Abstract
Recent advances in communication technology and low-power devices have led digital-content services to be provided in various resource limited environments such as smart home, Internet of Things, and the Vehicle-to-Everything. However, digital content is easily replicated and distributed through open channels. Authentication is therefore becoming increasingly important for digital rights management (DRM) systems to provide secure services to authorized users. In 2018, Lee et al. proposed a biometric-based authentication scheme for DRM systems. We here demonstrate that Lee et al.’s scheme is vulnerable to mobile device theft and user impersonation attacks and does not allow secure mutual authentication. We propose an alternative secure three-factor authentication protocol for DRM systems to overcome these security shortcomings. Using formal/informal security analysis and a BAN logic analysis, we also show that our protocol protects against various types of attacks and allows secure mutual authentication. Furthermore, we demonstrate that the proposed protocol is secure against replay attacks and man-in-the-middle attacks using the formal verification simulation tool AVISPA. The proposed protocol is therefore applicable to resource-limited environments.
Original language | English |
---|---|
Pages (from-to) | 1340-1356 |
Number of pages | 17 |
Journal | Peer-to-Peer Networking and Applications |
Volume | 13 |
Issue number | 5 |
DOIs | |
State | Published - 1 Sep 2020 |
Keywords
- Authentication
- AVISPA
- BAN logic
- Digital rights management system