scalable authentication of mpeg-4 streams yongdong wu & robert h. deng present: yu-song syu

39
Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Sy

Post on 22-Dec-2015

221 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Scalable Authentication of MPEG-4 Streams

Yongdong Wu & Robert H. Deng

present: Yu-Song Syu

Page 2: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline

Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Page 3: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Motivation

MPEG-4: a state-of-the-art technology DMIF – generic platform FGS – flexible multimedia distribution IPMP – secure delivery framework

Authentication isn’t provided in IPMP

3 authentication schemes are presented

Page 4: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Related Works Layer-based Priority

best possible quality for each video object Object-based Priority

Different importance => different quality A straightforward authentication

Append a digital signature to each packet High computation Large communication overhead

Page 5: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Related Works

SAIDA reduces space overhead and increase tolerance of packet loss Improved to reduce the packet

overhead by Pannetrat in 2003 A watermark based stream

authentication scheme rejects malicious tempering

Page 6: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline

Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Page 7: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Preliminaries

One-way Hash Function Digital Signature The Merkle Hash Tree Erasure Correction Coding Syntactic Structure of MPEG-4

Page 8: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

One-Way Hash Function

Converting a variable-length string to a fixed-length output string

Hash value: H(m) m: pre-image

Hard to find the pre-image from a known hash value

Page 9: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Digital Signature

Authenticating the integrity of a signed message as well as its origin

pubisher client

σ

Ke

m: message to sendKs: private key

σ = Sign(Ks, m)publish receive Verify received words by:

σ = Veri(m, σ, Ke )

Page 10: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

The Merkle Hash Tree

A client requests for n3 and needs the authentication

Source also sends d4, hA, and hF

Client computes d3 and H(H(hA||H(d3||d4))||hF)

Page 11: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Erasure Correction Coding

U=mG m=m1, m2, … , mk

U=u1, u2, …, un

n-k bits of parity Error correction

ability: dmin-1

Ref. Digital: Communications, Bernard Sklar

Page 12: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Syntactic Structure of MPEG-4

Each object layer has a priority to represent its importance

The base layer has the highest priority

Other layers (enhancement layers) have progressively lower priorities

Page 13: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline

Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Page 14: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Content distribution framework

Page 15: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Problem Definition

Packet loss comes from: A proxy discards unimportant content

intentionally so as to meet the network a& client device requirements

A router discards packets due to network limitation

A receiver discards packets failing checksum verifications

Page 16: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Problem Definition A stream authentication scheme should:

Reduce the computational & communication cost?

Increase the probability of successful authentication in case of packet loss

Manage data removal at proxies so as to allow successful authentication

Page 17: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Overview of the Proposed Schemes

Objects Encode Pack Sign

Down-scale

Down-scale

Decode UnPack VerifyTrustedObjects

Proxies

Page 18: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline

Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Page 19: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Packaging an Object Group Visual objects are

encapsulated into n packets

Each row stands for one Visual Object Layer

: parity unit

Page 20: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Generating Signature on an Object Group

hi = HLi1⊕ HLi2⊕ … ⊕ HLil HLij = H(Pij||j), j=1, 2, … l Packet hash of Pi:

gi = H(hi||i)

Hash value of group G: hG = H(g1||g2||…||gn||GID||SID) GID: group ID SID: stream ID

σ = Sign(Ks, hG)

Page 21: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Encoding & Encapsulating

Page 22: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

X = (h1,h2,…,hn,x1,…xn-k)

= Enc2n-k,k(h1,h2,…hn) Divide X into k symbols yi∈GF(2w2) Cr = Encn,k(y1,y2,…yk) = r1,…,rk

Integrity units Cs = Encn,k(σ1, σ2,…σn) = σ1,…,σn

signature units Append ri & si to the original packet Pi

Page 23: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Appending

Page 24: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Down-Scaling Objects Layer t+1 ~ layer l are

discarded by proxies, a patch e would be inserted

ei= HLit+1⊕HLit+2⊕…

⊕HLil

Page 25: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Verifying Packets

Only k packets are rcv’d yi,…yk=Decn,k(r1,…rk) h1,…hn=HLi1⊕…HLik⊕ei

i = 1, 2, …, k gi = H(hi||i) hG=H(g1||g2||…gn||GID||SID) σ= Dec(s1,…,sk) Veri(hG,σ,Ke)

Page 26: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline

Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Page 27: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

PAS

Securer than FAS Discuss later

Assuming that layer i has higher priority than layer i+1 ,i = 1, 2, …, l

Almost the same as FAS

Page 28: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Differences Generating signature

gi=H(H(Pi1||H(Pi2||H(…||H(Pil))))||i) gi=H(H(Pi1||1)⊕H(Pi2||2) ⊕…⊕H(Pil||l) || i)

Down-Scaling Objects ei=H(Pit+1||H(Pit+2||H(…||H(Pil)))) ei= HLit+1⊕HLit+2⊕…⊕HLil

Verifying Packets gi=H(H(Pi1||H(Pi2||…)||ei) || i) gi=H( (HLi1⊕…HLik⊕ei) || i)

Page 29: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline

Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Page 30: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

HAS

Page 31: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Generating Signature Compute hash value D of leaf

nodes: D=HLij=H(Pij||j), j=1,2,…,l

For nonleaf nodes hash value Ni= H(D1 || D2 || … || Dc)

For example, Bj is a node in Fig.10

Page 32: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Generating Signature (cont’)

Finally, the object group hash is: hG=H(g1 || g2 || … || gn || GID || SID)

σ=Sign(Ks,hG) The rest part is the same as FAS

Page 33: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Down-Scaling

Page 34: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Verifying Packets

Hash value gi is computed by client according to

All the same as FAS

Page 35: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline

Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Page 36: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Authentication Probability

Page 37: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

Security & Computational Cost

Security HAS > PAS > FAS

Computational cost of the producer is the highest

For example, in RSA scheme, the verification time is only 4% of the signature generation time when Ke=17

Page 38: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline

Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Page 39: Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

conclusion 3 schemes of authentication

FAS provided the max flexibility PAS has stronger security strength but

requires that data is totally ordered HAS is secure against active attacks

and has low authentication overhead Sign once, verify many ways Future work:

To minimize buffer space in client devices