An Efficient Anonymous Authentication Scheme for Mobile Pay-TV Systems

Li, Yuting; Cheng, Qingfeng; Cao, Jinzheng

doi:https://doi.org/10.1155/2020/8850083

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Related Work System Model Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Rethinking Authentication on Smart Mobile Devices 2020

View this Special Issue

Research Article | Open Access

Volume 2020 | Article ID 8850083 | https://doi.org/10.1155/2020/8850083

An Efficient Anonymous Authentication Scheme for Mobile Pay-TV Systems

Yuting Li,^1,2Qingfeng Cheng ,^1,2and Jinzheng Cao^1,2

Academic Editor: Ding Wang

Received22 Apr 2020

Revised13 Aug 2020

Accepted25 Aug 2020

Published10 Sept 2020

Abstract

As a component of mobile communication, the pay-TV system has attracted a lot of attention. By using mobile devices, users interact with the head end system in service providers to acquire TV services. With the growth of mobile users, how to protect the privacy of users while improving efficiency of the network has become an issue worthy of attention. Anonymous authentication schemes for mobile pay-TV systems came into being. In this paper, we analyze the shortcomings of the existing authentication protocol and then propose an improved one, which is secure against stored set attack and user traceability attack. The proposed scheme is proved to be secure. Moreover, our new scheme performs better in efficiency and storage, compared with several other schemes.

1. Introduction

With the rapid development of wireless communication technology, pay-TV systems have attracted a lot of attention as a component of mobile communication. According to Ref. [1], the number of users who used the pay-TV system reached 3.45 million in 1994, in England. Four years later, that number has doubled. TV service is developing from socialization to personalization, which means that users are able to watch their favourite TV programs anytime, anywhere. The pay-TV systems can meet the personalized needs of users. These changes have prompted the emergence of many communication systems for mobile TV services [2, 3].

In a pay-TV system, there are two entities, a service provider and a user. When a user needs a TV service, she interacts with the head end system (HES) of the service provider. The pay-TV system generally uses a conditional access system (CAS) to handle interactions between end users and service providers. Figure 1 shows the main components of CAS, which controls the reception of TV services by encrypting transmission services to ensure that only authorized users can access certain services. The transmitter (TX) and the receiving module (RX) are subsystems responsible for signal transmission and reception, respectively. The multiplexer (MUX) is responsible for multiplexing audio and video into the MPEG-2 transport stream, while the demultiplexer (DEMUX) is responsible for separating audio and video from the MPEG-2 transport stream. The subscriber authorization system (SAS) and subscriber management system (SMS) authorize and manage users separately.

Encryption and authentication play significant roles in CAS for mobile pay-TV systems. Obviously, we can see encryption and authentication processes Figure 1. The encryptor and the decryptor are responsible for encryption. When a user needs to obtain a service, she sends subscription and authentication messages to HES. In detail, the encryption keys must be distributed to all subscribers so that they can receive and decrypt the broadcasts they are entitled to under the terms of their subscriptions. Each receiver first filters the corresponding EMM messages and decrypts the SK and then decrypts ECM using SK. After the authorized user gets CW from ECM, she could descramble the content.

As for highly distributed mobile TV service delivery architectures [4], cloud computing models are unable to meet demands. The massive data generated by various access devices has made cloud network bandwidth even more limited, causing greater data bottlenecks [5]. For example, delay-sensitive business systems do not work well in cloud computing. These delay-sensitive services are often located at the edge of the data centers and can use nearby computing resources to complete calculations or reduce delays.

On the other hand, data generated by the terminal TV devices usually involves personal privacy information. Uploading these data to the cloud data center not only consumes a lot of bandwidth resources but also increases the risk of user privacy leakage [6, 7]. In order to deal with this problem, the user’s identity and password are involved in anonymous authentication protocols. The role of user-generated passwords is becoming more prominent in wireless mobile networks [8]. Two-factor anonymous authentication schemes have been proposed to wireless networks for a long time [9, 10]. Moreover, three-factor authentication and key agreements have also been widely used for cloud environment [11, 12]. Besides, fuzzy commitment with low latency can also be employed to ensure high efficiency [13].

In recent years, mobile pay-TV systems have risen in popularity due to their extensive application. The most challenging issue is providing secure authentication [14]. There have been many studies on anonymous authentication schemes used for HES. In Ref. [15], Far and Alagheband designed a lightweight anonymous authentication protocol. We found that this protocol is suffering from the risk of revealing user’s password. Besides, there is still room for improvement in storage. The main contributions of our paper are listed below: (i)We reveal Far and Alagheband’s protocol is suffering from the risk of revealing user’s privacy. Besides, there is still room for improvement in storage(ii)We propose a new efficient anonymous authentication scheme based on Far and Alagheband’s protocol(iii)The proposed anonymous authentication scheme in the paper performs better in computing efficiency and storage, which is more suitable for resource-constrained devices in edge computing environment

The rest of the paper is planned as follows. In Section 2, we describe related authentication schemes used in pay-TV systems. In Section 3, the preliminaries needed in protocol design are listed. The proposed anonymous authentication scheme is described in detail in Section 4. In Section 5, we give analysis of security proof and security features. Performance comparison is shown in Section 6. The conclusion is given in Section 7.

In this section, we first introduce secure CASs and categorize pay-TV systems in three groups. Encryption-based pay-TV systems are the most classic category. Signature-based pay-TV systems are the most practical application. Authentication schemes for pay-TV systems are the most important point of our attention. Table 1 shows the relationships of some related works in chronological order.

2.1. Secure CASs

In 1992, ITU first proposed the standards for CASs in pay-TV systems [16]. However, this standard does not provide authentication capabilities for service providers. Since then, in order to further strengthen security, the academic community has proposed some CASs based on symmetric cryptography. In this type of CASs, users must share group keys used to encrypt and decrypt.

Zhu proposed a one-to-many CAS [17]. This system adopted the word-counting model for the first time, which improved the overall efficiency of the system to some extent. However, because the number of keys that a user needs to save was directly proportional to the number of related users, the storage and distribution of keys became very complicated, so this type of CASs was not suitable for practical applications. In general, CASs based on symmetric encryption could not avoid complicated key distribution problems. At the same time, such systems could not provide nonrepudiation.

In 2019, Pal and Alam proposed a channel package free centralized key distribution scheme, which was based on dynamicity of the groups [18]. The scheme used finite state machine (FSM) and optimal binary search tree (OBST) data, providing leaving and joining mechanisms for both batch users and single user. Recently, Kumar et al. [19] designed a key management protocol for access control for the pay-TV system, using the theory of numbers. The protocol is said to achieve the minimum communication complexity and storage overhead.

2.2. Encryption-Based Pay-TV Systems

In 2004, Huang et al. divided users into different groups according to their various preferences, and each group shared the key [20]. However, Wang and Laith found that Huang et al.’s protocol was vulnerable to key leakage attack [21]. To enhance security, they proposed an improved key distribution scheme. In the same year, Sun et al. introduced a four-layer key hierarchy model, supporting more users to make flexible choices [22]. These CASs have a common feature in that one request message corresponds to one reply request, so they cannot respond to multiple requests in a short time. The one-to-many CASs, which can respond to many service requests at the same time, have become a new research direction.

In 2005, Yeung et al. constructed a new CAS based on the RSA algorithm. In their protocol, the media service provider and the proxy service provider needed to jointly encrypt the TV programs [23]. Several years later, Yeu and Huang presented an attribute-based encryption-based access control scheme and extended it with a revocation mechanism [24]. However, the scheme was pointed to be vulnerable to collusion attacks by Rial [25].

2.3. Signature-Based Pay-TV Systems

As one of the cryptographic primitives, signature provides the integrity and authentication of messages [26, 27]. To solve this kind of problem, Lee et al. proposed an authentication protocol based on digital signature technology [28]. However, this protocol could not provide anonymity for service providers. To strengthen its security, Song and Korba designed an improved version of the authentication protocol, using RSA blind signature technology [29]. Since then, Roh and Jung also adopted RSA-based proxy signature technology and designed a new authentication scheme [30]. However, the communication cost of their scheme was relatively high and it was not suitable for practical application.

2.4. Authentication Schemes for Pay-TV Systems

The authentication scheme applicable to pay-TV systems cannot be directly applied to mobile pay-TV systems. Yang and Chang designed an authentication scheme for mobile pay-TV systems using elliptic curve cryptography [31]. However, Chen et al. [32] pointed out that there were security issues in Yang and Chang’s scheme and proposed an anonymous authentication protocol to solve the insecure risks. They claimed that their protocol is better for applications with low power-consuming devices and high security requirements. However, Kim and Lee showed that Chen et al.’s protocol suffers the risks in password guessing attack and impersonation attack and gave an improved version [33]. In 2018, Far and Alagheband also enhanced the security in Chen et al.’s protocol to alleviate its security risks [15].

To improve the performance, Sun and Leu designed the first one-to-many authentication scheme in 2009 [34]. The scheme also used elliptic curve cryptography, suitable for access control in mobile pay-TV systems. However, Wang and Qin found that Sun and Leu’s scheme had security risks [35]. The adversary could not only pretend to be a mobile set (MS) to deceive HES but also pretend to be MS to deceive HES. Moreover, Sun and Leu’s scheme could not prevent unauthorized entities from accessing mobile TV programs. In order to strengthen security, Wang and Qin proposed a strengthened authentication protocol and claimed that their protocol could resist various common attacks. Based on Wang and Qin’s scheme [34], Arshad et al. designed an encryption-based authentication scheme for mobile pay-TV. This scheme did not use bilinear pairings and was easily implemented on FPGA boards [36].

In 2013, Liu and Zhang designed an identity-based encryption scheme based on bilinear pairings [37]. In addition, the batch verification technique allowed the service provider to authenticate various requests from different subscribers.

Sabzinejad et al.’s scheme was also designed using a bilinear pair in 2016 [38]. Its running time was shorter than previous solutions, but it was not suitable for lightweight devices. Kuo proposed an authentication scheme based on smart cards and biometrics for mobile pay-TV, which could be used on lightweight smart card devices for multiserver environments [39]. Wu et al. proposed an authentication scheme based on user signatures for mobile pay-TV, but this scheme could not guarantee user anonymity [40]. Zhu presented a deniable authentication protocol for pay-TV system based on chaotic maps, which is called DAP-TV [41]. In 2020, Kumaravelu et al. [14] designed an anonymous scheme which can authenticate both users and HES, with low computational cost.

3. System Model and Security Requirements

In this section, the operating mechanism of mobile pay-TV systems is explained at first. The security features required in anonymous authentication schemes and adversary capabilities are then briefly explained.

3.1. Anonymous Authentication Model for Mobile Pay-TV Systems

Table 2 shows notations of entities and parameters. The mobile pay-TV system consists of two important components, the head end system (HES) and the mobile set (MS). HES not only has powerful service content processing capabilities but also contains SAS/SMS. SAS/SMS is mainly responsible for authentication and key management, payment management, and subscription information management. MS is a user equipment that can use the mobile Internet connection to HES to obtain TV services.

In general, when a user wants to purchase a mobile pay-TV service, she needs to register the private information in HES, such as an ID number and email address. When the user needs TV services, his MS will send a request message for MS authentication and a service content request to HES. If the MS passes the HES authentication, the HES will broadcast a request message for the HES authentication to all nearby mobile sets. After the MS completes the authentication of the HES, the user can obtain service rights and enjoy the mobile pay-TV service. When the user wants to switch to another TV service, the MS and HES need to conduct mutual authentication again.

More specifically, there are four steps in the process of mobile TV and HES authentication and subscription services. In the initialization phase, DBS is responsible for generating system parameters and secret parameters required by MS. All HESs can obtain the parameters stored in DBS, which are generated in the initialization phase. In the issue phase, MS sends a log-in request to one HES to obtain a service then authenticates with this HES. As a result, the HES will issue a token for MS, which will be used in the subscription phase to subscribe a service. When the mobile TV wants to move to another area covered by other HES, all the MS needs to do is to authenticate with the new HES, not to reregister or send a log-in request. These four steps are shown in Figure 2.

3.2. Security Requirements

The anonymous authentication protocols used in mobile pay-TV systems need to provide mutual authentication, forward security, and privacy protection of each entity. In addition, the importance of user anonymity and user untraceability is more emphasized in mobile pay-TV systems.

3.2.1. Mutual Authentication

HES and MS need to perform mutual authentication, to conduct subsequent key management, payment management, and subscription management. For resource-constrained devices, the efficiency of authentication should be taken into consideration.

3.2.2. Forward Security

One of the characteristics of mobile users is frequent log-in and log-out. Therefore, when a mobile user leaves a communication network, others cannot infer any user information from the encrypted message left by the user. Forward security means that the authenticated keys generated from each session are independent of each other.

3.2.3. User Anonymity

User anonymity is the most basic requirement in an anonymous authentication protocol, which hides the user’s identity and communication relationship in the communication process through a certain method. This usually means that the user’s identity cannot be obtained by anyone, whether he is an internal attacker or an external attacker. In other words, the identity of the user cannot be publicly transmitted in plaintext.

3.2.4. User Untraceability

User untraceability has many implications. Malicious attackers or other users cannot determine which servers a user has logged in to or how many times a user has logged in to a server. Untraceability can ensure that even if the user reveals his identity at a certain stage, it will not help the adversary to identify the user at other stages. An effective way to achieve untraceability is to randomize the information transmitted in each step of the authentication phase.

3.2.5. Privacy Protection

Privacy protection means that the information of both MS and HES should be unavailable to others. In mobile pay-TV systems, the user logs in anonymously and does not want anyone to know her identity information. This requires that the identity information cannot be stored and transmitted in plain text.

3.3. Adversary Capabilities

As defined in other anonymous authentication protocols for mobile pay-TV systems, adversaries have the ability to do all passive attacks, such as eavesdropping on messages in public channel. Moreover, the adversary is allowed to obtain all parameters stored in DBS.

In order to prove that our scheme has more advantages in security, we have given adversaries the ability to obtain stored sets. That means the information stored in smart cards of MS and HES is not secure anymore.

The capabilities of adversaries are described briefly below: (i) can eavesdrop on messages in public channel(ii) can obtain all parameters stored in DBS(iii) can achieve all information stored in stored set of MS(iv) can be a internal attacker

4. The Proposed Scheme

In this section, we explain an improved scheme of Far and Alagheband’s scheme. Our improved scheme also has four phases as depicted in Section 3, the initialization phase, issue phase, subscription phase, and hand-off phase. The initialization phase is performed on secure channel, while the other three phases can be performed on public channel. These four phases are described, respectively, as below. The notations used in this section are shown in Table 2.

4.1. Initialization Phase

In the initialization phase, the MS should register in SAS/SMS through DBS, which stores data in HES. This phase needs to be performed on a secure channel. More details are listed as follows.

MS: chooses a random number and generates its password PW, then computes . After that, it sends ID and PW to DBS of .

DBS: after receiving ID and PW from the MS, DBS computes , , and . Here, is the secret key of the DBS, which is generated by . Finally, DBS stores and , then sends and to MS.

MS: after receiving and from DBS, MS stores and .

The initialization phase is shown in Figure 3.

4.2. Issue Phase

Before a mobile TV wants to obtain a service, the MS needs to send a service start request to , that is, log-in request. After sending a log-in request, MS and authenticate each other in the issue phase. As a result, will issue a token for MS, which will be used in the subscription phase. The detailed authentication process is described in Figure 4.

MS: computes and verifies . If verified, it then computes , ,, and , and finally sends to at .

: receives message at . It first checks , then verifies and . Next, it chooses a token and computes , , and finally sends to MS at .

MS: after receiving , it first checks . Then, it verifies . The authentication key is computed as .

4.3. Subscription Phase

Once the MS has obtained the token from the , it can use it to subscribe to the service. Except for the token from the issue phase to participate in the operation, other steps are similar to the issue phase. The details are showed in Figure 5.

MS: computes and verifies . If verified, it then computes , , , and , and finally sends to at .

HESn: receives message at . It first checks , then verifies: , . Next, it chooses a new token and computes and and finally sends to MS at .

MS: after receiving , it first checks , then verifies . The authentication key is computed as .

4.4. Hand-Off Phase

When a mobile user wants to move from the area covered by to another area covered by , he does not need to reregister or send a log-in request. All the MS needs to do is to authenticate with the new . The details are showed in Figure 6.

MS: first computes , , and , and then sends to at .

: receives message at . It first checks , then verifies and . Next, it chooses a new token and computes , . Finally, it sends to MS at .

MS: after receiving , it first checks , then verifies . The authentication key to get services for new HES is set as .

5. Security Analysis

Security analysis is composed of two subsections. First, we prove our improved scheme to be secure using the formal method in Section 5.1. Then, the main security features in our scheme are shown in Section 5.2.

5.1. Formal Security Analysis

In this subsection, we will show that our improved scheme can resist eavesdropping attack, stored set attack, and internal attack. The approaches proposed in literature [15, 42, 43] are employed in this part. The adversary capabilities are given in Section 3.

First, we give the definition that the adversary successfully breaks the scheme [42]. The first thing is to explain notations: (i)Experiment function (EXP): successfully obtains the required information(ii)Success function (Succ): ’s probability of success in obtaining the key secret information

Definition 1. If the probability of success is negligible, the scheme is secure against assumed .

Theorem 2. The adversary eavesdrop on messages in public channel. can break the scheme with probability, where is negligible.

Proof of Theorem 1. can eavesdrop in public channel. We describe the subsequent actions of in Algorithm 1, which consists of set up, challenge, and guess.

Set up: Input eavesdropped from public channel. If success, output 1. Otherwise, output 0.
Challenge:
(i) Eavesdrop from public channel
(ii) Compute . Here , .
(iii) Choose randomly as the value of
(iv) Compute
Guess: If , accept the value of . Return 1. Otherwise, return 0.

It is obviously to see that must correctly guess the value of to pass the algorithm. The probability of correctly guessing these four values is less than :

Thus, an break the scheme with probability: , where is negligible.

Theorem 3. The adversary can achieve the stored set of MS. can break the scheme with probability, where is negligible.

Proof of Theorem 3. can achieve the stored set of MS. We describe the subsequent actions of in Algorithm 2 and Algorithm 3, which represents the situation when obtains and , respectively.

Set up: Input corrupted from MS. If success, output 1. Otherwise, output 0.
Challenge:
(i) Corrupt
(ii) Choose randomly as the value of user’s password, identity and server’s secret key
(iii) Compute .
Guess: If , accepts the value of . Return 1. Otherwise, returns 0.

The key to successfully passing Algorithm 2 is to correctly guess the value of . The probability of correctly guessing these four values is less than :

Thus, can break the scheme with probability: , where is negligible.

Set up: Input corrupted from MS. If success, output 1. Otherwise, output 0.
Challenge:
(i) Corrupt
(ii) Choose randomly as the value of user’s password, identity, and server’s secret key
(iii) Compute
Guess: If , accepts the value of . Return 1. Otherwise, returns 0.

The key to successfully passing Algorithm 3 is to correctly guess the value of . The probability of correctly guessing these four values is less than :

Thus, can break the scheme with probability: , where is negligible.

Theorem 4. The adversary be an internal attacker. can break the scheme with probability, where is negligible.

Proof of Theorem 4. can be a malicious server, as an internal attacker. Even so, has no way of knowing identity of the user. We describe the subsequent behavior of in Algorithm 4.

Set up: Input eavesdropped from public channel. If success, output 1. Otherwise, output 0.
Challenge:
(i) Receive from public channel
(ii) Searches and t, where
(iii) Choose randomly
(iv) Compute ,
Guess: If or , accepts the value of . Return 1. Otherwise, returns 0.

Since the hash functions we use are one-way secure, if wants to know the value of to pass the algorithm, they can only guess. The probability of correctly guessing these two values is less than :

Therefore, can break the scheme with probability: , where is negligible.

In summary, our improved scheme can resist eavesdropping attack, stored set attack, and internal attack.

5.2. Security Features

In this subsection, we first explain the main changes in our improved scheme compared with Far and Alagheband’s scheme. (i)Bind x to and

In the initialization phase of Far and Alagheband’s protocol, and are stored directly in DBS. The user’s identity is hidden in and so that the user does not need to reveal its identity when logging in and out. However, there are security risks in storing R, Q, and in the DBS. As long as the adversary reveals DBS, she can obtain PWB by exclusive OR. This not only brings the leakage of user identity but also causes the risk of user untraceability. In our new scheme, we add the server’s secret key and make slight changes when calculating and . Thus, the adversary can no longer recover user’s privacy information through data in DBS. (ii)Remove the random numbers in the issue phase and subscription phase

The introduction of random numbers is to ensure that the authentication keys generated by each session are independent of each other, in order to meet the forward security of the anonymous authentication protocol. In Far and Alagheband’s protocol, the random numbers is used. Actually, each time a session generates an authentication key, a time stamp is required. Here, the time stamp not only provides the function of mutual authentication, but also introduces freshness. Therefore, our scheme can still guarantee forward security without using random numbers.

As a result of the changes, the security of the new scheme has been improved in terms of user untraceability and privacy protection. Table 3 shows the comparison of our improved scheme and Far and Alagheband’s scheme.

5.2.1. Mutual Authentication

In each session, HES and MS must first perform mutual authentication, using the preassigned , , and . We bind the server’s secret key and the user’s identity ID when calculating , , and , to ensure the confidentiality of them. The one-way hash function also provides an efficient method for mutual authentication.

5.2.2. Forward Security

Forward security means that the authenticated keys generated from each session are independent of each other. In our new scheme, the time stamps introduce the freshness of each session. Different participating in the operation will generate different authentication keys.

5.2.3. User Anonymity

User anonymity means that the user’s identity ID cannot be obtained by internal attackers or external attackers. In our new scheme, the identity ID of the user is not be publicly transmitted in plaintext, while it is placed in a hash function. Moreover, the server has no access to recover the user’s identity ID from and stored in DBS.

5.2.4. User Untraceability

In our scheme, all HESs can obtain and stored in DBS when they need them. Thus, the adversary can no longer determine whether the user has logged in, by comparing the stored set of each HES. Moreover, messages transmitted in public channel are diverse from each other.

5.2.5. Privacy Protection

In our new scheme, we add the server’s secret key and make slight changes when calculating and . Thus, the adversary can no longer recover user’s privacy information through data in DBS. The proposed scheme can provide user privacy protection.

6. Performance Comparison

Various anonymous authentication schemes have been presented in recent years. In this section, we choose a few schemes that use only hash functions and compare them with our scheme in terms of execution efficiency.

We define the execution time of one hash operation is 0.13 s according to Ref. [36]. The number of hash operations of each scheme is shown in Table 4. Since the subscription phase and hand-off phase are similar with the issue phase, we only compare hash operations in the initialization phase and issue phase.

From Table 4, our scheme performs better in terms of execution time. Moreover, the number of parameters transmitted on public channel is minimal, which means our scheme performs better in computing storage. In order to show the comparison of execution efficiency more clearly, we show the execution time in s and parameter numbers in Figure 7. It is obvious to see that our scheme has the shortest execution time under the same conditions.

(a)

(b)

(c)

7. Conclusion

The security of pay-TV systems is facing the challenge of explosive growth of users and service content. To prevent unauthorized access in mobile pay-TV systems, anonymous authentication technologies are commonly used for secure media delivery and channel protection. In this paper, we review Far and Alagheband’s protocol and find that this protocol is suffering from risks of revealing user’s privacy. Besides, there is still room for improvement in storage. We alleviate the security risks of Far and Alagheband’s protocol. Our improved scheme can resist stored set attack and user traceability attack. Performance comparison shows that our scheme performs better in terms of execution time and storage, which means it is suitable for resource-constrained devices in edge computing environment.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that there is no conflict of interest regarding the publication of this paper.

Acknowledgments

This work was supported in part by the National Natural Science Foundation of China (Grant 61872449).

References

N. L. Rayan and K. Chaitanya, A survey on mobile wireless networks, International Journal of Scientificand Engineering Research, 2014.
M. Armstrong, “Competition in the pay-TV market,” Journal of the Japanese and International Economies, vol. 13, no. 4, pp. 257–280, 1999.
View at: Publisher Site | Google Scholar
A. Zakerolhosseini and M. Nikooghadam, “Secure transmission of mobile agent in dynamic distributed environment,” Wireless Personal Communications, vol. 70, no. 2, pp. 641–656, 2013.
View at: Publisher Site | Google Scholar
A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, “Fog Computing for the Internet of Things: Security and Privacy Issues,” IEEE Internet Computing, vol. 21, no. 2, pp. 34–42, 2017.
View at: Publisher Site | Google Scholar
S. Yangui, P. Ravindran, O. Bibani, R. H. Glitho, and P. A. Polakos, A platform as-a-service for hybrid cloud/fog environments, IEEE International Symposium on Local and Metropolitan Area Networks, Rome, Italy, 2016.
J. Kang, R. Yu, X. Huang, and Y. Zhang, “Privacy-Preserved Pseudonym Scheme for Fog Computing Supported Internet of Vehicles,” IEEE Transactions on Intelligent Transportation Systems, vol. 19, no. 8, pp. 2627–2637, 2018.
View at: Publisher Site | Google Scholar
C. Mouradian, D. Naboulsi, S. Yangui, R. H. Glitho, M. J. Morrow, and P. A. Polakos, “A Comprehensive Survey on Fog Computing: State-of-the-Art and Research Challenges,” IEEE Communications Surveys & Tutorials, vol. 20, no. 1, pp. 416–464, 2018.
View at: Publisher Site | Google Scholar
D. Wang, H. Cheng, P. Wang, X. Huang, and G. Jian, “Zipf’s Law in Passwords,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 11, pp. 2776–2791, 2017.
View at: Publisher Site | Google Scholar
D. Wang, W. Li, and P. Wang, “Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks,” IEEE Transactions on Industrial Informatics, vol. 14, no. 9, pp. 4081–4092, 2018.
View at: Publisher Site | Google Scholar
C. Wang, D. Wang, Y. Tu, G. Xu, and H. Wang, “Understanding Node Capture Attacks in User Authentication Schemes for Wireless Sensor Networks,” IEEE Transactions on Dependable and Secure Computing, p. 1, 2020.
View at: Publisher Site | Google Scholar
Q. Jiang, N. Zhang, J. Ni, J. Ma, X. Ma, and K.-K. R. Choo, “Unified Biometric Privacy Preserving Three-factor Authentication and Key Agreement for Cloud-assisted Autonomous Vehicles,” IEEE Transactions on Vehicular Technology, p. 1, 2020.
View at: Publisher Site | Google Scholar
Q. Jiang, M. K. Khan, X. Lu, J. Ma, and D. He, “A privacy preserving three-factor authentication protocol for e-Health clouds,” The Journal of Supercomputing, vol. 72, no. 10, pp. 3826–3849, 2016.
View at: Publisher Site | Google Scholar
Q. Jiang, Z. Chen, J. Ma, X. Ma, J. Shen, and D. Wu, “Optimized Fuzzy Commitment based Key Agreement Protocol for Wireless Body Area Network,” IEEE Transactions on Emerging Topics in Computing, 2019.
View at: Publisher Site | Google Scholar
R. Kumaravelu, R. Sadaiyandi, A. Selvaraj, J. Selvaraj, and G. Karthick, “Computationally efficient and secure anonymous authentication scheme for IoT‐based mobile pay‐TV systems,” Computational Intelligence, vol. 36, no. 3, pp. 994–1009, 2020.
View at: Publisher Site | Google Scholar
S. B. Far and M. R. Alagheband, “Analysis and improvement of a lightweight anonymous authentication protocol for mobile pay-TV systems,” in 9th International Symposium on Telecommunications (IST), pp. 466–473, 2018.
View at: Google Scholar
Conditional-access broadcasting system, ITU-R Rec, 1992, https://www.itu.int/rec/R-REC-BT/en.
W. T. Zhu, “A cost-efficient secure multimedia proxy system,” IEEE Transactions on Multimedia, vol. 10, no. 6, pp. 1214–1220, 2008.
View at: Publisher Site | Google Scholar
O. Pal and B. Alam, “Efficient and secure conditional access system for pay-TV systems,” Multimedia Tools and Applications, vol. 78, no. 13, pp. 18835–18853, 2019.
View at: Publisher Site | Google Scholar
V. Kumar, R. Kumar, and S. K. Pandey, “An effective and secure key management protocol for access control in pay-TV broadcasting systems using theory of numbers,” in In proceedings: International Conference on Computing Applications in Electrical & Electronics Engineering (ICCAEEE 2019), pp. 369–379, 2020.
View at: Google Scholar
Y.-L. Huang, S. Shieh, F.-S. Ho, and J.-C. Wang, “Efficient Key Distribution Schemes for Secure Media Delivery in Pay-TV Systems,” IEEE Transactions on Multimedia, vol. 6, no. 5, pp. 760–769, 2004.
View at: Publisher Site | Google Scholar
S.-Y. Wang and C.-S. Laih, “Efficient key distribution for access control in pay-TV systems,” IEEE Transactions on Multimedia, vol. 10, no. 3, pp. 480–492, 2008.
View at: Publisher Site | Google Scholar
H.-M. Sun, C.-M. Chen, and C.-Z. Shieh, “Flexible-pay-per-channel: a new model for content access control in pay-TV broadcasting systems,” IEEE Transactions on Multimedia, vol. 10, no. 6, pp. 1109–1120, 2008.
View at: Publisher Site | Google Scholar
S. F. Yeung, J. C. S. Lui, and D. K. Y. Yau, “A multikey secure multimedia proxy using asymmetric reversible parametric sequences: theory, design, and implementation,” IEEE Transactions on Multimedia, vol. 7, no. 2, pp. 330–338, 2005.
View at: Publisher Site | Google Scholar
L. Yeu and J. Huang, “A conditional access system with efficient key distribution and revocation for mobile pay-TV systems,” Acm Transactions on Multimedia Computing, vol. 9, no. 3, pp. 18:1–18:20, 2013.
View at: Google Scholar
A. Rial, “A conditional access system with revocation for mobile pay-TV systems revisited,” Information Processing Letters, vol. 147, pp. 6–9, 2019.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Bao, X. Nie, and Y. I. Asoor, “Server-aided attribute-based signature supporting expressive access structures for industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 16, no. 2, pp. 1013–1023, 2020.
View at: Publisher Site | Google Scholar
Q. Mei, H. Xiong, J. Chen, M. Yang, S. Kumari, and M. K. Khan, “Efficient certificateless aggregate signature with conditional Privacy Preservation in IoV,” IEEE Systems Journal, pp. 1–12, 2020.
View at: Publisher Site | Google Scholar
N. Lee, C. Chang, C. Lin, and T. Hwang, “Privacy and non-repudiation on pay-TV systems,” IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 20–27, 2000.
View at: Google Scholar
R. Song and L. Korba, “Pay-TV system with strong privacy and non-repudiation protection,” IEEE Transactions on Consumer Electronics, vol. 49, no. 2, pp. 408–413, 2003.
View at: Publisher Site | Google Scholar
H. Roh and S. Jung, “An authentication scheme for consumer electronic devices accessing mobile IPTV service from home networks,” in In proceedings: IEEE International Conference on Consumer Electronics (ICCE 2011), pp. 717-718, 2012.
View at: Google Scholar
J.-H. Yang and C.-C. Chang, “An id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem,” Computers and Security, vol. 28, no. 3-4, pp. 138–143, 2009.
View at: Publisher Site | Google Scholar
T.-H. Chen, Y.-C. Chen, W.-K. Shih, and H.-W. Wei, “An efficient anonymous authentication protocol for mobile pay-TV,” Journal of Network and Computer Applications, vol. 34, no. 4, pp. 1131–1137, 2011.
View at: Publisher Site | Google Scholar
H. Kim and S. W. Lee, “Anonymous Authentication Protocol for Mobile Pay-TV System,” in Communications in Computer and Information Science, vol. 339, p. 471, Springer, Berlin, Heidelberg, 2012.
View at: Google Scholar
H.-M. Sun and M.-C. Leu, “An efficient authentication scheme for access control in Mobile pay-TV systems,” IEEE Transactions on Multimedia, vol. 11, no. 5, pp. 947–959, 2009.
View at: Publisher Site | Google Scholar
H. Wang and B. Qin, “Improved one-to-many authentication scheme for access control in pay-TV systems,” IET Information Security, vol. 6, no. 4, pp. 281–290, 2012.
View at: Publisher Site | Google Scholar
H. Arshad, M. Nikooghadam, S. Avezverdi, and M. Nazari, “Design and FPGA implementation of an efficient security mechanism for mobile pay-TV systems,” International Journal of Communication Systems, vol. 30, no. 15, 2017.
View at: Google Scholar
X. Liu and Y. Zhang, “A privacy-preserving acceleration authentication protocol for mobile pay-TV systems,” Security and Communication Networks, vol. 6, no. 3, 372 pages, 2013.
View at: Publisher Site | Google Scholar
M. S. Farash and M. A. Attari, “A provably secure and efficient authentication scheme for access control in mobile pay-TV systems,” Multimedia Tools and Applications, vol. 75, no. 1, pp. 405–424, 2016.
View at: Publisher Site | Google Scholar
W.-C. Kuo, H.-J. Wei, and Y.-H. Chen, “An enhanced secure anonymous authentication scheme based on smart cards and biometrics for multi-server environments,” in 2015 10th Asia Joint Conference on Information Security, Kaohsiung, Taiwan, 2015.
View at: Publisher Site | Google Scholar
H.-L. Wu, C.-C. Chang, and C.-Y. Sun, “A secure authentication scheme with provable correctness for pay-TV systems,” Security and Communication Networks, vol. 9, no. 11, 1588 pages, 2016.
View at: Publisher Site | Google Scholar
H. Zhu, “A simplified deniable authentication scheme in cloud-based pay-TV system with privacy protection,” International Journal of Communication Systems, vol. 32, no. 11, p. e3967, 2019.
View at: Publisher Site | Google Scholar
Y. Lindell, “Anonymous Authentication,” Journal of Privacy and Confidentiality, vol. 2, no. 2, pp. 35–63, 2011.
View at: Publisher Site | Google Scholar
T. S. Messerges, E. A. Dabbish, and R. H. Sloan, Investigations of power analysis attacks on smartcards, Smartcard 1999, Illinois, USA, 1999.

Copyright

Copyright © 2020 Yuting Li et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1642

Downloads

732

Citations

Wireless Communications and Mobile Computing

Rethinking Authentication on Smart Mobile Devices 2020

An Efficient Anonymous Authentication Scheme for Mobile Pay-TV Systems

Abstract

1. Introduction

2. Related Work

2.1. Secure CASs

2.2. Encryption-Based Pay-TV Systems

2.3. Signature-Based Pay-TV Systems

2.4. Authentication Schemes for Pay-TV Systems

3. System Model and Security Requirements

3.1. Anonymous Authentication Model for Mobile Pay-TV Systems

3.2. Security Requirements

3.2.1. Mutual Authentication

3.2.2. Forward Security

3.2.3. User Anonymity

3.2.4. User Untraceability

3.2.5. Privacy Protection

3.3. Adversary Capabilities

4. The Proposed Scheme

4.1. Initialization Phase

4.2. Issue Phase

4.3. Subscription Phase

4.4. Hand-Off Phase

5. Security Analysis

5.1. Formal Security Analysis

5.2. Security Features

5.2.1. Mutual Authentication

5.2.2. Forward Security

5.2.3. User Anonymity

5.2.4. User Untraceability

5.2.5. Privacy Protection

6. Performance Comparison

7. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright