Efficient Provider Authentication for Bidirectional Broadcasting Service

Go OHTAKE  Goichiro HANAOKA  Kazuto OGAWA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E93-A   No.6   pp.1039-1051
Publication Date: 2010/06/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E93.A.1039
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Discrete Mathematics and Its Applications)
Category: Cryptography and Information Security
bidirectional broadcasting service,  provider authentication,  personal information protection,  key leakage,  strong key-insulated signature,  

Full Text: PDF>>
Buy this Article

Provider authentication is necessary in bidirectional broadcasting services, and a digital signature scheme is often used to prevent an adversary from attempting impersonation. The cost of secure signing key management is extremely high. In addition, the key has to be updated very often, since it is frequently used. The result is that the verification key also has to be updated very often, and its redistribution cost is huge. These costs are real and substantive problems, especially when the number of users is large. In this paper, we propose a system that dramatically reduces these costs. In the system, the signing key is updated, but the corresponding verification key does not have to be updated. This means that the signing key can be updated without any cost for redistributing the verification key and that the system is secure against the threat of signing key leakage, since the key can be frequently updated. Moreover, we propose a new key management method that divides a conventional key management server's role into two. The use of a key-insulated signature (KIS) scheme enables low-cost and more secure key management with two servers. Finally, to make a bidirectional broadcasting service more secure even if the signing key is leaked, we developed a new strong KIS scheme. We performed an experiment that assessed the cost of our strong KIS scheme and found that it is sufficiently low. Accordingly, a provider authentication system employing this scheme would be more efficient and would have lower key redistribution and network costs in comparison with conventional authentication systems.