Encryption mechanisms for digital content distribution

Date of Completion

January 2009


Computer Science




Consider a digital content owner who wants to distribute the content to a receiver population while at the same time is willing to secure the ownership rights by regulating the proper use of product. In particular, the content owner wishes to (i) deliver the digital content to a set of intended receivers only and (ii) ensure the copyright protection by discouraging the piracy(redistribution of the content) in any possible way. This, in a nutshell, is the problem of designing encryption mechanisms for digital content distribution. ^ While there are schemes that achieve the former goal, (i), by adopting some revocation mechanism (Broadcast Encryption), the latter goal, (ii), is also possible by identifying the leaker in case of an event that a number of receivers (traitors) have leaked their cryptographic keys (Traitor Tracing). The ultimate goal is to combine both revocation and tracing in a single scheme that prevents the reception of the content by the identified traitor (Trace and Revoke Schemes). ^ These tools are the only ways of enforcing the proper use of product, and can serve as evidences for an illegal distribution of intellectual products. In this thesis, we improved the state-of-the-art of designing cryptographic primitives by presenting a solid exposition of the underlying mathematics that unifies all related primitives, attack models, security definitions and parameter analysis as well as proposing new attack models and designing new schemes. ^ We study the algebraic structure of broadcast encryption schemes based on exclusive set systems, in particular Subset Cover Framework. We describe the algebraic properties that are sufficient for optimal revocation which simplifies the design of new schemes; and indeed we present new generic techniques that are applicable over the set systems that satisfy the properties we put forth. We further, present a detailed proof of security of such schemes. ^ We propose a novel attack concept, called Pirate Evolution, for which trace and revoke schemes, in general, are susceptible to even though they are secure in the sense of both revocation and tracing in isolation. ^ We present the first complete survey of the fingerprinting codes. Traitor tracing has different notions depending on the adversarial model, the capabilities of the pirate and the interaction of tracer with the pirate. We presented a unique formalization that captures all these notions for the first time which provides us an insight in finding the first efficient constructions of tracing and revoking pirate rebroadcasts that are capable of performing tracing for unlimited number of traitors and revoking unlimited number of users. ^