A practical revocation scheme for broadcast encryption using smartcards

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A practical revocation scheme for broadcast encryption using smartcards

Full text

Pdf (455 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 9 , Issue 3 (August 2006) table of contents

Pages: 325 - 351

Year of Publication: 2006

ISSN:1094-9224

Authors

Noam Kogan	Tel Aviv University, Ramat Aviv, Israel
Yuval Shavitt	Tel Aviv University, Ramat Aviv, Israel
Avishai Wool	Tel Aviv University, Ramat Aviv, Israel

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 17, Downloads (12 Months): 108, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1178618.1178622 What is a DOI?

ABSTRACT

We present an anti-pirate revocation scheme for broadcast encryption systems (e.g., pay TV), in which the data is encrypted to ensure payment by users. In the systems we consider, decryption of keys is done on smartcards and key management is done in-band. Our starting point is a scheme of Naor and Pinkas. Their basic scheme uses secret sharing to remove up to t parties, is information-theoretic secure against coalitions of size t, and is capable of creating a new group key. However, with current smartcard technology, this scheme is only feasible for small system parameters, allowing up to about 100 pirates to be revoked before all the smartcards need to be replaced. We first present a novel implementation method of their basic scheme that distributes the work among the smartcard, set-top terminal, and center. Based on this, we construct several improved schemes for many revocation rounds that scale to realistic system sizes. We allow up to about 10,000 pirates to be revoked using current smartcard technology before recarding is needed. The transmission lengths of our constructions are on par with those of the best tree-based schemes. However, our constructions have much lower smartcard CPU complexity: only O(1) smartcard operations per revocation round (a single 10-byte field multiplication and addition), as opposed to the complexity of the best tree-based schemes, which is polylogarithmic in the number of users. We evaluate the system behavior via an exhaustive simulation study coupled with a queueing theory analysis. Our simulations show that with mild assumptions on the piracy discovery rate, our constructions can perform effective pirate revocation for realistic broadcast encryption scenarios.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Michel Abdalla , Yuval Shavitt , Avishai Wool, Key management for restricted multicast using broadcast encryption, IEEE/ACM Transactions on Networking (TON), v.8 n.4, p.443-454, Aug. 2000 [doi>10.1109/90.865073]
	2	Anderson, R. and Kuhn, M. 1996. Tamper resistance---a cautionary note. In Proc. 2nd USENIX Workshop on Electronic Commerce. USENIX, Oakland, CA. 1--11.
	3	Ross J. Anderson , Markus G. Kuhn, Low Cost Attacks on Tamper Resistant Devices, Proceedings of the 5th International Workshop on Security Protocols, p.125-136, April 07-09, 1997
	4	BBC. 26 Jan. 2001. Toasting the crackers. BBC news on Science and Technology, reporter Mark Ward, Front Page. http://news.bc.co.uk/hi/science/nature/1138550.stm.
	5	Berkovits, S. 1991. How to broadcast a secret. In Advances in Cryptology---EUROCRYPT '91, LNCS 547. Springer-Verlag, New York. 535--541.
	6	Blundo, C. and Cresti, A. 1994. Space requirements for broadcast encryption. In Advances in Cryptology---EUROCRYPT '94, LNCS 950, A. D. Santis, Ed. Springer-Verlag, New York. 287--298.
	7	Carlo Blundo , Luiz A. Frota Mattos , Douglas R. Stinson, Trade-offs Between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.387-400, August 18-22, 1996
	8	Bob Briscoe, MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences, Proceedings of the First International COST264 Workshop on Networked Group Communication, p.301-320, November 17-20, 1999
	9	Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., and Pinkas, B. 1999a. Multicast security: A taxonomy and efficient constructions. In Proc. IEEE INFOCOM '99. 708--716.
	10	Canetti, R., Malkin, T., and Nissim, K. 1999b. Efficient communication-storage tradeoffs for multicast encryption. In Advances in Cryptology---EUROCRYPT '99, LNCS 1592. Springer-Verlag, New York. 459--474.
	11	Amos Fiat , Moni Naor, Broadcast encryption, Proceedings of the 13th annual international cryptology conference on Advances in cryptology, p.480-491, January 1994, Santa Barbara, California, United States
	12	Juan A. Garay , Jessica Staddon , Avishai Wool, Long-Lived Broadcast Encryption, Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology, p.333-352, August 20-24, 2000
	13	Hackwatch 2002. Canal plus claims Murdoch operation pirated canal plus cards. Hackwatch. http://www.hackwatch.com/~kooltek/.
	14	Dani Halevy , Adi Shamir, The LSD Broadcast Encryption Scheme, Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, p.47-60, August 18-22, 2002
	15	Jain, R. 1991. The Art of Computer Systems Performance Analysis. Wiley, New York.
	16	Noam Kogan , Yuval Shavitt , Avishai Wool, A Practical Revocation Scheme for Broadcast Encryption Using Smart Cards, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.225, May 11-14, 2003
	17	Ravi Kumar , Sridhar Rajagopalan , Amit Sahai, Coding Constructions for Blacklisting Problems without Computational Assumptions, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.609-623, August 15-19, 1999
	18	Luby, M. and Staddon, J. 1998. Combinatorial bounds for broadcast encryption. In Advances in Cryptology---EUROCRYPT '98, LNCS 1403, K. Nyberg, Ed. Espoo, Finland. Springer-Verlag, New York. 512--526.
	19	Moni Naor , Benny Pinkas, Efficient Trace and Revoke Schemes, Proceedings of the 4th International Conference on Financial Cryptography, p.1-20, February 20-24, 2000
	20	Dalit Naor , Moni Naor , Jeffrey B. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.41-62, August 19-23, 2001
	21	Benny Pinkas, Efficient State Updates for Key Management, Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management, p.40-56, November 05, 2001
	22	Adi Shamir, How to share a secret, Communications of the ACM, v.22 n.11, p.612-613, Nov. 1979 [doi>10.1145/359168.359176]
	23	D. Wallner , E. Harder , R. Agee, Key Management for Multicast: Issues and Architectures, RFC Editor, 1999
	24	Chung Kei Wong , Mohamed Gouda , Simon S. Lam, Secure group communications using key graphs, IEEE/ACM Transactions on Networking (TON), v.8 n.1, p.16-30, Feb. 2000 [doi>10.1109/90.836475]