Privacy against piracy: Protecting two-level revocable P-K traitor tracing

Hyun Jeong Kim, Dong Hoon Lee, Moti Yung

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

In known traitor tracing schemes, an enabling block is used for both secure broadcast of a session key and tracing traitors in pirate boxes. This paper suggests a new traitor tracing scheme that has two-levels for efficiency. In the more frequent level an enabling block is used only for a very efficient session key distribution, and a new block, less frequently used, called a renewal block is used for the renewal of the group key and for the detection and revocation of traitors. This organization increases efficiency: the computational complexity of encryption/decryption of the often employed enabling block is constant, while only that of the sporadically employed renewal block depends on the allowed revocations (as in earlier schemes). However, our saving has a price: in a two-level broadcasting scheme, the new danger is that rather than performing piracy by leaking the keys of the renewal block, the individual traitors may leak to pirates the means to decode the enabling blocks at the sessions. For example, if the enabling block is naively implemented as a single key-encrypting-key that is known to all– and this key is used to encrypt session keys, then any participant can leak this key without being detected. (Note that leaking the session keys themselves, constantly all the time, is typically considered in the literature not to be an economically viable option). In order to prevent this new potential leakage, a novel idea of personal enabling keys (used throughout) is suggested. In order to get a session key, a user will need access to the enabling block with his own personal key. To discourage leakage of the personal key (which would violate the service), a novel self-enforcement method is employed that ties “privacy” to “leakage”. The self-enforcement of personal keys uses the fact that if the key is leaked then the party which leaks may lose its private data to the party it leaks to (i.e. it is a privacy-based protection mechanism). In our self-enforcement, a subscriber’s private information is not embedded into his personal key directly (as was done earlier). Thus, if a subscriber’s important data is altered, his personal key needs not to be regenerated. The separation into two-level broadcast (for efficiency) together with the novel flexible self-enforcement (privacybased protection of the enabling-block keys) is the central contribution of this work.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages482-496
Number of pages15
Volume2384
ISBN (Print)3540438610, 9783540438618
Publication statusPublished - 2002
Event7th Australasian Conference on Information Security and Privacy, ACISP 2002 - Melbourne, Australia
Duration: 2002 Jul 32002 Jul 5

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2384
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other7th Australasian Conference on Information Security and Privacy, ACISP 2002
CountryAustralia
CityMelbourne
Period02/7/302/7/5

Fingerprint

Traitor Tracing
Privacy
Broadcasting
Cryptography
Computational complexity
Renewal
Leakage
Revocation
Broadcast

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Kim, H. J., Lee, D. H., & Yung, M. (2002). Privacy against piracy: Protecting two-level revocable P-K traitor tracing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2384, pp. 482-496). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2384). Springer Verlag.

Privacy against piracy : Protecting two-level revocable P-K traitor tracing. / Kim, Hyun Jeong; Lee, Dong Hoon; Yung, Moti.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2384 Springer Verlag, 2002. p. 482-496 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2384).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, HJ, Lee, DH & Yung, M 2002, Privacy against piracy: Protecting two-level revocable P-K traitor tracing. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 2384, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2384, Springer Verlag, pp. 482-496, 7th Australasian Conference on Information Security and Privacy, ACISP 2002, Melbourne, Australia, 02/7/3.
Kim HJ, Lee DH, Yung M. Privacy against piracy: Protecting two-level revocable P-K traitor tracing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2384. Springer Verlag. 2002. p. 482-496. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Kim, Hyun Jeong ; Lee, Dong Hoon ; Yung, Moti. / Privacy against piracy : Protecting two-level revocable P-K traitor tracing. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2384 Springer Verlag, 2002. pp. 482-496 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{a22d9768349242d5ab7a39ea9d53446e,
title = "Privacy against piracy: Protecting two-level revocable P-K traitor tracing",
abstract = "In known traitor tracing schemes, an enabling block is used for both secure broadcast of a session key and tracing traitors in pirate boxes. This paper suggests a new traitor tracing scheme that has two-levels for efficiency. In the more frequent level an enabling block is used only for a very efficient session key distribution, and a new block, less frequently used, called a renewal block is used for the renewal of the group key and for the detection and revocation of traitors. This organization increases efficiency: the computational complexity of encryption/decryption of the often employed enabling block is constant, while only that of the sporadically employed renewal block depends on the allowed revocations (as in earlier schemes). However, our saving has a price: in a two-level broadcasting scheme, the new danger is that rather than performing piracy by leaking the keys of the renewal block, the individual traitors may leak to pirates the means to decode the enabling blocks at the sessions. For example, if the enabling block is naively implemented as a single key-encrypting-key that is known to all– and this key is used to encrypt session keys, then any participant can leak this key without being detected. (Note that leaking the session keys themselves, constantly all the time, is typically considered in the literature not to be an economically viable option). In order to prevent this new potential leakage, a novel idea of personal enabling keys (used throughout) is suggested. In order to get a session key, a user will need access to the enabling block with his own personal key. To discourage leakage of the personal key (which would violate the service), a novel self-enforcement method is employed that ties “privacy” to “leakage”. The self-enforcement of personal keys uses the fact that if the key is leaked then the party which leaks may lose its private data to the party it leaks to (i.e. it is a privacy-based protection mechanism). In our self-enforcement, a subscriber’s private information is not embedded into his personal key directly (as was done earlier). Thus, if a subscriber’s important data is altered, his personal key needs not to be regenerated. The separation into two-level broadcast (for efficiency) together with the novel flexible self-enforcement (privacybased protection of the enabling-block keys) is the central contribution of this work.",
author = "Kim, {Hyun Jeong} and Lee, {Dong Hoon} and Moti Yung",
year = "2002",
language = "English",
isbn = "3540438610",
volume = "2384",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "482--496",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Privacy against piracy

T2 - Protecting two-level revocable P-K traitor tracing

AU - Kim, Hyun Jeong

AU - Lee, Dong Hoon

AU - Yung, Moti

PY - 2002

Y1 - 2002

N2 - In known traitor tracing schemes, an enabling block is used for both secure broadcast of a session key and tracing traitors in pirate boxes. This paper suggests a new traitor tracing scheme that has two-levels for efficiency. In the more frequent level an enabling block is used only for a very efficient session key distribution, and a new block, less frequently used, called a renewal block is used for the renewal of the group key and for the detection and revocation of traitors. This organization increases efficiency: the computational complexity of encryption/decryption of the often employed enabling block is constant, while only that of the sporadically employed renewal block depends on the allowed revocations (as in earlier schemes). However, our saving has a price: in a two-level broadcasting scheme, the new danger is that rather than performing piracy by leaking the keys of the renewal block, the individual traitors may leak to pirates the means to decode the enabling blocks at the sessions. For example, if the enabling block is naively implemented as a single key-encrypting-key that is known to all– and this key is used to encrypt session keys, then any participant can leak this key without being detected. (Note that leaking the session keys themselves, constantly all the time, is typically considered in the literature not to be an economically viable option). In order to prevent this new potential leakage, a novel idea of personal enabling keys (used throughout) is suggested. In order to get a session key, a user will need access to the enabling block with his own personal key. To discourage leakage of the personal key (which would violate the service), a novel self-enforcement method is employed that ties “privacy” to “leakage”. The self-enforcement of personal keys uses the fact that if the key is leaked then the party which leaks may lose its private data to the party it leaks to (i.e. it is a privacy-based protection mechanism). In our self-enforcement, a subscriber’s private information is not embedded into his personal key directly (as was done earlier). Thus, if a subscriber’s important data is altered, his personal key needs not to be regenerated. The separation into two-level broadcast (for efficiency) together with the novel flexible self-enforcement (privacybased protection of the enabling-block keys) is the central contribution of this work.

AB - In known traitor tracing schemes, an enabling block is used for both secure broadcast of a session key and tracing traitors in pirate boxes. This paper suggests a new traitor tracing scheme that has two-levels for efficiency. In the more frequent level an enabling block is used only for a very efficient session key distribution, and a new block, less frequently used, called a renewal block is used for the renewal of the group key and for the detection and revocation of traitors. This organization increases efficiency: the computational complexity of encryption/decryption of the often employed enabling block is constant, while only that of the sporadically employed renewal block depends on the allowed revocations (as in earlier schemes). However, our saving has a price: in a two-level broadcasting scheme, the new danger is that rather than performing piracy by leaking the keys of the renewal block, the individual traitors may leak to pirates the means to decode the enabling blocks at the sessions. For example, if the enabling block is naively implemented as a single key-encrypting-key that is known to all– and this key is used to encrypt session keys, then any participant can leak this key without being detected. (Note that leaking the session keys themselves, constantly all the time, is typically considered in the literature not to be an economically viable option). In order to prevent this new potential leakage, a novel idea of personal enabling keys (used throughout) is suggested. In order to get a session key, a user will need access to the enabling block with his own personal key. To discourage leakage of the personal key (which would violate the service), a novel self-enforcement method is employed that ties “privacy” to “leakage”. The self-enforcement of personal keys uses the fact that if the key is leaked then the party which leaks may lose its private data to the party it leaks to (i.e. it is a privacy-based protection mechanism). In our self-enforcement, a subscriber’s private information is not embedded into his personal key directly (as was done earlier). Thus, if a subscriber’s important data is altered, his personal key needs not to be regenerated. The separation into two-level broadcast (for efficiency) together with the novel flexible self-enforcement (privacybased protection of the enabling-block keys) is the central contribution of this work.

UR - http://www.scopus.com/inward/record.url?scp=34249313143&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34249313143&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:34249313143

SN - 3540438610

SN - 9783540438618

VL - 2384

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 482

EP - 496

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -