An anonymous and secure biometric-based enterprise digital rights management system for mobile environment

Internet-based content distribution facilitates an efficient platform to sell the digital content to the remote users. However, the digital content can be easily copied and redistributed over the network, which causes huge loss to the right holders. On the contrary, the digital rights management DRM systems have been introduced in order to regulate authorized content distribution. Enterprise DRM E-DRM system is an application of DRM technology, which aims to prevent illegal access of data in an enterprise. Earlier works on E-DRM do not address anonymity, which may lead to identity theft. Recently, Chang et al. proposed an efficient E-DRM mechanism. Their scheme provides greater efficiency and protects anonymity. Unfortunately, we identify that their scheme does not resist the insider attack and password-guessing attack. In addition, Chang et al.'s scheme has some design flaws in the authorization phase. We then point out the requirements of E-DRM system and present the cryptanalysis of Chang et al.'s scheme. In order to remedy the security weaknesses found in Chang et al.'s scheme, we aim to present a secure and efficient E-DRM scheme. The proposed scheme supports the authorized content key distribution and satisfies the desirable security attributes. Additionally, our scheme offers low communication and computation overheads and user's anonymity as well. Through the rigorous formal and informal security analyses, we show that our scheme is secure against possible known attacks. Furthermore, the simulation results for the formal security analysis using the widely accepted Automated Validation of Internet Security Protocols and Applications tool ensure that our scheme is also secure. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Sourav Mukhopadhyay,et al.  A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card , 2014, Peer-to-Peer Networking and Applications.

[2]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[3]  Sharath Pankanti,et al.  Biometric Recognition: Security and Privacy Concerns , 2003, IEEE Secur. Priv..

[4]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[5]  Chin-Chen Chang,et al.  A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment , 2013, Secur. Commun. Networks.

[6]  Vanga Odelu,et al.  A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks , 2015, Secur. Commun. Networks.

[7]  Anil K. Jain,et al.  A Real-Time Matching System for Large Fingerprint Databases , 1996, IEEE Trans. Pattern Anal. Mach. Intell..

[8]  Chin-Chen Chang,et al.  An authenticated group key distribution mechanism using theory of numbers , 2014, Int. J. Commun. Syst..

[9]  Ming-Hua Chang,et al.  List Decoding of Generalized Reed-Solomon Codes by Using a Modified Extended Key Equation Algorithm , 2011, EURASIP J. Wirel. Commun. Netw..

[10]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[11]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[12]  Carla Merkle Westphall,et al.  A DRM architecture to distribute and protect digital contents using digital licenses , 2005, Advanced Industrial Conference on Telecommunications/Service Assurance with Partial and Intermittent Resources Conference/E-Learning on Telecommunications Workshop (AICT/SAPIR/ELETE'05).

[13]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[14]  Adam Duffy,et al.  A Biometric Identity Based Signature Scheme , 2007, Int. J. Netw. Secur..

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Audun Jøsang,et al.  Mesmerize - an open framework for enterprise security management , 2004, ACSW.

[17]  Yixian Yang,et al.  Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing , 2013 .

[18]  Chin-Ling Chen,et al.  A secure and traceable E-DRM system based on mobile device , 2008, Expert Syst. Appl..

[19]  Zhang Liu,et al.  CS-DRM: A Cloud-Based SIM DRM Scheme for Mobile Internet , 2011, EURASIP J. Wirel. Commun. Netw..

[20]  Christoph Sorge,et al.  Privacy-Preserving DRM for Cloud Computing , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[21]  Kaiyu Liu,et al.  Sensitivity Analysis of Loss of Corporate Efficiency and Productivity Associated with Enterprise DRM Technology , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[22]  Chaokun Wang,et al.  Phosphor: A Cloud Based DRM Scheme with Sim Card , 2010, 2010 12th International Asia-Pacific Web Conference.

[23]  Chi-Hung Chi,et al.  Survey on the Technological Aspects of Digital Rights Management , 2004, ISC.

[24]  Jianfeng Ma,et al.  An novel three-party authenticated key exchange protocol using one-time key , 2013, J. Netw. Comput. Appl..

[25]  Yanjun Liu,et al.  A Group Key Distribution System Based on the Generalized Aryabhata Remainder Theorem for Enterprise Digital Rights Management , 2015, J. Inf. Hiding Multim. Signal Process..

[26]  Ashok Kumar Das,et al.  An efficient and novel three-factor user authentication scheme for large-scale heterogeneous wireless sensor networks , 2015, Int. J. Commun. Networks Distributed Syst..

[27]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[28]  Dirk Günnewig,et al.  Digital Rights Management , 2005, Wirtsch..

[29]  Chin-Chen Chang,et al.  An efficient and reliable E-DRM scheme for mobile environments , 2010, Expert Syst. Appl..

[30]  David von Oheimb The High-Level Protocol Specification Language HLPSL developed in the EU project AVISPA , 2005 .

[31]  Yuh-Min Tseng,et al.  An efficient dynamic group key agreement protocol for imbalanced wireless networks , 2010, Int. J. Netw. Manag..

[32]  Aviezri S. Fraenkel,et al.  New proof of the generalized Chinese Remainder Theorem , 1963 .

[33]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[34]  Wen Zeng,et al.  Quantitative Evaluation of Enterprise DRM Technology , 2011, PASM@ICPE.

[35]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[36]  Ashok Kumar Das,et al.  An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks , 2015, Secur. Commun. Networks.

[37]  Douglas R. Stinson,et al.  Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[38]  Chin-Chen Chang,et al.  An authenticated group key distribution protocol based on the generalized Chinese remainder theorem , 2014, Int. J. Commun. Syst..

[39]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[40]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[41]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).