In many commercial applications of broadcast, it is desirable that only those users who have paid for the service can retrieve broadcast data. Typical examples of such applications are pay-TV and copyright-protected digital materials. To ensure that only those users who have paid for the service can access materials, encryption of the broadcast is implemented. While only privileged users have secret keys to decrypt broadcast programs, malicious users may leak the secret keys to non-privileged users. In order to overcome this problem, secret keys are often kept in tamper-proof smart cards. When a user registers for the system, the service provider issues a smart card which is used for decryption of broadcast programs. In any subscriber scenario, the set of privileged users is dynamically changing and users may unsubscribe from the service at any time. A challenging problem is how to stop them to continue to obtain the broadcast data. This is called the revocation problem.
Although smart cards are intended to be tamper-proof, it may be possible to compromise them. With secret keys extracted from a compromised smart card, a pirate may create many clones of the smart card and sell them. Thus, an additional challenge is how to trace the source of a captured illegally cloned smart card and revoke all cloned cards. This is called the traitor tracing problem. In this work, our goal is to develop an efficient broadcast key distribution scheme, with revocation, which allows only privileged users to get access to the broadcast key. We aim to achieve this efficiently by using smart cards with limited computing power, communication capability, and storage. We assume the existence of a group controller (GC), which plays the role of a trusted third party. The GC broadcasts the encrypted data and key information through separate channels. The broadcast channels are insecure. Each privileged user is equipped with a Set Top Terminal (STT) with no return channel. In general, the STT is composed of a communication device, a tamper-proof decoder and a smart card slot in which a tamper-proof smart card (SC) is placed for key management. We implement polynomials over finite fields to establish efficient broadcast key distribution and efficient revocation.
(Joint paper of Prof. Lynn Batten (Deakin University) and co-author Dr. Xun Yi (Victoria University, Melbourne))