280 likes | 421 Views
Simultaneous Distribution Control and Privacy Protection for Proxy based Media Distribution. Songqing Chen ( George Mason University ) Shiping Chen ( George Mason University ) Huiping Guo ( California State University ) Bo Shen ( Hewlett-Packard Labs )
E N D
Simultaneous Distribution Control and Privacy Protection for Proxy based Media Distribution Songqing Chen (George Mason University) Shiping Chen (George Mason University) Huiping Guo (California State University) Bo Shen (Hewlett-Packard Labs) Sushil Jajodia (George Mason University)
Background • Compared to Web content delivery, Internet media distribution is challenging: • Large object size • Continuous demand of network, disk bandwidth • Lots of proxy-based solutions: • Silo, partial sequence caching, layered caching, scabale proxy caching, QBIX, prefix, segment caching, video staging…… good performance Any of these ideas is practically/widely deployed?
Lack Distribution Control I cannot get pay for these accesses! Server Proxy Client
Existing Solutions – for distribution control • Common practice (Does not work with proxy caching) • Pay-per-view/membership • DRM (Digital Right Management) • Proxy-based solutions • Hardware-assisted encryption/decryption (special device requirement) • RSA-based multi-key (vulnerable to client collusion)
Lack Sufficient Privacy Protection • Current practice could endanger your private information • WWW (when & what & where) • Your preferences, payment methods • e.g., what kinds of movies you are always interested in? • …… • May be used for uninvitedads or investigation Little is considered in existing media distribution solutions
Conflicting Interests • Privacy Protection (end-user’s interests) • Proxy has good potential for privacy protection • Distribution control (content provider’s interests) • Only legitimate users could be granted access • Normally requires user’s identity Conflicting Can we simultaneously achieve both goals for two parties while proxy caching can be leveraged?
Our Contributions • Provide a framework to achieve simultaneous distribution control and privacy protection • El Gamal based scheme for distribution control • Shamir-Omura based scheme for privacy protection • Propose and evaluate the algorithm in cooperative proxy environments • Considering traffic amortization and proactive replacement
Outline • Simultaneous Distribution Control and Privacy Protection • Distribution Control Principle • Privacy Protection Principle • Algorithm Design and Evaluation • Conclusions
Key Division Cipher • M = D(E(M, Ke) , Kd) • Kd = Kd1 Kd2 • M = D(D(E(M, Ke), Kd1), Kd2) • El Gamal is a key division cipher system on “+”.
C2 (C1, XB1) (C1, XB2) M2 Distribution Control Client Proxy Server XB < q YB = αXB mod q Random k <q K = (YB)k (mod q) C1= αk (mod q) C2= KM (mod q) XB = XB1+XB2 K1 = (C1)XB1 mod q M2 = C2 / K1 mod q K2 = (C1)XB2 mod q M = M2 / K2 mod q
Commutative Cipher • For any two keys: Ke1 and Ke2 • E(E(M, Ke1), Ke2) = E(E(M, Ke2), Ke1) • Shamir-Omura has commutative property.
IDS IDC (IDC)S IDS Privacy Protection Client Proxy Server (KE, KD) IDS= E(ID, KE) (Ke, Kd) IDC= E(ID, Ke) (IDS, Movie) E(IDC , KE) = E(E(ID, Ke), KE) = (IDC)S D((IDC)S, Kd) = D(E(E(ID, Ke), KE), Kd) = E(ID, KE) = IDS
Our Unified SchemeAssumptions • k anonymity • The server only knows a client is accessing one of k objects • Objects are classified into n classes (e.g., price), each with more than k objects • Privacy protection (Shamir-Omura) • Each object can only be identified via its encrypted ID on the proxy • Encryption key KE for IDs is same for objects in the same class • Distribution control (El Gamal) • Each object is encrypted with a different key • Encryption key is divided into two parts, e.g., E(M, SC+Si) • SC is common for the class • Si is different for each object • Si is encrypted with KE • ID and E(Si, KE) are available for client access
E(E(ID, Ke), KE) || E(Si, Ke) || SC2 SC1 IDS D(E(M, SC+Si), SC1) (ID, E(Si,KE)) list (E(ID, KE), E(M, SC+Si)) Want to access some movie: ID E(ID, Ke) || E(E(Si, KE), Ke) client proxy server 1. Get payment; 2. E(E(ID, Ke), KE); 3. D(E(E(Si, KE), Ke), KD) =E(Si, Ke); 4.SC = SC1+SC2 1. D(E(Si, Ke), Kd) = Si 2. D(E(E(ID, Ke), KE), Kd) =E(ID, KE) = IDS Objects are pre-cached in the proxy! D(E(M, SC+Si), SC1) D(D(E(M, SC+Si), SC1), SC2+Si)
Brief Analysis • Proxy and clients do not collude – enable distribution control • Proxy and servers do not collude – provide privacy protection • For each access to the server, instead of fetching 1 object, (k-1) additional objects must be fetched for privacy protection – additional traffic – can we utilize?
Outline • Simultaneous Distribution Control and Privacy Protection • Algorithm Design and Evaluation • Conclusions
Design Space • Work independently or cooperatively? • Cost-Amortized Request Admission • Which (K-1) objects to fetch? • Aggressive Object Selection • Which objects to replace? • Proactive Replacement
Cost-amortized Request Admission • Requested object is not in local or peer cache • Counting how many (r) requests from how many (p) proxies to access server at this time • Each proxy fetches additional objects
Aggressive Object Selection • After determining the number of additional objects to fetch: • In the first phase, select objects according to the object popularity • In the second phase, select objects according to the object size
Proactive Replacement • Always use popularity based replacement to make room for the requested object • For additionally fetched objects: • In the first phase, using popularity based replacement to cache the additionally fetched objects • In the second phase, the additionally fetched objects are discarded
Evaluation • Trace driven simulation • using a synthetic workload based on a server log through duplication • Total unique objects: 934 • Total unique object size: 67 GB • Total number of requests: 64227 • Object size: 288 KB to 638 MB • Average traffic per request: 222 MB • Number of cooperative proxies: 4 • Number of object classes: 5 • Privacy level k: 4
Cache Size-- Additional Traffic 1% of the total client accessed traffic
Outline • Simultaneous Distribution Control and Privacy Protection • Algorithm Design and Evaluation • Conclusions
Conclusion • Extended ElGamal for distribution control and Shamir-Omura for privacy protection • Proposed a unified algorithm to achieve them simultaneously • Proposed an algorithm and evaluated in a cooperative proxy environment
Thanks to anonymous reviewers, Bill Bynum (William and Mary), Xiaodong Zhang (Ohio State University). Questions?