Provable Secure and Efficient Digital Rights Management Authentication Scheme Using Smart Card Based on Elliptic Curve Cryptography

Since the concept of ubiquitous computing is firstly proposed by Mark Weiser, its connotation has been extending and expanding by many scholars. In pervasive computing application environment, many kinds of small devices containing smart cart are used to communicate with others. In 2013, Yang et al. proposed an enhanced authentication scheme using smart card for digital rights management. They demonstrated that their scheme is secure enough. However, Mishra et al. pointed out that Yang et al.’s scheme suffers from the password guessing attack and the denial of service attack. Moreover, they also demonstrated that Yang et al.’s scheme is not efficient enough when the user inputs an incorrect password. In this paper, we analyze Yang et al.’s scheme again, and find that their scheme is vulnerable to the session key attack. And, there are some mistakes in their scheme. To surmount the weakness of Yang et al.’s scheme, we propose a more efficient and provable secure digital rights management authentication scheme using smart card based on elliptic curve cryptography.

[1]  Dae-Hee Seo,et al.  A Study on RFID System with Secure Service Availability for Ubiquitous Computing , 2005, J. Inf. Process. Syst..

[2]  Wataru Kameyama,et al.  A proposal on open DRM system coping with both benefits of rights-holders and users , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[3]  Zoubir Mammeri,et al.  Authentication and consensus overhead in vehicular ad hoc networks , 2013, Telecommun. Syst..

[4]  Darko Kirovski,et al.  Digital rights management for digital cinema , 2001, Optics + Photonics.

[5]  Dongho Won,et al.  Lightweight anonymous authentication scheme with unlinkability in global mobility networks , 2014 .

[6]  Woei Lin,et al.  Enhanced digital rights management authentication scheme based on smart card , 2013, IET Inf. Secur..

[7]  Lei Yang,et al.  A DRM Authentication Scheme Based on Smart-Card , 2009, 2009 International Conference on Computational Intelligence and Security.

[8]  Liling Cao,et al.  Analysis and improvement of a multi-factor biometric authentication scheme , 2015, Secur. Commun. Networks.

[9]  Mark Weiser The computer for the 21st century , 1991 .

[10]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[11]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[12]  Vangalur S. Alagar,et al.  Publishing and discovering context-dependent services , 2013, Human-centric Computing and Information Sciences.

[13]  Cheng-Chi Lee,et al.  Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices , 2013, IET Comput. Digit. Tech..

[14]  Muhammad Khurram Khan,et al.  An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards , 2006, ISPEC.

[15]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[16]  Mikhail J. Atallah,et al.  Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[17]  Athanasios V. Vasilakos,et al.  Provably secure three-party authenticated key agreement protocol using smart cards , 2014, Comput. Networks.

[18]  Elijah Blessing Rajsingh,et al.  Smart card based time efficient authentication scheme for global grid computing , 2012, Human-centric Computing and Information Sciences.

[19]  Hyung-Min Lim,et al.  A License Audit Model for Secure DRM Systems in IP-based Environments , 2010, J. Inf. Process. Syst..

[20]  Setti Yerukamma,et al.  Efficient Authentication for Mobile and Pervasive Computing , 2017 .

[21]  Im-Yeong Lee,et al.  Anonymous Authentication Scheme based on NTRU for the Protection of Payment Information in NFC Mobile Environment , 2013, J. Inf. Process. Syst..

[22]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[23]  Wei Guo,et al.  Cryptanalysis and improvement on a parallel keyed hash function based on chaotic neural network , 2013, Telecommun. Syst..

[24]  Cheng-Chi Lee,et al.  A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[25]  Mohan S. Kankanhalli,et al.  A digital rights management scheme for broadcast video , 2003, Multimedia Systems.

[26]  Minh-Triet Tran,et al.  Improvement of the More Efficient and Secure ID-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on ECC , 2012, 2012 26th International Conference on Advanced Information Networking and Applications Workshops.

[27]  Jian-Jun Yuan,et al.  An enhanced two-factor user authentication in wireless sensor networks , 2014, Telecommun. Syst..

[28]  Younghwa An,et al.  Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2012, Journal of biomedicine & biotechnology.

[29]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[30]  Sourav Mukhopadhyay,et al.  Cryptanalysis of Yang et al.'s Digital Rights Management Authentication Scheme Based on Smart Card , 2014, SNDS.

[31]  Ta Minh Thanh,et al.  A proposal of digital rights management based on incomplete cryptography using invariant Huffman code length feature , 2013, Multimedia Systems.