Cryptanalysis of Yang et al.’s Digital Rights Management Authentication Scheme Based on Smart Card

  • Dheerendra Mishra
  • Sourav Mukhopadhyay
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 420)


Internet based content distribution presents a scalable platform for digital content trade to the remote users. It makes electronic commerce more profiting business. However, digital content can be easily copied and redistributed without any quality degradation over the network. Digital rights management (DRM) systems emerge as an effective solution which ensures copyright protection. Most of the existing DRM systems support only one way authentication where the server verifies user’s authenticity and user simply assumed that he is interacting with the correct server. It may provide an opportunity of performing server spoofing attack to an adversary. In 2009, Zhang et al. presented a smart card based authentication scheme for DRM system in which user and server can mutually authenticate each other and establish a session key. Recently, Yang et al. demonstrated that Zhang et al.’s scheme is vulnerable to insider attack and stolen smart card attack. Additionally, they proposed an improved scheme to erase the drawbacks of Zhang et al.’s scheme. We identify that Yang et al.’s improved scheme is also vulnerable to password guessing attack and denial of service attack. Moreover, their scheme does not present efficient login and password change phases such that smart card executes the session in case of incorrect input. We show that how inefficiency of login and password change phases cause denial of service attack.


Digital rights management Smart card Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Mishra, D.: A study on id-based authentication schemes for telecare medical information system. arXiv preprint arXiv:1311.0151 (2013)Google Scholar
  2. 2.
    Mishra, D., Mukhopadhyay, S.: Secure content delivery in drm system with consumer privacy. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 321–335. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  3. 3.
    Subramanya, S., Yi, B.K.: Digital rights management. IEEE Potentials 25(2), 31–34 (2006)CrossRefGoogle Scholar
  4. 4.
    Yang, H.W., Yang, C.C., Lin, W.: Enhanced digital rights management authentication scheme based on smart card. Institution of Engineering and Technology (2013)Google Scholar
  5. 5.
    Zhang, Y.C., Yang, L., Xu, P., Zhan, Y.S.: A drm authentication scheme based on smart-card. In: International Conference on Computational Intelligence and Security, CIS 2009, vol. 2, pp. 202–207. IEEE (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Dheerendra Mishra
    • 1
  • Sourav Mukhopadhyay
    • 1
  1. 1.Department of MathematicsIndian Institute of Technology KharagpurIndia

Personalised recommendations