Cryptanalysis of Two Authentication Scheme for DRM System

  • Dheerendra Mishra
  • Sourav Mukhopadhyay
Part of the Communications in Computer and Information Science book series (CCIS, volume 420)


Internet based content distribution facilitates efficient platform for digital content (movies, music, text, software) trades to the remote users. It makes electronic commerce more profiting and user-friendly. However, digital content can be easily copied and redistributed over the network. At the same time, digital rights management (DRM) system emerges in the response of these drawbacks. It tries to ensure authorized content distribution so that copyright protection can be assured. Although, most of the existing DRM system supports only one way authentication, where the server verifies user’s authenticity and user simply assumed that he is interacting with the correct server. It may cause server spoofing attack. In 2006, Fan et al. proposed a certificate based authentication scheme for DRM system. In 2009, Wang at al. presented a smart card based authentication scheme for DRM system using biometric keys in which user and server can mutually authenticate each other. We analyze both the schemes and show that both the schemes fail to prove their claim of resistance to most common attacks. Fan et al.’s scheme has failed to resist known session specific temporary information attack and replay attack. Moreover, it does not ensure perfect forward secrecy. Wang et al.’s scheme does not withstand insider attack and known session specific temporary information attack and have an inefficient login phase.


Digital Rights Management Authentication Anonymity Security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ku, W., Chi, C.: Survey on the technological aspects of digital rights management. Information Security, 391–403 (2004)Google Scholar
  2. 2.
    Dutta, R., Mishra, D., Mukhopadhyay, S.: Vector space access structure and ID based distributed DRM key management. In: Abraham, A., Mauri, J.L., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part IV. CCIS, vol. 193, pp. 223–232. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Liu, Q., Safavi-Naini, R., Sheppard, N.P.: Digital rights management for content distribution. In: Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003, vol. 21, pp. 49–58. Australian Computer Society, Inc. (2003)Google Scholar
  4. 4.
    Michiels, S., Verslype, K., Joosen, W., De Decker, B.: Towards a software architecture for DRM. In: Proceedings of the 5th ACM Workshop on Digital Rights Management, pp. 65–74. ACM (2005)Google Scholar
  5. 5.
    Mishra, D., Mukhopadhyay, S.: A certificateless authenticated key agreement protocol for digital rights management system. In: Singh, K., Awasthi, A.K. (eds.) QShine 2013. LNICST, vol. 115, pp. 568–577. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Mishra, D., Mukhopadhyay, S.: Secure content delivery in DRM system with consumer privacy. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 321–335. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Nair, S.K., Popescu, B.C., Gamage, C., Crispo, B., Tanenbaum, A.S.: Enabling drm-preserving digital content redistribution. In: Seventh IEEE International Conference on E-Commerce Technology, CEC 2005, pp. 151–158. IEEE (2005)Google Scholar
  8. 8.
    Nützel, J., Beyer, A.: Towards trust in digital rights management systems. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds.) TrustBus 2006. LNCS, vol. 4083, pp. 162–171. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Sun, H.M., Hung, C.F., Chen, C.M.: An improved digital rights management system based on smart cards. In: Digital EcoSystems and Technologies Conference, DEST 2007, pp. 308–313. Inaugural IEEE-IES, IEEE (2007)Google Scholar
  10. 10.
    Fourar-Laidi, H.: A smart card based framework for securing e-business transactions in distributed systems. Journal of King Saud University-Computer and Information Sciences 25(1), 1–5 (2013)CrossRefGoogle Scholar
  11. 11.
    Wang, D., Li, J., Memik, G.: Authentication scheme of DRM system for remote users based on multimodal biometrics, watermarking and smart cards. In: WRI Global Congress on Intelligent Systems, GCIS, vol. 2., 530–534. IEEE (2009)Google Scholar
  12. 12.
    Lee, N.Y., Lee, T.Y.: User friendly digital rights management system based on smart cards. In: Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2009, pp. 869–872. IEEE (2009)Google Scholar
  13. 13.
    Jeong, E.S., Sur, C., Rhee, K.H.: A new DRM system based on graded contents sharing and time-block distribution for home networks. In: 6th IEEE/ACIS International Conference on Computer and Information Science, ICIS 2007, pp. 830–833. IEEE (2007)Google Scholar
  14. 14.
    Fan, K., Pei, Q., Mo, W., Zhao, X., Li, X.: A novel authentication mechanism for improving the creditability of drm system. In: International Conference on Communication Technology, ICCT 2006, pp. 1–4. IEEE (2006)Google Scholar
  15. 15.
    Malladi, S., Heckendorn, A.F.J.,, R.B.: On preventing replay attacks on security protocols. Technical report, DTIC Document (2002)Google Scholar
  16. 16.
    Aura, T.: Strategies against replay attacks. In: Proceedings of 10th Computer Security Foundations Workshop, pp. 59–68 (1997)Google Scholar
  17. 17.
    Mishra, D.: A study on id-based authentication schemes for telecare medical information system. arXiv preprint arXiv:1311.0151 (2013)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Dheerendra Mishra
    • 1
  • Sourav Mukhopadhyay
    • 1
  1. 1.Department of MathematicsIndian Institute of Technology KharagpurIndia

Personalised recommendations