KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.

Slides:

Advertisements

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Advertisements

Advanced Security Constructions and Key Management Class 16.

Sri Lanka Institute of Information Technology

Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Digital Signatures and Hash Functions. Digital Signatures.

Cryptography Introduction Last Updated: Aug 20, 2013.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada Analysis of Multimedia Authentication Schemes Mohamed Hefeeda (Joint work.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada End-to-End Secure Delivery of Scalable Video Streams Mohamed Hefeeda (Joint.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Motion-compensation Fine-Granular-Scalability (MC-FGS) for wireless multimedia M. van der Schaar, H. Radha Proceedings of IEEE Symposium on Multimedia.

Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Network Security Sorina Persa Group 3250 Group 3250.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)

Authentication of Scalable Video Streams With Low Communication Overhead IEEE TRANSACTIONS ON MULTIMEDIA, VOL. 12, NO. 7, NOVEMBER 2010 Adviser : Yih-Ran.

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.

1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.

Security 0 The Secure Environment. Security 1 The Secure Environment Security goals (C.I.A.) and threats.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 MESSAGE AUTHENTICATION and HASH FUNCTIONS - Chapter 11 Masquerade – message insertion, fraud, ACK.

Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.

Security for Broadcast Network

Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.

Network Security Celia Li Computer Science and Engineering York University.

Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Authenticating streamed data in the presence of random packet loss February 8 th, 2001 Philippe Golle Nagendra Modadugu Stanford University.

Presented by: Reut Barazani Limor Levy. Contents Introduction Digital signature broadcast message authentication TESLA broadcast message authentication.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Cryptographic Hash Function

Cryptography And Network Security

BROADCAST AUTHENTICATION

Data Integrity: Applications of Cryptographic Hash Functions

Outline Using cryptography in networks IPSec SSL and TLS.

Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS

Hashing Hash are the auxiliary values that are used in cryptography.

HMAC and its Design Objectives

Presentation transcript:

KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming

Motivation Multimedia streaming: a great source of revenue  Its market will grow from $900 mln in 2005 to $6 bln in 2011

Motivation Multimedia streaming: a great source of revenue  Its market will grow from $900 mln in 2005 to $6 bln in 2011 Affecting our daily lives

Motivation Multimedia streaming: a great source of revenue  Its market will grow from $900 mln in 2005 to $6 bln in 2011 Affecting our daily lives Security of multimedia systems

Overview Desired security aspects Conventional authentication methods Requirements for a media authentication scheme Previous works  Stream authentication  Typical video authentication  Scalable video authentication Conclusion and future research directions

What Security Aspects?

Authentication Data integrity Access control Data confidentiality Non-repudiation Availability of service

What Security Aspects? Authentication Data integrity Access control Data confidentiality Non-repudiation Availability of service

An Example The Olympic games  $$!

An Example The Olympic games The network is by default UNSECURE  Anyone can listen, capture, and replace the traffic.

Conventional Authentication: Preliminaries Digital signature  Publicly verifiable  Message dependant  Not repudiatable

Conventional Authentication: Preliminaries Digital signature  Publicly verifiable  Message dependant  Not repudiatable One-way hash functions  Fixed length output  Easy to compute y = H(x) for everyone  Infeasible to compute x given the value of H(x)  Infeasible to find x 1 and x 2 such that H(x 1 ) = H(x 2 )  if H(x) is authentic, then x is authentic

Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )

Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation on the media

Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation Signing each frame

Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation Signing each frame  Computationally expensive

Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation Signing each frame  Computationally expensive Using Message Authentication Codes (MAC)  y = MAC K ( x ) = Hash ( x || K )

Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation Signing each frame  Computationally expensive Using Message Authentication Codes (MAC)  y = MAC K ( x ) = Hash ( x || K )  Cannot go beyond single-sender single-receiver case

Requirements

Security!

Requirements Security! Online production, online verification

Requirements Security! Online production, online verification Computational cost

Requirements Security! Online production, online verification Computational cost Communication overhead

Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes

Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media  Whether to get the proxies involved or not

Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media  Whether to get the proxies involved or not Tolerability of packet losses in network

Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media  Whether to get the proxies involved or not Tolerability of packet losses in network Supported scenarios

Stream Authentication Hash chaining

Stream Authentication Hash chaining  No online production of the authenticated stream

Stream Authentication Hash chaining  No online production of the authenticated stream  Sensitive to any packet loss

Stream Authentication One-time signature  Based on conventional (symmetric) cryptographic functions One-time signature chaining

Stream Authentication One-time signature  Based on conventional (symmetric) cryptographic functions One-time signature chaining  High communication overhead

Stream Authentication One-time signature  Based on conventional (symmetric) cryptographic functions One-time signature chaining  High communication overhead  Sensitive to any packet loss

Stream Authentication SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms)

Stream Authentication SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms)  Tradeoff between verification delay and overheads

Video Authentication: The General Case Exploiting the strong correlation between consecutive video frames  To reduce overheads  To increase robustness Extract key frames in a video sequence  Extract and authenticate key features of such frames  Authenticate non-key frames based on key frames

Scalable Video Authentication: Recall Scalable video  To support heterogeneous receivers  A base layer and a number of enhancement layers

Scalable Video Authentication Any number of enhancement layers may be dropped  Non-scalable video/stream auth schemes do not work

Scalable Video Authentication Any number of enhancement layers may be dropped  Non-scalable video/stream auth schemes do not work Authenticating only the base layer  Not enough

Scalable Video Authentication Extending the hash chaining to 2D

Scalable Video Authentication Extending the hash chaining to 2D  Erasure Correction Codes (ECC) can be used for tolerating packet loss

Scalable Video Authentication Extending the hash chaining to 2D  Erasure Correction Codes (ECC) can be used for tolerating packet loss  No online production

Scalable Video Authentication Extending the hash chaining to 2D  Erasure Correction Codes (ECC) can be used for tolerating packet loss  No online production  Communication overhead

Conclusion No previous scheme meets all of the requirements

Conclusion No previous scheme meets all of the requirements Future research directions  Multimedia-devoted hash functions  Support for modern video coding standards  FGS, MGS  The case of P2P streaming  Taking advantage of distribution of peers

Thank You Any Questions?

Main References Stallings, W., “Cryptography and network security: principles and practices,” 4th Edition, Prentice Hall, “Streaming media, iptv, and broadband transport: Telecommunications carriers and entertainment services ,” The Insight Research Corporation, Technical Report, April 2006, Gennaro, R., and Rohatgi, P., “How to sign digital streams,” in Advances in Cryptology (CRYPTO’97), Santa Barbara, CA, August 1997, LNCS vol. 1294, pp. 180–197. Park, J., Chong, E. and Siegel, H., “Efficient multicast stream authentication using erasure codes,” ACM Transaction on Information and System Security (TISSEC), vol. 6, no. 2, pp. 258–285, May Li, W., “Overview of fine granularity scalability in MPEG-4 video standard,” IEEE Transactions on Circuits and Systems for Video Technology, vol. 11, no. 3, pp. 301–317, March Wu, Y., and Deng, R., “Scalable authentication of MPEG-4 streams,” IEEE Transactions on Multimedia, vol. 8, pp. 152–161, February 2006.