1 / 47

Secure Multimedia Streaming

Secure Multimedia Streaming. KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008. Motivation. Multimedia streaming: a great source of revenue Its market will grow from $900 mln in 2005 to $6 bln in 2011. Motivation.

kham
Download Presentation

Secure Multimedia Streaming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Multimedia Streaming KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008

  2. Motivation • Multimedia streaming: a great source of revenue • Its market will grow from $900 mln in 2005 to $6 bln in 2011

  3. Motivation • Multimedia streaming: a great source of revenue • Its market will grow from $900 mln in 2005 to $6 bln in 2011 • Affecting our daily lives

  4. Motivation • Multimedia streaming: a great source of revenue • Its market will grow from $900 mln in 2005 to $6 bln in 2011 • Affecting our daily lives • Security of multimedia systems

  5. Overview • Desired security aspects • Conventional authentication methods • Requirements for a media authentication scheme • Previous works • Stream authentication • Typical video authentication • Scalable video authentication • Conclusion and future research directions

  6. What Security Aspects?

  7. What Security Aspects? • Authentication • Data integrity • Access control • Data confidentiality • Non-repudiation • Availability of service

  8. What Security Aspects? • Authentication • Data integrity • Access control • Data confidentiality • Non-repudiation • Availability of service

  9. An Example • The Olympic games • $$!

  10. An Example • The Olympic games • The network is by default UNSECURE • Anyone can listen, capture, and replace the traffic.

  11. Conventional Authentication: Preliminaries • Digital signature • Publicly verifiable • Message dependant • Not repudiatable

  12. Conventional Authentication: Preliminaries • Digital signature • Publicly verifiable • Message dependant • Not repudiatable • One-way hash functions • Fixed length output • Easy to compute y = H(x) for everyone • Infeasible to compute x given the value of H(x) • Infeasible to find x1 and x2 such that H(x1) = H(x2)  if H(x) is authentic, then x is authentic

  13. Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign(Hash(media)) and Verify(Hash(media))

  14. Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign(Hash(media)) and Verify(Hash(media)) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation on the media

  15. Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign(Hash(media)) and Verify(Hash(media)) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation Signing each frame

  16. Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign(Hash(media)) and Verify(Hash(media)) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation Signing each frame Computationally expensive

  17. Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign(Hash(media)) and Verify(Hash(media)) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation Signing each frame Computationally expensive Using Message Authentication Codes (MAC) y = MACK(x) = Hash(x || K)

  18. Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign(Hash(media)) and Verify(Hash(media)) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation Signing each frame Computationally expensive Using Message Authentication Codes (MAC) y = MACK(x) = Hash(x || K) Cannot go beyond single-sender single-receiver case

  19. Requirements

  20. Requirements Security!

  21. Requirements Security! Online production, online verification

  22. Requirements Security! Online production, online verification Computational cost

  23. Requirements Security! Online production, online verification Computational cost Communication overhead

  24. Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes

  25. Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media Whether to get the proxies involved or not

  26. Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media Whether to get the proxies involved or not Tolerability of packet losses in network

  27. Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media Whether to get the proxies involved or not Tolerability of packet losses in network Supported scenarios

  28. Stream Authentication Hash chaining

  29. Stream Authentication Hash chaining No online production of the authenticated stream

  30. Stream Authentication Hash chaining No online production of the authenticated stream Sensitive to any packet loss

  31. Stream Authentication One-time signature Based on conventional (symmetric) cryptographic functions One-time signature chaining

  32. Stream Authentication One-time signature Based on conventional (symmetric) cryptographic functions One-time signature chaining High communication overhead

  33. Stream Authentication One-time signature Based on conventional (symmetric) cryptographic functions One-time signature chaining High communication overhead Sensitive to any packet loss

  34. Stream Authentication SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms)

  35. Stream Authentication SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms) Tradeoff between verification delay and overheads

  36. Video Authentication: The General Case Exploiting the strong correlation between consecutive video frames To reduce overheads To increase robustness Extract key frames in a video sequence Extract and authenticate key features of such frames Authenticate non-key frames based on key frames

  37. Scalable Video Authentication: Recall Scalable video To support heterogeneous receivers A base layer and a number of enhancement layers

  38. Scalable Video Authentication Any number of enhancement layers may be dropped Non-scalable video/stream auth schemes do not work

  39. Scalable Video Authentication Any number of enhancement layers may be dropped Non-scalable video/stream auth schemes do not work Authenticating only the base layer Not enough

  40. Scalable Video Authentication Extending the hash chaining to 2D

  41. Scalable Video Authentication Extending the hash chaining to 2D Erasure Correction Codes (ECC) can be used for tolerating packet loss

  42. Scalable Video Authentication Extending the hash chaining to 2D Erasure Correction Codes (ECC) can be used for tolerating packet loss No online production

  43. Scalable Video Authentication Extending the hash chaining to 2D Erasure Correction Codes (ECC) can be used for tolerating packet loss No online production Communication overhead

  44. Conclusion • No previous scheme meets all of the requirements

  45. Conclusion • No previous scheme meets all of the requirements • Future research directions • Multimedia-devoted hash functions • Support for modern video coding standards • FGS, MGS • The case of P2P streaming • Taking advantage of distribution of peers

  46. Thank You Any Questions?

  47. Main References Stallings, W., “Cryptography and network security: principles and practices,” 4th Edition, Prentice Hall, 2006. “Streaming media, iptv, and broadband transport: Telecommunications carriers and entertainment services 2006-2011,” The Insight Research Corporation, Technical Report, April 2006, http://www.insight-corp.com/execsummaries/iptv06execsum.pdf. Gennaro, R., and Rohatgi, P., “How to sign digital streams,” in Advances in Cryptology (CRYPTO’97), Santa Barbara, CA, August 1997, LNCS vol. 1294, pp. 180–197. Park, J., Chong, E. and Siegel, H., “Efficient multicast stream authentication using erasure codes,” ACM Transaction on Information and System Security (TISSEC), vol. 6, no. 2, pp. 258–285, May 2003. Li, W., “Overview of fine granularity scalability in MPEG-4 video standard,” IEEE Transactions on Circuits and Systems for Video Technology, vol. 11, no. 3, pp. 301–317, March 2001. Wu, Y., and Deng, R., “Scalable authentication of MPEG-4 streams,” IEEE Transactions on Multimedia, vol. 8, pp. 152–161, February 2006.

More Related