Zhenghao Li


The latest progress of communication technology and low-power devices has led to in all kinds of resources environment to provide digital content services, such as smart home and the Internet of things. However, digital content is easily replicated and distributed through open channels. Therefore, authentication is becoming more and more important for digital rights management (DRM) systems to provide security services to authorized users.In 2019,SungJin Yuet al.proposed alightweight three-factor authentication protocol for digital rights management system.This paper introduces the research background of the identity authentication scheme, and reviews the authentication protocol of Sungjin Yu et al. from the perspective of the registration phase and the login authentication phase.Then,through the cryptanalysis, We here prove that the DRM system protocol of SungJin Yu et al. is unsafe, and provide two attack schemes, namely, privileged insider impersonating a legitimate user and privileged insider impersonating a legitimate license server.


DRM systems;protocol;authentication;cryptanalysis;attack schemes

Full Text:



Jung, J., Kang, D., Lee, D., & Won, D. (2017). An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System. Plos One, 12(1), e0169414.

Kim, H., Lee, Y., & Park, Y. (2010). A robust and flexible digital rights management system for home networks. Journal of Systems and Software, 83(12), 2431-2440.

Lee, C. C., Li, C. T., Chen, Z. W., & Lai, Y. M. (2018). A Biometric-Based Authentication and Anonymity Scheme for Digital Rights Management System. Information technology and control, 47(2).

Liu, Y., Chang, C. C., & Chang, S. C. (2015). A group key distribution system based on the generalized aryabhata remainder theorem for enterprise digital rights management. Journal of Information Hiding & Multimedia Signal Processing, 6(1), 140-153.

Subramanya, S. R., & Yi, B. K. (2006). Digital rights management. Potentials IEEE, 25(2), p.31-34.

Yu, S., et al. (2020). A lightweight three-factor authentication protocol for digital rights management system. Peer-to-peer Networking and Applications,1-17.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Copyright © 2019 International Educational Applied Scientific Research Journal