Replay Attack of Dynamic Rights within an Authorised Domain

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.30

I. Abbadi, Muntaha Alawneh

{"title":"Replay Attack of Dynamic Rights within an Authorised Domain","authors":"I. Abbadi, Muntaha Alawneh","doi":"10.1109/SECURWARE.2009.30","DOIUrl":null,"url":null,"abstract":"Digital Rights Management (DRM), unlike access control techniques, associates content with a rights object specifying content usage rules. The rights object is always bound with content and enforced wherever content is transferred and used. Such a rights object, in many cases, contains dynamic rights, which change with usage and time, e.g. play period, print count, and expire after a specific period. Most existing DRM techniques do not address the replay attack problem for dynamic rights. This problem has the greatest impact when the DRM mechanisms get integrated with authorised domains. In this paper we mainly focus on the replay attack for dynamic rights when it is transferred between member devices in an authorised domain, and when it is restored from an old backup enabling the reuse of an expired license. We also propose a novel mechanism for controlling and managing the consumption of dynamic rights between member devices in a domain. This is to provide a controlled environment for a user to transfer dynamic rights back and forth between domain devices in order to use content on any device member in the domain at a chosen time.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

Digital Rights Management (DRM), unlike access control techniques, associates content with a rights object specifying content usage rules. The rights object is always bound with content and enforced wherever content is transferred and used. Such a rights object, in many cases, contains dynamic rights, which change with usage and time, e.g. play period, print count, and expire after a specific period. Most existing DRM techniques do not address the replay attack problem for dynamic rights. This problem has the greatest impact when the DRM mechanisms get integrated with authorised domains. In this paper we mainly focus on the replay attack for dynamic rights when it is transferred between member devices in an authorised domain, and when it is restored from an old backup enabling the reuse of an expired license. We also propose a novel mechanism for controlling and managing the consumption of dynamic rights between member devices in a domain. This is to provide a controlled environment for a user to transfer dynamic rights back and forth between domain devices in order to use content on any device member in the domain at a chosen time.

查看原文本刊更多论文

授权域中动态权限重放攻击

与访问控制技术不同，数字版权管理(DRM)将内容与指定内容使用规则的权限对象关联起来。权利对象始终与内容绑定，并在内容传输和使用的任何地方强制执行。在许多情况下，这样的权利对象包含动态权利，这些权利随使用和时间而变化，例如播放周期、打印计数和在特定时间段后过期。大多数现有的DRM技术都没有解决动态权限的重放攻击问题。当DRM机制与授权域集成时，这个问题的影响最大。本文主要研究了在授权域中的成员设备之间传输动态权限时的重放攻击，以及从旧备份中恢复激活过期许可证时的重放攻击。我们还提出了一种新的机制来控制和管理域内成员设备之间的动态权限消耗。这是为了为用户提供一个受控的环境，以便在域设备之间来回传输动态权限，以便在选定的时间使用域中任何设备成员上的内容。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量