• PDF / 2,308,438 Bytes
• 17 Pages / 595.224 x 790.955 pts Page_size
• 83 Downloads / 197 Views

DOWNLOAD

REPORT

A lightweight three-factor authentication protocol for digital rights management system SungJin Yu1 · KiSung Park1 · YoHan Park2 · HyungPyo Kim3 · YoungHo Park1 Received: 12 February 2019 / Accepted: 9 October 2019 © Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract Recent advances in communication technology and low-power devices have led digital-content services to be provided in various resource limited environments such as smart home, Internet of Things, and the Vehicle-to-Everything. However, digital content is easily replicated and distributed through open channels. Authentication is therefore becoming increasingly important for digital rights management (DRM) systems to provide secure services to authorized users. In 2018, Lee et al. proposed a biometric-based authentication scheme for DRM systems. We here demonstrate that Lee et al.’s scheme is vulnerable to mobile device theft and user impersonation attacks and does not allow secure mutual authentication. We propose an alternative secure three-factor authentication protocol for DRM systems to overcome these security shortcomings. Using formal/informal security analysis and a BAN logic analysis, we also show that our protocol protects against various types of attacks and allows secure mutual authentication. Furthermore, we demonstrate that the proposed protocol is secure against replay attacks and man-in-the-middle attacks using the formal verification simulation tool AVISPA. The proposed protocol is therefore applicable to resource-limited environments. Keywords Authentication · BAN logic · AVISPA · Digital rights management system

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by Ministry of Science, ICT and Future Planning (2017R1A2B1002147).  YoungHo Park

[email protected] SungJin Yu [email protected] KiSung Park [email protected] YoHan Park [email protected] HyungPyo Kim [email protected] 1

School of Electronics Engineering, Kyungpook National University, Daegu, Republic of Korea

2

School of Computer Engineering, Keimyung University, Daegu, Republic of Korea

3

Department of Electrical Engineering, Kyungpook National University, Daegu, Republic of Korea

1 Introduction 1.1 Background Because of the development of embedded technology and low-power devices, users can readily access photos, games, documents, e-books, videos, and music services using low-power devices in the Internet of Things (IoT) [1–3]. However, such easy access also allows the illicit duplication and distribution of digital content because it is provided through open channels. This issue has made digital rights management (DRM) technology important for protecting the rights associated with digital content. Authentication is an essential security requirement for DRM systems to provide digital-content services to legitimate users. In many countries around the world, the illegal download of copyrighted digital content has been considered a serious problem, causing huge losses f

Recommend Documents

A Lightweight Mutual Authentication Protocol for RFID

163 77 2MB

A Lightweight Secure Authentication Protocol for Wireless Sensor Networks

188 5 47MB

Lightweight multi-factor mutual authentication protocol for IoT devices

219 68 933KB

A digital rights management system based on a scalable blockchain

169 1 3MB

Digital Rights Management

152 14 22MB

Digital Rights Management

182 63 2MB

Digital Rights Management

188 1 27MB

Tree-LSHB+: An LPN-Based Lightweight Mutual Authentication RFID Protocol

164 56 753KB

The use of a digital rights management system for article delivery

141 46 59KB

LaaCan: A Lightweight Authentication Architecture for Vehicle Controller Area Network

250 64 32MB

A decentralized lightweight blockchain-based authentication mechanism for IoT systems

181 89 2MB

A New Lightweight RFID Grouping Proof Protocol

162 97 29MB