Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

A privacy preserving two-factor authentication protocol for the Bitcoin SPV nodes

  • 7 Accesses

Abstract

In the Bitcoin network, the simplified payment verification protocol (SPV) enables a lightweight device such as a mobile phone to participate in the bitcoin network without needed to download and store the whole Bitcoin blocks. A Bitcoin SPV node initiates and verifies transactions of the Bitcoin network through the Bitcoin wallet software which is deployed on a resource constrained device such as a mobile phone. Thus, the security of the wallet is critical for the SPV nodes as it may affect the security of user’s cryptocurrencies. However, there are some concerns about the security flaws within the SPV nodes which could lead to significant economic losses. Most of these vulnerabilities can be resolved by employing a secure user authentication protocol. Over the years, researchers have engaged in designing a secure authentication protocol. However, most proposals have security flaws or performance issues. Recently, Park et al. proposed a two-party authenticated key exchange protocol for the mobile environment. They claimed that their protocol is not only secure against various attacks but also can be deployed efficiently. However, after a thorough security analysis, we find that the Park et al.’s protocol is vulnerable to user forgery attack, smart card stolen attack and unable to provide user anonymity. To enhance security, we proposed an efficient and secure user authentication protocol for the SPV nodes in the mobile environment which can fulfill all the security requirements and has provable security. Additionally, we provide performance analysis which shows our proposed protocol is efficient for the SPV nodes in the Bitcoin network.

This is a preview of subscription content, log in to check access.

References

  1. 1

    Market B. Bitcoin market. 2019. https://coinmarketcap.com/zh/currencies/bitcoin/

  2. 2

    Nakamoto S. Bitcoin: a peer-to-peer electronic cash system. 2008. https://bitcoin.org/bitcoin.pdf

  3. 3

    Wang D, Cheng H B, Wang P, et al. Zipf’s law in passwords. IEEE Trans Inform Forensic Secur, 2017, 12: 2776–2791

  4. 4

    Lamport L. Password authentication with insecure communication. Commun ACM, 1981, 24: 770–772

  5. 5

    Das M L, Saxena A, Gulati V P. A dynamic ID-based remote user authentication scheme. IEEE Trans Consumer Electron, 2004, 50: 629–631

  6. 6

    Yoon E-J, Ryu E-K, Yoo K-Y. Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consumer Electron, 2004, 50: 612–614

  7. 7

    Das M L. Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun, 2009, 8: 1086–1090

  8. 8

    Khan M K, Alghathbar K. Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 2010, 10: 2450–2459

  9. 9

    Jiang Q, Ma J F, Lu X, et al. An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl, 2015, 8: 1070–1081

  10. 10

    Wang D, Wang P. Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans Depend Secure Comput, 2018, 15: 708–722

  11. 11

    Zhang G M, Yan C, Ji X Y, et al. Dolphinattack: inaudible voice commands. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, 2017. 103–117

  12. 12

    Park K, Park Y, Park Y, et al. 2PAKEP: provably secure and efficient two-party authenticated key exchange protocol for mobile environment. IEEE Access, 2018, 6: 30225–30241

  13. 13

    He D B, Chen J H, Hu J. An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inf Fusion, 2012, 13: 223–230

  14. 14

    Wu Z Y, Lee Y C, Lai F P, et al. A secure authentication scheme for telecare medicine information systems. J Med Syst, 2012, 36: 1529–1535

  15. 15

    He D B, Chen J H, Zhang R. A more secure authentication scheme for telecare medicine information systems. J Med Syst, 2012, 36: 1989–1995

  16. 16

    Wei J H, Hu X X, Liu W F. An improved authentication scheme for telecare medicine information systems. J Med Syst, 2012, 36: 3597–3604

  17. 17

    Wang D, He D B, Wang P, et al. Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput, 2015, 12: 428–442

  18. 18

    Tsai J L, Lo N W, Wu T C. Novel anonymous authentication scheme using smart cards. IEEE Trans Ind Inf, 2013, 9: 2004–2013

  19. 19

    Li C T. A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inform Secur, 2013, 7: 3–10

  20. 20

    Memon I, Hussain I, Akhtar R, et al. Enhanced privacy and authentication: an efficient and secure anonymous communication for location based service using asymmetric cryptography scheme. Wirel Pers Commun, 2015, 84: 1487–1508

  21. 21

    Reddy A G, Das A K, Yoon E J, et al. A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access, 2016, 4: 4394–4407

  22. 22

    Chaudhry S A, Naqvi H, Sher M, et al. An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Netw Appl, 2017, 10: 1–15

  23. 23

    Feng Q, He D B, Zeadally S, et al. Ideal lattice-based anonymous authentication protocol for mobile devices. IEEE Syst J, 2018, 13: 2775–2785

  24. 24

    Qi M P, Chen J H. An efficient two-party authentication key exchange protocol for mobile environment. Int J Commun Syst, 2017, 30: e3341

  25. 25

    Wang D, Zhang Z J, Wang P, et al. Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016. 1242–1254

  26. 26

    Chen X F, Li J, Huang X Y, et al. New publicly verifiable databases with efficient updates. IEEE Trans Dependable Secure Comput, 2015, 12: 546–556

  27. 27

    Zhu Y M, Fu A M, Yu S, et al. New algorithm for secure outsourcing of modular exponentiation with optimal checkability based on single untrusted server. In: Proceedings of 2018 IEEE International Conference on Communications (ICC). New York: IEEE, 2018. 1–6

  28. 28

    Chen X F, Li J, Huang X Y, et al. Secure outsourced attribute-based signatures. IEEE Trans Parallel Distrib Syst, 2014, 25: 3285–3294

  29. 29

    Wu F, Xu L L, Kumari S, et al. An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw Appl, 2018, 11: 1–20

  30. 30

    Lu Y R, Li L X, Peng H P, et al. An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl, 2017, 76: 1801–1815

  31. 31

    He D B, Zeadally S, Xu B, et al. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans Inform Forensic Secur, 2015, 10: 2681–2691

Download references

Acknowledgements

Chunpeng GE was supported by National Natural Science Foundation of China (Grant No. 61702236) and Changzhou Sci & Tech Program (Grant No. CJ20179027). Chunhua SU was supported by JSPS Kiban(B) (Grant No. 18H03240) and JSPS Kiban(C) (Grant No. 18K11298).

Author information

Correspondence to Chunpeng Ge.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Zhou, L., Ge, C. & Su, C. A privacy preserving two-factor authentication protocol for the Bitcoin SPV nodes. Sci. China Inf. Sci. 63, 130103 (2020). https://doi.org/10.1007/s11432-019-9922-x

Download citation

Keywords

  • SPV nodes
  • secure authentication
  • two-factor
  • Bitcoin