Presentation is loading. Please wait.

Presentation is loading. Please wait.

KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.

Similar presentations


Presentation on theme: "KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming."— Presentation transcript:

1 KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming

2 Motivation Multimedia streaming: a great source of revenue  Its market will grow from $900 mln in 2005 to $6 bln in 2011

3 Motivation Multimedia streaming: a great source of revenue  Its market will grow from $900 mln in 2005 to $6 bln in 2011 Affecting our daily lives

4 Motivation Multimedia streaming: a great source of revenue  Its market will grow from $900 mln in 2005 to $6 bln in 2011 Affecting our daily lives Security of multimedia systems

5 Overview Desired security aspects Conventional authentication methods Requirements for a media authentication scheme Previous works  Stream authentication  Typical video authentication  Scalable video authentication Conclusion and future research directions

6 What Security Aspects?

7 Authentication Data integrity Access control Data confidentiality Non-repudiation Availability of service

8 What Security Aspects? Authentication Data integrity Access control Data confidentiality Non-repudiation Availability of service

9 An Example The Olympic games  $$!

10 An Example The Olympic games The network is by default UNSECURE  Anyone can listen, capture, and replace the traffic.

11 Conventional Authentication: Preliminaries Digital signature  Publicly verifiable  Message dependant  Not repudiatable

12 Conventional Authentication: Preliminaries Digital signature  Publicly verifiable  Message dependant  Not repudiatable One-way hash functions  Fixed length output  Easy to compute y = H(x) for everyone  Infeasible to compute x given the value of H(x)  Infeasible to find x 1 and x 2 such that H(x 1 ) = H(x 2 )  if H(x) is authentic, then x is authentic

13 Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )

14 Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation on the media

15 Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation Signing each frame

16 Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation Signing each frame  Computationally expensive

17 Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation Signing each frame  Computationally expensive Using Message Authentication Codes (MAC)  y = MAC K ( x ) = Hash ( x || K )

18 Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )  Cannot produce the media online  Cannot verify the media online  Sensitive to any loss or adaptation Signing each frame  Computationally expensive Using Message Authentication Codes (MAC)  y = MAC K ( x ) = Hash ( x || K )  Cannot go beyond single-sender single-receiver case

19 Requirements

20 Security!

21 Requirements Security! Online production, online verification

22 Requirements Security! Online production, online verification Computational cost

23 Requirements Security! Online production, online verification Computational cost Communication overhead

24 Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes

25 Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media  Whether to get the proxies involved or not

26 Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media  Whether to get the proxies involved or not Tolerability of packet losses in network

27 Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media  Whether to get the proxies involved or not Tolerability of packet losses in network Supported scenarios

28 Stream Authentication Hash chaining

29 Stream Authentication Hash chaining  No online production of the authenticated stream

30 Stream Authentication Hash chaining  No online production of the authenticated stream  Sensitive to any packet loss

31 Stream Authentication One-time signature  Based on conventional (symmetric) cryptographic functions One-time signature chaining

32 Stream Authentication One-time signature  Based on conventional (symmetric) cryptographic functions One-time signature chaining  High communication overhead

33 Stream Authentication One-time signature  Based on conventional (symmetric) cryptographic functions One-time signature chaining  High communication overhead  Sensitive to any packet loss

34 Stream Authentication SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms)

35 Stream Authentication SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms)  Tradeoff between verification delay and overheads

36 Video Authentication: The General Case Exploiting the strong correlation between consecutive video frames  To reduce overheads  To increase robustness Extract key frames in a video sequence  Extract and authenticate key features of such frames  Authenticate non-key frames based on key frames

37 Scalable Video Authentication: Recall Scalable video  To support heterogeneous receivers  A base layer and a number of enhancement layers

38 Scalable Video Authentication Any number of enhancement layers may be dropped  Non-scalable video/stream auth schemes do not work

39 Scalable Video Authentication Any number of enhancement layers may be dropped  Non-scalable video/stream auth schemes do not work Authenticating only the base layer  Not enough

40 Scalable Video Authentication Extending the hash chaining to 2D

41 Scalable Video Authentication Extending the hash chaining to 2D  Erasure Correction Codes (ECC) can be used for tolerating packet loss

42 Scalable Video Authentication Extending the hash chaining to 2D  Erasure Correction Codes (ECC) can be used for tolerating packet loss  No online production

43 Scalable Video Authentication Extending the hash chaining to 2D  Erasure Correction Codes (ECC) can be used for tolerating packet loss  No online production  Communication overhead

44 Conclusion No previous scheme meets all of the requirements

45 Conclusion No previous scheme meets all of the requirements Future research directions  Multimedia-devoted hash functions  Support for modern video coding standards  FGS, MGS  The case of P2P streaming  Taking advantage of distribution of peers

46 Thank You Any Questions?

47 Main References Stallings, W., “Cryptography and network security: principles and practices,” 4th Edition, Prentice Hall, 2006. “Streaming media, iptv, and broadband transport: Telecommunications carriers and entertainment services 2006-2011,” The Insight Research Corporation, Technical Report, April 2006, http://www.insight-corp.com/execsummaries/iptv06execsum.pdf.http://www.insight-corp.com/execsummaries/iptv06execsum.pdf Gennaro, R., and Rohatgi, P., “How to sign digital streams,” in Advances in Cryptology (CRYPTO’97), Santa Barbara, CA, August 1997, LNCS vol. 1294, pp. 180–197. Park, J., Chong, E. and Siegel, H., “Efficient multicast stream authentication using erasure codes,” ACM Transaction on Information and System Security (TISSEC), vol. 6, no. 2, pp. 258–285, May 2003. Li, W., “Overview of fine granularity scalability in MPEG-4 video standard,” IEEE Transactions on Circuits and Systems for Video Technology, vol. 11, no. 3, pp. 301–317, March 2001. Wu, Y., and Deng, R., “Scalable authentication of MPEG-4 streams,” IEEE Transactions on Multimedia, vol. 8, pp. 152–161, February 2006.


Download ppt "KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming."

Similar presentations


Ads by Google