Cryptanalysis of Two Authentication Scheme for DRM System
Internet based content distribution facilitates efficient platform for digital content (movies, music, text, software) trades to the remote users. It makes electronic commerce more profiting and user-friendly. However, digital content can be easily copied and redistributed over the network. At the same time, digital rights management (DRM) system emerges in the response of these drawbacks. It tries to ensure authorized content distribution so that copyright protection can be assured. Although, most of the existing DRM system supports only one way authentication, where the server verifies user’s authenticity and user simply assumed that he is interacting with the correct server. It may cause server spoofing attack. In 2006, Fan et al. proposed a certificate based authentication scheme for DRM system. In 2009, Wang at al. presented a smart card based authentication scheme for DRM system using biometric keys in which user and server can mutually authenticate each other. We analyze both the schemes and show that both the schemes fail to prove their claim of resistance to most common attacks. Fan et al.’s scheme has failed to resist known session specific temporary information attack and replay attack. Moreover, it does not ensure perfect forward secrecy. Wang et al.’s scheme does not withstand insider attack and known session specific temporary information attack and have an inefficient login phase.
KeywordsDigital Rights Management Authentication Anonymity Security
Unable to display preview. Download preview PDF.
- 1.Ku, W., Chi, C.: Survey on the technological aspects of digital rights management. Information Security, 391–403 (2004)Google Scholar
- 3.Liu, Q., Safavi-Naini, R., Sheppard, N.P.: Digital rights management for content distribution. In: Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003, vol. 21, pp. 49–58. Australian Computer Society, Inc. (2003)Google Scholar
- 4.Michiels, S., Verslype, K., Joosen, W., De Decker, B.: Towards a software architecture for DRM. In: Proceedings of the 5th ACM Workshop on Digital Rights Management, pp. 65–74. ACM (2005)Google Scholar
- 7.Nair, S.K., Popescu, B.C., Gamage, C., Crispo, B., Tanenbaum, A.S.: Enabling drm-preserving digital content redistribution. In: Seventh IEEE International Conference on E-Commerce Technology, CEC 2005, pp. 151–158. IEEE (2005)Google Scholar
- 9.Sun, H.M., Hung, C.F., Chen, C.M.: An improved digital rights management system based on smart cards. In: Digital EcoSystems and Technologies Conference, DEST 2007, pp. 308–313. Inaugural IEEE-IES, IEEE (2007)Google Scholar
- 11.Wang, D., Li, J., Memik, G.: Authentication scheme of DRM system for remote users based on multimodal biometrics, watermarking and smart cards. In: WRI Global Congress on Intelligent Systems, GCIS, vol. 2., 530–534. IEEE (2009)Google Scholar
- 12.Lee, N.Y., Lee, T.Y.: User friendly digital rights management system based on smart cards. In: Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2009, pp. 869–872. IEEE (2009)Google Scholar
- 13.Jeong, E.S., Sur, C., Rhee, K.H.: A new DRM system based on graded contents sharing and time-block distribution for home networks. In: 6th IEEE/ACIS International Conference on Computer and Information Science, ICIS 2007, pp. 830–833. IEEE (2007)Google Scholar
- 14.Fan, K., Pei, Q., Mo, W., Zhao, X., Li, X.: A novel authentication mechanism for improving the creditability of drm system. In: International Conference on Communication Technology, ICCT 2006, pp. 1–4. IEEE (2006)Google Scholar
- 15.Malladi, S., Heckendorn, A.F.J.,, R.B.: On preventing replay attacks on security protocols. Technical report, DTIC Document (2002)Google Scholar
- 16.Aura, T.: Strategies against replay attacks. In: Proceedings of 10th Computer Security Foundations Workshop, pp. 59–68 (1997)Google Scholar
- 17.Mishra, D.: A study on id-based authentication schemes for telecare medical information system. arXiv preprint arXiv:1311.0151 (2013)Google Scholar