Abstract
In the Bitcoin network, the simplified payment verification protocol (SPV) enables a lightweight device such as a mobile phone to participate in the bitcoin network without needed to download and store the whole Bitcoin blocks. A Bitcoin SPV node initiates and verifies transactions of the Bitcoin network through the Bitcoin wallet software which is deployed on a resource constrained device such as a mobile phone. Thus, the security of the wallet is critical for the SPV nodes as it may affect the security of user’s cryptocurrencies. However, there are some concerns about the security flaws within the SPV nodes which could lead to significant economic losses. Most of these vulnerabilities can be resolved by employing a secure user authentication protocol. Over the years, researchers have engaged in designing a secure authentication protocol. However, most proposals have security flaws or performance issues. Recently, Park et al. proposed a two-party authenticated key exchange protocol for the mobile environment. They claimed that their protocol is not only secure against various attacks but also can be deployed efficiently. However, after a thorough security analysis, we find that the Park et al.’s protocol is vulnerable to user forgery attack, smart card stolen attack and unable to provide user anonymity. To enhance security, we proposed an efficient and secure user authentication protocol for the SPV nodes in the mobile environment which can fulfill all the security requirements and has provable security. Additionally, we provide performance analysis which shows our proposed protocol is efficient for the SPV nodes in the Bitcoin network.
Similar content being viewed by others
References
Market B. Bitcoin market. 2019. https://coinmarketcap.com/zh/currencies/bitcoin/
Nakamoto S. Bitcoin: a peer-to-peer electronic cash system. 2008. https://bitcoin.org/bitcoin.pdf
Wang D, Cheng H B, Wang P, et al. Zipf’s law in passwords. IEEE Trans Inform Forensic Secur, 2017, 12: 2776–2791
Lamport L. Password authentication with insecure communication. Commun ACM, 1981, 24: 770–772
Das M L, Saxena A, Gulati V P. A dynamic ID-based remote user authentication scheme. IEEE Trans Consumer Electron, 2004, 50: 629–631
Yoon E-J, Ryu E-K, Yoo K-Y. Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consumer Electron, 2004, 50: 612–614
Das M L. Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun, 2009, 8: 1086–1090
Khan M K, Alghathbar K. Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 2010, 10: 2450–2459
Jiang Q, Ma J F, Lu X, et al. An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl, 2015, 8: 1070–1081
Wang D, Wang P. Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans Depend Secure Comput, 2018, 15: 708–722
Zhang G M, Yan C, Ji X Y, et al. Dolphinattack: inaudible voice commands. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, 2017. 103–117
Park K, Park Y, Park Y, et al. 2PAKEP: provably secure and efficient two-party authenticated key exchange protocol for mobile environment. IEEE Access, 2018, 6: 30225–30241
He D B, Chen J H, Hu J. An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inf Fusion, 2012, 13: 223–230
Wu Z Y, Lee Y C, Lai F P, et al. A secure authentication scheme for telecare medicine information systems. J Med Syst, 2012, 36: 1529–1535
He D B, Chen J H, Zhang R. A more secure authentication scheme for telecare medicine information systems. J Med Syst, 2012, 36: 1989–1995
Wei J H, Hu X X, Liu W F. An improved authentication scheme for telecare medicine information systems. J Med Syst, 2012, 36: 3597–3604
Wang D, He D B, Wang P, et al. Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput, 2015, 12: 428–442
Tsai J L, Lo N W, Wu T C. Novel anonymous authentication scheme using smart cards. IEEE Trans Ind Inf, 2013, 9: 2004–2013
Li C T. A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inform Secur, 2013, 7: 3–10
Memon I, Hussain I, Akhtar R, et al. Enhanced privacy and authentication: an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wirel Pers Commun, 2015, 84: 1487–1508
Reddy A G, Das A K, Yoon E J, et al. A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access, 2016, 4: 4394–4407
Chaudhry S A, Naqvi H, Sher M, et al. An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Netw Appl, 2017, 10: 1–15
Feng Q, He D B, Zeadally S, et al. Ideal lattice-based anonymous authentication protocol for mobile devices. IEEE Syst J, 2018, 13: 2775–2785
Qi M P, Chen J H. An efficient two-party authentication key exchange protocol for mobile environment. Int J Commun Syst, 2017, 30: e3341
Wang D, Zhang Z J, Wang P, et al. Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016. 1242–1254
Chen X F, Li J, Huang X Y, et al. New publicly verifiable databases with efficient updates. IEEE Trans Dependable Secure Comput, 2015, 12: 546–556
Zhu Y M, Fu A M, Yu S, et al. New algorithm for secure outsourcing of modular exponentiation with optimal checkability based on single untrusted server. In: Proceedings of 2018 IEEE International Conference on Communications (ICC). New York: IEEE, 2018. 1–6
Chen X F, Li J, Huang X Y, et al. Secure outsourced attribute-based signatures. IEEE Trans Parallel Distrib Syst, 2014, 25: 3285–3294
Wu F, Xu L L, Kumari S, et al. An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw Appl, 2018, 11: 1–20
Lu Y R, Li L X, Peng H P, et al. An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl, 2017, 76: 1801–1815
He D B, Zeadally S, Xu B, et al. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans Inform Forensic Secur, 2015, 10: 2681–2691
Acknowledgements
Chunpeng GE was supported by National Natural Science Foundation of China (Grant No. 61702236) and Changzhou Sci & Tech Program (Grant No. CJ20179027). Chunhua SU was supported by JSPS Kiban(B) (Grant No. 18H03240) and JSPS Kiban(C) (Grant No. 18K11298).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhou, L., Ge, C. & Su, C. A privacy preserving two-factor authentication protocol for the Bitcoin SPV nodes. Sci. China Inf. Sci. 63, 130103 (2020). https://doi.org/10.1007/s11432-019-9922-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-019-9922-x