scalable authentication of mpeg-4 streams yongdong wu & robert h. deng present: yu-song syu

Click here to load reader

Post on 22-Dec-2015

214 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu
  • Slide 2
  • outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
  • Slide 3
  • Motivation MPEG-4: a state-of-the-art technology DMIF generic platform FGS flexible multimedia distribution IPMP secure delivery framework Authentication isn t provided in IPMP 3 authentication schemes are presented
  • Slide 4
  • Related Works Layer-based Priority best possible quality for each video object Object-based Priority Different importance => different quality A straightforward authentication Append a digital signature to each packet High computation Large communication overhead
  • Slide 5
  • Related Works SAIDA reduces space overhead and increase tolerance of packet loss Improved to reduce the packet overhead by Pannetrat in 2003 A watermark based stream authentication scheme rejects malicious tempering
  • Slide 6
  • outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
  • Slide 7
  • Preliminaries One-way Hash Function Digital Signature The Merkle Hash Tree Erasure Correction Coding Syntactic Structure of MPEG-4
  • Slide 8
  • One-Way Hash Function Converting a variable-length string to a fixed-length output string Hash value: H(m) m: pre-image Hard to find the pre-image from a known hash value
  • Slide 9
  • Digital Signature Authenticating the integrity of a signed message as well as its origin pubisherclient KeKe m: message to send K s : private key = Sign(K s, m) publishreceive Verify received words by: = Veri(m, , K e )
  • Slide 10
  • The Merkle Hash Tree A client requests for n 3 and needs the authentication Source also sends d 4, h A, and h F Client computes d 3 and H(H(h A ||H(d 3 ||d 4 ))||h F )
  • Slide 11
  • Erasure Correction Coding U=mG m=m 1, m 2, , m k U=u 1, u 2, , u n n-k bits of parity Error correction ability: d min -1 Ref. Digital: Communications, Bernard Sklar
  • Slide 12
  • Syntactic Structure of MPEG-4 Each object layer has a priority to represent its importance The base layer has the highest priority Other layers (enhancement layers) have progressively lower priorities
  • Slide 13
  • outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
  • Slide 14
  • Content distribution framework
  • Slide 15
  • Problem Definition Packet loss comes from: A proxy discards unimportant content intentionally so as to meet the network a& client device requirements A router discards packets due to network limitation A receiver discards packets failing checksum verifications
  • Slide 16
  • Problem Definition A stream authentication scheme should: Reduce the computational & communication cost? Increase the probability of successful authentication in case of packet loss Manage data removal at proxies so as to allow successful authentication
  • Slide 17
  • Overview of the Proposed Schemes Objects EncodePackSign Down-scale DecodeUnPackVerify Trusted Objects Proxies
  • Slide 18
  • outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
  • Slide 19
  • Packaging an Object Group Visual objects are encapsulated into n packets Each row stands for one Visual Object Layer : parity unit
  • Slide 20
  • Generating Signature on an Object Group h i = HLi 1 HLi 2 HLi l HLi j = H(Pi j ||j), j=1, 2, l Packet hash of Pi: g i = H(h i ||i) Hash value of group G: h G = H(g 1 ||g 2 || ||g n ||G ID ||S ID ) G ID : group ID S ID : stream ID = Sign(K s, h G )
  • Slide 21
  • Encoding & Encapsulating
  • Slide 22
  • X = (h 1,h 2, ,h n,x 1, x n-k ) = Enc 2n-k,k (h 1,h 2, h n ) Divide X into k symbols y i GF(2 w2 ) C r = Enc n,k (y 1,y 2, y k ) = r 1, ,r k Integrity units C s = Enc n,k ( 1, 2, n ) = 1, , n signature units Append r i & s i to the original packet P i
  • Slide 23
  • Appending
  • Slide 24
  • Down-Scaling Objects Layer t+1 ~ layer l are discarded by proxies, a patch e would be inserted e i = HLi t+1 HLi t+2 HLi l
  • Slide 25
  • Verifying Packets Only k packets are rcvd y i, y k =Dec n,k (r 1, r k ) h 1, h n =HLi 1 HLi k e i i = 1, 2, , k g i = H(h i ||i) h G =H(g 1 ||g 2 ||g n ||G ID ||S ID ) = Dec(s 1,,s k ) Veri(h G,,K e )
  • Slide 26
  • outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
  • Slide 27
  • PAS Securer than FAS Discuss later Assuming that layer i has higher priority than layer i+1,i = 1, 2, , l Almost the same as FAS
  • Slide 28
  • Differences Generating signature g i =H(H(Pi 1 ||H(Pi 2 ||H( ||H(Pi l ))))||i) g i =H(H(Pi 1 ||1) H(Pi 2 ||2) H(Pi l ||l) || i) Down-Scaling Objects e i =H(Pi t+1 ||H(Pi t+2 ||H( ||H(Pi l )))) e i = HLi t+1 HLi t+2 HLi l Verifying Packets g i =H(H(Pi 1 ||H(Pi 2 ||)||e i ) || i) g i =H( (HLi 1 HLi k e i ) || i)
  • Slide 29
  • outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
  • Slide 30
  • HAS
  • Slide 31
  • Generating Signature Compute hash value D of leaf nodes: D=HLi j =H(Pi j ||j), j=1,2, ,l For nonleaf nodes hash value N i = H(D 1 || D 2 || || D c ) For example, B j is a node in Fig.10
  • Slide 32
  • Generating Signature (cont ) Finally, the object group hash is: h G =H(g 1 || g 2 || || g n || G ID || S ID ) =Sign(K s,h G ) The rest part is the same as FAS
  • Slide 33
  • Down-Scaling
  • Slide 34
  • Verifying Packets Hash value g i is computed by client according to All the same as FAS
  • Slide 35
  • outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
  • Slide 36
  • Authentication Probability
  • Slide 37
  • Security & Computational Cost Security HAS > PAS > FAS Computational cost of the producer is the highest For example, in RSA scheme, the verification time is only 4% of the signature generation time when K e =17
  • Slide 38
  • outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
  • Slide 39
  • conclusion 3 schemes of authentication FAS provided the max flexibility PAS has stronger security strength but requires that data is totally ordered HAS is secure against active attacks and has low authentication overhead Sign once, verify many ways Future work: To minimize buffer space in client devices