Presentation is loading. Please wait.

Presentation is loading. Please wait.

2004-12-221 Pay-TV System with Strong Privacy and Non-Repudiation Protection Ronggong Song, Larry Korba IEEE Transactions on Consumer Electronics Vol.

Published byCathleen Sparks Modified over 9 years ago

Similar presentations

Presentation on theme: "2004-12-221 Pay-TV System with Strong Privacy and Non-Repudiation Protection Ronggong Song, Larry Korba IEEE Transactions on Consumer Electronics Vol."— Presentation transcript:

1 2004-12-221 Pay-TV System with Strong Privacy and Non-Repudiation Protection Ronggong Song, Larry Korba IEEE Transactions on Consumer Electronics Vol. 49, No. 2, pp. 408-413 May 2003 Adviser: Min-Shiang Hwang Speaker: 鍾松剛

2 2004-12-222 Related work Privacy and non-repudiation on pay-TV systems Nam-Yih Lee, Chi-Chao Chang, Chun-Li Lin, Tzone-lih Hwang IEEE Transactions on Consumer Electronics Volume: 46, Issue: 1, Feb. 2000 Pages:20 - 27 Analysis of privacy and non-repudiation on pay-TV systems Ronggong Song, M.R. Lyu,. IEEE Transactions on Consumer Electronics Volume: 47, Issue: 4, Nov. 2001 Pages:729 - 733 Pay-TV system with strong privacy and non-repudiation protection Ronggong Song, Larry Korba May 2003

3 2004-12-223 Research Classification

4 2004-12-224 Five Functions of Pay-TV Systems Selectivity  選擇欲收看的頻道 Adaptation  變更頻道 Suspension  中止頻道 Privacy  Anyone cannot determine to which channels or programs any particular customer has subscribed Non-repudiation  Protect both subscribers and service providers

5 2004-12-225 Motivations (Lee et al. 2000) Privacy is becoming precious in modern society  TV-watching habits Reveal information about a viewers Non-repudiation: create fairer environment  Disputes about transaction are usually unavoidable  Goal: Provide some evidence-digital signatures when some disputes occur

6 2004-12-226 Registration Phase Alice s 1 = (ID P, ID A, Register, T A ) d A s1s1 Verify s 1 s 2, c 1 s 2 = (ID P, ID A, ReceptionFee, T A ) d A c 1 = (Channels, R A ) e P TV service provider e A, d A Verify s 2 Calculates ReceptionFee s4s4 s 3 = (ID A, H (Channels, R A ), T P ) d P Verify s 3

7 2004-12-227 Adaptation Phase Alice Amount = ReceptionFee’ – BalanceFee Case Amount > 0 ( 餘額不足 ) s 4 = (ID P, ID A, Adapt, DiffFee, T A ) d A c 2 = (Channels’, R’ A ) e P where DiffFee = Amount Case Amount <= 0 s 4 = (ID P, ID A, Adapt, T A ) d A c 2 = (Channels’, R’ A ) e P s 4, c 2 TV service provider e A, d A If s 4 is valid Case Amount >= 0 s 5 = (ID A, H (Channels’, R A ’), T P ) d P Case Amount < 0 s 5 = (ID A, RefundFee, H (Channels’, R’ A ), T P ) d P where RefundFee = Amount s5s5 Verify s 5

8 2004-12-228 Suspension Phase Alice s 6 = (ID P, ID A, Suspend, T A ) d A s6s6 Verify s 6 Calculate RefundFee s 7 = (ID A, RefundFee, T P ) d p s7s7 Verify s 7 TV service provider e A, d A

9 2004-12-229 Attacks 1/2 (Song et al. 2001) Alice s 1 = (ID P, ID A, Register, T A ) d A s1s1 Verify s 1 s 2, c 1 s 2 = (ID P, ID A, ReceptionFee, T A ) d A c 1 = (Channels, R A ) e P TV service provider e A, d A Verify s 2 Calculates ReceptionFee s4s4 s 3 = (ID A, H (Channels, R A ), T P ) d P Verify s 3 c1c1 e P, d P

10 2004-12-2210 Attacks 2/2 s 1 = (ID P, ID E, Register, T A ) d A s1s1 Verify s 1 s 2, c 1 s 2 = (ID P, ID E, ReceptionFee, T E ) d E c 1 = (Channels, R A ) e P TV service provider e E, d E Verify s 2 Calculates ReceptionFee s4s4 s 3 = (ID E, H (Channels, R A ), T P ) d P Verify s 3 Attacker E MPKA (AK j ) (Broadcast) e P, d P

11 2004-12-2211 Amendment Alice s 1 = (ID P, ID A, Register, T A ) d A s1s1 Verify s 1 s 2, c 1 s 2 = (ID P, ID A, ReceptionFee, T A ) d A c 1 = (ID A, Channels, R A, T A ) e P TV service provider e A, d A Verify s 2 Calculates ReceptionFee s4s4 s 3 = (ID A, H (Channels, R A ), T P ) d P Verify s 3

12 2004-12-2212 Motivations (Song et al. 2003) Current Pay-TV systems’ drawbacks  Allow service providers to easily acquire personal data TV-watching habits  Provides share, or sell customer personal data without permission not  Protect the customer privacy from abuse by outsider, not the service providers Proposed scheme  Prevent outsiders and providers abuse the customer privacy Partial blind digital signature Anonymous digital signature  e-ticket !!

13 2004-12-2213 Partial Blind Digital Signature M. Abe and E. Fujisaki, “How to Date Blind Signatures”, Advances in Cryptology--ASIACRYPT '96, pp. 244-251, 1996 Allows a signer to sign a partially blinded message that include pre-agreed information such as expiry date or collateral conditions in unblinded form.

14 2004-12-2214 Example: Partial blind digital signature Alice Bank v is a predefined message by the bank and contains an expiration date Randomly choose m, r in Z * n Compute α≡r ev H(m) mod n α,v Verify the correctness of v Compute t≡ α (ev) -1 mod n ≡ r H(m) (ev) -1 mod n Deduct w dollars t Compute s≡r -1 t mod n ≡H(m) (ev) -1 mod n e-cash (m, s, v) Deposit (m, s, v) Verify v s ev ≡H(m) mod n (m, s, v) Verify Add w dollars to payee’s account Shop

15 2004-12-2215 E-ticket Issue Phase (Song et al. 2003) TV service provider Alice (K1) e p, E K1 (ID A, CC A, PK A, α, v, Time A, Sign A ) (K2) e A, E K2 (ID A, ID P, t, Time P, Sign P ) PK T = (e t, n t ) SK T = (d t, p t, q t ) α≡r e p v H(e t ||n t ) mod n p3 Sign A = [(H(ID A, CC A, PK A, α, v, Time A, K 1 )] d A mod n A e P, d P Verify CC A, Time A, Sign A, v e A, d A t = α (e p v) -1 mod n p = r H(e t ||n t ) (e p v) -1 Sign P = [(H(ID A, ID P, t, Time P, K 2 )] d p mod n p Debit $$ from CC A Verify Time P Sign P s≡r -1 t mod n p e-ticket (e t, n t, v, s) e t, n t Expiration date Balance Sign P

16 2004-12-2216 TV Channel Subscription Phase TV service provider Alice (K3) e p, E K3 (e t, n t, v, s, channels, Time, Sign T ) (K4) e t, E K4 (AK 1 …AK m, BF, s’, Time P, Sign P ) PK T = (e t, n t ) SK T = (d t, p t, q t ) Select favorite channels Sign T = [(H(e t, n t, v, s, channels, Time, K 3 )] d t mod n t e P, d P Verify Time, Sign T e A, d A Verify s (e p v) ≡H(e t ||n t ) mod n p Calculate price for the channels s’ = [(H(e t, n t, v, s, BF)] d p mod n p ] Sign P = [(H(AK 1 …AK m, BF, s’, Time P, K 4 )] d p mod n p Verify Time P Sign P Verify s e-ticket (e t, n t, v, s, BF, s’) (Broadcast) e t, n t Expiration date Original balance Old Sign P New balance New sign p

17 2004-12-2217 TV Channel Adaptation and Suspension Phase TV service provider Alice (K5) e p, E K5 (e t, n t, v, s, BF, s’, change, Time, Sign T ) (K6) e t, E K6 (AK i1 …AK im, BF, s’, Time P, Sign P ) change = (old, added, stopped channels) e P, d P Verify Sign T, s’, s e A, d A Calculate price for the channels S’ = [(H(e t, n t, v, s, BF)] d p mod n p ] Sign P = [(H(AK i1 …AK im, BF, s’, Time P, K 6 )] d p mod n p Verify e-ticket (e t, n t, v, s, BF, s’) (Broadcast) e-ticket (e t, n t, v, s, BF, s’) (Ki) e i, E Ki (AK N, Time P, Sign P ) (Broadcast)

18 2004-12-2218 E-ticket Renew Phase TV service provider Alice (K7) e p, E K7 (e t, n t, v, s, BF, s’, v’, Time, Sign T ) Fill the renewal form v’ (new exp date, latest BF) e P, d P e A, d A S’’ = [(H(e t, n t, v, s, BF, s’, v’)] d p mod n p ] Verify e-ticket (e t, n t, v, s, BF, s’, v’, s’’) (Broadcast) e t, n t Old expiration date Latest balance Latest Sign P Renew data New sign p e-ticket (e t, n t, v, BF, s’) Verify Sign T, s’, s. v’ (K8) e p, E K8 (e t, n t, v, s, BF, s’, v’, s’’, Time, Sign T )

19 2004-12-2219 Protocol characteristics Strong/perfect privacy protection  沒有人知道某個 subscriber 所登錄的頻道 原因: The format and content of message v are same with other e-tickets. The provider cannot trace. Non-repudiation Strong safety protection  沒有人能非法使用別人的 e-ticket 原因:沒有相對應的 private key Satisfy Selectivity/Adaptation/Suspension

20 2004-12-2220 Comments Ak i : authorization key of channel i 只要一位 subscriber 付費,大家都能收看?  原因:對付費的 subscriber 而言,沒有損失 TV service provider Alice (K4) e t, E K4 (AK 1 …AK m, BF, s’, Time P, Sign P ) (Broadcast)

Download ppt "2004-12-221 Pay-TV System with Strong Privacy and Non-Repudiation Protection Ronggong Song, Larry Korba IEEE Transactions on Consumer Electronics Vol."

Similar presentations

1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Efficient Group Signatures from Bilinear Pairing Author: Xiangguo Cheng, Huafei Zhu, Ying Qiu, and Xinmei Wang Presenter: 紀汶承.

Efficient Group Signatures from Bilinear Pairing Author: Xiangguo Cheng, Huafei Zhu, Ying Qiu, and Xinmei Wang Presenter: 紀汶承.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
VarietyCash: A Multi-purpose Electronic Payment System By M. Bellare, J. Garay, C. Jutla, M. Yung --- 1998 By Liang Li Chris March 29th.

VarietyCash: A Multi-purpose Electronic Payment System By M. Bellare, J. Garay, C. Jutla, M. Yung By Liang Li Chris March 29th.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Checking Account & Debit Card Simulation

Checking Account & Debit Card Simulation
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,
1 Efficient Private Matching and Set Intersection (EUROCRYPT, 2004) Author : Michael J.Freedman Kobbi Nissim Benny Pinkas Presentered by Chia Jui Hsu Date.

1 Efficient Private Matching and Set Intersection (EUROCRYPT, 2004) Author : Michael J.Freedman Kobbi Nissim Benny Pinkas Presentered by Chia Jui Hsu Date.
1 10591: Happy Number ★ ? 題組: Problem Set Archive with Online Judge 題號: 10591: Happy Number 解題者:陳瀅文 解題日期: 2006 年 6 月 6 日 題意:判斷一個正整數 N 是否為 Happy Number.

: Happy Number ★ ? 題組: Problem Set Archive with Online Judge 題號: 10591: Happy Number 解題者:陳瀅文 解題日期: 2006 年 6 月 6 日 題意:判斷一個正整數 N 是否為 Happy Number.
1 Blind Signatures 盲簽章 Chun-I Fan 范俊逸 E-Commerce & Security Engineering Lab. Department of Computer Science and Engineering National Sun Yat-Sen University.

1 Blind Signatures 盲簽章 Chun-I Fan 范俊逸 E-Commerce & Security Engineering Lab. Department of Computer Science and Engineering National Sun Yat-Sen University.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
1 A practical off-line digital money system with partially blind signatures based on the discrete logarithm problem From: IEICE TRANS. FUNDAMENTALS, VOL.E83-A,No.1.

1 A practical off-line digital money system with partially blind signatures based on the discrete logarithm problem From: IEICE TRANS. FUNDAMENTALS, VOL.E83-A,No.1.
Efficient key Distribution Schemes for Secure Media Delivery in Pay-TV Systems Source: IEEE TRANS. ON MULTIMEDIA, VOL. 6,NO. 5, OCTOBER 2004 Authors: Yu-Lun.

Efficient key Distribution Schemes for Secure Media Delivery in Pay-TV Systems Source: IEEE TRANS. ON MULTIMEDIA, VOL. 6,NO. 5, OCTOBER 2004 Authors: Yu-Lun.

Similar presentations

Ads by Google