Security of Scalable Multimedia Streams

Overview

The demand for multimedia services has been rapidly increasing over the past few years. More and more users rely on multimedia services for many aspects of their daily lives, including work, education, and entertainment. Multimedia content, however, is often distributed over open and insecure networks, such as the Internet. Accordingly, secure delivery of multimedia streams is an important and critical problem. Secure delivery means authenticating multimedia streams so that all receivers can ensure that the content is original and is not tampered with by any attacker.

Various challenges need to be dealt with for this purpose. First, the authentication mechanism, which can be computationally expensive, has to keep up with the online nature of the streams. Second, media content is often distributed over unreliable channels, where packet losses are not uncommon. The authentication scheme needs to function properly even in the presence of these losses. Third, media streams can be encoded in scalable (or layered) manner to accommodate heterogeneous clients and varying network conditions. In this case, the authentication scheme has to successfully verify any substream extracted from the original stream. Finally, the authentication information added to the streams should be minimized in order to avoid increasing the already-high storage and network bandwidth requirements for multimedia content.

We investigate these challenges for authentication of scalable video streams in a computationally efficient manner, with low delay and communication overhead, and high resilience against packet losses. Our main focus is on scalable videos encoded using the state-of-the-art video coding standard H.264/SVC, the Scalable Video Coding (SVC) extension of H.264/AVC video coding technique. H.264/SVC offers great flexibiliy while incurring much lower overheads compared to classic scalable coding techniques. We have designed an authentication scheme for H.264/SVC streams that supports its full flexibility: it takes into account the coding characteristics of H.264/SVC scalability model and enables verification of all possible substreams. In addition, the proposed scheme is designed for end-to-end authentication of streams. In an end-to-end authentication procedure, a content provider prepares the authenticated video and sends it to receivers, possibly through a third-party Content Delivery Network (CDN) with proxy servers that may need to adapt the flexible video streams. These proxies or any other entity involved in the delivery process do not have to understand our authentication scheme, which is an important advantage of the proposed scheme.

Publications

• M. Hefeeda and K. Mokhtarian, Authentication Schemes for Multimedia Streams: Quantitative Analysis and Comparison, ACM Transactions on Multimedia Computing, Communications, and Applications, 6(1), Article 6, pp. 1--24, February 2010.

• K. Mokhtarian and M. Hefeeda, End-to-End Secure Delivery of Scalable Video Streams, In Proc. of International workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV'09), pages 79-84, Williamsburg, VA, June 2009.

• M. Hefeeda and K. Mokhtarian, Analysis of Authentication Schemes for Nonscalable Video Streams, In Proc. of IEEE International Packet Video Workshop (PV'09), 10 pages, Seattle, WA, May 2009. Slides [ ppt ] [ pdf ]

• M. Hefeeda and K. Mokhtarian, Authentication of Scalable Multimedia Streams, Book Chapter in Handbook on Security and Networks, World Scientific Publishing Co., To appear in 2011.

Software

• svcAuth: A Library for Authenticating H.264/SVC Video Streams

People

• Mohamed Hefeeda (Assistant Professor)

• Kianoosh Mokhtarian (MSc Student, Graduated Fall 2009)