Analysis and Improvement of a Lightweight Anonymous Authentication Protocol for Mobile Pay-TV Systems (Full text)

TL;DR

This paper reviews a lightweight anonymous authentication protocol for mobile pay-TV systems, identifies its security weaknesses, and proposes improvements validated through heuristic and formal analysis.

Contribution

It highlights security flaws in Chen et al's scheme and presents an improved protocol with enhanced privacy protections for mobile pay-TV users.

Findings

Identified privilege insider attack vulnerability

Detected user traceability issues

Proposed an improved, more secure scheme

Abstract

For many years, the pay-TV system has attracted a lot of users. Users have recently expressed the desire to use mobile TV or mobile payment via anonymous protocols. The mobile users have also received their services over cellular communications networks. Each mobile device receives services from each head end systems. With increasing numbers of users and the expansion of Internet, user's privacy has become crucial important. When a device leaves the head end system's range, it must receive services from another head end system. In this paper, we review Chen et al's scheme and we highlight some weaknesses, including privilege insider attack and user traceability attack. Finally, we alleviate the scheme and analyze the alleviated scheme using both heuristic and formal methods.