面向数字版权管理系统的轻量级三因素认证方案的分析与改进
Analysis and Improvement on a Lightweight Three-Factor Authentication Scheme for Digital Rights Management System
DOI: 10.12677/CSA.2021.119233, PDF,   
作者: 麦凯强, 亢保元, 李 蕊:天津工业大学计算机科学与技术学院,天津
关键词: 数字版权管理系统认证方案安全性Digital Rights Management System Authentication Scheme Safety
摘要: 随着嵌入式技术和低功耗设备的发展,数字内容开始在物联网、智能家居、车联网等各种资源有限的环境中进行传输和存储。但是,在公开信道上数字内容很容易被复制和分发,这使数字内容的提供者和合法的使用者的权益遭受严重的安全威胁。为了保护与数字内容相关参与者的合法权利,数字版权管理系统应运而生。2020年,Yu等人提出了一个基于生物特征的数字版权管理系统认证方案。本文对其进行了安全分析,发现Yu等人的方案不能正常运行并且容易受到用户的跟踪攻击和假冒许可服务器攻击。为了克服Yu等人方案的安全缺陷,本文提出了一个改进的面向数字版权管理系统的三因素认证方案,分析了它的安全性,并比较了它与同类方案的计算成本。
Abstract: With the development of embedded technology and low-power devices, digital content has begun to be transmitted and stored in various resource-limited environments such as the Internet of Things, smart homes, and Internet of Vehicles. However, digital content is easily copied and distributed on open channels, which causes serious security threats to the rights and interests of digital content providers and legitimate users. In order to protect the legal rights of participants related to digital content, a digital rights management system came into being. In 2020, Yu et al. proposed a biometric-based digital rights management system authentication scheme. This article conducted a security analysis on it and found that the scheme of Yu et al. does not work properly and is vulnerable to user tracking attacks and licensing server fake attacks. In order to overcome the security flaws of Yu et al.’s scheme, this paper proposes an improved three-factor authentication scheme for digital rights management system, analyzes its security, and compares its computational cost with similar schemes.
文章引用:麦凯强, 亢保元, 李蕊. 面向数字版权管理系统的轻量级三因素认证方案的分析与改进[J]. 计算机科学与应用, 2021, 11(9): 2280-2288. https://doi.org/10.12677/CSA.2021.119233

参考文献

[1] Yu, S.J., Park, K.S., Park, Y.H., Kim, H.P. and Park, Y.H. (2020) A Lightweight Three-Factor Authentication Protocol for Digital Rights Management System. Peer-to-Peer Networking and Applications, 13, 1340-1356. [Google Scholar] [CrossRef
[2] Lee, C.C., Li, C.T., Chen, Z.W. and Lai, Y.M. (2018) A Bio-metric-Based Authentication and Anonymity Scheme for Digital Rights Management System. Information Technology and Control, 47, 262-274. [Google Scholar] [CrossRef
[3] Subramanya, S.R. and Yi, B.K. (2008) Digital Rights Management. IEEE Potentials, 25, 31-34. [Google Scholar] [CrossRef
[4] Chang, I.P., Lee, T.F., Lin, T.H. and Liu, C.M. (2015) Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks. Sensors, 15, 29841-29854. [Google Scholar] [CrossRef] [PubMed]
[5] Das, A.K., Wazid, M., Kumar, N., Khan, M.K., Choo, K.K.R. and Park, Y. (2017) Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environ-ment. IEEE Biomedical and Health Informatics, 22, 1310-1322. [Google Scholar] [CrossRef
[6] Yu, S., Lee, J., Lee, K., Park, K. and Park, Y. (2018) Secure Au-thentication Protocol for Wireless Sensor Networks in Vehicular Communications. Sensors, 18, 3191. [Google Scholar] [CrossRef] [PubMed]
[7] Li, C.T. and Hwang, M.S. (2010) An Efficient Biometrics-Based Remote User Authentication Scheme Using Smart Cards. Network and Computer Applications, 33, 1-5. [Google Scholar] [CrossRef
[8] Zhu, H. and Zhang, Y. (2017) An Efficient Chaotic Maps-Based Deniable Authentication Group Key Agreement Protocol. Wireless Personal Communications, 96, 217-229. [Google Scholar] [CrossRef
[9] Wazid, M., Das, A.K., Kumari, S., Li, X. and Wu, F. (2016) De-sign of an Efficient and Provably Secure Anonymity Preserving Three-Factor User Authentication and Key Agreement Scheme for TMIS. Secure Communication Network, 9, 1983-2001. [Google Scholar] [CrossRef
[10] Mishra, D., Das, A.K. and Mukhopadhyay, S. (2015) An Anonymous and Secure Biometric-Based Enterprise Digital Rights Management System for Mobile Environment. Secure Communication Network, 8, 3383-3404. [Google Scholar] [CrossRef
[11] Chang, C.C., Chang, S.C. and Yang, J.H. (2013) A Practical Secure and Ef-ficient Enterprise Digital Rights Management Mechanism Suitable for Mobile Environment. Secure Communication Network, 6, 972-984. [Google Scholar] [CrossRef
[12] Ali, Z., Ghani, A., Khan, I., Chaudhry, S.A., Islam, S.H. and Giri, D. (2020) A Robust Authentication and Access Control Protocol for Securing Wireless Healthcare Sensor Networks. Journal of Information Security and Applications, 52, Article ID: 102502. [Google Scholar] [CrossRef
[13] Aghili, S.F., Mala, H., Shojafar, M. and Peris-Lopez, P. (2019) LACO: Lightweight Three-Factor Authentication, AccessControl and Ownership Transfer Scheme for E-Health Systems in IoT. Future Generation Computer Systems, 96, 410-424. [Google Scholar] [CrossRef
[14] 屈娟, 冯玉明, 李艳平, 李丽. 可证明安全的面向无线传感器网络的三因素认证及密钥协商方案[J]. 通信学报, 2018, 39(S2): 189-197.
[15] Chen, L. and Zhang, K. (2020) Privacy-Aware Smart Card Based Biometric Authentication Scheme for e-Health. Peer-to-Peer Networking and Applications, 2, 1-13.
[16] Kumar, P. and Chouhan, L. (2021) A Privacy and Session Key Based Authentication Scheme for Medical IoT Networks. Computer Communications, 166, 154-164. [Google Scholar] [CrossRef