Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu.

Slides:



Advertisements
Similar presentations
Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.
Advertisements

Advanced Security Constructions and Key Management Class 16.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Digital Signatures and Hash Functions. Digital Signatures.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.
Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada Analysis of Multimedia Authentication Schemes Mohamed Hefeeda (Joint work.
Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada End-to-End Secure Delivery of Scalable Video Streams Mohamed Hefeeda (Joint.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
Reliable and Smooth Fine Granular Scalable Video Streaming Zhibo Chen Yun He 2002 IEEE Region 10 Conference on Computer, Communications, Control and Power.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Wireless FGS video transmission using adaptive mode selection and unequal error protection Jianhua Wu and Jianfei Cai Nanyang Technological University.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
Unequal Loss Protection: Graceful Degradation of Image Quality over Packet Erasure Channels Through Forward Error Correction Alexander E. Mohr, Eva A.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
Authentication of Scalable Video Streams With Low Communication Overhead IEEE TRANSACTIONS ON MULTIMEDIA, VOL. 12, NO. 7, NOVEMBER 2010 Adviser : Yih-Ran.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Lossless Watermarking for Image Authentication: A New Framework and an Implementation IEEE TRANSACTIONS ON IMAGE PROCESSING APRIL 2006 C.M.Chen.
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Network Security David Lazăr.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
報告人:林祐沁 學生 指導教授:童曉儒 老師 March 2, Wireless Video Surveillance Server Based on CDMA1x and H.264.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
4-Jun-164/598N: Computer Networks Differentiated Services Problem with IntServ: scalability Idea: segregate packets into a small number of classes –e.g.,
Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.
Chapter 11 Message Authentication and Hash Functions.
On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine.
Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
MPEG-4: Multimedia Coding Standard Supporting Mobile Multimedia System Lian Mo, Alan Jiang, Junhua Ding April, 2001.
1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Authenticating streamed data in the presence of random packet loss February 8 th, 2001 Philippe Golle Nagendra Modadugu Stanford University.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Computer Architecture Lab. Hanbit Kim
Research Title:Analysis of Advanced Cryptography Technologies Hash-based Post-quantum One-time Digital Signature Schemes Dr. Douglas Stebila Kaan Osmanagaoglu.
@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Fragile Watermarking Scheme for Relational Database Fragile Watermarking Scheme for Relational Database.
Security Outline Encryption Algorithms Authentication Protocols
A Fault Tolerance Protocol for Uploads: Design and Evaluation
Providing Secure Storage on the Internet
Data Integrity: Applications of Cryptographic Hash Functions
Advanced Computer Networks
Presentation transcript:

Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu

outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Motivation MPEG-4: a state-of-the-art technology DMIF – generic platform FGS – flexible multimedia distribution IPMP – secure delivery framework Authentication isn ’ t provided in IPMP 3 authentication schemes are presented

Related Works Layer-based Priority best possible quality for each video object Object-based Priority Different importance => different quality A straightforward authentication Append a digital signature to each packet High computation Large communication overhead

Related Works SAIDA reduces space overhead and increase tolerance of packet loss Improved to reduce the packet overhead by Pannetrat in 2003 A watermark based stream authentication scheme rejects malicious tempering

outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Preliminaries One-way Hash Function Digital Signature The Merkle Hash Tree Erasure Correction Coding Syntactic Structure of MPEG-4

One-Way Hash Function Converting a variable-length string to a fixed-length output string Hash value: H(m) m: pre-image Hard to find the pre-image from a known hash value

Digital Signature Authenticating the integrity of a signed message as well as its origin pubisherclient σ KeKe m: message to send K s : private key σ = Sign(K s, m) publishreceive Verify received words by: σ = Veri(m, σ, K e )

The Merkle Hash Tree A client requests for n 3 and needs the authentication Source also sends d 4, h A, and h F Client computes d 3 and H(H(h A ||H(d 3 ||d 4 ))||h F )

Erasure Correction Coding U=mG m=m 1, m 2, …, m k U=u 1, u 2, …, u n n-k bits of parity Error correction ability: d min -1 Ref. Digital: Communications, Bernard Sklar

Syntactic Structure of MPEG-4 Each object layer has a priority to represent its importance The base layer has the highest priority Other layers (enhancement layers) have progressively lower priorities

outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Content distribution framework

Problem Definition Packet loss comes from: A proxy discards unimportant content intentionally so as to meet the network a& client device requirements A router discards packets due to network limitation A receiver discards packets failing checksum verifications

Problem Definition A stream authentication scheme should: Reduce the computational & communication cost? Increase the probability of successful authentication in case of packet loss Manage data removal at proxies so as to allow successful authentication

Overview of the Proposed Schemes Objects EncodePackSign Down-scale DecodeUnPackVerify Trusted Objects Proxies

outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Packaging an Object Group Visual objects are encapsulated into n packets Each row stands for one Visual Object Layer : parity unit

Generating Signature on an Object Group h i = HLi 1 ⊕ HLi 2 ⊕ … ⊕ HLi l HLi j = H(Pi j ||j), j=1, 2, … l Packet hash of Pi: g i = H(h i ||i) Hash value of group G: h G = H(g 1 ||g 2 || … ||g n ||G ID ||S ID ) G ID : group ID S ID : stream ID σ = Sign(K s, h G )

Encoding & Encapsulating

X = (h 1,h 2, …,h n,x 1, … x n-k ) = Enc 2n-k,k (h 1,h 2, … h n ) Divide X into k symbols y i ∈ GF(2 w2 ) C r = Enc n,k (y 1,y 2, … y k ) = r 1, …,r k Integrity units C s = Enc n,k ( σ 1, σ 2, …σ n ) = σ 1, …, σ n signature units Append r i & s i to the original packet P i

Appending

Down-Scaling Objects Layer t+1 ~ layer l are discarded by proxies, a patch e would be inserted e i = HLi t+1 ⊕ HLi t+2 ⊕ … ⊕ HLi l

Verifying Packets Only k packets are rcv’d y i, … y k =Dec n,k (r 1, … r k ) h 1, … h n =HLi 1 ⊕ … HLi k ⊕ e i i = 1, 2, …, k g i = H(h i ||i) h G =H(g 1 ||g 2 ||…g n ||G ID ||S ID ) σ= Dec(s 1,…,s k ) Veri(h G,σ,K e )

outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

PAS Securer than FAS Discuss later Assuming that layer i has higher priority than layer i+1,i = 1, 2, …, l Almost the same as FAS

Differences Generating signature g i =H(H(Pi 1 ||H(Pi 2 ||H( … ||H(Pi l ))))||i) g i =H(H(Pi 1 ||1) ⊕ H(Pi 2 ||2) ⊕ … ⊕ H(Pi l ||l) || i) Down-Scaling Objects e i =H(Pi t+1 ||H(Pi t+2 ||H( … ||H(Pi l )))) e i = HLi t+1 ⊕ HLi t+2 ⊕ … ⊕ HLi l Verifying Packets g i =H(H(Pi 1 ||H(Pi 2 ||…)||e i ) || i) g i =H( (HLi 1 ⊕ … HLi k ⊕ e i ) || i)

outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

HAS

Generating Signature Compute hash value D of leaf nodes: D=HLi j =H(Pi j ||j), j=1,2, …,l For nonleaf nodes hash value N i = H(D 1 || D 2 || … || D c ) For example, B j is a node in Fig.10

Generating Signature (cont ’ ) Finally, the object group hash is: h G =H(g 1 || g 2 || … || g n || G ID || S ID ) σ =Sign(K s,h G ) The rest part is the same as FAS

Down-Scaling

Verifying Packets Hash value g i is computed by client according to All the same as FAS

outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

Authentication Probability

Security & Computational Cost Security HAS > PAS > FAS Computational cost of the producer is the highest For example, in RSA scheme, the verification time is only 4% of the signature generation time when K e =17

outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion

conclusion 3 schemes of authentication FAS provided the max flexibility PAS has stronger security strength but requires that data is totally ordered HAS is secure against active attacks and has low authentication overhead Sign once, verify many ways Future work: To minimize buffer space in client devices