Cryptanalysis of Yang et al.’s Digital Rights Management Authentication Scheme Based on Smart Card
Internet based content distribution presents a scalable platform for digital content trade to the remote users. It makes electronic commerce more profiting business. However, digital content can be easily copied and redistributed without any quality degradation over the network. Digital rights management (DRM) systems emerge as an effective solution which ensures copyright protection. Most of the existing DRM systems support only one way authentication where the server verifies user’s authenticity and user simply assumed that he is interacting with the correct server. It may provide an opportunity of performing server spoofing attack to an adversary. In 2009, Zhang et al. presented a smart card based authentication scheme for DRM system in which user and server can mutually authenticate each other and establish a session key. Recently, Yang et al. demonstrated that Zhang et al.’s scheme is vulnerable to insider attack and stolen smart card attack. Additionally, they proposed an improved scheme to erase the drawbacks of Zhang et al.’s scheme. We identify that Yang et al.’s improved scheme is also vulnerable to password guessing attack and denial of service attack. Moreover, their scheme does not present efficient login and password change phases such that smart card executes the session in case of incorrect input. We show that how inefficiency of login and password change phases cause denial of service attack.
KeywordsDigital rights management Smart card Authentication
Unable to display preview. Download preview PDF.
- 1.Mishra, D.: A study on id-based authentication schemes for telecare medical information system. arXiv preprint arXiv:1311.0151 (2013)Google Scholar
- 4.Yang, H.W., Yang, C.C., Lin, W.: Enhanced digital rights management authentication scheme based on smart card. Institution of Engineering and Technology (2013)Google Scholar
- 5.Zhang, Y.C., Yang, L., Xu, P., Zhan, Y.S.: A drm authentication scheme based on smart-card. In: International Conference on Computational Intelligence and Security, CIS 2009, vol. 2, pp. 202–207. IEEE (2009)Google Scholar