Mengyao Zhu,Ming Zhang,Xiaoling Chen,Ding Zhang,ZhiJie Huang

DOI: https://doi.org/10.1007/978-3-540-74377-4_88

2007-01-01

Abstract:A variety of subscriptions in Conditional Access System (CAS) of DTV broadcasting network bring complexity to the key distribution scheme. In this paper, an innovation of hierarchical key distribution scheme for CAS in DTV broadcasting is proposed to reduce the computation of encryption and the number of messages for key refreshment. Compared with the conventional key distribution schemes, no encrypted message is distributed for key refreshment when a subscriber leaves. Further more, our hierarchical tree of key can provide a lot more dynamic management, from which broadcasters can improve efficiency in managing program channels.

TP Jiang,SB Zheng,BF Liu

DOI: https://doi.org/10.1109/tce.2004.1277866

2004-01-01

IEEE Transactions on Consumer Electronics

Abstract:Conditional access system (CAS) is one of the key techniques in digital television (DTV) broadcast, which is used to charge the subscriber for subscribing fee by scrambling the program information. Scrambling algorithm and key distribution are the most important parts for CAS. In this paper, we proposed a new key distribution scheme based on hierarchical access control for conditional access system in digital television broadcast. Our key distribution scheme can greatly reduce the encrypting computation and acquire higher efficiency and security. Moreover, the proposed scheme is more flexible in processing joining and leaving of subscriber, which is very important for service provider to manage the subscriber.

JIANG Tian-pu,ZHENG Shi-bao,ZHANG Hong-guang

DOI: https://doi.org/10.3321/j.issn:1006-2467.2005.09.034

2004-01-01

Abstract:Conditional Access System (CAS) is used to charge the subscriber for subscribing fee by scrambling the program information. Security is an essential factor of CAS, which mainly depends on scrambling algorithm and key distribution algorithm. This paper proposed a new key distribution algorithm based on hierarchical access control for conditional access system in digital television broadcast. This key distribution algorithm can greatly reduce the encrypting computation and acquire high efficiency and security. Moreover, the proposed scheme is more flexible in processing joining and leaving of subscriber, which is very important for service provider to dynamic manage the subscriber.

TP Jiang,SB Zheng

DOI: https://doi.org/10.1109/iccs.2004.1359392

2004-01-01

Abstract:In DTV broadcasting, key distribution is the essential part of the conditional access system (CAS), which is directly related with the security of CAS. In this paper, considering the inefficiency of the current CAS, a modified key distribution algorithm is put forward, in which the hierarchical access control technology is used to distribute the authorization keys of channels while the Chinese remainder theorem is adopted to distribute the group keys to the subscribers. The proposed algorithm is secure enough as well as greatly reducing the forward security problem. Moreover, the algorithm is flexible in dynamic management of subscriber. Most importantly, the algorithm is more efficient than the current CAS for fewer messages being transferred during key rekeying and system initializing, which greatly saves the bandwidth of the channel

QIN JUNBO,WANG XINGJUN

DOI: https://doi.org/10.3969/j.issn.1008-0570.2007.36.001

2007-01-01

Abstract:A fact in the Conditional Access System(CAS)of Digital TV(DTV)is that,computation and distribution for access keys is a great load because of great number of terminal users,and this is also the key point which has to be considered seriously.Based on Chinese Remainder Theorem(CRT),this paper presents a new scheme using dynamic grouping management to authorize terminal users.This scheme not only can reduce the affection range when one terminal user's authorization state changes,but also can effectively get the trade-off between complexity and band-width consumption during encrypting and transmitting keys.

Bao-feng LIU,Lü-ping LI,Wen-jun ZHANG,Shi-bao ZHENG

DOI: https://doi.org/10.3321/j.issn:1006-2467.2006.05.005

2006-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:Based on four-level key hierarchy, a new key distribution scheme based on grouping access control for conditional access system in digital TV (DTV) broadcasting was presented. The key distribution scheme can greatly reduce computation load and complexity while providing higher security. Moreover, the proposed scheme is flexible in processing joining and leaving of subscriber, which makes service provider easy to manage the subscribers dynamically. In the end, the security and performance of the proposed scheme were analyzed and compared with other schemes. It shows that the proposed scheme is very feasible for practical applications.

秦军波,王兴军

2007-01-01

Abstract:Conditional Access System (CAS) is the key point of authorization in Digital TV (DTV), and as well, key distribution scheme plays the central role of CAS. Based on single grouping algorithm, this paper presents a new scheme using dual- grouping access. The core idea of this scheme is the adoptions of both channel grouping and user grouping, which we called dual- grouping scheme. Compared with single- grouping or non- grouping scheme, this new scheme can reduce the bandwidth consumption for trans- ferring keys. Moreover, it will be much easier to deal with single user- terminal’s joining and quitting without any influence to other groups; this will also reduce the system load and increase the system flexibility.

Fu-Kuan Tu,Chi-Sung Laih,Hsu-Hung Tung

DOI: https://doi.org/10.1109/30.754430

1999-01-01

IEEE Transactions on Consumer Electronics

Abstract:A conditional access system (CAS) is essential in a pay-TV system to charge the subscriber the subscription fee, and key management is also important. Various levels of key hierarchy for a CAS are discussed and two methods of grouping the subscribers to reduce the complexity of key distributions are presented. Based on the proposed two grouping methods we proposed a simple and a complete scheme with four-levels of key hierarchy for the key distribution management CAS of the pay-TV system. We also analyze the performance of the proposed complete scheme. It is shown that our system is efficient and suitable for a pay-TV system which provides both pay per channel (PPC) and pay per view (PPV) services. Besides, the proposed complete scheme is also a flexible one for dynamic management. Finally, it should be noted that, though our discussion are focused on pay-TV only, our schemes are also suitable for a digital broadcasting system (DBS).

telecommunications,engineering, electrical & electronic

Bing-Zhe He,Chien-Ming Chen,Tsu-Yang Wu,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/569397

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:The time-bound hierarchical key assignment scheme provides a cryptographic solution for the access control problem in distributed systems (e.g., Pay-TV and cloud computing applications). Most time-bound hierarchical key assignment schemes can be divided into two types: adopting tamper-resistant devices and utilizing public values. Despite the fact that adopting tamper-resistant devices can easily resist to collusion attacks, utilizing public values is much cheaper and more suitable for cloud environment. In this paper, we proposed a new time-bound hierarchical key assignment scheme, which can effectively defeat the collusion attack. Besides, the proposed scheme utilizes public values instead of tamper-resistant devices, which will restrict user's convenience. Compared with the previous works, our scheme requires fewer public values and has better performance.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Ruidong Li,Jie Li,Hisao Kameda

DOI: https://doi.org/10.1007/11534310_58

2005-01-01

Abstract:Hierarchical access control to ensure multiple levels of access privilege for group members is required in many environments, such as hierarchically managed organizations and multimedia applications. In this paper, to efficiently and effectively achieve this goal, we propose a distributed key management scheme whereby each SG (Service Group) maintains an SG server. This server is utilized to manage the key tree and provide the related session keys for all the users in this SG. Compared with the already existing method employing an integrated key graph to the hierarchical access control problem, there is no complex merging key tree algorithm needed in the proposed scheme, and thus the communication overhead can be greatly reduced. Also the trust and communication burden on one centralized server, KDC (Key Distribution Center), is scattered, and thus better scalability when the number of users increases can be achieved.

Shaohua Tang,Xiaoyu Li,Xinyi Huang,Yang Xiang,Lingling Xu

DOI: https://doi.org/10.1109/tc.2015.2479609

IF: 3.183

2016-01-01

IEEE Transactions on Computers

Abstract:Access control is an indispensable security component of cloud computing, and hierarchical access control is of particular interest since in practice one is entitled to different access privileges. This paper presents a hierarchical key assignment scheme based on linear-geometry as the solution of flexible and fine-grained hierarchical access control in cloud computing. In our scheme, the encryption key of each class in the hierarchy is associated with a private vector and a public vector, and the inner product of the private vector of an ancestor class and the public vector of its descendant class can be used to derive the encryption key of that descendant class. The proposed scheme belongs to direct access schemes on hierarchical access control, namely each class at a higher level in the hierarchy can directly derive the encryption key of its descendant class without the need of iterative computation. In addition to this basic hierarchical key derivation, we also give a dynamic key management mechanism to efficiently address potential changes in the hierarchy. Our scheme only needs light computations over finite field and provides strong key indistinguishability under the assumption of pseudorandom functions. Furthermore, the simulation shows that our scheme has an optimized trade-off between computation consumption and storage space.

Ruidong Li,Jie Li,Hsiao-Hwa Chen

DOI: https://doi.org/10.1109/GLOCOM.2005.1577969

2005-01-01

Abstract:To efficiently and effectively achieve the hierarchical access control for multimedia networks, in this paper we propose a distributed key management scheme whereby each SG (service group) maintains an SG server and give detailed analysis. In the proposed scheme, the server for a SG is utilized to manage the key tree and provide the related session keys for all the users in this SG. A detailed case study is provided, and we show that the communication overhead can be greatly reduced by O (nO · logdnO), where nO is the number of users in a SG, compared with employing an integrated key graph to the hierarchical access control problem. At the same time, the storage overhead for all users can be reduced by O(N), where N is the total number of users.

Ruidong Li,Jie Li,Hsiao-Hwa Chen

DOI: https://doi.org/10.1504/IJSN.2007.012821

2007-01-01

Abstract:Hierarchical access control for group communication providesaccess control which can assure that group members can subscribedifferent data streams or possibly multiples of them in amultimedia network. In this paper, to efficiently and effectivelyachieve this goal, we propose a Distributed Key Management Scheme(DKMS) whereby each Service Group (SG) maintains a SG server andgive detailed analysis. In the proposed scheme, the server for a SGis utilised to manage the key tree and provide the related sessionkeys for all the users in this SG. Detailed analysis is providedand we show that the communication overhead can be greatly reducedby O(n0 logd n0), wheren0 is the number of users in a SG, compared withemploying an integrated key graph to the hierarchical accesscontrol problem. At the same time, the storage overhead for allusers can be reduced by O(N), where N is the total number ofusers.

Ling Xiong,Fagen Li,Mingxing He,Zhicai Liu,Tu Peng

DOI: https://doi.org/10.1109/tcc.2020.3029878

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:In the last few years, mobile cloud computing (MCC) gains a huge development because of the popularity of mobile applications and cloud computing. User authentication and access control are two indispensable security components in the MCC environment. To the best of our knowledge, they are generally designed in different procedures. Access control can be executed after the authentication completes successfully. In order to improve efficiency, this article constructs an integrated scheme of authentication and hierarchical access control using self-certified public key cryptography (SCPKC) and the Chinese remainder theorem (CRT) for MCC environment. The proposed scheme can achieve mutual authentication while determining the access rights of mobile users without storing any access control list in the MCC service provider side. Besides, we also give a dynamic adding or deletion of MCC service provider to efficiently address potential changes in the hierarchy. The security of our proposed scheme is proved by the random oracle model. Compared with recently related multi-server authentication schemes for the MCC environment, the proposed scheme not only adds a new function of hierarchical access control but also has better computation and communication efficiencies. Therefore, the proposed scheme is more suitable for real-life MCC applications.

Fei Ren,Zhiguang Qin,Xianhong Liu

DOI: https://doi.org/10.1109/cis.2010.99

2010-01-01

Abstract:This paper discusses the security of Conditional Access System and proposed several attack methods. It analyzes fundamentals of CW sharing and points out the security hole during the communication between the IC and STB. It proposes several existent traditional solutions to the CW sharing. Because there are security problems or cost problems accompanied with the traditional solutions this paper proposes a new technical method to prevent the CW sharing with low cost and high security. The method is based on a practical authentication and key agreement algorithm. The communication between STB and smart card is encrypted by the agreement key to protect the CW, which prevented effectively CW sharing based on plaintext.

Jiqiang Liu,Sheng Zhong

2009-01-01

Abstract:In a complex information system, users and data are usually organized in a hierarchy structure for access control. Users in superior classes should be allowed to derive the secret keys belonging to subordinate classes. In this Paper, We propose a new time bound hierarchy key assignment scheme to achieve this goal. Compared with the existing similar schemes, our scheme is more secure and needs less computational time. Furthermore, our scheme does not need tamper-resistant device, Which makes our scheme much more practical.

Yogesh Karandikar,Xukai Zou,Yuanshun Dai

DOI: https://doi.org/10.1109/ICPADS.2005.260

2005-01-01

Abstract:Applications like e-newspaper or interactive online gaming typically have more than one resource and a large number of users. There is a many-to-many relationship between users and resources, each user can access multiple resources and each resource can be accessed by multiple users. Each resource needs to be encrypted by a different Resource Encryption Key (REK). Each REK needs to be distributed to all subscribers of the Resource and each subscriber must get all the REKs he/she subscribes to. We term this as problem of Differential Access Control. Also this environment is very dynamic in terms of subscription changes by users and resource changes by service providers. Conventional ways of Access Control are not sufficient for this problem of Differential Access Control. In this paper, we propose a new scheme of Access Control, based on Secure Group Communication framework, that is efficient, scalable,practical and dynamic.

Sun Hung-Min,Wang King-Hang,Chen Chien-Ming

DOI: https://doi.org/10.1109/TDSC.2009.15

2009-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recently, Bertino et al. proposed a new time-bound key management scheme for broadcasting. The security of their scheme is planted on the hardness breaking of elliptic curve discrete log problem, HMAC, and tamper-resistance devices. They claimed that as long as the three assumptions hold, their scheme is secure. By means of secure, users cannot access resources that they are not granted, even if users collude. In this paper, we demonstrate that this scheme is insecure against the collusion attack. We also provide some possible amendments to this scheme. © 2006 IEEE.

Xie Qiang,Zheng Shi-bao,Yu Xiao-jing

DOI: https://doi.org/10.1109/tce.2005.1510505

2006-01-01

Abstract:In this paper we present a smart-card-based conditional access subsystem (CASS) separation scheme at the digital TV broadcasting receiving end. Following the proposed scheme, different conditional access (CA) systems can operate concurrently in one digital TV broadcasting network using a common receiving platform, which is independent of any specific CA system. The digital TV program subscriber needs only to change the corresponding CA smart card to view pay TV programs, which are scrambled by different CA systems. The main points of the proposed scheme and its reference implementation are presented in this paper. The reference implementation has been developed to verify the feasibility of the proposed scheme in practical broadcasting environment. The system architecture and the constituent logical function modules of this reference implementation, especially the part in STB, have been described in detail to better illustrate the working principle of this scheme. Compared to PC-card-based or other smart-card-based common interface schemes, the proposed one is much more cost performance efficient, succincter and easier to be accepted by CA system providers. This scheme is also one of the candidate standards for Chinese digital TV broadcasting.