Abstract
With the increasing number and popularity of digital content, the management of digital access rights has become an utmost important field. Through digital rights management systems (DRM-S), access to digital contents can be defined and for this, an efficient and secure authentication scheme is required. The DRM authentication schemes can be used to give access or restrict access to digital content. Very recently in 2020, Yu et al. proposed a symmetric hash and xor-based DRM and termed their system to achieve both security and performance efficiency. Contrarily, in this study, we argue that their scheme has several issues including nonresistance to privileged insider and impersonation attacks. Moreover, it is also to show in this study that their scheme has an incorrect authentication phase and due to this incorrectness, the scheme of Yu et al. lacks user scalability. An improved scheme is then proposed to counter the insecurities and incorrectness of the scheme of Yu et al. We prove the security of the proposed scheme using BAN logic. For a clear picture of the security properties, we also provide a textual discussion on the robustness of the proposed scheme. Moreover, due to the usage of symmetric key-based hash functions, the proposed scheme has a comparable performance efficiency.
Highlights
The rapid expansion of computer technology and media of various types such as software, music services, videos, photos, documents, and e-books is combined and manipulated as digital contents
With the invention of the low power devices, the distribution of such digital content along the globe is increased rapidly [1]. This rapid distribution demands an efficient digital rights management system to be utilized to preserve the digital rights associated with the content
The main purpose of the Digital right management (DRM) system is to provide protection to the digital contents and to make sure these are only accessible to valid users
Summary
The rapid expansion of computer technology and media of various types such as software, music services, videos, photos, documents, and e-books is combined and manipulated as digital contents. For the sake of secure transmission of the digital contents to the valid user through the public channel, strong authentication and key agreement schemes are needed [4,5,6]. The user in the Yu et al scheme after initiating an authentication message to the license server may never receive an acknowledgment, and the license server may never create a session key. (Inc 1) user Um sends a login request by entering password, identity, and biometric, and transmits Z1 , Z2, Z3, ZUS to LSj (the license server). The privileged adversary SA steals the hIDm, Xmi from the database of the LSj. When Um sends the the message hZ1, Z2, Z3, ZAUSi to LSj through public channel; SA will intercept the message and and impersonate as a valid license server in the following ways. Yu et al.’s scheme does not ensure the security of the secret key
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
