Security protection for content providers is essential in a digital content distribution system so that only authorized users can access the content. However, focusing on the security aspect often makes the system ignore the privacy of content users. This article presents a model of protocol that can provide balanced protection of content provider security and user privacy in a digital content distribution system. This protocol is based on oblivious transfer (OT), a standard protocol in cryptography that allows the sender of a message to send a certain amount of information securely to the recipient of the message, such that at the end of the protocol the recipient of the message cannot access more information than specified, while the sender of the message cannot know which information was successfully accessed by the recipient. Assuming the existence of tamper-proof devices, the protocol presented in this article can provide excellent protection for both the security of content providers and the privacy of content users.

digital content distribution system; oblivious transfer; content provider security; user privacy

S. R. Moosavi, E. Nigussie, S. Virtanen, and J. Isoaho, “Cryptographic key generation using ECG signal,” in 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, 2017, pp. 1024–1031. doi: 10.1109/CCNC.2017.7983280.

R. Mahendran and K. Mani, “Generation of Key Matrix for Hill Cipher Encryption Using Classical Cipher,” in World Congress on Computing and Communication Technologies (WCCCT, Tiruchirappalli, 2017, pp. 51–54. doi: 10.1109/WCCCT.2016.22.

Y. Song, H. Wang, X. Wei, and L. Wu, “Efficient Attribute-Based Encryption with Privacy-Preserving Key Generation and Its Application in Industrial Cloud,” Secur. Commun. Networks, vol. 2019, pp. 1–9, 2019, doi: 10.1155/2019/3249726.

A. C. Prihandoko, Dafik, and I. H. Agustin, “Stream-keys generation based on graph labeling for strengthening Vigenere encryption,” Int. J. Electr. Comput. Eng., vol. 12, no. 4, pp. 3960–3969, 2022, doi: 10.11591/ijece.v12i4.pp3960-3969.

B. Barak et al., “On the (Im)possibility of Obfuscating Programs,” Adv. Cryptol., vol. 2139, no. Im, pp. 1–18, 2001, doi: 10.1007/3-540-44647-8.

A. C. Prihandoko, H. Ghodosi, and B. Litow, “Obfuscation and WBC: Endeavour for Securing Encryption in the DRM Context,” Proc. 2013 Int. Conf. Comput. Sci. Inf. Technol., vol. CSIT-2013, pp. 150–155, 2013.

S. Chow, P. Eisen, H. Johnson, and P. C. Van Oorschot, “A White-Box DES Implementation for DRM Applications,” Proc. ACM Work. Digit. Rights Manag. (DRM 2002), Lect. Notes Comput. Sci. 2696, pp. 1–15, 2003, doi: 10.1007/b11725.

A. C. Prihandoko and H. Ghodosi, “White-box implementation to advantage DRM,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 7, no. 2, 2017.

F. Roesner and T. Kohno, “User-Centered Approaches to DRM and Privacy Trade-offs,” IEEE Secur. Priv., vol. 18, no. 2, pp. 45–51, 2020.

D. Chaum, A. Fiat, and M. Naor, “Untraceable Electronic Cash,” Adv. Cryptol., vol. LNCS 403, pp. 319–327, 1990.

M. Green and I. Miers, “Decentralized Content Access using Anonymous Credentials,” in Proceedings of the Privacy Enhancing Technologies Symposium (PETS), 2020.

M. Al-Fayoumi and S. Aboud, “Blind Decryption and Privacy Protection,” Am. J. Appl. Sci., vol. 2, no. 4, pp. 873–876, 2005.

A. C. Prihandoko and H. Ghodosi, “Blind Decryption for Preserving Privacy in the DRM System,” 2021 Int. Conf. Comput. Sci. Inf. Technol. Electr. Eng. ICOMITEE 2021, pp. 213–217, 2021, doi: 10.1109/ICOMITEE53461.2021.9650123.

M. O. Rabin, “How To Exchange Secrets with Oblivious Transfer.,” Tech. Rep. TR-81, Aiken Comput. Lab, Harvard Univ., pp. 1–5, 1981, [Online]. Available: http://dm.ing.unibs.it/giuzzi/corsi/Support/papers-cryptography/187.pdf

H. Ghodosi, “A General Model for Oblivious Transfer.” the Sixth International Workshop for Applied PKC, Perth, Australia, pp. 79–87, 2007.

H. Shulman, “Practical Considerations of Oblivious Transfer in Digital Distribution,” Cryptology ePrint Archive. 2021.

C. Paquin and G. Zaverucha, “Oblivious Transfer Extensions in Real-World Systems: Benchmarks and Optimization,” in ACM CCS Workshop on Applied Cryptography, 2022.

A. Shamir and A. Shamir, “How To Share a Secret,” Commun. ACM, vol. 22, no. 1, pp. 612–613, 1979, doi: http://doi.acm.org/10.1145/359168.359176.

Z. Chen, “Java Card Technology for Smart Cards: Architecture and Programmer’s Guide,” 2000.