By Topic

A practical revocation scheme for broadcast encryption using smart cards

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
N. Kogan ; Dept. of Electr. Eng. Syst., Tel Aviv Univ., Ramat-Aviv, Israel ; Y. Shavitt ; A. Wool

We present an anti-pirate revocation scheme for broadcast encryption systems (e.g., pay TV), in which the data is encrypted to ensure payment by users. In the systems we consider decryption of keys is done on smart cards and key management is done in-band. Our starting point is a recent scheme of Naor and Pinkas. The basic scheme uses secret sharing to remove up to t parties, is information theoretic secure against coalitions of size t, and is capable of creating a new group key. However with current smart card technology, this scheme is only feasible for small system parameters, allowing up to about 100 pirates to be revoked before all the smart cards need to be replaced. We first present a novel implementation method of their basic scheme that distributes the work in novel ways among the smart card, set-top terminal, and center. Based on this, we construct several improved schemes for many stateful revocation rounds that scale to realistic system sizes. We allow up to about 10000 pirates to be revoked using current smart card technology before re-carding is needed. The transmission lengths of our constructions are on a par with those of the best tree-based schemes. However, our constructions have much lower smartcard CPU complexity: only O(1) smartcard operations per revocation round, as opposed to a poly-logarithmic complexity of the best tree-based schemes. We evaluate the system behavior via an exhaustive simulation study. Our simulations show that with mild assumptions on the piracy discovery rate, our constructions can perform effective pirate revocation for realistic broadcast encryption scenarios.

Published in:

Security and Privacy, 2003. Proceedings. 2003 Symposium on

Date of Conference:

11-14 May 2003