A Trusted Authentication Protocol based on SDIO Smart Card for DRM

Terminals security vulnerabilities makes DRM researches to focus on trusted computing technology in recent years, however, no efficient and practical trusted authentication protocol is presented, especially with formal proof. To attest the integrity when access to the DRM server, the DRM client need perform mutual authentication and key agreement with the server first, and then use the sharing key to encrypt the integrity values. A novel trusted authentication protocol based on SDIO smart card is presented together with its formal security proof. The proposed protocol is composed of registration phase, login phase, identity authentication and key agreement phase, and integrity attestation phase. In contrast to other corrective schemes through attack resisting analysis and computational cost analysis, the proposed scheme is able to provide greater security and practicality to guarantee the trust attestation for DRM.

[1]  Reihaneh Safavi-Naini,et al.  Implementing Trusted Terminals with a and SITDRM , 2008, Electron. Notes Theor. Comput. Sci..

[2]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[3]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[4]  R. Safavi-Naini,et al.  Implementing Trusted Terminals with a TPM and SITDRM , 2010 .

[5]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[6]  Eun-Jun Yoon,et al.  Two Security Problems of Efficient Remote Mutual Authentication and Key Agreement , 2007, Future Generation Communication and Networking (FGCN 2007).

[7]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[8]  Wen Hu,et al.  A TPM-enabled remote attestation protocol (TRAP) in wireless sensor networks , 2011, PM2HW2N '11.

[9]  Zhenfeng Zhang,et al.  Trusted Channels with Password-Based Authentication and TPM-Based Attestation , 2010, 2010 International Conference on Communications and Mobile Computing.

[10]  Jian Wang,et al.  Cryptanalysis and Improvement of an 'Efficient Remote Mutual Authentication and Key Agreement' , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[11]  Ahmad-Reza Sadeghi,et al.  Extending IPsec for Efficient Remote Attestation , 2010, Financial Cryptography Workshops.

[12]  Zhiyong Zhang,et al.  Digital Rights Management Ecosystem and its Usage Controls: A Survey , 2011 .

[13]  Lili Zhang,et al.  A Novel DRM Security Scheme and its Prototype System Implementation , 2011 .

[14]  Patrick Röder,et al.  A Robust Integrity Reporting Protocol for Remote Attestation , 2006 .

[15]  Ronald Perez,et al.  Linking remote attestation to secure tunnel endpoints , 2006, STC '06.

[16]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[17]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[18]  Eun-Jun Yoon,et al.  Remote mutual authentication and key agreement scheme based on elliptic curve cryptosystem , 2011 .

[19]  Ahmad-Reza Sadeghi,et al.  Beyond secure channels , 2007, STC '07.

[20]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[21]  Gao Zhi Efficient Identity-Based Authenticated Key Agreement Protocol in the Standard Model , 2011 .

[22]  Seung-Soo Shin,et al.  Remote User Authentication Scheme using Smart Cards , 2009 .

[23]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[24]  Xiaotie Deng,et al.  Two-factor mutual authentication based on smart cards and passwords , 2008, J. Comput. Syst. Sci..

[25]  Jianmin Wang,et al.  Efficient remote mutual authentication and key agreement , 2006, Comput. Secur..