CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Secure group communications using key graphs
IEEE/ACM Transactions on Networking (TON)
Key management for restricted multicast using broadcast encryption
IEEE/ACM Transactions on Networking (TON)
Communications of the ACM
The LSD Broadcast Encryption Scheme
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Low Cost Attacks on Tamper Resistant Devices
Proceedings of the 5th International Workshop on Security Protocols
Efficient Trace and Revoke Schemes
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Efficient State Updates for Key Management
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences
NGC '99 Proceedings of the First International COST264 Workshop on Networked Group Communication
A Practical Revocation Scheme for Broadcast Encryption Using Smart Cards
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Efficient communication-storage tradeoffs for multicast encryption
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
The case of the fake Picasso: preventing history forgery with secure provenance
FAST '09 Proccedings of the 7th conference on File and storage technologies
Preventing history forgery with secure provenance
ACM Transactions on Storage (TOS)
Hi-index | 0.00 |
We present an anti-pirate revocation scheme for broadcast encryption systems (e.g., pay TV), in which the data is encrypted to ensure payment by users. In the systems we consider, decryption of keys is done on smartcards and key management is done in-band. Our starting point is a scheme of Naor and Pinkas. Their basic scheme uses secret sharing to remove up to t parties, is information-theoretic secure against coalitions of size t, and is capable of creating a new group key. However, with current smartcard technology, this scheme is only feasible for small system parameters, allowing up to about 100 pirates to be revoked before all the smartcards need to be replaced. We first present a novel implementation method of their basic scheme that distributes the work among the smartcard, set-top terminal, and center. Based on this, we construct several improved schemes for many revocation rounds that scale to realistic system sizes. We allow up to about 10,000 pirates to be revoked using current smartcard technology before recarding is needed. The transmission lengths of our constructions are on par with those of the best tree-based schemes. However, our constructions have much lower smartcard CPU complexity: only O(1) smartcard operations per revocation round (a single 10-byte field multiplication and addition), as opposed to the complexity of the best tree-based schemes, which is polylogarithmic in the number of users. We evaluate the system behavior via an exhaustive simulation study coupled with a queueing theory analysis. Our simulations show that with mild assumptions on the piracy discovery rate, our constructions can perform effective pirate revocation for realistic broadcast encryption scenarios.