CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Revocation and Tracing Schemes for Stateless Receivers
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Efficient Trace and Revoke Schemes
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
A fully collusion resistant broadcast, trace, and revoke system
Proceedings of the 13th ACM conference on Computer and communications security
Pirate evolution: how to make the most of your traitor keys
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Collusion resistant broadcast encryption with short ciphertexts and private keys
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Fully collusion resistant traitor tracing with short ciphertexts and private keys
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
IEEE Transactions on Information Theory
Combinatorial properties of frameproof and traceability codes
IEEE Transactions on Information Theory
Renewable traitor tracing: a trace-revoke-trace system for anonymous attack
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
On the effects of pirate evolution on the design of digital content distribution systems
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Identity-based trace and revoke schemes
ProvSec'11 Proceedings of the 5th international conference on Provable security
Hi-index | 0.00 |
A trace and revoke scheme is an encryption scheme for secure content distribution so that only authorized users can access the copyrighted content. When a clone device is recovered, the "trace" component detects the pirate users that have compromised the secret keys in their devices and participated in the construction of the clone device. The "revoke" component excludes the pirate users from accessing the future content. The state-of-art trace-revoke scheme is the very efficient subset difference based NNL scheme [11] which is also deployed in AACS [1], the industry new content protection standard for high definition DVDs. While its revocation and tracing are both very efficient, as pointed out by Kiayias and Pehlivanoglu from Crypto 2007, in its deployment NNL scheme may suffer from a new attack called pirate evolution attack . In this attack attackers reveal the compromised secret keys to the clone decoder very slowly through a number of generations of pirate decoders that will take long time to disable them all. They showed in a system with N users, the attacker can produce up to t *logN generations of pirate decoders given t sets of keys. In AACS context, that means a pirate can produce more than 300 generations of decoders by compromising only 10 devices. If this happens, it will indeed be a nightmare. In this paper we are interested in practical solutions that can defend well against the pirate evolution attack in practice. In particular we devise an easy and efficient approach for the subset difference based NNL scheme [11] to defend well against the potential pirate evolution attack. Indeed it takes as small as 2 generations to detect and disable a traitor in a coalition. This can be achieved by only negligibly increasing the cipher text header size in an application like AACS. The simplicity, efficiency and practicality of our approach has made AACS to adopt it to defend against the pirate evolution attack.