Abstract
Recent advances in communication technology and low-power devices have led digital-content services to be provided in various resource limited environments such as smart home, Internet of Things, and the Vehicle-to-Everything. However, digital content is easily replicated and distributed through open channels. Authentication is therefore becoming increasingly important for digital rights management (DRM) systems to provide secure services to authorized users. In 2018, Lee et al. proposed a biometric-based authentication scheme for DRM systems. We here demonstrate that Lee et al.’s scheme is vulnerable to mobile device theft and user impersonation attacks and does not allow secure mutual authentication. We propose an alternative secure three-factor authentication protocol for DRM systems to overcome these security shortcomings. Using formal/informal security analysis and a BAN logic analysis, we also show that our protocol protects against various types of attacks and allows secure mutual authentication. Furthermore, we demonstrate that the proposed protocol is secure against replay attacks and man-in-the-middle attacks using the formal verification simulation tool AVISPA. The proposed protocol is therefore applicable to resource-limited environments.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
