Abstract
Internet based content distribution presents a scalable platform for digital content trade to the remote users. It makes electronic commerce more profiting business. However, digital content can be easily copied and redistributed without any quality degradation over the network. Digital rights management (DRM) systems emerge as an effective solution which ensures copyright protection. Most of the existing DRM systems support only one way authentication where the server verifies user’s authenticity and user simply assumed that he is interacting with the correct server. It may provide an opportunity of performing server spoofing attack to an adversary. In 2009, Zhang et al. presented a smart card based authentication scheme for DRM system in which user and server can mutually authenticate each other and establish a session key. Recently, Yang et al. demonstrated that Zhang et al.’s scheme is vulnerable to insider attack and stolen smart card attack. Additionally, they proposed an improved scheme to erase the drawbacks of Zhang et al.’s scheme. We identify that Yang et al.’s improved scheme is also vulnerable to password guessing attack and denial of service attack. Moreover, their scheme does not present efficient login and password change phases such that smart card executes the session in case of incorrect input. We show that how inefficiency of login and password change phases cause denial of service attack.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Mishra, D.: A study on id-based authentication schemes for telecare medical information system. arXiv preprint arXiv:1311.0151 (2013)
Mishra, D., Mukhopadhyay, S.: Secure content delivery in drm system with consumer privacy. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 321–335. Springer, Heidelberg (2013)
Subramanya, S., Yi, B.K.: Digital rights management. IEEE Potentials 25(2), 31–34 (2006)
Yang, H.W., Yang, C.C., Lin, W.: Enhanced digital rights management authentication scheme based on smart card. Institution of Engineering and Technology (2013)
Zhang, Y.C., Yang, L., Xu, P., Zhan, Y.S.: A drm authentication scheme based on smart-card. In: International Conference on Computational Intelligence and Security, CIS 2009, vol. 2, pp. 202–207. IEEE (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mishra, D., Mukhopadhyay, S. (2014). Cryptanalysis of Yang et al.’s Digital Rights Management Authentication Scheme Based on Smart Card. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-54525-2_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54524-5
Online ISBN: 978-3-642-54525-2
eBook Packages: Computer ScienceComputer Science (R0)