Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

A License Administration Protocol Providing User Privacy in Digital Rights Management

디지털 저작권 관리에서 사용자의 프라이버시 보호를 제공하는 라이센스 관리 프로토콜

  • 박복녕 (고려대학교 컴퓨터학과) ;
  • 김태윤 (고려대학교 컴퓨터학과)
  • Published : 2003.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

As people are damaged increasingly by personal information leakage, awareness about user privacy infringement is increasing. However, the existing DRM system does not support the protection of user's personal information because it is not necessary for the protection of copyrights. This paper is suggesting a license administration protocol which is more powerful to protect personal information in DRM. To protect the exposure of users identifier, this protocol uses temporary ID and token to guarantee anonymity and it uses a session key by ECDH to cryptography and Public-Key Cryptosystem for a message so that it can protect the exposure of personal information and user's privacy.

개인 정보 유출로 인한 피해사례가 늘어나면서 사용자 프라이버시 침해에 대한 인식이 높아지고 있다. 그러나 기존의 DRM 시스템은 사용자의 프라이버시 보호가 저작권을 보호하는데 직접적으로 필요하지 않다는 이유로 사용자의 프라이버시 보호에 대해 고려하지 않았다. 본 논문에서는 DRM에서 사용자 프라이버시 보호 측면이 강조된 라이센스 관리 프로토콜을 제안한다. 제안한 프로토콜은 사용자 식별 정보의 노출을 보호하기 위해 임시 ID와 token을 사용함으로 익명성을 보장하고 ECDH 세션키와 공개키 암호 시스템을 이용하여 메시지를 암호화함으로써 사용자 정보의 유출을 방지하여 사용자의 프라이버시를 보호한다.

Keywords

References

  1. J. Dubl, 'Digital Rights Management: A Definition,' IDC, 2001
  2. J. Dubl, S. Kevorkian, 'Understanding DRM System: An IDC White paper', IDC, 2001
  3. Microsoft : http://www.microsoft.com/windows/windowsmedia/drm.asp
  4. Intertrust : http://www.interturst.com
  5. P. Vora, D. Reynolds, L. Dickinson, J. Erickson, D. Banks, 'Privacy and Digital Rights Management,' A position paper for the W3C Workshop on Digital Rights Management, January 2001
  6. J. Feigenbaum, M. J. Freedman, T. Sander, A. Shostack, 'Privacy Engineering for Digital Rights Management Systems,' Workshop on Security and Privacy in Digital Rights Management, November 2001
  7. R. Molva, G. Tsudik, E. Van Herreweghen, S. Zatti, 'KryptoKnight Authentication and Key Distribution System,' Proceeding of ESORICS'92, November 1992
  8. Brd J. Cox, 'Superdistribution: Objects As Property on the Electronic Frontier,' Addision-Wesley, May 1996
  9. ANSI X9.63 : Public key cryptography for the financial services industry : Key agreement and key transport using elliptic curve cryptography, ANSI, X9.63-199x draft, January 1999
  10. ITU-T Recommendation X.509: Information Technology-Open Systems Inter-connection-The Directory: Authentication Framework
  11. Stefan Brands, 'Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy,' MIT Press, August 2000
  12. Aucsmith, D., 'Tamper Resistant Software: An Implementation,' in Anderson, R., ed., Information Hiding, First International Workshop, Cambridge, UK., Springer- Verlag Lecture Notes in Computer Science, Vol. 1174, pp. 317-333, May 1996 https://doi.org/10.1007/3-540-61996-8_49
  13. J.M.Jeon, S.J.Park, B.C.Kim, D.H.Won, 'DRM Security Framework - ID Base Approach for Content Super-Distributions,' IDS, July 2001
  14. Certicom Corp., 'Remarks on the security of the Elliptic curve cryptosystem,' 2000., http://www. certicom.com
  15. Julio Lopez and Ricardo Dahab, 'Performance of Elliptic Curve Cryptosysterns,' Technical report IC-00-08, 2000., http://www.dcc.unicamp.br/icmain/publications-e.html
  16. C. H. Lim and P. J. Lee., 'A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup,' In Advances in Cryptology: Crypto '97m B. S. Kaliski, Jr., Ed., Lecture Notes in Computer Science 1294, Springer-Varlag. pp. 249-263, 1997
  17. Schneier, Bruce., Applied Cryptography, Second Edition, Essential reference for cryptographic engineers by the foremost pundit in the field, Wiley, 1996
  18. A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997