-
Be the first to like this
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Published on
Fair and Abuse-free Contract Signing Protocol Supporting Fair License Reselling
By
Tarek Gaber
PhD Candidate: School of Computer Science
The University of Manchester, Manchester, UK
Introduction
DRM (Digital Rights Management):
Content owners
Persistent protection
Prevent unauthorized access
Managing usage rights (i.e. license)
E.g. expiration date, device restriction, etc.
Protect their monetary interests
Consumers
Purchase licenses (from a License issuer (LI)) to access corresponding digital contents.
But can NOT resell their licenses
Reselling Deal (RD) Method[1]
Current Contract Signing Protocols
Introduction
Gradual-release protocols
Optimistic contract signing
Introduction: Contract Signing Protocol
Introduction: Contract Signing Protocol
Properties of Contract Signing
Gradual-release Protocols
Dividing signatures to N verifiable parts
Exchanging the signatures part-by-part
Disadvantages
Not practical
Involved entities should have equal computational power
Inefficient
Many messages flows
High computational cost
Make each part verifiable
Prove that each part is correct
Optimistic Contract Signing (1 of 3)
Signers (A and B) optimistically sign a contract themselves
Optimistic Contract Signing (2 of 3)
If there is a problem, a TTP is only involved (e.g. A does not send M3)
Optimistic Contract Singing (3 of 3)
TTP is only involved if there is a problem
Disadvantages
Performance bottleneck
Decrease efficiency
Number of Message flow between TTP and signers
Increase transaction cost
Difficult to find
TTP and Reselling Deal (RD) Method[1]
Concurrent Signatures (CS) Scheme[3]
A digital signature scheme:
Non-binding or ambiguous signatures exchange, and
Releasing secret key called a keystone
Concurrently full binding signatures
Either the two exchanged signatures become binding, or none becomes.
Advantages:
No TTP
No equivalent computational power
CS Scheme Problems
CS and our Protocol
Can we utilize the CS advantages (i.e. no TTP, and no restriction of computational power) and overcome its problems?
Design considerations of the RDS protocol:
Fairness
Either both signers get a signed contract or none gets anything useful
Abuse-freeness
Inability to prove to an outside entity that a signer is able to control the output of a protocol.
Non-repudiation
No party could deny having generated his signature (NOO: Non-repudiation of Origin)
No party could deny having received a signature from the other signer (NOR: Non-repudiation of Receipt)
No dedicated TTP
RDS Protocol Assumptions
License Issuer (LI)
Trustworthy, issues licenses, and facilitates license reselling. It is already there in existing license distribution infrastructure
Reselling Permission of a license (RPLic)
It is issued with a resalable license
It is of the from [Lic||f||SignLI(Lic||f)], where f is the hash value of the keystone ks
Each license is issued with a unique ks
Channels
Be the first to like this
Be the first to comment