Abstract
In traditional authentication schemes for access control in mobile pay-TV systems, one-to-one delivery is used, i.e., one authentication message per request is delivered from a head-end system (HES) to a subscriber. The performance of one-to-one delivery for authentication is not satisfactory as it requires frequent operations which results in high bandwidth consumption. To address this issue, one-to-many authentication for access control in mobile pay-TV systems was developed. It requires only one broadcasted authentication message from a HES to subscribers if there are many requests for the same service in a short period of time. However, later it was revealed that the one-to-many authentication scheme was vulnerable to an impersonation attack, i.e., an attacker without any secret key could not only impersonate the mobile set (MS) to the HES but also impersonate the HES to the MS. Then, a new scheme has been recently introduced for secure operations of one-to-many authentication. However, as shown in this paper, the recent work for one-to-many authentication is still vulnerable to the impersonation attack. To mitigate this attack, in this paper, a new scheme for one-to-many authentication using bilinear pairing is proposed that eliminates security weaknesses in the previous work. Results obtained depict that the new improved scheme in this paper provides better performance in terms of computation and communication overheads.
摘要
创新点
-
(1)
)对一个经典的一对多认证协议的安全性进行分析, 提出了一种有效的冒充攻击;
-
(2)
提出了一个安全高效的面向移动付费电视系统中访问控制的一对多认证协议;
-
(3)
给出了新的一对多认证协议的安全性分析和性能分析。
摘要
在面向移动付费电视系统中访问控制的传统认证协议中,一对一的交易方式被广泛应用,即:每收到一个请求, 前端系统都会发一个认证消息给用户。 频繁的操作导致很高的网络带宽消耗, 使得一对一的认证协议的性能并不能令人满意。 为了解决这个问题, 科研人员在 2009 年提出了一个面向移动付费电视系统中访问控制的一对多认证协议。当在一段时间内收到多个对相同服务的请求时, 前端系统只需要广播一个认证消息。 后来, 科研人员指出这个一对多认证协议不能抵抗冒充攻击, 即: 攻击者可以冒充移动设备从前端系统获取服务, 也可以冒充前端系统提供恶意服务。 随后, 科研人员提出了一个新的一对多认证协议。 本文发现, 新提出的这个协议仍然不能抵抗冒充攻击。本文利用双线性对构造了一个新的一对多认证协议。 该协议不仅可以克服以往协议的安全性问题, 还具有更好的计算和通讯性能。
Similar content being viewed by others
References
Shirazi H, Cosmas J, Cutts D. A cooperative cellular and broadcast conditional access system for pay-TV systems. IEEE Trans Broadcast, 2011, 56: 44–56
Diaz-Sanchez D, Marin A, Almenarez F, et al. Sharing conditional access modules through the home networks for pay TV access. IEEE Trans Consum Electron, 2009, 55: 88–96
ITU-R. Conditional-Access Broadcasting System. BT.810. https://www.itu.int/rec/R-REC-BT.810/en. 1992
Huang Y, Shish S, Ho F, et al. Efficient key distribution schemes for secure media delivery in pay-TV systems. IEEE Trans Multimedia, 2004, 6: 760–769
Wang S, Laih C. Efficient key distribution for access control in pay-TV systems. IEEE Trans Multimedia, 2008, 10: 480–492
Sun H, Chen C, Shieh C. Flexible-pay-per-channel: a new model for content access control in pay-TV broadcasting systems. IEEE Trans Multimedia, 2008, 10: 1109–1120
Zhu W. A cost-efficient secure multimedia proxy system. IEEE Trans Multimedia, 2008, 10: 1214–1220
Digital Video Broadcasting (DVB). IP Datacast over DVB-H: Service Purchase and Protection. ETSI TS 102 474 v1.1.1 Std. https://www.etsi.org/deliver/etsi ts/102400 102499/102474/01.02.01 60/ts 102474v010201p.pdf. 2007
Lee N, Chang C, Lin C, et al. Privacy and non-repudiation on pay-TV systems. IEEE Trans Consum Electron, 2000, 46: 20–27
Song R, Korba L. Pay-TV system with strong privacy and nonrepudiation protection. IEEE Trans Consum Electron, 2003, 49: 408–413
Yeung S, Lui J, Yau D. A multikey secure multimedia proxy using asymmetric reversible parametric sequences: theory, design, and implementation. IEEE Trans Multimedia, 2005, 7: 330–338
Roh D, Jung S. An authentication scheme for consumer electronic devices accessing mobile IPTV service from home networks. In: Proceedings of the 29th International Conference on Consumer Electronics, Las Vegas, 2011. 717–718
Sun S, Leu M. An efficient authentication scheme for access control in mobile pay-TV systems. IEEE Trans Multimedia, 2009, 11: 947–959
Koblitz N. Elliptic curve cryptosystems. Math Comput, 1987, 48: 203–209
Wang H, Qin B. Improved one-to-many authentication scheme for access control in pay-TV systems. IET Inform Secur, 2012, 6: 281–290
Bellare M, Pointcheval D, Rogaway P. Authenticated key exchange secure against dictionary attacks. In: Advances in Cryptology-EUROCRYPT. Berlin: Springer, 2000. 139–155
Cha J, Cheon J. An identity-based signature from gap diffie-Hellman groups. In: Proceedings of International Conference on Practice and Theory in Public-Key Cryptography, Miami, 2003. 18–30
Pointcheval D, Stern J. Security arguments for digital signatures and blind signatures. J Cryptol, 2000, 13: 361–396
Ren Y, Shen J, Wang J, et al. Mutual verifiable provable data auditing in public cloud storage. J Internet Techno, 2015, 16: 317–323
He D, Kumar N, Chilamkurti N. A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci, 2015, 321: 263–277
He D, Zeadally S. Authentication protocol for ambient assisted living system. IEEE Commun Mag, 2015, 35: 71–77
Guo P, Wang J, Li B, et al. A variable threshold-value authentication architecture for wireless mesh networks. J Internet Techno, 2014, 15: 929–936
Shen J, Tan H, Wang J, et al. A novel routing protocol providing good transmission reliability in underwater sensor networks. J Internet Techno, 2015, 16: 171–178
He D, Zhang Y, Chen J. Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wirel Pers Commun, 2014, 74: 229–243
Scott M, Costigan N, Abdulwaha W. Implementing cryptographic pairings on smartcards. In: Proceedings ofWorkshop on Cryptographic Hardware and Embedded Systems, Yokohama, 2006. 134–147
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
He, D., Kumar, N., Shen, H. et al. One-to-many authentication for access control in mobile pay-TV systems. Sci. China Inf. Sci. 59, 052108 (2016). https://doi.org/10.1007/s11432-015-5469-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-015-5469-5