference on Emerging Technologies (ICET) / Security mechanisms for SIP-based multimedia communication infrastructure on 2004 International Conference on Communications, Circuits and Systems (IEEE Cat. No.04EX914) - Author: Ubaid Ur Rehman; Abdul Ghafoor Abbasi / Si Duanfeng; Long Qin; Han Xinhui; Zou Wei / S. Salsano; L. Veltri; D. Papalilo - The contribution of these paper are that they provide the new methodologies for identifying and evaluating vulnerabilities in SIP. - The papers provide the frameworks to evaluate our solution. ## [SIP signaling security for end-to-end communication](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1274257) in 9th Asia-Pacific Conference on Communications (IEEE Cat. No.03EX732) - Author: Kumiko Ono, Shinya Tachimoto - The paper provides a detailed analysis of the potential security threats, following a proposal of the security mechanism that enhances the security of SIP signaling. ## [User authentication in SIP](https://www.cosmocom.gr/wp-content/uploads/2013/05/Vesterinen_final.pdf) - Author: Pauli Vesterinen - The paper presents a comprehensive overview of the user authentication mechanism in SIP. ## [A New Authentication Mechanism and Key Agreement Protocol for SIP Using Identity-based Cryptography](http://eprints.qut.edu.au/4422/1/4422_1.pdf) in AusCERT Asia Pacific Information Technology Security Conference 2006, Gold Coast, Australia. - Author: Jared Ring Kim-Kwang Raymond Choo Ernest Foo Mark Looi - The paper proposes a new authentication mechanism and key agreement protocol for SIP based on identity-based cryptography. ## [A New Authentication Scheme For Session Initiation Protocol](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5066839) in 2009 International Conference on Complex, Intelligent and Software Intensive Systems - Author: Eun-Jun Yoon; Kee-Young Yoo - The paper proposes a new authentication scheme for SIP that addresses the shortcomings of existing schemes. ## [Authentication Using Multiple Communication Channels](https://dl.acm.org/doi/pdf/10.1145/1102486.1102496) in Proceedings of the 2005 workshop on Digital identity management - Author: Shintaro MIZUNO, Kohji YAMADA, Kenji TAKAHASHI - This paper proposes to use mobile phone as the trusted token to authenticate untrust computer. - Either SMS or mobile phone number is used to verify that the eligible user is using the computer. - Most relevant to our solution, but it has several downsides: + Lack of considering the caller spoofing issue. + One-way authentication only. Either client verifying the server or server verifying the client. Not both. + Human has to be involved in the process. ## [Using the mobile phone as a security token for unified authentication](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4300040) published in 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007) - Author: Steffen Hallsteinsen; Ivar Jorstad; Do Van Thanh - This proposed solution improves the method that proposed in the paper of "Authentication Using Multiple Communication Channels". It eliminates the factor of human in the process by installing software on the computer and the mobile phone. - The method uses a variation of Encrypted Key Exchange (EKE) protocol to pre-share a secret, which is hashed with a chanllenge to form a OTP during the authentication process, between the server and the mobile phohe. The chanllenge and the MAC of OTP is send via SMS to mobile phone to compute the OTP. The OPT then is sent to the untrusted computer then sent back via Internet for the authentication. ## [Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP, 2017](https://www.petsymposium.org/2017/papers/issue3/paper01-2017-3-source.pdf) * By Dominik Schürmann, Fabian Kabus, Gregor Hildermeier, and Lars Wolf * [MD] The paper analyzes attacks on real-world VoIP systems, in particular those implementing the ZRTP standard. The authors evaluate the protocol compliance, error handling, and user interfaces of the most common ZRTP-capable VoIP clients. The paper uncovers a critical vulnerability that allows wiretapping even though Short Authentication Strings are compared correctly. We discuss shortcomings in the clients’ error handling and design of security indicators potentially leading to insecure connections.  ## [On the Pitfalls of End-to-End Encrypted Communications: A Study of Remote Key-Fingerprint Verification, 2017](https://arxiv.org/pdf/1707.05285.pdf) * ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications Conference * By Maliheh Shirvanian, Nitesh Saxena, and Jesvin James George * User Study * This paper discusses the security and usability of a human-centered code verification task used in widely used Internet messaging and calling apps like WhatsApp, Viber, Telegram, and Signal. These apps employ end-to-end encryption, which relies on users verifying a code (a fingerprint of cryptographic keys) with each other to ensure secure communication. The study focuses on scenarios where users are either remotely located or in close proximity. In the remote setting, where users are not physically near each other, the study finds that most code verification methods offer poor security (high risk of false accepts) and low usability (high risk of false rejects and poor user experience ratings). The security and usability are significantly better in the proximity setting, where users are physically close to each other. This difference is attributed to the increased difficulty of comparing codes on the same device (remote setting) compared to comparing them on two separate devices (proximity setting). Overall, the study reveals significant vulnerabilities in the security and usability of code verification methods in Internet-based communication apps, particularly when users are not in close physical proximity, highlighting the potential for human errors in remote settings. ## [Action Needed! Helping Users Find and Complete the Authentication Ceremony in Signal, 2018](https://www.usenix.org/system/files/conference/soups2018/soups2018-vaziripour.pdf) * SOUPS'18 * By Elham Vaziripour, Justin Wu, Mark O’Neill, Daniel Metro, Josh Cockrell, Timothy Moffett, Jordan Whitehead, Nick Bonner, Kent Seamons, and Daniel Zappala * User study * This paper addresses the excessively long time taken by the Signal users to check and match key fingerprints for authentication (about 11 minutes). The authors propose two modifications to available version and evaluate their usablity and security compaeres to the existing one. * They use their own set of questions for evaluation. -------------- ## [VOICE-ZEUS: Impersonating Zoom’s E2EE-Protected Static Media and Textual Communications via Simple Voice Manipulations](https://arxiv.org/pdf/2310.13894.pdf)