logo

SCIENCE CHINA Information Sciences, Volume 63 , Issue 3 : 130103(2020) https://doi.org/10.1007/s11432-019-9922-x

A privacy preserving two-factor authentication protocol for the Bitcoin SPV nodes

More info
  • ReceivedApr 24, 2019
  • AcceptedJun 17, 2019
  • PublishedFeb 10, 2020

Abstract


Acknowledgment

Chunpeng GE was supported by National Natural Science Foundation of China (Grant No. 61702236) and Changzhou Sci $\&$ Tech Program (Grant No. CJ20179027). Chunhua SU was supported by JSPS Kiban(B) (Grant No. 18H03240) and JSPS Kiban(C) (Grant No. 18K11298).


References

[1] Market B. Bitcoin market. 2019. https://coinmarketcap.com/zh/currencies/bitcoin/. Google Scholar

[2] Nakamoto S, et al. Bitcoin: A peer-to-peer electronic cash system. 2008. Google Scholar

[3] Wang D, Cheng H B, Wang P. Zipf's Law in Passwords. IEEE TransInformForensic Secur, 2017, 12: 2776-2791 CrossRef Google Scholar

[4] Lamport L. Password authentication with insecure communication. Commun ACM, 1981, 24: 770-772 CrossRef Google Scholar

[5] Das M L, Saxena A, Gulati V P. A dynamic ID-based remote user authentication scheme. IEEE Trans Consumer Electron, 2004, 50: 629-631 CrossRef Google Scholar

[6] Yoon E J, Ryu E K, Yoo K Y. Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consumer Electron, 2004, 50: 612-614 CrossRef Google Scholar

[7] Das M L. Two-factor user authentication in wireless sensor networks. IEEE Trans Wireless Commun, 2009, 8: 1086-1090 CrossRef Google Scholar

[8] Khan M K, Alghathbar K. Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'.. Sensors, 2010, 10: 2450-2459 CrossRef PubMed Google Scholar

[9] Jiang Q, Ma J F, Lu X. An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl, 2015, 8: 1070-1081 CrossRef Google Scholar

[10] Wang D, Wang P. Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound. IEEE Trans Dependable Secure Comput, 2016, : 1-1 CrossRef Google Scholar

[11] Zhang G, Chen Y, Ji X, et al. Dolphinattack: Inaudible voice commands. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, 2017. 103--117. Google Scholar

[12] Park K, Park Y, Park Y. 2PAKEP: Provably Secure and Efficient Two-Party Authenticated Key Exchange Protocol for Mobile Environment. IEEE Access, 2018, 6: 30225-30241 CrossRef Google Scholar

[13] He D B, Chen J H, Hu J. An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inf Fusion, 2012, 13: 223-230 CrossRef Google Scholar

[14] Wu Z Y, Lee Y C, Lai F P. A secure authentication scheme for telecare medicine information systems.. J Med Syst, 2012, 36: 1529-1535 CrossRef PubMed Google Scholar

[15] He D B, Chen J H, Zhang R. A more secure authentication scheme for telecare medicine information systems.. J Med Syst, 2012, 36: 1989-1995 CrossRef PubMed Google Scholar

[16] Wei J H, Hu X X, Liu W F. An improved authentication scheme for telecare medicine information systems.. J Med Syst, 2012, 36: 3597-3604 CrossRef PubMed Google Scholar

[17] Wang D, He D B, Wang P. Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment. IEEE Trans Dependable Secure Comput, 2015, 12: 428-442 CrossRef Google Scholar

[18] Tsai J L, Lo N W, Wu T C. Novel Anonymous Authentication Scheme Using Smart Cards. IEEE Trans Ind Inf, 2013, 9: 2004-2013 CrossRef Google Scholar

[19] Li C T. A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. CrossRef Google Scholar

[20] Memon I, Hussain I, Akhtar R. Enhanced Privacy and Authentication: An Efficient and Secure Anonymous Communication for Location Based Service Using Asymmetric Cryptography Scheme. Wireless Pers Commun, 2015, 84: 1487-1508 CrossRef Google Scholar

[21] Reddy A G, Das A K, Yoon E J. A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography. IEEE Access, 2016, 4: 4394-4407 CrossRef Google Scholar

[22] Chaudhry S A, Naqvi H, Sher M. An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Netw Appl, 2017, 10: 1-15 CrossRef Google Scholar

[23] Feng Q, He D B, Zeadally S. Ideal Lattice-Based Anonymous Authentication Protocol for Mobile Devices. IEEE Syst J, 2018, : 1-11 CrossRef Google Scholar

[24] Qi M P, Chen J H. An efficient two-party authentication key exchange protocol for mobile environment. Int J Commun Syst, 2017, 30: e3341 CrossRef Google Scholar

[25] Wang D, Zhang Z, Wang P, et al. Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016. 1242--1254. Google Scholar

[26] Chen X F, Li J, Huang X Y. New Publicly Verifiable Databases with Efficient Updates. IEEE Trans Dependable Secure Comput, 2015, 12: 546-556 CrossRef Google Scholar

[27] Zhu Y M, Fu A M, Yu S, et al. New algorithm for secure outsourcing of modular exponentiation with optimal checkability based on single untrusted server. In: Proceedings of 2018 IEEE International Conference on Communications (ICC). New York: IEEE, 2018. 1--6. Google Scholar

[28] Chen X F, Li J, Huang X Y. Secure Outsourced Attribute-Based Signatures. IEEE Trans Parallel Distrib Syst, 2014, 25: 3285-3294 CrossRef Google Scholar

[29] Wu F, Xu L L, Kumari S. An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw Appl, 2018, 11: 1-20 CrossRef Google Scholar

[30] Lu Y R, Li L X, Peng H P. An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl, 2017, 76: 1801-1815 CrossRef Google Scholar

[31] He D B, Zeadally S, Xu B. An Efficient Identity-Based Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad Hoc Networks. IEEE Trans Inform Forensic Secur, 2015, 10: 2681-2691 CrossRef Google Scholar

  • Figure 1

    (Color online) Network model.

  • Figure 2

    Authentication and key agreement parse for Park et al.'s protocol

  • Figure 3

    User registration parse for our protocol.

  • Figure 4

    User authentication and key agreement parse for our protocol.

  • Figure 5

    Password change parse.

  • Figure 6

    (Color online) Communication costs comparison.

  • Table 1   Symbols were used in the protocol of Park et al. and our protocol
    SymbolsDescription
    $~\mathcal{A}~$An attacker
    $~U_{i}~$$i$-th of user
    $~{\rm~ID}_{i}~$Identity of $~U_{i}~$
    $~{\rm~PW}_{i}~$Password of $~U_{i}~$
    $~S~$The server
    $~d_{S}~$Private key of the server
    $~Q_{S}~$Public key of the server
    $~P~$Elliptic curve point
    $~h(\cdot),H(\cdot)~$Secure Hash functions
    $~\Pi~$Our protocol
    kdf Secure one-way key derivation function
    $~\oplus~$Exclusive-OR operation
    $~||~$Concatenation operation
  • Table 2   Security requirement comparison
    SRPart et al.[12]Lu et al.[30]Ours
    Smart card stolen attackNNY
    Mutual authenticationNYY
    User forgery attackNYY
    Server forgery attackYYY
    Reply attackYYY
    Insider attackYYY
    Forward securityYYY
    User anonymityNYY
    Password guessing attackNNY
    Correct login and password change phaseYYY
  • Table 3   Computational costs comparison
    PhasePart et al.[12]Lu et al.[30]Ours
    System initialization phase$~T_{\rm~PM}~$$~T_{\rm~PM}~$$~T_{\rm~PM}~$
    User registration phase$~6T_{H}$$~5T_{H}$$~2T_{H}$
    Authentication and key agreement phase$~6T_{\rm~PM}+11T_{H}~$$~11T_{\rm~PM}+15T_{H}~$$~6T_{\rm~PM}+12T_{H}~$
    Password change phase$~4T_{H}~$$~3T_{H}~$$~3T_{H}~$
    Total costs$~7T_{\rm~PM}+21T_{H}~$$~12T_{\rm~PM}+23T_{H}~$$~7T_{\rm~PM}+23T_{H}~$