Tracing and Revoking Pirate Rebroadcasts

All content distribution systems are vulnerable to the attack of rebroadcasting: in a pirate rebroadcast a pirate publishes the content in violation of the licensing agreement. This attack defeats any tracing mechanism that requires interaction with the pirate decoder for identifying compromised keys. Merely tracing pirate rebroadcasts is of little use and one should be also able to revoke the involved traitor keys. The only currently known scheme addressing this issue is implemented as part of the Advanced Access Content System (AACS) used in Blu-Ray and HD-DVD disks. In this paper we perform an analysis of this construction and we find it has serious limitations: the number of revocations is bound by the size of the receiver storage (for the actual parameters reported this is merely 85 keys). We address the limitations of the state of the art (i) by formally modeling the problem of tracing and revoking pirate rebroadcasts and (ii) by presenting the first efficient constructions of tracing and revoking pirate rebroadcasts that are capable of performing tracing for unlimited numbers of traitors and revoking unlimited numbers of users. We present three instantiations of our framework: our first construction achieves a linear communication overhead in the number of revoked users and traitors and is capable of eliminating a pirate rebroadcast by any number of traitors in time that depends logarithmically in the number of users and polynomially on the number of revocations and traitors. Our second construction assumes a fixed bound on the number of traitors and improves the elimination time to depend only logarithmically on the number of revocations. Both of these constructions require merely a binary marking alphabet. Our third construction utilizes a larger marking alphabet and achieves even faster pirate rebroadcast elimination; our analysis improves the previously known bound for the same alphabet size due to Fiat and Tassa from Crypto'99 while offering revocation explicitly.

[1]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[2]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[3]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[4]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[5]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[6]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[7]  Yvo Desmedt,et al.  Optimum Traitor Tracing and Asymmetric Schemes , 1998, EUROCRYPT.

[8]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[9]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[10]  Ingemar J. Cox,et al.  Secure spread spectrum watermarking for multimedia , 1997, IEEE Trans. Image Process..

[11]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[12]  Gábor Tardos,et al.  Optimal probabilistic fingerprint codes , 2003, STOC '03.

[13]  Jessica Staddon,et al.  Efficient Methods for Integrating Traceability and Broadcast Encryption , 1999, CRYPTO.

[14]  Hongxia Jin,et al.  Traitor tracing for prerecorded and recordable media , 2004, DRM '04.

[15]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[16]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[17]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[18]  David Pointcheval,et al.  Public Traceability in Traitor Tracing Schemes , 2005, EUROCRYPT.

[19]  Douglas R. Stinson,et al.  Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes , 1998, SIAM J. Discret. Math..

[20]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[21]  Serdar Pehlivanoglu,et al.  Pirate Evolution: How to Make the Most of Your Traitor Keys , 2007, CRYPTO.

[22]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[23]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[24]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[25]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[26]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[27]  Reihaneh Safavi-Naini,et al.  Sequential Traitor Tracing , 2000, CRYPTO.

[28]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[29]  Mike Burmester,et al.  Short c-Secure Fingerprinting Codes , 2003, ISC.

[30]  Reihaneh Safavi-Naini,et al.  Traitor Tracing for Shortened and Corrupted Fingerprints , 2002, Digital Rights Management Workshop.

[31]  Moni Naor,et al.  Threshold Traitor Tracing , 1998, CRYPTO.

[32]  Amos Fiat,et al.  Dynamic Traitor Tracing , 2001, Journal of Cryptology.

[33]  Dan Boneh,et al.  Collusion-Secure Fingerprinting for Digital Data , 1998, IEEE Trans. Inf. Theory.

[34]  Hideki Imai,et al.  Graph-Decomposition-Based Frameworks for Subset-Cover Broadcast Encryption and Efficient Instantiations , 2005, ASIACRYPT.

[35]  Joachim Biskup,et al.  Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings , 2007, ESORICS.

[36]  Jirí Sgall,et al.  Efficient dynamic traitor tracing , 2000, SODA '00.

[37]  Dongvu Tonien,et al.  Generic Construction of Hybrid Public Key Traitor Tracing with Full-Public-Traceability , 2006, ICALP.

[38]  Birgit Pfitzmann,et al.  Trials of Traced Traitors , 1996, Information Hiding.

[39]  Reihaneh Safavi-Naini,et al.  New results on frame-proof codes and traceability schemes , 2001, IEEE Trans. Inf. Theory.

[40]  Aggelos Kiayias,et al.  Scalable public-key tracing and revoking , 2003, PODC.

[41]  Hongxia Jin,et al.  Renewable Traitor Tracing: A Trace-Revoke-Trace System For Anonymous Attack , 2007, ESORICS.

[42]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[43]  Daniele Micciancio,et al.  Corrupting One vs. Corrupting Many: The Case of Broadcast and Multicast Encryption , 2006, ICALP.

[44]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[45]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[46]  Aggelos Kiayias,et al.  On Crafty Pirates and Foxy Tracers , 2001, Digital Rights Management Workshop.

[47]  Michael T. Goodrich,et al.  Efficient Tree-Based Revocation in Groups of Low-State Devices , 2004, CRYPTO.

[48]  Reihaneh Safavi-Naini,et al.  Collusion Secure q-ary Fingerprinting for Perceptual Content , 2001, Digital Rights Management Workshop.

[49]  David P. Woodruff,et al.  Explicit Exclusive Set Systems with Applications to Broadcast Encryption , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[50]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[51]  Dong Hoon Lee,et al.  One-Way Chain Based Broadcast Encryption Schemes , 2005, EUROCRYPT.

[52]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[53]  Jessica Staddon,et al.  Efficient Traitor Tracing Algorithms Using List Decoding , 2001, ASIACRYPT.

[54]  Avishai Wool,et al.  Long-Lived Broadcast Encryption , 2000, CRYPTO.

[55]  Jessica Staddon,et al.  Combinatorial properties of frameproof and traceability codes , 2001, IEEE Trans. Inf. Theory.