Friday, January 28, 2011

Broadcast encryption vs. DRM

In the last post, I started looking into the problem of broadcast encryption (BE). In this short post, I am comparing the BE problem with DRM (Digital Rights Management) problem.

BE and DRM has the common goal of preventing unauthorized users from accessing the content. However, IMO, DRM is more challenging since the adversary could be a privileged user. A privileged user who has legitimate access could decide to copy or convert the content into a different format and share it with non-privileged users. Hence, DRM requires additional mechanisms to prevent copying or conversion or at least mechanism to identify a traitor if DRM is violated.

Friday, January 21, 2011

Broadcast encryption

Broadcast encryption (BE) deals with encryption schemes designed for broadcast transmission systems such as pay-TV systems, content dissemination in an organization, the distribution of copyright protected material on disks, audio/video streaming systems and so on. The goal is to allow only an arbitrary subset of users (sometimes called privileged users) from the universe of users to access the content while minimizing key management overheads. In this series of blog post, I will be looking into how this field of BE evolved from research point of view, the current state of the art schemes available to address this research problem and future directions.

(Figure: broadcast encryption)

In a high level, BE works as follows: Each user in the universe is given a set of symmetric keys initially. A set of messages are sent to establish a common key among the set of privileged users so that only the privileged users can decrypt the broadcast messages using the common key.

Naive approach 1
Each user is given a unique symmetric key.
When a privileged set needs to be establish, the controller selects a group key K and encrypts number of times equal to the size of the privilege set using the symmetric keys of the privileged set and sends to the users.
Subsequent broadcast messages are encrypted with the key K.

It works but it requires a very long transmission to establish the common key (number of users in the privileged set into the size of the message).

Naive approach 2
Each possible subset of users is assigned a unique symmetric key.
When broadcasting a message, encrypt it with the correct symmetric key corresponding to the privileged set.

It also works, but users need to store prohibitively many keys and revocation is also difficult.

It should be clear that BE is an optimization problem which tries to optimize the following parameters.
1. The number of keys given to each user.
2. The number of transmissions used by the controller to establish the common key.
3. The computation effort involved in retrieving the common key by the users of the privileged set.

1. Broadcast encryption, Amos Fait and Moni Naor, 1998