A lightweight three-factor authentication protocol for digital rights management system

Sung Jin Yu, Ki Sung Park, Yo Han Park, Hyung Pyo Kim, Young Ho Park

Research output: Contribution to journalArticlepeer-review

20 Scopus citations

Abstract

Recent advances in communication technology and low-power devices have led digital-content services to be provided in various resource limited environments such as smart home, Internet of Things, and the Vehicle-to-Everything. However, digital content is easily replicated and distributed through open channels. Authentication is therefore becoming increasingly important for digital rights management (DRM) systems to provide secure services to authorized users. In 2018, Lee et al. proposed a biometric-based authentication scheme for DRM systems. We here demonstrate that Lee et al.’s scheme is vulnerable to mobile device theft and user impersonation attacks and does not allow secure mutual authentication. We propose an alternative secure three-factor authentication protocol for DRM systems to overcome these security shortcomings. Using formal/informal security analysis and a BAN logic analysis, we also show that our protocol protects against various types of attacks and allows secure mutual authentication. Furthermore, we demonstrate that the proposed protocol is secure against replay attacks and man-in-the-middle attacks using the formal verification simulation tool AVISPA. The proposed protocol is therefore applicable to resource-limited environments.

Original languageEnglish
Pages (from-to)1340-1356
Number of pages17
JournalPeer-to-Peer Networking and Applications
Volume13
Issue number5
DOIs
StatePublished - 1 Sep 2020

Keywords

  • Authentication
  • AVISPA
  • BAN logic
  • Digital rights management system

Fingerprint

Dive into the research topics of 'A lightweight three-factor authentication protocol for digital rights management system'. Together they form a unique fingerprint.

Cite this