ABSTRACT
In this paper we design efficient traitor tracing scheme for a pirate clone attack against a broadcast-encryption-based content protection system. In this content protection system, each user(device) is assigned a set of secret keys. In a clone attack, pirates (legitimate users) compromise their devices, extract their secret keys and use those keys to build a clone device. The clone device allows decryption of content that is originally only accessible by legitimate devices. The pirates can sell the clone device for profits. When a clone device is recovered, a traitor tracing scheme could identify which compromised devices' (called traitors) keys are in the clone. Once the compromised keys are detected, they can be disabled for future content access. In the process of tracing traitors, a series of carefully constructed cipher text is fed into the clone device and the reaction of the clone device is observed and used to deduce which keys are contained inside the clone. The traceability of a tracing scheme is measured by the number of testing cipher texts needed to identify the traitors. The state-of-art traitor tracing schemes in the symmetric key setting achieve O(t3 log t) traceabilities for t traitors. Unfortunately the theoretically efficient polynomial traceability could convert to years' tracing time in reality. In this paper, we present a practical approach that combines traditional traitor tracing scheme design with system security engineering consideration by introducing a "software key conversion data" virtual program. This combination enables our approach to drastically improve traceability over the state-of-art traitor tracing scheme existed in applied cryptography community. The traceabilities for clone attack is improved from O(t3 log t) to O(t) which converts the tracing time from the original 15 years to 4 hours for a clone attack of 100 traitors. Our much improved traceabilities makes them ultimately adopted to use in AACS [1], the new industry content protection standard for next generation high definition DVDs.
- http://www.aacsla.com/specifications, Pre-recorded Video Book.Google Scholar
- A. Fiat and M. Naor, "Broadcast Encryption," Crypto'93, Lecture Notes in computer science, Vol. 773, pp 480--491. Springer-Verlag, Berlin, Heidelberg, New York, 1993. Google ScholarDigital Library
- D. Naor, M. Naor and J. Lotspiech, "Revocation and Tracing Schemes for Stateless Receivers", Crypto 2001, Lecture Notes in computer science, Vol. 2139, pp 41--62, 2001. Google ScholarDigital Library
- M. Naor and B. Pinkas, "Efficient Trace and Revoke Schemes", Financial Cryptography'2000, Lecture Notes in Computer Science, Vol. 1962, pp. 1--20. Google ScholarDigital Library
- D. Boneh, A. Sahai and B. Waters, "Fully Collusion Resistant Traitor Tracing With Short Ciphertexts and Private Keys", EuroCrypt'06, pp. 573--592. Google ScholarDigital Library
- D. Boneh and M. Naor, "Traitor Tracing with Constant Size Ciphertext", ACM Communication and Computer Security, 2008. Google ScholarDigital Library
- H. Chabanne, DH. Phan and D. Pointcheval, "Public traceability in traitor tracing schemes", Eurocrypt, 2005, pp. 542--558. Google ScholarDigital Library
- R. Safani-Naini and Y. Wang, "Sequential Traitor tracing," IEEE Transactions on Information Theory, 49, 2003. Google ScholarDigital Library
- J. N. Staddon, D. R. Stinson and R. Wei, "Combinatorial properties of frameproof and traceability codes," IEEE Transactions on Information Theory, 47 (2001), 1042--1049. Google ScholarDigital Library
- H. Jin, J. Lotspiech and S. Nusser, "Traitor tracing for prerecorded and recordable media", ACM DRM workshop, Oct. 2004. Google ScholarDigital Library
- H. Jin and J. Lotspich, "Renewable Traitor Tracing: A Trace-Revoke-Trace System For Anonymous Attack", ESORICS 2007, LNCS 4734, pp. 563--577 Google ScholarDigital Library
- H. Jin and J. Lotspich, "Unifying broadcast encryption and traitor tracing for content protection", ACSAC 2009, pp. 139--148. Google ScholarDigital Library
- http://forum.slysoft.comGoogle Scholar
- http://cryptography.com/technology/spdc/index.htmlGoogle Scholar
Index Terms
- Efficient traitor tracing for clone attack in content protection
Recommendations
Renewable traitor tracing: a trace-revoke-trace system for anonymous attack
ESORICS'07: Proceedings of the 12th European conference on Research in Computer SecurityIn this paper we design renewable traitor tracing scheme for anonymous attack. When pirated copies of some copyrighted content or content decrypting key are found, a traitor tracing scheme could identify at least one of the real users (traitors) who ...
Further analysis of pairing-based traitor tracing schemes for broadcast encryption
Pairing-based public key systems have recently received much attention because bilinear property contributes to the designs of many cryptographic schemes. In 2002, Mitsunari et al. proposed the first pairing-based traitor tracing scheme with constant-...
Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation
In this work, we show how to use indistinguishability obfuscation to build multiparty key exchange, efficient broadcast encryption, and efficient traitor tracing. Our schemes enjoy several interesting properties that have not been achievable before:Our ...
Comments