Remote Revocation of Smart Cards in a Private DRM System

We describe a DRM smartcard-based scheme in which content access requests are not linked to a user's identity or smartcard, and in which compromised cards can be revoked without the need to communicate with any card (whether revoked or not). The scheme has many other features, such as efficiency and requiring minimal interaction to process an access request (no complex interactive protocols), forward and backward security, stateless receivers, and under certain cryptographic constructions collusion-resistance. The above is achieved while requiring the smartcard to store only a single key and to perform a single modular exponentiation per revocation. Furthermore, our solution introduces a combinatorial problem that is of independent interest.

[1]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[2]  Amos Fiat,et al.  Dynamic Traitor Training , 1999, CRYPTO.

[3]  Avishai Wool,et al.  A practical revocation scheme for broadcast encryption using smart cards , 2003, 2003 Symposium on Security and Privacy, 2003..

[4]  Robert E. Tarjan,et al.  Scaling and related techniques for geometry problems , 1984, STOC '84.

[5]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[6]  Amos Fiat,et al.  Dynamic Traitor Tracing , 2001, Journal of Cryptology.

[7]  Amit Sahai,et al.  Coding Constructions for Blacklisting Problems without Computational Assumptions , 1999, CRYPTO.

[8]  Douglas R. Stinson,et al.  Trade-offs Between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution , 1996, CRYPTO.

[9]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[10]  Moni Naor,et al.  Threshold Traitor Tracing , 1998, CRYPTO.

[11]  Wen-Guey Tzeng,et al.  A Public-Key Traitor Tracing Scheme with Revocation Using Dynamic Shares , 2001, Des. Codes Cryptogr..

[12]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[13]  Gert Vegter,et al.  In handbook of discrete and computational geometry , 1997 .

[14]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[15]  Joseph O'Rourke,et al.  Handbook of Discrete and Computational Geometry, Second Edition , 1997 .

[16]  P. A. P. Moran,et al.  An introduction to probability theory , 1968 .

[17]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[18]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[19]  Axthonv G. Oettinger,et al.  IEEE Transactions on Information Theory , 1998 .

[20]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1951 .

[21]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[22]  Jan van Leeuwen,et al.  Maintenance of Configurations in the Plane , 1981, J. Comput. Syst. Sci..

[23]  Dan E. Willard,et al.  New Data Structures for Orthogonal Range Queries , 1985, SIAM J. Comput..

[24]  Yevgeniy Dodis,et al.  Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack , 2003, Public Key Cryptography.

[25]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[26]  Moni Naor,et al.  Efficient Trace and Revoke Schemes , 2000, Financial Cryptography.

[27]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[28]  Wen-Guey Tzeng,et al.  A Public-Key Traitor Tracing Scheme with Revocation Using Dynamic Shares , 2001, Public Key Cryptography.

[29]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[30]  Avishai Wool,et al.  A practical revocation scheme for broadcast encryption using smartcards , 2006, TSEC.

[31]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[32]  Kazukuni Kobara,et al.  Broadcast encryption with short keys and transmissions , 2003, DRM '03.

[33]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[34]  Matthew K. Franklin,et al.  Anonymous authentication with subset queries (extended abstract) , 1999, CCS '99.

[35]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[36]  Richard J. Lipton,et al.  Spy: a method to secure clients for network services , 2002, Proceedings 22nd International Conference on Distributed Computing Systems Workshops.

[37]  Jessica Staddon,et al.  Combinatorial Bounds for Broadcast Encryption , 1998, EUROCRYPT.

[38]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[39]  Avishai Wool,et al.  Key management for restricted multicast using broadcast encryption , 2000, TNET.

[40]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[41]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[42]  Avishai Wool,et al.  Long-Lived Broadcast Encryption , 2000, CRYPTO.

[43]  Carlo Blundo,et al.  Space Requirements for Broadcast Encryption , 1994, EUROCRYPT.