Abstract
Internet based content distribution facilitates efficient platform for digital content (movies, music, text, software) trades to the remote users. It makes electronic commerce more profiting and user-friendly. However, digital content can be easily copied and redistributed over the network. At the same time, digital rights management (DRM) system emerges in the response of these drawbacks. It tries to ensure authorized content distribution so that copyright protection can be assured. Although, most of the existing DRM system supports only one way authentication, where the server verifies user’s authenticity and user simply assumed that he is interacting with the correct server. It may cause server spoofing attack. In 2006, Fan et al. proposed a certificate based authentication scheme for DRM system. In 2009, Wang at al. presented a smart card based authentication scheme for DRM system using biometric keys in which user and server can mutually authenticate each other. We analyze both the schemes and show that both the schemes fail to prove their claim of resistance to most common attacks. Fan et al.’s scheme has failed to resist known session specific temporary information attack and replay attack. Moreover, it does not ensure perfect forward secrecy. Wang et al.’s scheme does not withstand insider attack and known session specific temporary information attack and have an inefficient login phase.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ku, W., Chi, C.: Survey on the technological aspects of digital rights management. Information Security, 391–403 (2004)
Dutta, R., Mishra, D., Mukhopadhyay, S.: Vector space access structure and ID based distributed DRM key management. In: Abraham, A., Mauri, J.L., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part IV. CCIS, vol. 193, pp. 223–232. Springer, Heidelberg (2011)
Liu, Q., Safavi-Naini, R., Sheppard, N.P.: Digital rights management for content distribution. In: Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003, vol. 21, pp. 49–58. Australian Computer Society, Inc. (2003)
Michiels, S., Verslype, K., Joosen, W., De Decker, B.: Towards a software architecture for DRM. In: Proceedings of the 5th ACM Workshop on Digital Rights Management, pp. 65–74. ACM (2005)
Mishra, D., Mukhopadhyay, S.: A certificateless authenticated key agreement protocol for digital rights management system. In: Singh, K., Awasthi, A.K. (eds.) QShine 2013. LNICST, vol. 115, pp. 568–577. Springer, Heidelberg (2013)
Mishra, D., Mukhopadhyay, S.: Secure content delivery in DRM system with consumer privacy. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 321–335. Springer, Heidelberg (2013)
Nair, S.K., Popescu, B.C., Gamage, C., Crispo, B., Tanenbaum, A.S.: Enabling drm-preserving digital content redistribution. In: Seventh IEEE International Conference on E-Commerce Technology, CEC 2005, pp. 151–158. IEEE (2005)
Nützel, J., Beyer, A.: Towards trust in digital rights management systems. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 162–171. Springer, Heidelberg (2006)
Sun, H.M., Hung, C.F., Chen, C.M.: An improved digital rights management system based on smart cards. In: Digital EcoSystems and Technologies Conference, DEST 2007, pp. 308–313. Inaugural IEEE-IES, IEEE (2007)
Fourar-Laidi, H.: A smart card based framework for securing e-business transactions in distributed systems. Journal of King Saud University-Computer and Information Sciences 25(1), 1–5 (2013)
Wang, D., Li, J., Memik, G.: Authentication scheme of DRM system for remote users based on multimodal biometrics, watermarking and smart cards. In: WRI Global Congress on Intelligent Systems, GCIS, vol. 2., 530–534. IEEE (2009)
Lee, N.Y., Lee, T.Y.: User friendly digital rights management system based on smart cards. In: Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2009, pp. 869–872. IEEE (2009)
Jeong, E.S., Sur, C., Rhee, K.H.: A new DRM system based on graded contents sharing and time-block distribution for home networks. In: 6th IEEE/ACIS International Conference on Computer and Information Science, ICIS 2007, pp. 830–833. IEEE (2007)
Fan, K., Pei, Q., Mo, W., Zhao, X., Li, X.: A novel authentication mechanism for improving the creditability of drm system. In: International Conference on Communication Technology, ICCT 2006, pp. 1–4. IEEE (2006)
Malladi, S., Heckendorn, A.F.J.,, R.B.: On preventing replay attacks on security protocols. Technical report, DTIC Document (2002)
Aura, T.: Strategies against replay attacks. In: Proceedings of 10th Computer Security Foundations Workshop, pp. 59–68 (1997)
Mishra, D.: A study on id-based authentication schemes for telecare medical information system. arXiv preprint arXiv:1311.0151 (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mishra, D., Mukhopadhyay, S. (2014). Cryptanalysis of Two Authentication Scheme for DRM System. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-54525-2_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54524-5
Online ISBN: 978-3-642-54525-2
eBook Packages: Computer ScienceComputer Science (R0)