An anonymous and secure biometric‐based enterprise digital rights management system for mobile environment

Abstract

AbstractInternet‐based content distribution facilitates an efficient platform to sell the digital content to the remote users. However, the digital content can be easily copied and redistributed over the network, which causes huge loss to the right holders. On the contrary, the digital rights management (DRM) systems have been introduced in order to regulate authorized content distribution. Enterprise DRM (E‐DRM) system is an application of DRM technology, which aims to prevent illegal access of data in an enterprise. Earlier works on E‐DRM do not address anonymity, which may lead to identity theft. Recently, Chang et al. proposed an efficient E‐DRM mechanism. Their scheme provides greater efficiency and protects anonymity. Unfortunately, we identify that their scheme does not resist the insider attack and password‐guessing attack. In addition, Chang et al.'s scheme has some design flaws in the authorization phase. We then point out the requirements of E‐DRM system and present the cryptanalysis of Chang et al.'s scheme. In order to remedy the security weaknesses found in Chang et al.'s scheme, we aim to present a secure and efficient E‐DRM scheme. The proposed scheme supports the authorized content key distribution and satisfies the desirable security attributes. Additionally, our scheme offers low communication and computation overheads and user's anonymity as well. Through the rigorous formal and informal security analyses, we show that our scheme is secure against possible known attacks. Furthermore, the simulation results for the formal security analysis using the widely accepted Automated Validation of Internet Security Protocols and Applications tool ensure that our scheme is also secure. Copyright © 2015 John Wiley & Sons, Ltd.