KIANOOSH MOKHTARIAN
SCHOOL OF COMPUTING SCIENCESIMON FRASER UNIVERSITY
3/24/2008
Secure Multimedia Streaming
Motivation
Multimedia streaming: a great source of revenue Its market will grow from $900 mln in 2005 to $6 bln in 2011
Motivation
Multimedia streaming: a great source of revenue Its market will grow from $900 mln in 2005 to $6 bln in 2011
Affecting our daily lives
Motivation
Multimedia streaming: a great source of revenue Its market will grow from $900 mln in 2005 to $6 bln in 2011
Affecting our daily lives
Security of multimedia systems
Overview
Desired security aspects
Conventional authentication methods
Requirements for a media authentication scheme
Previous works Stream authentication Typical video authentication Scalable video authentication
Conclusion and future research directions
What Security Aspects?
Authentication
Data integrity
Access control
Data confidentiality
Non-repudiation
Availability of service
What Security Aspects?
Authentication
Data integrity
Access control
Data confidentiality
Non-repudiation
Availability of service
An Example
The Olympic games
The network is by default UNSECURE Anyone can listen, capture, and replace the traffic.
Conventional Authentication: Preliminaries
Digital signature Publicly verifiable Message dependant Not repudiatable
Conventional Authentication: Preliminaries
Digital signature Publicly verifiable Message dependant Not repudiatable
One-way hash functions Fixed length output Easy to compute y = H(x) for everyone Infeasible to compute x given the value of H(x) Infeasible to find x1 and x2 such that H(x1) = H(x2)
if H(x) is authentic, then x is authentic
Conventional Auth’: the Case of Multimedia
Treating the entire media as a file:Sign ( Hash(media) ) and Verify ( Hash(media) )
Conventional Auth’: the Case of Multimedia
Treating the entire media as a file:Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation on the media
Conventional Auth’: the Case of Multimedia
Treating the entire media as a file:Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation
Signing each frame
Conventional Auth’: the Case of Multimedia
Treating the entire media as a file:Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation
Signing each frame Computationally expensive
Conventional Auth’: the Case of Multimedia
Treating the entire media as a file:Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation
Signing each frame Computationally expensive
Using Message Authentication Codes (MAC) y = MACK (x) = Hash (x || K)
Conventional Auth’: the Case of Multimedia
Treating the entire media as a file:Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation
Signing each frame Computationally expensive
Using Message Authentication Codes (MAC) y = MACK (x) = Hash (x || K) Cannot go beyond single-sender single-receiver case
Requirements
Security!Online production, online verificationComputational costCommunication overhead
Requirements
Security!Online production, online verificationComputational costCommunication overheadBuffer needed for authentication purposes
Requirements
Security!Online production, online verificationComputational costCommunication overheadBuffer needed for authentication purposesRobustness against adaptations on the media
Whether to get the proxies involved or not
Requirements
Security!Online production, online verificationComputational costCommunication overheadBuffer needed for authentication purposesRobustness against adaptations on the media
Whether to get the proxies involved or notTolerability of packet losses in network
Requirements
Security!Online production, online verificationComputational costCommunication overheadBuffer needed for authentication purposesRobustness against adaptations on the media
Whether to get the proxies involved or notTolerability of packet losses in networkSupported scenarios
Stream Authentication
Hash chaining
Packet 2 Packet nDigital Signature
Hash
H(pkt3)
Packet 1
H(pkt2)
StreamSignature
Stream Authentication
Hash chaining
No online production of the authenticated stream
Packet 2 Packet nDigital Signature
Hash
H(pkt3)
Packet 1
H(pkt2)
StreamSignature
Stream Authentication
Hash chaining
No online production of the authenticated stream Sensitive to any packet loss
Packet 2 Packet nDigital Signature
Hash
H(pkt3)
Packet 1
H(pkt2)
StreamSignature
Stream Authentication
One-time signature Based on conventional (symmetric) cryptographic functions
One-time signature chaining
Packet nDigital
SignatureOne-time signature
Packet 1
Signature on pkt n
StreamSignature
Public key to verify pkt 2
Packet 2
Signature on pkt 2
Public key to verify pkt 3
Stream Authentication
One-time signature Based on conventional (symmetric) cryptographic functions
One-time signature chaining
High communication overhead
Packet nDigital
SignatureOne-time signature
Packet 1
Signature on pkt n
StreamSignature
Public key to verify pkt 2
Packet 2
Signature on pkt 2
Public key to verify pkt 3
Stream Authentication
One-time signature Based on conventional (symmetric) cryptographic functions
One-time signature chaining
High communication overhead Sensitive to any packet loss
Packet nDigital
SignatureOne-time signature
Packet 1
Signature on pkt n
StreamSignature
Public key to verify pkt 2
Packet 2
Signature on pkt 2
Public key to verify pkt 3
Stream Authentication
SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms)
Hash
IDA coding
Packet m
Partial auth info
Packet 2
Partial auth info
Packet 1
Partial auth info
HashHash
Digital Signature
Stream Authentication
SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms)
Tradeoff between verification delay and overheads
Hash
IDA coding
Packet m
Partial auth info
Packet 2
Partial auth info
Packet 1
Partial auth info
HashHash
Digital Signature
Video Authentication: The General Case
Exploiting the strong correlation between consecutive video frames To reduce overheads To increase robustness
Extract key frames in a video sequence Extract and authenticate key features of such frames Authenticate non-key frames based on key frames
Scalable Video Authentication: Recall
Scalable video To support heterogeneous receivers A base layer and a number of enhancement layers
Base layer
Enhancement layer 1
Enhancement layer 2
Enhancement layer 3
Enhancement layer 4
Frame 1
Base layer
Enhancement layer 1
Enhancement layer 2
Enhancement layer 3
Enhancement layer 4
Frame 2
Base layer
Enhancement layer 1
Enhancement layer 2
Enhancement layer 3
Enhancement layer 4
Frame 3
Base layer
Enhancement layer 1
Enhancement layer 2
Enhancement layer 3
Enhancement layer 4
Frame 4
Base layer
Enhancement layer 1
Enhancement layer 2
Enhancement layer 3
Enhancement layer 4
Frame 5
Scalable Video Authentication
Any number of enhancement layers may be dropped Non-scalable video/stream auth schemes do not work
Scalable Video Authentication
Any number of enhancement layers may be dropped Non-scalable video/stream auth schemes do not work
Authenticating only the base layer Not enough
Scalable Video Authentication
Extending the hash chaining to 2D
Base layer
Enhancement layer 1
Enhancement layer 2
Frame 1 Frame 2
Hash
Hash
Base layer
Enhancement layer 1
Enhancement layer 2
Hash
Hash
Hash
Scalable Video Authentication
Extending the hash chaining to 2D Erasure Correction
Codes (ECC)can be usedfor toleratingpacket loss
Base layer
Enhancement layer 1
Enhancement layer 2
Frame 1 Frame 2
Hash
Hash
Base layer
Enhancement layer 1
Enhancement layer 2
Hash
Hash
Hash
Scalable Video Authentication
Extending the hash chaining to 2D Erasure Correction
Codes (ECC)can be usedfor toleratingpacket loss
No online production Base layer
Enhancement layer 1
Enhancement layer 2
Frame 1 Frame 2
Hash
Hash
Base layer
Enhancement layer 1
Enhancement layer 2
Hash
Hash
Hash
Scalable Video Authentication
Extending the hash chaining to 2D Erasure Correction
Codes (ECC)can be usedfor toleratingpacket loss
No online production
Communicationoverhead
Base layer
Enhancement layer 1
Enhancement layer 2
Frame 1 Frame 2
Hash
Hash
Base layer
Enhancement layer 1
Enhancement layer 2
Hash
Hash
Hash
Conclusion
No previous scheme meets all of the requirements
Future research directions Multimedia-devoted hash functions
Support for modern video coding standards FGS, MGS
The case of P2P streaming Taking advantage of distribution of peers
Main References
Stallings, W., “Cryptography and network security: principles and practices,” 4th Edition, Prentice Hall, 2006.
“Streaming media, iptv, and broadband transport: Telecommunications carriers and entertainment services 2006-2011,” The Insight Research Corporation, Technical Report, April 2006, http://www.insight-corp.com/execsummaries/iptv06execsum.pdf.
Gennaro, R., and Rohatgi, P., “How to sign digital streams,” in Advances in Cryptology (CRYPTO’97), Santa Barbara, CA, August 1997, LNCS vol. 1294, pp. 180–197.
Park, J., Chong, E. and Siegel, H., “Efficient multicast stream authentication using erasure codes,” ACM Transaction on Information and System Security (TISSEC), vol. 6, no. 2, pp. 258–285, May 2003.
Li, W., “Overview of fine granularity scalability in MPEG-4 video standard,” IEEE Transactions on Circuits and Systems for Video Technology, vol. 11, no. 3, pp. 301–317, March 2001.
Wu, Y., and Deng, R., “Scalable authentication of MPEG-4 streams,” IEEE Transactions on Multimedia, vol. 8, pp. 152–161, February 2006.