Download presentation
Presentation is loading. Please wait.
1
KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming
2
Motivation Multimedia streaming: a great source of revenue Its market will grow from $900 mln in 2005 to $6 bln in 2011
3
Motivation Multimedia streaming: a great source of revenue Its market will grow from $900 mln in 2005 to $6 bln in 2011 Affecting our daily lives
4
Motivation Multimedia streaming: a great source of revenue Its market will grow from $900 mln in 2005 to $6 bln in 2011 Affecting our daily lives Security of multimedia systems
5
Overview Desired security aspects Conventional authentication methods Requirements for a media authentication scheme Previous works Stream authentication Typical video authentication Scalable video authentication Conclusion and future research directions
6
What Security Aspects?
7
Authentication Data integrity Access control Data confidentiality Non-repudiation Availability of service
8
What Security Aspects? Authentication Data integrity Access control Data confidentiality Non-repudiation Availability of service
9
An Example The Olympic games $$!
10
An Example The Olympic games The network is by default UNSECURE Anyone can listen, capture, and replace the traffic.
11
Conventional Authentication: Preliminaries Digital signature Publicly verifiable Message dependant Not repudiatable
12
Conventional Authentication: Preliminaries Digital signature Publicly verifiable Message dependant Not repudiatable One-way hash functions Fixed length output Easy to compute y = H(x) for everyone Infeasible to compute x given the value of H(x) Infeasible to find x 1 and x 2 such that H(x 1 ) = H(x 2 ) if H(x) is authentic, then x is authentic
13
Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) )
14
Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation on the media
15
Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation Signing each frame
16
Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation Signing each frame Computationally expensive
17
Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation Signing each frame Computationally expensive Using Message Authentication Codes (MAC) y = MAC K ( x ) = Hash ( x || K )
18
Conventional Auth’: the Case of Multimedia Treating the entire media as a file: Sign ( Hash(media) ) and Verify ( Hash(media) ) Cannot produce the media online Cannot verify the media online Sensitive to any loss or adaptation Signing each frame Computationally expensive Using Message Authentication Codes (MAC) y = MAC K ( x ) = Hash ( x || K ) Cannot go beyond single-sender single-receiver case
19
Requirements
20
Security!
21
Requirements Security! Online production, online verification
22
Requirements Security! Online production, online verification Computational cost
23
Requirements Security! Online production, online verification Computational cost Communication overhead
24
Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes
25
Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media Whether to get the proxies involved or not
26
Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media Whether to get the proxies involved or not Tolerability of packet losses in network
27
Requirements Security! Online production, online verification Computational cost Communication overhead Buffer needed for authentication purposes Robustness against adaptations on the media Whether to get the proxies involved or not Tolerability of packet losses in network Supported scenarios
28
Stream Authentication Hash chaining
29
Stream Authentication Hash chaining No online production of the authenticated stream
30
Stream Authentication Hash chaining No online production of the authenticated stream Sensitive to any packet loss
31
Stream Authentication One-time signature Based on conventional (symmetric) cryptographic functions One-time signature chaining
32
Stream Authentication One-time signature Based on conventional (symmetric) cryptographic functions One-time signature chaining High communication overhead
33
Stream Authentication One-time signature Based on conventional (symmetric) cryptographic functions One-time signature chaining High communication overhead Sensitive to any packet loss
34
Stream Authentication SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms)
35
Stream Authentication SAIDA: Signature Amortization using IDA (Information Dispersal Algorithms) Tradeoff between verification delay and overheads
36
Video Authentication: The General Case Exploiting the strong correlation between consecutive video frames To reduce overheads To increase robustness Extract key frames in a video sequence Extract and authenticate key features of such frames Authenticate non-key frames based on key frames
37
Scalable Video Authentication: Recall Scalable video To support heterogeneous receivers A base layer and a number of enhancement layers
38
Scalable Video Authentication Any number of enhancement layers may be dropped Non-scalable video/stream auth schemes do not work
39
Scalable Video Authentication Any number of enhancement layers may be dropped Non-scalable video/stream auth schemes do not work Authenticating only the base layer Not enough
40
Scalable Video Authentication Extending the hash chaining to 2D
41
Scalable Video Authentication Extending the hash chaining to 2D Erasure Correction Codes (ECC) can be used for tolerating packet loss
42
Scalable Video Authentication Extending the hash chaining to 2D Erasure Correction Codes (ECC) can be used for tolerating packet loss No online production
43
Scalable Video Authentication Extending the hash chaining to 2D Erasure Correction Codes (ECC) can be used for tolerating packet loss No online production Communication overhead
44
Conclusion No previous scheme meets all of the requirements
45
Conclusion No previous scheme meets all of the requirements Future research directions Multimedia-devoted hash functions Support for modern video coding standards FGS, MGS The case of P2P streaming Taking advantage of distribution of peers
46
Thank You Any Questions?
47
Main References Stallings, W., “Cryptography and network security: principles and practices,” 4th Edition, Prentice Hall, 2006. “Streaming media, iptv, and broadband transport: Telecommunications carriers and entertainment services 2006-2011,” The Insight Research Corporation, Technical Report, April 2006, http://www.insight-corp.com/execsummaries/iptv06execsum.pdf.http://www.insight-corp.com/execsummaries/iptv06execsum.pdf Gennaro, R., and Rohatgi, P., “How to sign digital streams,” in Advances in Cryptology (CRYPTO’97), Santa Barbara, CA, August 1997, LNCS vol. 1294, pp. 180–197. Park, J., Chong, E. and Siegel, H., “Efficient multicast stream authentication using erasure codes,” ACM Transaction on Information and System Security (TISSEC), vol. 6, no. 2, pp. 258–285, May 2003. Li, W., “Overview of fine granularity scalability in MPEG-4 video standard,” IEEE Transactions on Circuits and Systems for Video Technology, vol. 11, no. 3, pp. 301–317, March 2001. Wu, Y., and Deng, R., “Scalable authentication of MPEG-4 streams,” IEEE Transactions on Multimedia, vol. 8, pp. 152–161, February 2006.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.