Traitor tracing refers to a class of encryption schemes that can be used to deter key-leakage. They apply to a setting that involves many receivers, each one receiving a fingerprinted decryption key. If a set of malicious receivers (also known as traitors) constructs an illicit decoder then a tracing mechanism enables an authority to identify at least one of the traitors. The very first traitor tracing scheme that has sublinear ciphertext size and is capable of tracing unambiguously illicit decoders that may shut-down (or employ some sort of self-defensive mechanism that would be adverse to tracing) was proposed in AsiaCrypt 2004 by Matsushita and Imai.� In this work we demonstrate that this scheme is susceptible to an attack by an illicit decoder that not only evades tracing but results with high likelihood in the incrimination of an innocent user. Our attack is based on the fact that an illicit decoder can decompose a ciphertext to a set of components that can be submitted to a statistical test which distinguishes between tracing and regular system operation. The statistical distance between the two distributions converges to 1 as the number of traitors grows with an exponential rate in the number of traitors. After demonstrating our attack we also present a way to repair the construction as long as the traitors are not spaced too far apart in the user population. In particular we devise a transmission mechanism that eliminates the discrepancies between the tracing operation and the regular operation in the system and works against illicit decoders that are correct with sufficiently high probability.
{"title":"On the security of a public-key traitor tracing scheme with sublinear ciphertext size","authors":"A. Kiayias, Serdar Pehlivanoglu","doi":"10.1145/1655048.1655050","DOIUrl":"https://doi.org/10.1145/1655048.1655050","url":null,"abstract":"Traitor tracing refers to a class of encryption schemes that can be used to deter key-leakage. They apply to a setting that involves many receivers, each one receiving a fingerprinted decryption key. If a set of malicious receivers (also known as traitors) constructs an illicit decoder then a tracing mechanism enables an authority to identify at least one of the traitors. The very first traitor tracing scheme that has sublinear ciphertext size and is capable of tracing unambiguously illicit decoders that may shut-down (or employ some sort of self-defensive mechanism that would be adverse to tracing) was proposed in AsiaCrypt 2004 by Matsushita and Imai.\u0000 In this work we demonstrate that this scheme is susceptible to an attack by an illicit decoder that not only evades tracing but results with high likelihood in the incrimination of an innocent user. Our attack is based on the fact that an illicit decoder can decompose a ciphertext to a set of components that can be submitted to a statistical test which distinguishes between tracing and regular system operation. The statistical distance between the two distributions converges to 1 as the number of traitors grows with an exponential rate in the number of traitors. After demonstrating our attack we also present a way to repair the construction as long as the traitors are not spaced too far apart in the user population. In particular we devise a transmission mechanism that eliminates the discrepancies between the tracing operation and the regular operation in the system and works against illicit decoders that are correct with sufficiently high probability.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"129 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115187023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a generic and simple transformation that adds traceability to an anonymous encryption scheme. We focus on the case of honest senders, which finds applications in many real-life scenarios. Advantageously, our transformation can be applied to already deployed public-key infrastructures. Two concrete implementations are provided.
{"title":"A simple construction for public-key encryption with revocable anonymity: the honest-sender case","authors":"D. Alessio, M. Joye","doi":"10.1145/1655048.1655051","DOIUrl":"https://doi.org/10.1145/1655048.1655051","url":null,"abstract":"This paper presents a generic and simple transformation that adds traceability to an anonymous encryption scheme. We focus on the case of honest senders, which finds applications in many real-life scenarios. Advantageously, our transformation can be applied to already deployed public-key infrastructures. Two concrete implementations are provided.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"602 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115491627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital Rights Management (DRM) is used to protect copyrighted content from unauthorized use. However, this has taken away the jurisdiction of the consumers over their purchased content as they can no longer freely access the content at any place using any device; given that the license authorizing the consumption of content is typically bound to a particular device. Domain Management provides the flexibility to the consumers to manage their purchased content as they are given the rights to govern their own domain membership. Consumers can dynamically add and remove devices from the domain subject to a domain policy that complies with the policy set by content owners or service providers. We share our implementation experience of domain management using a DRM technology called Marlin. We perceive this work as the first local domain management implementation in a real life practical DRM System.
{"title":"An implementation experience of domain management in marlin","authors":"S. Keoh, Koen Vrielink","doi":"10.1145/1655048.1655054","DOIUrl":"https://doi.org/10.1145/1655048.1655054","url":null,"abstract":"Digital Rights Management (DRM) is used to protect copyrighted content from unauthorized use. However, this has taken away the jurisdiction of the consumers over their purchased content as they can no longer freely access the content at any place using any device; given that the license authorizing the consumption of content is typically bound to a particular device. Domain Management provides the flexibility to the consumers to manage their purchased content as they are given the rights to govern their own domain membership. Consumers can dynamically add and remove devices from the domain subject to a domain policy that complies with the policy set by content owners or service providers. We share our implementation experience of domain management using a DRM technology called Marlin. We perceive this work as the first local domain management implementation in a real life practical DRM System.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125702040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Broadcast encryption and public-key cryptography are two competing key management schemes. Both are in use today, although public key is much more pervasive (pervasive in the number of systems, not necessarily in the number of devices). In certain applications, especially the content protection or "Digital Rights Management" application, broadcast encryption seems to offer real advantages. In the last two or three years, advances have been made which offer new functionality to broadcast-encryption systems: a "signature-like" function, a device authentication protocol, "unified media key blocks" enhancing forensics, and "security classes". These new advances are summarized in this paper. The device authentication protocol has not previously been described in the academic literature, although it has been proposed in commercial systems.� The author believes the reason that broadcast encryption has not been used more frequently in content protection is more due to system designers being unfamiliar with it, and less due to any advantages of public-key cryptography. The author hopes that this paper might begin to reverse this trend.
{"title":"Broadcast encryption versus public key cryptography in content protection systems","authors":"J. Lotspiech","doi":"10.1145/1655048.1655055","DOIUrl":"https://doi.org/10.1145/1655048.1655055","url":null,"abstract":"Broadcast encryption and public-key cryptography are two competing key management schemes. Both are in use today, although public key is much more pervasive (pervasive in the number of systems, not necessarily in the number of devices). In certain applications, especially the content protection or \"Digital Rights Management\" application, broadcast encryption seems to offer real advantages. In the last two or three years, advances have been made which offer new functionality to broadcast-encryption systems: a \"signature-like\" function, a device authentication protocol, \"unified media key blocks\" enhancing forensics, and \"security classes\". These new advances are summarized in this paper. The device authentication protocol has not previously been described in the academic literature, although it has been proposed in commercial systems.\u0000 The author believes the reason that broadcast encryption has not been used more frequently in content protection is more due to system designers being unfamiliar with it, and less due to any advantages of public-key cryptography. The author hopes that this paper might begin to reverse this trend.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123020870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Program Obfuscation that renders any given program essentially equivalent to a black box, while desirable, is impossible [4] in the general polynomial time adversary models. It is natural to search for positive results under restricted programs (e.g., point functions [20, 2] POBDDs [10], cryptographic primitives [17, 12, 13]. Here we study straight line arithmetic programs.� Our model of obfuscation requires an attacker to produce the entire code only by looking at the obfuscated program. We show that obfuscation is possible, assuming factoring is hard and we have access to a tamper-resistant hardware (or secure token). We also assume that the programs can be sampled from some distribution. Our results are based on extending a result due to Shamir cite{Sha93} on generation of hard to factor polynomials to straight line programs.
{"title":"Obfuscating straight line arithmetic programs","authors":"S. Narayanan, A. Raghunathan, R. Venkatesan","doi":"10.1145/1655048.1655057","DOIUrl":"https://doi.org/10.1145/1655048.1655057","url":null,"abstract":"Program Obfuscation that renders any given program essentially equivalent to a black box, while desirable, is impossible [4] in the general polynomial time adversary models. It is natural to search for positive results under restricted programs (e.g., point functions [20, 2] POBDDs [10], cryptographic primitives [17, 12, 13]. Here we study straight line arithmetic programs.\u0000 Our model of obfuscation requires an attacker to produce the entire code only by looking at the obfuscated program. We show that obfuscation is possible, assuming factoring is hard and we have access to a tamper-resistant hardware (or secure token). We also assume that the programs can be sampled from some distribution. Our results are based on extending a result due to Shamir cite{Sha93} on generation of hard to factor polynomials to straight line programs.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114213162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Multiparty multilevel DRM architecture (MPML-DRM-A) involves multiple parties such as owner, multiple levels of distributors and consumers. The owner issues redistribution licenses to its distributors, who in turn generate and issue variations of these redistribution licenses to their sub-distributors. Also the distributors generate and issue usage licenses to the consumers to consume the contents. But, these variations of the redistribution licenses and usage licenses generated and issued by each distributor must be validated by a validation authority against the redistribution licenses that it has received. In MPML-DRM-A, there may exist multiple, different types of redistribution licenses for a content. Validation using multiple redistribution licenses may become difficult in real time. Further, storage of multiple redistribution licenses for validation presents a challenge of reducing storage space requirements. Hence, in this paper we propose a bit-vector transform based license organizing structure, and present a method to do the validation of issued licenses in the bit-vector transform domain efficiently. Experimental results show that our license organization structure helps to achieve low validation time and storage space complexity.
{"title":"Efficient license validation in MPML DRM architecture","authors":"Amit Sachan, S. Emmanuel, M. Kankanhalli","doi":"10.1145/1655048.1655060","DOIUrl":"https://doi.org/10.1145/1655048.1655060","url":null,"abstract":"Multiparty multilevel DRM architecture (MPML-DRM-A) involves multiple parties such as owner, multiple levels of distributors and consumers. The owner issues redistribution licenses to its distributors, who in turn generate and issue variations of these redistribution licenses to their sub-distributors. Also the distributors generate and issue usage licenses to the consumers to consume the contents. But, these variations of the redistribution licenses and usage licenses generated and issued by each distributor must be validated by a validation authority against the redistribution licenses that it has received. In MPML-DRM-A, there may exist multiple, different types of redistribution licenses for a content. Validation using multiple redistribution licenses may become difficult in real time. Further, storage of multiple redistribution licenses for validation presents a challenge of reducing storage space requirements. Hence, in this paper we propose a bit-vector transform based license organizing structure, and present a method to do the validation of issued licenses in the bit-vector transform domain efficiently. Experimental results show that our license organization structure helps to achieve low validation time and storage space complexity.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"120 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123123355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
When logging onto a remote server, s, from a distrusted terminal, c, one can leak secrets such as passwords and account data to malware. To address this problem, we rely on a trusted personal device, p, as the interface available to users for entering their login credentials. In our proposal, p would send the credentials to s using a tunneled TLS session routed via c. The tunneling would be done within an existing TLS session established between c and s. Upon validating the credentials, s would enable c to access the user account. Consequently, c would never see in plain-text user's credentials. As a powerful application, we show that p could use our protocol to execute a credit-card-like payment at a point-of-sale terminal, c, using an account managed by the card-issuing bank, s.
{"title":"Tunneled TLS for multi-factor authentication","authors":"D. Kirovski, Christopher Meek","doi":"10.1145/2046631.2046639","DOIUrl":"https://doi.org/10.1145/2046631.2046639","url":null,"abstract":"When logging onto a remote server, <i>s</i>, from a distrusted terminal, <i>c</i>, one can leak secrets such as passwords and account data to malware. To address this problem, we rely on a trusted personal device, <i>p</i>, as the interface available to users for entering their login credentials. In our proposal, <i>p</i> would send the credentials to <i>s</i> using a tunneled TLS session routed via <i>c</i>. The tunneling would be done within an existing TLS session established between <i>c</i> and <i>s</i>. Upon validating the credentials, <i>s</i> would enable <i>c</i> to access the user account. Consequently, <i>c</i> would never see in plain-text user's credentials. As a powerful application, we show that <i>p</i> could use our protocol to execute a credit-card-like payment at a point-of-sale terminal, <i>c</i>, using an account managed by the card-issuing bank, <i>s</i>.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124182161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Defining Digital Rights Management (DRM) is a complex task. There is no unique universal definition. There are many legal, economic, functional, and technical definitions. This complexity induces also that there is not one unique modeling of DRM. Each model should help to compare different DRM systems and easily highlight the differences and the similarities between them. One of the weaknesses of the current models is that none puts specifically the focus on the most important characteristics of DRM: protection of content and rights management. We propose a four-layer model that complements traditional ones. Using trust layer, rights management layer, rights enforcement layer, and content protection layer, this model is security oriented. It is suitable to describe any content protections such as DRM, conditional access, copy protection or even pre-recorded content protection systems.
{"title":"A four-layer model for security of digital rights management","authors":"E. Diehl","doi":"10.1145/1456520.1456527","DOIUrl":"https://doi.org/10.1145/1456520.1456527","url":null,"abstract":"Defining Digital Rights Management (DRM) is a complex task. There is no unique universal definition. There are many legal, economic, functional, and technical definitions. This complexity induces also that there is not one unique modeling of DRM. Each model should help to compare different DRM systems and easily highlight the differences and the similarities between them. One of the weaknesses of the current models is that none puts specifically the focus on the most important characteristics of DRM: protection of content and rights management. We propose a four-layer model that complements traditional ones. Using trust layer, rights management layer, rights enforcement layer, and content protection layer, this model is security oriented. It is suitable to describe any content protections such as DRM, conditional access, copy protection or even pre-recorded content protection systems.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124771212","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Content identification has many applications, ranging from preventing illegal sharing of copyrighted content on video sharing websites, to automatic identification and tagging of content. Several content identification techniques based on watermarking or robust hashes have been proposed in the literature, but they have mostly been evaluated through experiments. This paper analyzes binary hash-based content identification schemes under a decision theoretic framework and presents a lower bound on the length of the hash required to correctly identify multimedia content that may have undergone modifications. A practical scheme for content identification is evaluated under the proposed framework. The results obtained through experiments agree very well with the performance suggested by the theoretical analysis.
{"title":"A decision theoretic framework for analyzing binary hash-based content identification systems","authors":"Avinash L. Varna, A. Swaminathan, Min Wu","doi":"10.1145/1456520.1456532","DOIUrl":"https://doi.org/10.1145/1456520.1456532","url":null,"abstract":"Content identification has many applications, ranging from preventing illegal sharing of copyrighted content on video sharing websites, to automatic identification and tagging of content. Several content identification techniques based on watermarking or robust hashes have been proposed in the literature, but they have mostly been evaluated through experiments. This paper analyzes binary hash-based content identification schemes under a decision theoretic framework and presents a lower bound on the length of the hash required to correctly identify multimedia content that may have undergone modifications. A practical scheme for content identification is evaluated under the proposed framework. The results obtained through experiments agree very well with the performance suggested by the theoretical analysis.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"165 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131691003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we argue that improved interoperability between DRM systems is likely to benefit to all the actors in the content value chain. Moreover, we describe a domain-based approach to DRM interoperability. We discuss in some detail configuration aspects of such interoperable domains, and how they affect certain social aspects such as marriage and divorce. We conclude that interoperable domains offer a much needed flexibility, allowing users to more easily move between vertical silos and offering content owners a more flexible environment for selling content.
{"title":"Design rules for interoperable domains: controlling content dilution and content sharing","authors":"G. Doërr, T. Kalker","doi":"10.1145/1456520.1456529","DOIUrl":"https://doi.org/10.1145/1456520.1456529","url":null,"abstract":"In this paper we argue that improved interoperability between DRM systems is likely to benefit to all the actors in the content value chain. Moreover, we describe a domain-based approach to DRM interoperability. We discuss in some detail configuration aspects of such interoperable domains, and how they affect certain social aspects such as marriage and divorce. We conclude that interoperable domains offer a much needed flexibility, allowing users to more easily move between vertical silos and offering content owners a more flexible environment for selling content.","PeriodicalId":124354,"journal":{"name":"ACM Digital Rights Management Workshop","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133760123","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: