WWW/Internet - Portal do Software Público Brasileiro

IADIS International Conference WWW/Internet 2010received checksum with the one it calculates, if both match then the MG has sent correct information. The SSchecks the ticket value, if it receives it for the first time, then the MG is legal, so it will respond with thesecond message. If it receives the ticket for the second time, and if the checksum is the same, then it cansafely reply to the second message, assuming that its previous response was lost in the network. If the SSreceives the same ticket with a different checksum, this means that illegal MG sends the second request, inthis case the SS will not reply to the request. The second message contains a generated nonce from the SSside, MG’s nonce and the SS identity all encrypted with the shared key Km. The third message is from theMG side and contains: SS’s nonce and MG’s identity all encrypted with SS’s public key. Now the SS andMG are mutually authenticated, the forth message is from SS side and contains the media key for the ithsession and the SS’s identity all encrypted with the transport key for ith session.To prevent the software hacker from discovering the transport key in the VS space by using static ordynamic analysis, the MG needs to create a random Transport Key and store it in a random place in the VS,or keep it in MG space; the VS should implement a way to call the transport key generation from the plug-inMG instance. This will prevent the end user from knowing the location of the transport key for a short time.Figure 7. Message exchange for revised protocol.In the solution we provide, the SS only accepts the first media key request for each unique ticket, andrejects any subsequent request for the same ticket with different checksum. Figure 7 shows the protocolsimulation. We ran the new protocol on AVISPA and did not find any attack. We therefore believe that ourprotocol is correct and helps the SS to authenticate valid instances of MG.5. CONCLUSIONSoftware based protection is a promising solution for CP to deploy especially when the clients are generalpurpose computers or laptops. We studied the software based solution introduced by Grimen et al. to protectany content media at a client machine. We found two attacks, one in the key exchange protocol and the otherin their architecture design. We used AVISPA to simulate the attack for first flow. We proposed a modifiedprotocol that removes the first attack, and changed a little bit in the architecture design to remove the secondattack. We demonstrated its correctness using AVISPA.ACKNOWLEDGEMENTMalek Barhoush acknowledges the support of Concordia University and of Yarmouk University.J. William Atwood acknowledges the support of the Natural Sciences and Engineering Research Councilof Canada, through its Discovery Grants program.71