Advertisement

Telecommunication Systems

, Volume 35, Issue 3–4, pp 161–176 | Cite as

Integration of non-repudiation services in mobile DRM scenarios

  • Jose A. OnievaEmail author
  • Javier Lopez
  • Rodrigo Roman
  • Jianying Zhou
  • Stefanos Gritzalis
Article

Abstract

In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.

Keywords

Digital rights management Non-repudiation Secure electronic commerce Mobile applications 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Asokan, N. (1998). Fairness in electronic commerce. PhD thesis, University of Waterloo, Computer Science. Google Scholar
  2. 2.
    Bradner, S. (1997). RFC 2119. Key words for use in RFCs to indicate requirement levels. IETF. Google Scholar
  3. 3.
    Franklin, M., & Tsudik, G. (1998). Secure group barter: Multi-party fair exchange with semi-trusted neutral parties. In Lecture notes in computer science: Vol. 1465. Proceedings of financial cryptography 1998 (pp. 90–102). Springer. Google Scholar
  4. 4.
    González-Deleito, N., & Markowitch, O. (2001). An optimistic multi-party fair exchange protocol with reduced trust requirements. In Lecture notes in computer science: Vol. 2288. Proceedings of the 4th international conference on information security and cryptology (pp. 258–267). Springer. Google Scholar
  5. 5.
    González-Deleito, N., & Markowitch, O. (2002). Exclusion-freeness in multi-party exchange protocols. In Lecture notes in computer sciences. 5th International conference on information security (ISC 2002) (pp. 200–209). Springer. Google Scholar
  6. 6.
  7. 7.
  8. 8.
  9. 9.
  10. 10.
    ITU. (1997). Information technology—open systems interconnection—the directory: Overview of concepts, models and services. Google Scholar
  11. 11.
    ITU. (2003). Security architecture for systems providing end to end communications. Google Scholar
  12. 12.
    Khill, I., Kim, J., Han, I., & Ryou, J. (2001). Multi-party fair exchange protocol using ring architecture model. Computers & Security, 20(5), 422–439. CrossRefGoogle Scholar
  13. 13.
    Kremer, S., & Markowitch, O. (2000). A multi-party non-repudiation protocol. In Proceedings of SEC 2000: 15th international conference on information security. IFIP World Computer Congress (pp. 271–280). Google Scholar
  14. 14.
    Kremer, S., Markowitch, O., & Zhou, J. (2002). An intensive survey of fair non-repudiation protocols. Computer Communications, 25(17), 1606–1621. CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Markowitch, O., & Kremer, S. (2000). A multi-party optimistic non-repudiation protocol. In Lecture notes in computer science: Vol. 2015. Proceedings of 3rd international conference on information security and cryptology (pp. 109–122). Springer. Google Scholar
  17. 17.
    Onieva, J. A., Zhou, J., Carbonell, M., & Lopez, J. (2003). Intermediary non-repudiation protocols. In Proceedings of 2003 IEEE fifth conference on electronic commerce (pp. 207–214). Google Scholar
  18. 18.
    Ope. (2006). DRM specification (2 ed.). Google Scholar
  19. 19.
    Plaza, P., Gonzalez, J. L., Lacoste, M., Stern, D., Bormann, F., Zoth, C., Tacken, J., Lopez, J., Onieva, J., Soriano, M., Forne, J., Marin, A., Almenarez, F., Görlich, J., Eikerling, H.-J., Müller, W., & Schäfer, R. (2004). Mobile security: Requirements and state of the art analysis. Technical Report D2.1, UBISEC Consortium. Google Scholar
  20. 20.
    Seitz, J. (2005). Digital watermarking for digital media. Hershey: Information Science. Google Scholar
  21. 21.
    Services, T. S. G., & Aspects, S. (2001). 3gpp s1-01 1197. ts 22.242. Technical report, 3rd generation partnership project. V6.2.0. Google Scholar
  22. 22.
    The legion of the bouncy castle. (n.d.). http://www.bouncycastle.org.
  23. 23.
    Wang, X., Lai, X., Feng, D., Chen, H., & Yu, X. (2005). Cryptanalysis of the hash functions MD4 and RIPEMD. In R. Cramer (Ed.), Lecture notes in computer science: Vol. 3494. Advances in cryptology (pp. 1–18). EUROCRYPT, Springer. Google Scholar
  24. 24.
    Wang, X., & Yu, H. (2005). How to break MD5 and other hash functions. In R. Cramer (Ed.), Lecture notes in computer science: Vol. 3494. Advances in cryptology (pp. 19–35). EUROCRYPT, Springer. Google Scholar
  25. 25.
    Yan, Z. (2001). Mobile digital rights management. In L. Staffans & T. Virtanen (Eds.), T-110.501 seminar on network security. Helsinki: Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory. Google Scholar
  26. 26.
    Zhou, J., & Gollmann, D. (1996). A fair non-repudiation protocol. In Proceedings of IEEE symposium on security and privacy (pp. 55–61). IEEE Computer Society Press. Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2007

Authors and Affiliations

  • Jose A. Onieva
    • 1
    Email author
  • Javier Lopez
    • 1
  • Rodrigo Roman
    • 1
  • Jianying Zhou
    • 2
  • Stefanos Gritzalis
    • 3
  1. 1.Computer Science DepartmentUniversity of MalagaMalagaSpain
  2. 2.Institute for Infocomm ResearchSingaporeSingapore
  3. 3.Information and Communication Systems Security Laboratory, Department of Information and Communication Systems EngineeringUniversity of the AegeanSamosGreece

Personalised recommendations