Integration of non-repudiation services in mobile DRM scenarios
In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.
KeywordsDigital rights management Non-repudiation Secure electronic commerce Mobile applications
Unable to display preview. Download preview PDF.
- 1.Asokan, N. (1998). Fairness in electronic commerce. PhD thesis, University of Waterloo, Computer Science. Google Scholar
- 2.Bradner, S. (1997). RFC 2119. Key words for use in RFCs to indicate requirement levels. IETF. Google Scholar
- 3.Franklin, M., & Tsudik, G. (1998). Secure group barter: Multi-party fair exchange with semi-trusted neutral parties. In Lecture notes in computer science: Vol. 1465. Proceedings of financial cryptography 1998 (pp. 90–102). Springer. Google Scholar
- 4.González-Deleito, N., & Markowitch, O. (2001). An optimistic multi-party fair exchange protocol with reduced trust requirements. In Lecture notes in computer science: Vol. 2288. Proceedings of the 4th international conference on information security and cryptology (pp. 258–267). Springer. Google Scholar
- 5.González-Deleito, N., & Markowitch, O. (2002). Exclusion-freeness in multi-party exchange protocols. In Lecture notes in computer sciences. 5th International conference on information security (ISC 2002) (pp. 200–209). Springer. Google Scholar
- 6.http://www.3gpp.org/ (n.d.).
- 10.ITU. (1997). Information technology—open systems interconnection—the directory: Overview of concepts, models and services. Google Scholar
- 11.ITU. (2003). Security architecture for systems providing end to end communications. Google Scholar
- 13.Kremer, S., & Markowitch, O. (2000). A multi-party non-repudiation protocol. In Proceedings of SEC 2000: 15th international conference on information security. IFIP World Computer Congress (pp. 271–280). Google Scholar
- 15.kXML (n.d.). http://kxml.sourceforge.net/index.orig.shtml.
- 16.Markowitch, O., & Kremer, S. (2000). A multi-party optimistic non-repudiation protocol. In Lecture notes in computer science: Vol. 2015. Proceedings of 3rd international conference on information security and cryptology (pp. 109–122). Springer. Google Scholar
- 17.Onieva, J. A., Zhou, J., Carbonell, M., & Lopez, J. (2003). Intermediary non-repudiation protocols. In Proceedings of 2003 IEEE fifth conference on electronic commerce (pp. 207–214). Google Scholar
- 18.Ope. (2006). DRM specification (2 ed.). Google Scholar
- 19.Plaza, P., Gonzalez, J. L., Lacoste, M., Stern, D., Bormann, F., Zoth, C., Tacken, J., Lopez, J., Onieva, J., Soriano, M., Forne, J., Marin, A., Almenarez, F., Görlich, J., Eikerling, H.-J., Müller, W., & Schäfer, R. (2004). Mobile security: Requirements and state of the art analysis. Technical Report D2.1, UBISEC Consortium. Google Scholar
- 20.Seitz, J. (2005). Digital watermarking for digital media. Hershey: Information Science. Google Scholar
- 21.Services, T. S. G., & Aspects, S. (2001). 3gpp s1-01 1197. ts 22.242. Technical report, 3rd generation partnership project. V6.2.0. Google Scholar
- 22.The legion of the bouncy castle. (n.d.). http://www.bouncycastle.org.
- 23.Wang, X., Lai, X., Feng, D., Chen, H., & Yu, X. (2005). Cryptanalysis of the hash functions MD4 and RIPEMD. In R. Cramer (Ed.), Lecture notes in computer science: Vol. 3494. Advances in cryptology (pp. 1–18). EUROCRYPT, Springer. Google Scholar
- 24.Wang, X., & Yu, H. (2005). How to break MD5 and other hash functions. In R. Cramer (Ed.), Lecture notes in computer science: Vol. 3494. Advances in cryptology (pp. 19–35). EUROCRYPT, Springer. Google Scholar
- 25.Yan, Z. (2001). Mobile digital rights management. In L. Staffans & T. Virtanen (Eds.), T-110.501 seminar on network security. Helsinki: Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory. Google Scholar
- 26.Zhou, J., & Gollmann, D. (1996). A fair non-repudiation protocol. In Proceedings of IEEE symposium on security and privacy (pp. 55–61). IEEE Computer Society Press. Google Scholar