nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

26.02.2020

A lightweight three-factor authentication protocol for digital rights management system

verfasst von: SungJin Yu, KiSung Park, YoHan Park, HyungPyo Kim, YoungHo Park

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 5/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recent advances in communication technology and low-power devices have led digital-content services to be provided in various resource limited environments such as smart home, Internet of Things, and the Vehicle-to-Everything. However, digital content is easily replicated and distributed through open channels. Authentication is therefore becoming increasingly important for digital rights management (DRM) systems to provide secure services to authorized users. In 2018, Lee et al. proposed a biometric-based authentication scheme for DRM systems. We here demonstrate that Lee et al.’s scheme is vulnerable to mobile device theft and user impersonation attacks and does not allow secure mutual authentication. We propose an alternative secure three-factor authentication protocol for DRM systems to overcome these security shortcomings. Using formal/informal security analysis and a BAN logic analysis, we also show that our protocol protects against various types of attacks and allows secure mutual authentication. Furthermore, we demonstrate that the proposed protocol is secure against replay attacks and man-in-the-middle attacks using the formal verification simulation tool AVISPA. The proposed protocol is therefore applicable to resource-limited environments.

Vorheriger Artikel Power control of D2D communication based on quality of service assurance under imperfect channel information

Nächster Artikel An energy aware clustering and data gathering technique based on nature inspired optimization in WSNs

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Kim HY, Lee YH, Park YS (2010) A robust and flexible digital rights management system for home networks. J Syst Softw 83(12):2431–2440CrossRef

Liu Y, Chang CC, Chang SC (2015) A group key distribution system based on the generalized aryabhata remainder theorem for enterprise digital rights management. Journal of Information Hiding and Multimedia Signal Processing 6(1):140–153

Subramanya SR, Yi BK (2008) Digital rights management. IEEE Potentials 25(2):31–34CrossRef

Lee CC, Li CT, Chen ZW, Lai YM (2018) A biometric-based authentication and anonymity scheme for digital rights management system. Inf Technol Control 47(2):262–274

Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772CrossRef

Chien HY, Jan JK, Tseng YM (2002) An efficient and practical solution to remote authentication: smart card. Comput Sec 21(4):372–375CrossRef

Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual international cryptology conference. Springer, pp 388–397

Lee J, Ryu S, Yoo K (2002) Fingerprint-based remote user authentication scheme using smart cards. Electron Lett 38(12):554–555CrossRef

Lin CH, Lai YY (2004) A flexible biometrics remote user authentication scheme. Comput Standards & Interfaces 27(1):19–23CrossRef

10.

Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5CrossRef

11.

Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf Secur 5(3):145–151CrossRef

12.

Chen CL (2008) A secure and traceable E-DRM system based on mobile device. Expert Syst Appl 35 (3):878–886CrossRef

13.

Chang CC, Yang JH, Wang DW (2010) An efficient and reliable E-DRM scheme for mobile environments. Expert Syst Appl 37(9):6176–6181CrossRef

14.

Chang CC, Chang SC, Yang JH (2013) A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment. Secur Commun Netw 6(8):972–984CrossRef

15.

Mishra D, Das AK, Mukhopadhyay S (2015) An anonymous and secure biometric-based enterprise digital rights management system for mobile environment. Secur Commun Netw 8(18):3383–3404CrossRef

16.

Jung J, Kang D, Lee D, Won D (2017) An improved and secure anonymous biometric-based user authentication with key agreement scheme for the integrated EPR information system. PLoS ONE 12(1):e0169414CrossRef

17.

Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36CrossRef

18.

AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/ (accessed on 20 December 2018)

19.

SPAN. A Security protocol animator for AVISPA. http://www.avispa-project.org/ (accessed on 20 December 2018)

20.

Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRef

21.

Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: International conference on the theory and applications of cryptographic techniques. Springer, pp 523–540

22.

Abdalla M, Fouque P A, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting in public key cryptography. Public Key Cryptography 2005. Springer, pp 65–84

23.

Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. Proc. Adv. Cryyptol. Eurocrypt 2000. Springer, pp 122–138

24.

Boyko V, Mackenzie P, Patel S (2000) Provably secure password-based authenticated key exchange protocols using Diffie-Hellman. Proc. Adv. Cryptol. Eurocrypt 2000. Springer, pp 156–171

25.

Chang IP, Lee TF, Lin TH, Liu CM (2015) Enhanced two-factor authentication and key agreement using dynamic identities in wireless sensor networks. Sensors 15(12):29841–29854CrossRef

26.

Park KS, Park YH, Das AK, Yu SJ, Lee JY, Park YH (2019) A dynamic privacy-preserving key management protocol for V2G in social internet of things. IEEE Access 7:2169–3536CrossRef

27.

Shoup V Sequences of games: A tool for taming complexity in security proofs. https://www.shoup.net/papers/games.pdf (accessed on August 2019)

28.

Das AK, Wazid M, Kumar N, Khan MK, Choo KKR, Park Y (2017) Design of secure and lightweight authentication protocol for wearable devices environment. IEEE J Biomed Health Inf 22(4):1310–1322CrossRef

29.

Das AK, Sutrala AK, Odelu V, Goswami A (2017) A secure smartcard-based anonymous user authentication scheme for healthcare applications using wireless medical sensor networks. Wirel Pers Commun 94(3):1899–1933CrossRef

30.

Park K, Park Y, Park Y, Reddy AG, Das AK (2017) Provably secure and efficient authentication protocol for roaming service in global mobility networks. IEEE Access 5:25110–25125CrossRef

31.

Park K, Park Y, Park Y, Das AK (2018) 2PAKEP: Provably secure and efficient two-party authenticated key exchange protocol for mobile environment. IEEE Access 6:30225–30241CrossRef

32.

Yu S, Lee J, Lee K, Park K, Park Y (2018) Secure authentication protocol for wireless sensor networks in vehicular communications. Sensors 18(10):3191CrossRef

33.

von Oheimb D (2005) The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of APPSEM 2005 workshop, pp 1–17

34.

Turuani M (2006) The CL-Atse protocol analyser. In: International conference on rewriting techniques and applications. Springer, pp 277–286

35.

Basin D, Modersheim S, Vigano L (2005) OFMC: A symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208CrossRef

36.

Wazid M, Das AK, Kumari S, Li X, Wu F (2016) Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur Coomunication Netw 9(13):1983–2001

37.

Mohit P, Amin R, Biswas G (2017) Design of authentication protocol for wireless sensor network-based smart vehicular system. Vehicular Commun 9:64–71CrossRef

38.

Zhu H, Zhang Y (2017) An efficient chaotic maps-based deniable authentication group key agreement protocol. Wirel Pers Commun 96(1):217–229CrossRef

Titel: A lightweight three-factor authentication protocol for digital rights management system
verfasst von: SungJin Yu
KiSung Park
YoHan Park
HyungPyo Kim
YoungHo Park
Publikationsdatum: 26.02.2020
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 5/2020
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-019-00836-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 5/2020

Device-to-device streaming video caching for cellular download cost reduction

A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks

A blockchain-based data storage framework: A rotating multiple random masters and error-correcting approach

Power control of D2D communication based on quality of service assurance under imperfect channel information

A near-optimal content placement in D2D underlaid cellular networks

Social Reliable D2D Relay for Trustworthy Paradigm in 5G Wireless Networks