×

Provable secure and efficient digital rights management authentication scheme using smart card based on elliptic curve cryptography. (English) Zbl 1395.94320

Summary: Since the concept of ubiquitous computing is firstly proposed by Mark Weiser, its connotation has been extending and expanding by many scholars. In pervasive computing application environment, many kinds of small devices containing smart cart are used to communicate with others. In [“Enhanced digital rights management authentication scheme based on smart card”, IET Inf. Secur. 7, No. 3, 189–194 (2013; doi:10.1049/iet-ifs.2012.0191)], H.-W. Yang, C.-C. Yang and W. Lin proposed an enhanced authentication scheme using smart card for digital rights management. They demonstrated that their scheme is secure enough. However, D. Mishra and S. Mukhopadhyay [“Cryptanalysis of Yang et al.’s digital rights management authentication scheme based on smart card”, Commun. Comput. Inf. Sci. 420, 288–297 (2014; doi:10.1007/978-3-642-54525-2_26)] pointed out that Yang, Yang and Lin’s scheme [loc. cit.] suffers from the password guessing attack and the denial of service attack. Moreover, they also demonstrated that Yang, Yang and Lin’s scheme [loc. cit.] is not efficient enough when the user inputs an incorrect password. In this paper, we analyze Yang, Yang and Lin’s scheme [loc. cit.] again, and find that their scheme is vulnerable to the session key attack. And, there are some mistakes in their scheme. To surmount the weakness of Yang, Yang and Lin’s scheme [loc. cit.], we propose a more efficient and provable secure digital rights management authentication scheme using smart card based on elliptic curve cryptography.

MSC:

94A60 Cryptography
68P25 Data encryption (aspects in computer science)
14G50 Applications to coding theory and cryptography of arithmetic geometry
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Weiser, M., The computer for the 21st century, Scientific American, 94-104, (1991)
[2] Alomair, B.; Poovendran, R., Efficient authentication for mobile and pervasive computing, Information and Communications Security. Information and Communications Security, Lecture Notes in Computer Science, 6476, 186-202, (2010), Berlin, Germany: Springer, Berlin, Germany · doi:10.1007/978-3-642-17650-0_14
[3] Seo, D. H.; Lee, I. Y., A study on RFID system with secure service availability for ubiquitous computing, Journal of Information Processing Systems, 1, 1, 96-101, (2005)
[4] Thanh, T. M.; Iwakiri, M., A proposal of digital rights management based on incomplete cryptography using invariant Huffman code length feature, Multimedia Systems, 20, 2, 127-142, (2014) · doi:10.1007/s00530-013-0327-z
[5] Park, S. W.; Lee, I. Y., Anonymous authentication scheme based on NTRU for the protection of payment information in NFC mobile environment, Journal of Information Processing Systems, 9, 3, 461-476, (2013)
[6] Kirovski, D.; Peinado, M.; Petitcolas, F. A. P., Digital rights management for digital cinema, Proceedings of the International Society for Optical Engineering · doi:10.1117/12.449745
[7] Emmanuel, S.; Kankanhalli, M. S., A digital rights management scheme for broadcast video, Multimedia Systems, 8, 6, 444-458, (2003) · doi:10.1007/s00530-002-0066-z
[8] Chang, H.; Atallah, M. J., Protecting software code by guards, DRM: ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management, 160-175, (2002), Berlin, Germany: Springer, Berlin, Germany · Zbl 1048.68708
[9] Seki, A.; Kameyama, W., A proposal on open DRM system coping with both benefits of rights-holders and users, Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM ’03)
[10] Yang, H. W.; Yang, C. C.; Lin, W., Enhanced digital rights management authentication scheme based on smart card, IET Information Security, 7, 3, 189-194, (2013) · doi:10.1049/iet-ifs.2012.0191
[11] Jang, U. J.; Lim, H.; Shin, Y., A license audit model for secure DRM systems in IP-based environments, Journal of Information Processing Systems, 6, 2, 253-260, (2010)
[12] Zhang, Y. C.; Yang, L.; Xu, P.; Zhan, Y. S., A DRM authentication scheme based on smart-card, Proceedings of the International Conference on Computational Intelligence and Security (CIS ’09) · doi:10.1109/CIS.2009.182
[13] Mishra, D.; Mukhopadhyay, S., Cryptanalysis of Yang et al.’s digital rights management authentication scheme based on smart card, Recent Trends in Computer Networks and Distributed Systems Security. Recent Trends in Computer Networks and Distributed Systems Security, Communications in Computer and Information Science, 420, 288-297, (2014)
[14] Lee, C. C.; Hwang, M. S.; Yang, W. P., A flexible remote user authentication scheme using smart cards, ACM Operating Systems Review, 36, 3, 45-52, (2002)
[15] Yuan, J. J., An enhanced two-factor user authentication in wireless sensor networks, Telecommunication Systems, 55, 1, 105-113, (2014)
[16] Petit, J.; Mammeri, Z., Authentication and consensus overhead in vehicular ad hoc networks, Telecommunication Systems, 52, 4, 2699-2712, (2013) · doi:10.1007/s11235-011-9589-y
[17] Yang, H. M.; Zhang, Y. X.; Zhou, Y. Z., Provably secure three-party authenticated key agreement protocol using smart cards, Computer Networks, 58, 29-38, (2014)
[18] Abdalla, M.; Fouque, P. A.; Pointcheval, D., Password based authenticated key exchange in the three-party setting, Proceedings of the International Workshop on Practice and Theory in Public Key Cryptography (PKC ’05) · Zbl 1081.94513
[19] Tsai, C.; Lee, C.; Hwang, M., Password authentication schemes: current status and key issues, International Journal of Network Security, 3, 2, 101-115, (2006)
[20] Gnanaraj, J. W. K.; Ezra, K.; Rajsingh, E. B., Smart card based time efficient authentication scheme for global grid computing, Human-Centric Computing and Information Sciences, 3, 1, 1-14, (2013)
[21] Wang, X.; Guo, W.; Zhang, W.; Khan, M. K.; Alghathbar, K., Cryptanalysis and improvement on a parallel keyed hash function based on chaotic neural network, Telecommunication Systems, 52, 2, 515-524, (2013) · doi:10.1007/s11235-011-9457-9
[22] Katz, J.; Lindell, Y., Introduction to Modern Cryptography, (2007), Chapman & Hall/CRC Press
[23] Lee, C.; Lin, T.; Chang, R., A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards, Expert Systems with Applications, 38, 11, 13863-13870, (2011) · doi:10.1016/j.eswa.2011.04.190
[24] Lee, C.; Chen, C.; Wu, P.; Chen, T., Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices, IET Computers & Digital Techniques, 7, 1, 48-55, (2013) · doi:10.1049/iet-cdt.2012.0073
[25] Cao, L.; Ge, W., Analysis and improvement of a multi-factor biometric authentication scheme, Security and Communication Networks, (2014) · doi:10.1002/sec.1010
[26] An, Y., Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards, Journal of Biomedicine and Biotechnology, 2012, (2012) · doi:10.1155/2012/519723
[27] Khan, M. K.; Zhang, J., An efficient and practical fingerprint-based remote user authentication scheme with smart cards, Information Security Practice and Experience, 260-268, (2006), Berlin, Germany: Springer, Berlin, Germany
[28] Truong, T.-T.; Tran, M.-T.; Duong, A.-D., Improvement of the more efficient & secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC, Journal of Convergence, 3, 2, 19-30, (2012)
[29] Chung, Y.; Choi, S.; Won, D., Lightweight anonymous authentication scheme with unlinkability in global mobility networks, Journal of Convergence, 4, 4, 23-29, (2013)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.