Skip to main content
Log in

One-to-many authentication for access control in mobile pay-TV systems

面向移动付费电视系统中访问控制的一对多认证协议

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

In traditional authentication schemes for access control in mobile pay-TV systems, one-to-one delivery is used, i.e., one authentication message per request is delivered from a head-end system (HES) to a subscriber. The performance of one-to-one delivery for authentication is not satisfactory as it requires frequent operations which results in high bandwidth consumption. To address this issue, one-to-many authentication for access control in mobile pay-TV systems was developed. It requires only one broadcasted authentication message from a HES to subscribers if there are many requests for the same service in a short period of time. However, later it was revealed that the one-to-many authentication scheme was vulnerable to an impersonation attack, i.e., an attacker without any secret key could not only impersonate the mobile set (MS) to the HES but also impersonate the HES to the MS. Then, a new scheme has been recently introduced for secure operations of one-to-many authentication. However, as shown in this paper, the recent work for one-to-many authentication is still vulnerable to the impersonation attack. To mitigate this attack, in this paper, a new scheme for one-to-many authentication using bilinear pairing is proposed that eliminates security weaknesses in the previous work. Results obtained depict that the new improved scheme in this paper provides better performance in terms of computation and communication overheads.

摘要

创新点

  1. (1)

    )对一个经典的一对多认证协议的安全性进行分析, 提出了一种有效的冒充攻击;

  2. (2)

    提出了一个安全高效的面向移动付费电视系统中访问控制的一对多认证协议;

  3. (3)

    给出了新的一对多认证协议的安全性分析和性能分析。

摘要

在面向移动付费电视系统中访问控制的传统认证协议中,一对一的交易方式被广泛应用,即:每收到一个请求, 前端系统都会发一个认证消息给用户。 频繁的操作导致很高的网络带宽消耗, 使得一对一的认证协议的性能并不能令人满意。 为了解决这个问题, 科研人员在 2009 年提出了一个面向移动付费电视系统中访问控制的一对多认证协议。当在一段时间内收到多个对相同服务的请求时, 前端系统只需要广播一个认证消息。 后来, 科研人员指出这个一对多认证协议不能抵抗冒充攻击, 即: 攻击者可以冒充移动设备从前端系统获取服务, 也可以冒充前端系统提供恶意服务。 随后, 科研人员提出了一个新的一对多认证协议。 本文发现, 新提出的这个协议仍然不能抵抗冒充攻击。本文利用双线性对构造了一个新的一对多认证协议。 该协议不仅可以克服以往协议的安全性问题, 还具有更好的计算和通讯性能。

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Shirazi H, Cosmas J, Cutts D. A cooperative cellular and broadcast conditional access system for pay-TV systems. IEEE Trans Broadcast, 2011, 56: 44–56

    Article  Google Scholar 

  2. Diaz-Sanchez D, Marin A, Almenarez F, et al. Sharing conditional access modules through the home networks for pay TV access. IEEE Trans Consum Electron, 2009, 55: 88–96

    Article  Google Scholar 

  3. ITU-R. Conditional-Access Broadcasting System. BT.810. https://www.itu.int/rec/R-REC-BT.810/en. 1992

  4. Huang Y, Shish S, Ho F, et al. Efficient key distribution schemes for secure media delivery in pay-TV systems. IEEE Trans Multimedia, 2004, 6: 760–769

    Article  Google Scholar 

  5. Wang S, Laih C. Efficient key distribution for access control in pay-TV systems. IEEE Trans Multimedia, 2008, 10: 480–492

    Article  Google Scholar 

  6. Sun H, Chen C, Shieh C. Flexible-pay-per-channel: a new model for content access control in pay-TV broadcasting systems. IEEE Trans Multimedia, 2008, 10: 1109–1120

    Article  Google Scholar 

  7. Zhu W. A cost-efficient secure multimedia proxy system. IEEE Trans Multimedia, 2008, 10: 1214–1220

    Article  Google Scholar 

  8. Digital Video Broadcasting (DVB). IP Datacast over DVB-H: Service Purchase and Protection. ETSI TS 102 474 v1.1.1 Std. https://www.etsi.org/deliver/etsi ts/102400 102499/102474/01.02.01 60/ts 102474v010201p.pdf. 2007

  9. Lee N, Chang C, Lin C, et al. Privacy and non-repudiation on pay-TV systems. IEEE Trans Consum Electron, 2000, 46: 20–27

    Article  Google Scholar 

  10. Song R, Korba L. Pay-TV system with strong privacy and nonrepudiation protection. IEEE Trans Consum Electron, 2003, 49: 408–413

    Article  Google Scholar 

  11. Yeung S, Lui J, Yau D. A multikey secure multimedia proxy using asymmetric reversible parametric sequences: theory, design, and implementation. IEEE Trans Multimedia, 2005, 7: 330–338

    Article  Google Scholar 

  12. Roh D, Jung S. An authentication scheme for consumer electronic devices accessing mobile IPTV service from home networks. In: Proceedings of the 29th International Conference on Consumer Electronics, Las Vegas, 2011. 717–718

    Google Scholar 

  13. Sun S, Leu M. An efficient authentication scheme for access control in mobile pay-TV systems. IEEE Trans Multimedia, 2009, 11: 947–959

    Article  Google Scholar 

  14. Koblitz N. Elliptic curve cryptosystems. Math Comput, 1987, 48: 203–209

    Article  MathSciNet  MATH  Google Scholar 

  15. Wang H, Qin B. Improved one-to-many authentication scheme for access control in pay-TV systems. IET Inform Secur, 2012, 6: 281–290

    Article  Google Scholar 

  16. Bellare M, Pointcheval D, Rogaway P. Authenticated key exchange secure against dictionary attacks. In: Advances in Cryptology-EUROCRYPT. Berlin: Springer, 2000. 139–155

    Google Scholar 

  17. Cha J, Cheon J. An identity-based signature from gap diffie-Hellman groups. In: Proceedings of International Conference on Practice and Theory in Public-Key Cryptography, Miami, 2003. 18–30

    Google Scholar 

  18. Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures. J Cryptol, 2000, 13: 361–396

    Article  MATH  Google Scholar 

  19. Ren Y, Shen J, Wang J, et al. Mutual verifiable provable data auditing in public cloud storage. J Internet Techno, 2015, 16: 317–323

    Google Scholar 

  20. He D, Kumar N, Chilamkurti N. A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci, 2015, 321: 263–277

    Article  Google Scholar 

  21. He D, Zeadally S. Authentication protocol for ambient assisted living system. IEEE Commun Mag, 2015, 35: 71–77

    Article  Google Scholar 

  22. Guo P, Wang J, Li B, et al. A variable threshold-value authentication architecture for wireless mesh networks. J Internet Techno, 2014, 15: 929–936

    Google Scholar 

  23. Shen J, Tan H, Wang J, et al. A novel routing protocol providing good transmission reliability in underwater sensor networks. J Internet Techno, 2015, 16: 171–178

    Google Scholar 

  24. He D, Zhang Y, Chen J. Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wirel Pers Commun, 2014, 74: 229–243

    Article  Google Scholar 

  25. Scott M, Costigan N, Abdulwaha W. Implementing cryptographic pairings on smartcards. In: Proceedings ofWorkshop on Cryptographic Hardware and Embedded Systems, Yokohama, 2006. 134–147

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jong-Hyouk Lee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

He, D., Kumar, N., Shen, H. et al. One-to-many authentication for access control in mobile pay-TV systems. Sci. China Inf. Sci. 59, 052108 (2016). https://doi.org/10.1007/s11432-015-5469-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-015-5469-5

Keywords

关键词

Navigation