| With more and more content being produced, distributed, and ultimately rendered and consumed in digital form, devising effective Content Protection mechanisms and building satisfactory Digital Rights Management (DRM) systems have become top priorities for the Publishing and Entertaining Industries.; To help tackle this challenge, several cryptographic primitives and constructions have been proposed, including mechanisms to securely distribute data over a unidirectional insecure channel (Broadcast Encryption), schemes in which leakage of cryptographic keys can be traced back to the leaker (Traitor Tracing), and techniques to combine revocation and tracing capabilities (Trace-and-Revoke schemes).; In this thesis, we present several original constructions of the above primitives; which improve upon existing DRM-enabling cryptographic primitives along the following two directions: (1) Widening their scope of applicability e.g., by considering models taking into accounts usability issues typical of the DRM setting; and (2) Strengthening their security guarantees to higher levels that are standards, for example, in the case of standalone encryption.; Our results along the first line of work include the following: (1) An efficient public-key broadcast encryption scheme, which allows mutually mistrusting content providers to leverage a common delivery infrastructure, and can cope with low-end, stateless receivers; (2) A traitor tracing scheme with optimal transmission rate, in which encryption does not cause a blow-up in the size of the content, thus allowing for optimal utilization of the broadcast channel; (3) A public-key tracing and revoking scheme that can deal with both server-side and client-side scalability issues, while preserving traceability.; As for the second direction, our contribution can be divided as follows: (1) A forward-secure public-key broadcast encryption scheme, in which the unauthorized access resulting from cracking a user-key is constrained to a minimal time frame which is delimited, in the future, by the revocation mechanism, and in the past, by forward secrecy; (2) A precise formalization of the notion of adaptive chosen-ciphertext security for public-key broadcast encryption schemes, along with a modular and efficient construction.; Overall, the cryptographic tools developed in this thesis provide more flexibility and more security than existing solutions, and thus offer a better match for the challenges of the DRM setting. |
