Formal Modelling and Security Analysis of Bitcoin's Payment Protocol

03/15/2021
by   Paolo Modesti, et al.
0

The Payment Protocol standard BIP70, specifying how payments in Bitcoin are performed by merchants and customers, is supported by the largest payment processors and most widely-used wallets. The protocol has been shown to be vulnerable to refund attacks due to lack of authentication of the refund addresses. In this paper, we give the first formal model of the protocol and formalise the refund address security goals for the protocol, namely refund address authentication and secrecy. The formal model utilises communication channels as abstractions conveying security goals on which the protocol modeller and verifier can rely. We analyse the Payment Protocol confirming that it is vulnerable to an attack violating the refund address authentication security goal. Moreover, we present a concrete protocol revision proposal supporting the merchant with publicly verifiable evidence that can mitigate the attack. We verify that the revised protocol meets the security goals defined for the refund address. Hence, we demonstrate that the revised protocol is secure, not only against the existing attacks, but also against any further attacks violating the formalised security goals.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/27/2018

Formal Analysis of 5G Authentication

Mobile communication networks connect much of the world's population. Th...
research
11/22/2022

Analysis of the DoIP Protocol for Security Vulnerabilities

DoIP, which is defined in ISO 13400, is a transport protocol stack for d...
research
05/11/2020

Provably insecure group authentication: Not all security proofs are what they claim to be

A paper presented at the ICICS 2019 conference describes what is claimed...
research
11/22/2022

The Security Protocol Verifier ProVerif and its Horn Clause Resolution Algorithm

ProVerif is a widely used security protocol verifier. Internally, ProVer...
research
10/10/2019

Security analysis of a blockchain-based protocol for the certification of academic credentials

We consider a blockchain-based protocol for the certification of academi...
research
11/28/2022

Security Analysis of the Consumer Remote SIM Provisioning Protocol

Remote SIM provisioning (RSP) for consumer devices is the protocol speci...
research
06/06/2023

mdTLS: How to Make middlebox-aware TLS more efficient?

The more data transmission over TLS protocol becomes increasingly common...

Please sign up or login with your details

Forgot password? Click here to reset