Вы находитесь на странице: 1из 7

484 IEEE Transactions on Consumer Electronics, Vol. 58, No.

2, May 2012
Contributed Paper
Manuscript received 04/15/12
Current version published 06/22/12
Electronic version published 06/22/12. 0098 3063/12/$20.00 2012 IEEE
User-Oriented Key Management Scheme
for Content Protection in OPMD Environment
Hoonjung Lee, Member, IEEE, Hasoo Eun, Member, IEEE and Heekuck Oh

Abstract In this paper, we propose a key management
scheme for content protection in the OPMD (One Person Multi
Device) environment where one user owns multiple devices.
IBTD (ID-Based Threshold Decryption) was applied for the
proposed scheme, and this uses the user IDs and the device IDs
as their public key. It is the key management scheme that can
decrypt the encrypted content only when more than t secret
sharing values are combined among the n secret sharing values
generated by the contents server. Our scheme enables the users
to use their own contents anytime and anywhere on any device
that they own. For the contents server, it enables an effective
key management which is user-oriented, not device-oriented.
1


Index Terms Key management scheme, ID-based threshold
decryption, Content protection, OPMD (One Person Multi
Device) Environment.
I. INTRODUCTION
With the increase of consumer devices such as TVs, PCs
and mobile phones that can play multimedia contents, the age
of OPMD (One Person Multi Device) where one user uses
broadcasting or communication service using multiple devices
has come. The users who use multiple devices want to use
their contents at the same time and place they want by using
multiple devices they own. For example, after watching a
movie using their own mobile phones on the way back to
home from work, they would want to continue watching the
movie using TV in the living room when they get home. In
other words, the OPMD environment is the environment that
enables users to freely use their contents anytime and anyplace
with the devices that they want.
In such an environment, if the contents are transmitted
without encryption, the illegal use of unauthorized devices is
possible and, by extent, it is also possible to illegally share or
copy and distribute the contents. This causes a significant
impact on the contents provider's copyright and profit. Due to
such problems, the content protection should be considered in
order to transmit/share the contents in the OPMD
environment. For content protection, the contents should be

1
This research was supported by the MKE(The Ministry of Knowledge
Economy), Korea, under the HNRC(Home Network Research Center)
ITRC(Information Technology Research Center) support program supervised
by the NIPA(National IT Industry Promotion Agency) (NIPA-2012-H0301-
12-1002).
Hoonjung Lee is with the Department of Computer Science & Engineering, Hanyang
University, South Korea (e-mail: hoonjung@hanyang.ac.kr)
Hasoo Eun is with the Department of Computer Science & Engineering, Hanyang
University, South Korea (e-mail: hseun@infosec.hanyang.ac.kr)
Heekuck Oh is with the Department of Computer Science & Engineering, Hanyang
University, South Korea (e-mail: hkoh@hanyang.ac.kr)
encrypted and the management of the secret key used for
encryption/ decryption of the contents between the users
devices and contents server is important in order to use the
encrypted contents.
In this paper, we propose a key management scheme for the
OPMD environment that uses the encrypted contents.
Proposed scheme applies the IBTD (ID-Based Threshold
Decryption) which combines the ID-PKC (ID-Based Public
Key Cryptosystem) and the threshold decryption. The users
and the users devices are distributed with the secret sharing
values from the contents server. After receiving the encrypted
contents, they combine the secret sharing values they are
distributed with, to obtain the secret key needed for
decryption, and then use the secret key to decrypt the contents.
In addition, the proposed scheme has the advantage that the
secret key for encryption/decryption used by the contents
server can be effectively managed by using the user-oriented,
not device-oriented key management scheme.
The reminder of this article is organized as follows: in section
2, the ID-PKC, threshold decryption and the IBTD, which are
the bases of the proposed scheme, are described briefly. In
section 3, Key management issue and security requirements in
the OPDM environment are described. In section 4, the
proposed scheme is described in detail. In section 5, we analyze
our proposed scheme. Finally, in section 6, the conclusion and
the direction for the future works are suggested.
II. BACKGROUND
In this section, we describe briefly about the ID-PKC,
threshold decryption and IBTD, which are the basis for the
proposed scheme.
A. ID-PKC and Threshold Decryption
In 1984, Shamir firstly introduced the concept of ID-
PKC, which derives a user's public key from the user's
well-known information such as the e-mail address and
resident registration number, and the signature scheme
which uses it [1]. In the ID-PKC, the private key that
makes the counterpart with the users public key is issued
by a trusted party called PKG (Private Key Generator).
Unlike the certificate-based PKC which is currently used
widely, the ID-PKC has the advantage that it does not
need a certificate and infrastructure as it derives the
public key from the well-known identity information.
Until now after Shamir's proposal, the ID-PKC is being
studied in various fields such as encryption [2], signature
[3], key agreement [4], threshold decryption [5] and so on
[6]. In 2001, Boneh and Franklin proposed the ID-based
H. Lee et al.: User-Oriented Key Management Scheme for Content Protection in OPMD Environment 485
encryption scheme using bilinear pairing on elliptic curve.
This was the first ID-based cryptography that can be
practically used, and most of the researches on the
identity-based public key cryptography system are
following their scheme since then.
The bilinear pairing used in this paper is that when 0
1
and
0
2
be two multiplicative cyclic groups with same prime order
p and g be a generator of 0
1
, the map c: 0
1
0
1
0
2

satisfies the following properties:

- Bilinear: For all u, : 0
1
, and
o, b Z
p
, c(u
u
, :
b
) = c(u, :)
ub
= c(obu, :) =
c(u, ob:).
- Non-degenerate: c(g, g) = 1.
- Computable: There exists an efficient algorithm to
compute c(u, :) for all u, : 0
1
.

The threshold decryption is a cryptographic scheme for
which decryption is possible only when the information
needed for decryption is distributed to the multiple entities and
the secret sharing values of the set threshold among the
distributed secret sharing values are gathered. The threshold
decryption is an application of the secret sharing. Secret
Sharing is (t, n) threshold scheme initially proposed by
Shamir, which enables the recovery of a secret when certain t
number of person gather shares after allocating them to n
number of participants [7]. Until now, secret sharing is being
applied to various cryptographic techniques.
B. IBTD
IBTD is ID-based threshold decryption, firstly proposed by
Beak in 2004 [5]. In the IBTD, PKG generates and issues the
private keys of all participants using a master key which is its
own private key. The decryption ability is shared by all
entities that participate in this system. Until now, many
researches [8]-[14] were carried out about the IBTD including
the most recent scheme proposed by Ming et al. in 2011 [15].
III. CONTENT PROTECTION IN OPMD ENVIRONMENT
In this section, we first consider content encryption/
decryption in OPMD environment, and describe the key
generation and key management issue. Then, we list some
desirable security requirements that are necessary for our key
management scheme considering OPMD environment.
A. Key Management Issue
Fig. 1 shows the OPMD environment in which one user is
provided with multimedia services such as music, video and
image from the contents server using multiple devices. At
this time, the contents should be encrypted for the content
protection in order to prevent the illegal use, illegal copy and
illegal distribution of the contents.
CAS (Conditional Access System) [18] and DRM (Digital
Right Management) [19] are widely used for content
protection in current digital broadcasting system. In CAS and
DRM, contents are encrypted using symmetric key
cryptographic scheme such as CSA (Common Scrambling
Algorithm) [16] and AES [17] for content confidentiality,
and registration of hardware information of product such as
serial number to the contents server to prevent illegal use of
content.
In order to decrypt the contents encrypted using symmetric
key cryptographic schemes the secret key used for
encryption of contents should be delivered to each device. At
this Time, the certificate-based PKC is used in order to
deliver the secret key to each device safely. Such a device-
oriented key management method causes an increase in the
number of contents that should be managed by the contents
server and its accompanying management problems.
When using such a key management method in the
OPMD environment, the number of the keys that should be
managed by the contents server increases as many as the
number of devices each time the users device is added. For
example, if the number of subscribers is one million and only
one device is added to each of them, the number of the keys
needed to be additionally managed becomes two million.
If all devices which are owned by one user have same key
to avoid increase in number of key managed by the contents
server, then this situation causes serious security problem.
Allowing multiple devices have same key, when increase the
probability of key exposure. Key exposure means exposure
of the content which encrypted by the exposed key, and it is
a serious problem in aspect of content protection.
B. Security Requirement
Followings are security requirements to protect contents in
the OPMD environment.

1) Key freshness: Freshness of the secret key must be
ensured. It should be verified that the key that is currently
in use has been created in the current session. This also
means that the keys created previously should not be
usable.

2) Key confidentiality: Confidentiality of the secret key
must be ensured. The key should not be available to other
entities than those who are authorized.

3) Key Authentication: It must be ensured that the entities
who use the secret key have the same key. The key
confirmation must verify whether they have the same keys.
Fig. 1. OPMD Environment
486 IEEE Transactions on Consumer Electronics, Vol. 58, No. 2, May 2012
The security requirements described above must be satisfied
by general key establishment protocols, and as for the OPMD
environment based on IBTD, the following issues must be
additionally considered:
4) User privacy preserving: If a user ID is exposed,
personal information such as personal preference and
locational information must be protected from being
exposed.

5) Impersonation attack: It should not be possible to play
the content by disguising a device that has not been
registered in the contents server as a registered one.

6) Collusion attack: If multiple number of keys
designated to a single device are exposed, it should be
impossible for the secret key used for contents encryption
from being restored by using the exposed keys.
IV. USER-ORIENTED KEY MANAGEMENT FOR OPMD
ENVIRONMENT
In this section, the proposed scheme is described in detail.
The design concept and ideas of proposed scheme are firstly
described, and then the protocol for the key management
scheme is described in detail.
A. Design Concept and Scenario
The proposed key management scheme is a user-
oriented key management scheme with the application of
IBTD. The most important feature is that the secret key
used for encryption/decryption of contents is based on the
users, not on each device owned by the users. The
contents server distributes the secret sharing values to the
users and users' devices after generating secret key and
secret sharing values that will encrypt the contents using
IDs of the users and users' devices. At this Time, the sever
divides the secret sharing by the sum of users and users'
devices to set the threshold needed for decryption. The
users who received the secret sharing and encrypted
contents are able to obtain the secret key needed for
content decryption by combining the secret sharing values
received by themselves and their devices as much as the
value of threshold. In other words, if the contents server
divided the secret sharing into n and set the threshold as t,
users and each of their devices are distributed with t -1
secret sharing values and the one secret sharing,
respectively.
In the process of decrypting the contents, the decryption can
be done by satisfying t , the threshold set by the contents
server, by combining one secret sharing kept by the device
that attempts to play the contents and t -1 secret sharing kept
by the user. Fig. 2 shows the process of decryption.
The proposed scheme is composed of 6 steps: setup,
registration, share generation and distribution, key generation
and encryption, share computation, and combination and
decryption. The details are as follows.

1) Setup
It is the step of setting up system. The system generates
PKG system parameter, porom = {0
1
, 0
2
, p, c, g, b, g
1
, g
2
]
and master key msk = {x, y]. Each of the values is as follows:

- 0
1
, 0
2
: multiplicative groups with same prime order
p 2
k
(where k is a security parameter set by PKG).
- c: bilinear map. c: 0
1
0
1
0
2
.
- g, b: random element of 0
1
selected by PKG.
- g
1
, g
2
: g
1
= g
x
, g
2
= g

(where x, y are element of Z


p

).

2) Registration
It is the step of registering the users' devices. PKG selects
the cryptographic hash function E
1
{u,1]

Z
p

and registers
the IDs of the users and users' devices by using it. The identity
information such as e-mail addresses or their own phone
numbers are used as their IDs for the users, and the serial
numbers which are the unique numbers for each of the devices
or MAC addresses are used as IDs for the devices. The type of
registered ID is E
1
(I
usc
|| I
dc.1
|| I
dc.2
|| ).
For example, the e-mail address that will be used as the user
ID is "alice@opmd.com", and the user's first device uses its
device number "880R18B298147" as the ID and the user's
second device uses the MAC address "B4:07:F9:DF:03:39" as
the ID, they are registered in the contents server as
E
1
(alice@opmd.com||880R18B298147||B4:07:F9:DF:03:39).

3) Share Generation and Distribution
It is the step of generating the secret key and secret sharing
that will be used for content encryption and distributing them.
In addition, n number of secret sharing values and t threshold
are set in this process. When the number of users is l, and the
number of devices owned by the user is k, then, n and t are set
as n = l +k +1 and t = k +1 respectively.
The process of generating secret sharing is as follows.
- Select a polynomial F(u) = y + u

t-1
=1
over Z
p

(where
i is an index of entities, and t is a threshold of secret
sharing values for decryption).
- Compute K

= (b
H()
g
-
i
)
1(x-H
1
(I))
, :

= c(g, b)
P()
,
where r

is element of Z
p

.
- Generate secret sharing value J
I
i
= (r

, K

).
Fig. 2. Decryption Process in Proposed Scheme
H. Lee et al.: User-Oriented Key Management Scheme for Content Protection in OPMD Environment 487
The contents server distributes the generated J
I
i
and :

to
the user and users' devices. Each entity can use :

to verify the
validity of the received J
I
i
.

4) Key Generation and Encryption
It is the step of generating the secret key that encrypts the
contents and encrypting the contents by using it. PKG selects
cryptographic hash function E
2
{u,1]

0
2
and random
element s of Z
p

. After that PKG generates the secret key SEK


by using it. The process of generating SEK is as follows.

C = (C
1
, C
2
, C
3
)
= (g
1
s
g
-sH
1
(I)
, c(g, g)
s
, E
2
(SEK) c(g
2
, b)
-s
)

By using E
2
, it is possible to adjust the SEK to the length of
the symmetric key algorithm such as DES or AES that will be
used for content encryption.

5) Share Computation
It is the step of computing the secret sharing delivered in the
step 3) to the value needed to obtain SEK, o

is calculated
using the following equation.
o

= c(C
1
, K

) C
2

i

=
c(g
1
s
g
-sH
1
(I)
, (b
P()
g
-
i
)
1(x-H
1
(I))
) c(g, g)
s
i
= c(g, b)
sP()

6) Share Combination and Decryption
It is the step of obtaining the combination of o

calculated in
the step 5) as many as t, and decrypting the encrypted contents
by using the value. The
o

combination used the Lagrange


interpolation. The equation to obtain
E
2
(SEK)
is as follows.

E
2
(SEK) =
C
3
_o

L
i
0


=
C
3
c(g, b)
s L
i
0
P()
i4
= C
3
c(g, b)
sP(0)

= C
3
c(g, b)
s

= C
3
c(g
2
, b)
s

= E
2
(SEK)
where (1,, n) , || = t and I

x
=
x-]
-]
]c4,]=
is
Lagrange coefficient with respect to the set .
Fig. 3. Message Flow of Proposed Scheme
488 IEEE Transactions on Consumer Electronics, Vol. 58, No. 2, May 2012
B. Protocol Details
Fig. 3 is the message flow of the proposed scheme. The user
describes the process of watching the encrypted contents
subsequently with two devices of device 1 and device 2.
1) Registration
The user registers two devices that he/she owns and
him/herself in the contents server using the IDs of the devices
and his/her own ID.

2) Share Generation and Distribution
The contents server generates the secret sharing based on
the registered IDs. After that, it sets the threshold needed for
decryption. At this time, the set threshold should be bigger
than the number of the devices participating in the protocol.
This is to prevent the collusion attack through the hacking of
devices. In other words, it should be impossible to reach the
threshold only by using the secret sharing values distributed to
the devices. The number of secret sharing values should be
generated more than threshold.
In Fig. 3, the number of the objects participating in the
protocol is three with one user and two devices and the
threshold was set to 3 which is bigger than the number of
devices and the number of secret sharing values was set to 4.
The contents server generates 4 secret sharing values, and
then distributes 2 of them to the user and 1 for each device
respectively. In other words, device1 is distributed with J
I
d1
,
device2 with J
I
d2
while the user is distributed with J
I
u1
,
J
I
u1
.

3) Combine and Decryption at Device1
If the user requests the contents from the contents server
using the device1 for using contents, the contents server sends
the encrypted contents. The device1 that received the
encrypted contents computes o
d1
by using J
I
d1
distributed to
the device and receives o
u1
and o
u2
from the user. After
computing the secret key needed for content decryption by
combining those three sharing values, the device can decrypt
the encrypted contents. At this Time, o
u1
, o
u2
and o
d1

become the threshold of 3 as set in the step 2).

4) Combine and Decryption at Device2
If the user who was watching contents using device1 wants
to continue watching them using device2, he/she requests the
contents from the contents server using the device2 just like in
the step 3), and then decrypts the contents by computing the
secret key using o
u1
, o
u2
and o
d2
after receiving the contents.
When changing from the devicel1 to the device2 in the
middle of watching contents using the device1, whether or not
the contents that were being played in the device1 would be
still played in the device2 will depend on the contents provider.
If viewing of multiple contents is supported, the contents
should be also played in the device1. Otherwise, it can
increase the security of contents to have the contents be no
longer played at the time of changing from the devicel1 to
device2.
V. ANALYSIS
In this section, we analyze the security and the efficiency of
the proposed scheme.
A. Security Analysis
The security of the most of cryptographic schemes using the
bilinear pairing including used in this paper is based on the
difficulties of the following three problems.

- DLP (Discrete Logarithm Problem) in 0
1
: The problem
of compute o Z
p
, when, P 0
1
and oP were given.

- CDHP (Computational Diffie-Hellman Problem) in 0
1
:
The problem of computing obP 0
1
, when, oP 0
1
,
bP 0
1
and P 0
1
were given.

- BDHP (Bilinear Diffie-Hellman Problem) in 0
1
and 0
2
:
The problem of computing c(P, P)
ubc
0
2
, when,
oP 0
1
, bP 0
1
, cP 0
1
and P 0
1
were given.

To date, it is known that calculating DLP, CDHP and BDHP in
the polynomial time is computationally infeasible. For more detail,
refer to [2]. The security of the proposed scheme is also based on
the assumption that it is difficult to compute the above problems in
the polynomial time.
The most critical parts in the aspect of security in the proposed
scheme are the part of calculating o

by using J
I
i
, distributed by
contents server and the one of calculating a secret key E
2
(SEK) by
using o

. First, in case of calculating o

by using J
I
i
, the element s
which is selected by PKG is needed, which is always transmitted in
the form g
s
in proposed scheme. As it is DLP to obtain s in g
s
.
Therefore, it is difficult to calculate in the polynomial time. Second,
in case of calculating E
2
(ESK) by using o

, the element s or y
which is selected by PKG is needed, and y is always transmitted in
the form of g

like as in case of s. Therefore it is also DLP which


is difficult to calculate in the polynomial time.
The proposed scheme satisfies the requirements discussed in
section 3 as follows:
- Key freshness: In our scheme, all steps except "Setup"
and "Registration" are performed in every session. In each
session, the contents server creates new C by using a new s
and E
2
(SEK) in "Key generation and encryption" step.
Therefore, our scheme satisfies key freshness.
- Key confidentiality: Our scheme is based on threshold
decryption. Unless secret sharing values are not gatherd
over a certain threshold set by the contents server, it is
impossible to decrypt the encrypted secret key. Also, in
order to calculate the secret key E
2
(SEK) , s must be
obtained, which is DLP explained above, and therefore, it
satisfies key confidentiality.
- Key Authentication: In our scheme, it is possible to
authenticate the key through :

. By using :

, the validity
of J
I
i
that has been received can be verified. Validity
verification of J
I
i
through :

satisfies key authentication.



H. Lee et al.: User-Oriented Key Management Scheme for Content Protection in OPMD Environment 489
- User privacy preserving: In "Registration", the ID of user
and user device is hashed by cryptographic hash function
such as SHA (Secure Hash Algorithm) and transferred to
contents server. Even if the hash value is exposed during
this process, it is impossible to recover it and get the
actual ID. This feature enables protection of user privacy.

- Impersonation attack: Our scheme is based on IBTD. The
ID information of a user and user device is included in
creation of secret key. ID information of a device uses a
serial number or MAC address, which are difficult to
change. Because ID information of a device is included in
J
I
i
, o

, and C that the device receives, it is impossible to


play a content in a device that has not been registered
during the registration process. Even if J
I
i
, o

are exposed
to the network, since DLP is what calculates E
2
(SEK)
using those values, impersonation attack is impossible.

- Collusion attack: In our scheme, it is impossible to
calculate a secret key without the secret sharing values
possessed by a user. When the number of users is l, and
the number devices owned by the user is k, the number of
secret sharing values to be set, n, and the threshold, t, is
set as n = l +k +1 and t = k +1 respectively. In case
the keys of all devices of a user are exposed, the number of
secret sharing values obtained by the attacker is k. Since
this is smaller than the set threshold t, it is impossible to
find out the secret key by collusion attack.
B. Efficiency Analysis
The OPMD environment is the environment where one user
owns multiple devices. If contents are encrypted, the secret
key used for encryption needs to be managed by the contents
server. When the key is managed in a device-oriented scheme,
the number of users which should be managed by the contents
server is n, number of devices owned by the one user is 1, the
number of the keys that should be managed by the content
server is n (n 1). If n users have two devices, 2n (n 2)
keys should be managed. This can be said to be an inefficient
way that the number of keys that should be managed by the
contents server linearly increases. In contrast, our user-
oriented key management scheme can manage the secret key
efficiently.
In the proposed scheme, by using the way that connects to
the device IDs and the user ID, the number of secret keys that
should be managed by the contents server is maintained to be
n (n 1) even when each of n users uses two or more
devices.
The pairing computation used in the proposed scheme is
known as the heavy computation. However, recent research
shows that the pairing computation can be performed with
ease on TVs, PCs and even on mobile phones [20]-[21].
VI. CONCLUSION AND FUTURE WORK
We proposed the key management scheme which enables
the convenient use of encrypted contents in the OPMD
environment. Our scheme applied IBTD, which is not the
user's device oriented method but the user oriented method
and allows the contents server to perform efficient key
management. Our proposed scheme for the key
management scheme for the OPMD environment can be a
response to the contents security issues that may occur in
the three-screen or higher n-screen environment which is
currently being researched actively and widely.
The research about the weight lightening of protocol to
reduce pairing computation are required in the future, and it
is scheduled to conduct the device-oriented key
management and quantitative comparison through actual
implementation.
REFERENCES
[1] A. Shamir, "Identity-based Cryptosystems and Signature Scheme,"
Advances in Cryptology, Crypto'84, LNCS Vol.196, pp.47-53,
Springer, 1984.
[2] D. Boneh and M. Franklin, "Identity-based Encryption from the Weil
Pairing," Advances in Cryptology, Crypto'01, LNCS Vol.2139,
pp.213-229, Springer, 2001.
[3] F. Hess. "Efficient Identity Based Signature Schemes Based on
Pairings," Selected Areas in Cryptography, SAC 2002, LNCS
Vol.2595, pp.310-324, Springer, 2002.
[4] N. Smart, "An Identity-based Authenticated Key Agreement Protocol
Based on Weil Pairing," Electronic Letters, Vol.38, No.13, pp.630-
632, IET, 2002.
[5] J. Baek and Y. Zheng, "Identity-based Threshold Decryption," Public
Key Cryptography, PKC '04, LNCS Vol.2947, pp.262-276, Springer,
2004.
[6] R. Dutta, R. Barua, and P. Sarkar. "Pairing-based cryptography : A
survey," Cryptology ePrint Archive, Report 2004/064, 2004
[7] A. Shamir, How to share a secret, Communications of ACM, vol.
22, no. 11, pp. 612-613, 1979.
[8] Z. Chai et al., "ID-based threshold decryption without random oracles
and its application in key escrow," International Conference on
Information Security, Infosecu'04, pp.119124, ACM, 2004.
[9] Y. Long et al., K. Chen and S. Liu, "ID-based threshold decryption
secure against chosen plaintext Attack," Journal of Shanghai Jiaotong
University (Science), Vol.E-11, No.2, pp.127133, 2006.
[10] H. Ju, D. Kim, D. Lee et al., "Modified ID-based threshold decryption
and its application to mediated ID-based encryption," Asia-Pacific
Web Conference on Frontiers of WWW Research and Development,
APWeb'06, LNCS Vol.3841, pp.720725, Springer, 2006.
[11] Q. Mei and D. He, "Identity-based threshold decryption schemes
secure against chosen ciphertext attacks in the standard model,"
Journal of the Graduate School of the Chinese Academy of Sciences,
Vol.23, No.2, pp.198204, 2006.
[12] S. Liu, K. Chen and W. Qiu, "Identity-based threshold decryption
revisited," International Conference on Information Security Practice
and Experience, ISPEC'07, LNCS Vol.4464, pp.329343, Springer,
2007.
[13] Y. Long, K. Chen and S. Liu, "ID-based threshold decryption secure
against adaptive chosen-ciphertext attack," Computers and Electrical
Engineering, Vol.33, pp.166176, Elsevier, 2007.
[14] X. Wang and Z. Chai, "A provable security scheme of ID-based
threshold decryption," International Conference on Forensics in
Telecommunications, Information and Multimedia-e-Forensics'09,
LNICST Vol.8, pp.122129, Springer, 2009.
[15] Y. Ming and Y. Wang, "Identity-based Threshold Decryption Scheme
without Random Oracles," Chinese Journal of Electronics, Vol.20,
No.2, pp.323-328, 2011.
[16] ETSI Technical Report 289: Support for use of scrambling and
Conditional Access within digital broadcasting system, 1996.
[17] NIST, Springfield, VA, "Advanced Encryption Standard (AES),"
2001
[18] EBU Project Group B/CA, Functional model of a conditional access
system, EBU Technical Review, 1995.
[19] Open Mobile Alliance, Digital Rights Management 2.0 (OMA DRM
2.0), 2006.
490 IEEE Transactions on Consumer Electronics, Vol. 58, No. 2, May 2012
[20] M. Yoshitomi, T. Takagi, S. Kiyomoto, and T. Tanaka, "Efficient
implementation of the pairing on mobile phones using BREW," IEICE
Transactions on Information and System, Vol.E91-D, No.5, pp.1330
1337, 2008.
[21] W. Shin, K. Fukushima, S. Kiyomoto and Y. Miyake, "AMY: Use
your cell phone to create a protected personal network over devices,"
IEEE Transactions on Consumer Electronics, Vol.57, No.1 pp.99-104,
2011.

BIOGRAPHIES

Hoonjung Lee (M'10) received the B.S. degree in
computer science from Dankook University, Korea, in
2003, and received M.S. degree in computer science
and engineering from Hanyang University, Korea, in
2005. He was a researcher at Handan BroadInfoCom,
Korea, from 2005 to 2009. He is currently working
toward for the Ph.D degree in computer science and
engineering, Hanyang University. His research interests
include Key management and cryptography. He is a member of IEEE.
Hasoo Eun (M'11) received the B.S. and M.S. degree
in computer science and engineering from Hanyang
University, Korea, in 2010 and 2012, respectively. He
is currently working toward for the Ph.D. degree in
computer science and engineering, Hanyang
University, Korea. His current research interests
include mobile security, NFC, and cryptography. He is
a member of IEEE.

Heekuck Oh is the corresponding author of this paper.
He received his B.S. degree in Electronics Engineering
from Hanyang University in 1983.He received his M.S.
and Ph.D. degrees in Computer Science from Iowa State
University in 1989 and 1992, respectively. In 1994, he
joined the faculty of the Department of Computer
Science and Engineering, Hanyang University, ERICA
campus, where he is currently a professor. His current
research interests include network security and
cryptography. Prof. Oh is a vice president of Korea Institute of Information
Security & Cryptology, and is a member of Advisory Committee of Digital
Investigation in Supreme Prosecutors' Office of the Republic of Korea.