How to Make Traitor Tracing Schemes Secure against a Content Comparison Attack in Actual Services

Kazuto OGAWA  Goichiro HANAOKA  Hideki IMAI  

Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E100-A   No.1   pp.34-49
Publication Date: 2017/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E100.A.34
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: 
Keyword: 
traitor tracing,  collusion attack,  content comparison,  encoding,  watermarking,  c-secure code,  

Full Text: PDF(857.6KB)>>
Buy this Article




Summary: 
A lot of encryption and watermarking schemes have been developed as countermeasures to protect copyrights of broadcast or multicast content from malicious subscribers (traitors) that make pirate receivers (PRs) to use the content illegally. However, solo use of these schemes does not necessarily work well. Traitor tracing encryption schemes are a type of broadcasting encryption and have been developed for broadcasting and multicast services. There are multiple distinct decryption keys for each encryption key, and each service subscriber is given a unique decryption key. Any subscriber that redistributes his or her decryption key to a third party or who uses it and maybe other keys to make a PR can be identified with using the tracing algorithm of the scheme that is used by the services. However, almost all previous schemes have the same weakness; that is, they are vulnerable to an attack (content comparison attack). This is a concrete example such that solo use of the scheme does not work well. The attack involves multiple distinct decryption keys and a content-data comparison mechanism. We have developed a method, called complementary traitor tracing method (CTT), that makes traitor tracing schemes secure against content comparison attacks. It makes it impossible for PRs to distinguish ordinary content data from test data and makes traitor tracing schemes effective against all PRs, even those with multiple distinct decryption keys. CTT is made with a simple combination of schemes that are absolutely necessary. It makes broadcasting or multicast services secure.