Download presentation
Presentation is loading. Please wait.
1
Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu
2
outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
3
Motivation MPEG-4: a state-of-the-art technology DMIF – generic platform FGS – flexible multimedia distribution IPMP – secure delivery framework Authentication isn ’ t provided in IPMP 3 authentication schemes are presented
4
Related Works Layer-based Priority best possible quality for each video object Object-based Priority Different importance => different quality A straightforward authentication Append a digital signature to each packet High computation Large communication overhead
5
Related Works SAIDA reduces space overhead and increase tolerance of packet loss Improved to reduce the packet overhead by Pannetrat in 2003 A watermark based stream authentication scheme rejects malicious tempering
6
outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
7
Preliminaries One-way Hash Function Digital Signature The Merkle Hash Tree Erasure Correction Coding Syntactic Structure of MPEG-4
8
One-Way Hash Function Converting a variable-length string to a fixed-length output string Hash value: H(m) m: pre-image Hard to find the pre-image from a known hash value
9
Digital Signature Authenticating the integrity of a signed message as well as its origin pubisherclient σ KeKe m: message to send K s : private key σ = Sign(K s, m) publishreceive Verify received words by: σ = Veri(m, σ, K e )
10
The Merkle Hash Tree A client requests for n 3 and needs the authentication Source also sends d 4, h A, and h F Client computes d 3 and H(H(h A ||H(d 3 ||d 4 ))||h F )
11
Erasure Correction Coding U=mG m=m 1, m 2, …, m k U=u 1, u 2, …, u n n-k bits of parity Error correction ability: d min -1 Ref. Digital: Communications, Bernard Sklar
12
Syntactic Structure of MPEG-4 Each object layer has a priority to represent its importance The base layer has the highest priority Other layers (enhancement layers) have progressively lower priorities
13
outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
14
Content distribution framework
15
Problem Definition Packet loss comes from: A proxy discards unimportant content intentionally so as to meet the network a& client device requirements A router discards packets due to network limitation A receiver discards packets failing checksum verifications
16
Problem Definition A stream authentication scheme should: Reduce the computational & communication cost? Increase the probability of successful authentication in case of packet loss Manage data removal at proxies so as to allow successful authentication
17
Overview of the Proposed Schemes Objects EncodePackSign Down-scale DecodeUnPackVerify Trusted Objects Proxies
18
outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
19
Packaging an Object Group Visual objects are encapsulated into n packets Each row stands for one Visual Object Layer : parity unit
20
Generating Signature on an Object Group h i = HLi 1 ⊕ HLi 2 ⊕ … ⊕ HLi l HLi j = H(Pi j ||j), j=1, 2, … l Packet hash of Pi: g i = H(h i ||i) Hash value of group G: h G = H(g 1 ||g 2 || … ||g n ||G ID ||S ID ) G ID : group ID S ID : stream ID σ = Sign(K s, h G )
21
Encoding & Encapsulating
22
X = (h 1,h 2, …,h n,x 1, … x n-k ) = Enc 2n-k,k (h 1,h 2, … h n ) Divide X into k symbols y i ∈ GF(2 w2 ) C r = Enc n,k (y 1,y 2, … y k ) = r 1, …,r k Integrity units C s = Enc n,k ( σ 1, σ 2, …σ n ) = σ 1, …, σ n signature units Append r i & s i to the original packet P i
23
Appending
24
Down-Scaling Objects Layer t+1 ~ layer l are discarded by proxies, a patch e would be inserted e i = HLi t+1 ⊕ HLi t+2 ⊕ … ⊕ HLi l
25
Verifying Packets Only k packets are rcv’d y i, … y k =Dec n,k (r 1, … r k ) h 1, … h n =HLi 1 ⊕ … HLi k ⊕ e i i = 1, 2, …, k g i = H(h i ||i) h G =H(g 1 ||g 2 ||…g n ||G ID ||S ID ) σ= Dec(s 1,…,s k ) Veri(h G,σ,K e )
26
outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
27
PAS Securer than FAS Discuss later Assuming that layer i has higher priority than layer i+1,i = 1, 2, …, l Almost the same as FAS
28
Differences Generating signature g i =H(H(Pi 1 ||H(Pi 2 ||H( … ||H(Pi l ))))||i) g i =H(H(Pi 1 ||1) ⊕ H(Pi 2 ||2) ⊕ … ⊕ H(Pi l ||l) || i) Down-Scaling Objects e i =H(Pi t+1 ||H(Pi t+2 ||H( … ||H(Pi l )))) e i = HLi t+1 ⊕ HLi t+2 ⊕ … ⊕ HLi l Verifying Packets g i =H(H(Pi 1 ||H(Pi 2 ||…)||e i ) || i) g i =H( (HLi 1 ⊕ … HLi k ⊕ e i ) || i)
29
outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
30
HAS
31
Generating Signature Compute hash value D of leaf nodes: D=HLi j =H(Pi j ||j), j=1,2, …,l For nonleaf nodes hash value N i = H(D 1 || D 2 || … || D c ) For example, B j is a node in Fig.10
32
Generating Signature (cont ’ ) Finally, the object group hash is: h G =H(g 1 || g 2 || … || g n || G ID || S ID ) σ =Sign(K s,h G ) The rest part is the same as FAS
33
Down-Scaling
34
Verifying Packets Hash value g i is computed by client according to All the same as FAS
35
outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
36
Authentication Probability
37
Security & Computational Cost Security HAS > PAS > FAS Computational cost of the producer is the highest For example, in RSA scheme, the verification time is only 4% of the signature generation time when K e =17
38
outline Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
39
conclusion 3 schemes of authentication FAS provided the max flexibility PAS has stronger security strength but requires that data is totally ordered HAS is secure against active attacks and has low authentication overhead Sign once, verify many ways Future work: To minimize buffer space in client devices
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.