Difference between revisions of "Security of Scalable Multimedia Streams"

From NMSL
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
The demand for multimedia services has been rapidly increasing over the past few years. More and more users rely on multimedia services for many aspects of their daily lives, including work, education, and entertainment. This makes the security of delivering multimedia content of great importance. Therefore, we focus on providing source authentication and data integrity services for media stream, i.e., ensuring that streams being played by receivers are original and have not been tampered with by malicious attackers. Our especial focus is on scalable video streams, which are becoming very popular with respect to recent advances in scalable coding and the increasing heterogeneity among receiver devices.
+
== Overview ==
  
The typical approach for authentication of messages is the use of digital signatures. Accordingly, a naive solution for authenticating a stream may be to sign every packet. This clearly does not work in practice due to its high computational cost that is not affordable especially by receiver devices with limited capabilities. In addition to the real-time nature of the streams, the next major challenge for authentication of scalable video streams is their flexibility. The video is encoded and signed once, and there can be many valid substreams extractable from one bitstream, each of which needs to be authenticated. Furthermore, the third important issue is tolerating losses that frequently take place in transmissions, especially in wireless channels. Counteracting the impact of loss in video transmission scenarios is approached by several techniques such as Forward Error Correction (FEC), interleaved packetization, etc. This impact in case of "authenticated" video gets more highlighted due to the dependency the authentication scheme imposes on video packets, i.e., a video packet and its authentication information must both be successfully received, or the video packet is unusable.
+
The demand for multimedia services has been rapidly increasing over the past few years. More and more users rely on multimedia services for many aspects of their daily lives, including work, education, and entertainment. Multimedia content, however, is often distributed over open and insecure networks, such as the Internet. Accordingly, secure delivery of multimedia streams is an important and critical problem. Secure delivery means authenticating multimedia streams so that all receivers can ensure that the content is original and is not tampered with by any attacker.
 +
 
 +
Various challenges need to be dealt with for this purpose. First, the authentication mechanism, which can be computationally expensive, has to keep up with the online nature of the streams. Second, media content is often distributed over unreliable channels, where packet losses are not uncommon. The authentication scheme needs to function properly even in the presence of these losses. Third, media streams can be encoded in scalable (or layered) manner to accommodate heterogeneous clients and varying network conditions. In this case, the authentication scheme has to successfully verify any substream extracted from the original stream. Finally, the authentication information added to the streams should be minimized in order to avoid increasing the already-high storage and network bandwidth requirements for multimedia content.
 +
 
 +
We investigate these challenges for authentication of scalable video streams in a computationally efficient manner, with low delay and communication overhead, and high resilience against packet losses. Our main focus is on scalable videos encoded using the state-of-the-art video coding standard H.264/SVC, the Scalable Video Coding (SVC) extension of H.264/AVC video coding technique. H.264/SVC offers great flexibiliy while incurring much lower overheads compared to classic scalable coding techniques. We have designed an authentication scheme for H.264/SVC streams that supports its full flexibility: it takes into account the coding characteristics of H.264/SVC scalability model and enables verification of all possible substreams. In addition, the proposed scheme is designed for end-to-end authentication of streams. In an end-to-end authentication procedure, a content provider prepares the authenticated video and sends it to receivers, possibly through a third-party Content Delivery Network (CDN) with proxy servers that may need to adapt the flexible video streams. These proxies or any
 +
other entity involved in the delivery process do not have to understand our authentication scheme, which is an important advantage of the proposed scheme.
 +
 
 +
 
 +
 
 +
== Publications ==
 +
 
 +
* M. Hefeeda and K. Mokhtarian, [http://www.cs.sfu.ca/~mhefeeda/Papers/tomccap10_auth.pdf Authentication Schemes for Multimedia Streams: Quantitative Analysis and Comparison], ''ACM Transactions on Multimedia Computing, Communications'', and Applications, 6(1), Article 6, pp. 1--24, February 2010. 
 +
 
 +
* K. Mokhtarian and M. Hefeeda, [http://www.cs.sfu.ca/~mhefeeda/Papers/nossdav09.pdf End-to-End Secure Delivery of Scalable Video Streams], In Proc. of International workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV'09), pages 79-84, Williamsburg, VA, June 2009.
 +
 
 +
* M. Hefeeda and K. Mokhtarian, [http://www.cs.sfu.ca/~mhefeeda/Papers/pv09.pdf Analysis of Authentication Schemes for Nonscalable Video Streams], In Proc. of IEEE International Packet Video Workshop (PV'09), 10 pages, Seattle, WA, May 2009.  Slides [ [http://www.cs.sfu.ca/~mhefeeda/Talks/pv09.pptx ppt] ] [ [http://www.cs.sfu.ca/~mhefeeda/Talks/pv09.pdf pdf] ]
 +
 
 +
*  M. Hefeeda and K. Mokhtarian, '''Authentication of Scalable Multimedia Streams''', Book Chapter in ''Handbook on Security and Networks'', World Scientific Publishing Co., To appear in 2011.
 +
 
 +
 
 +
== Software ==
 +
 
 +
* '''[[svcAuth]]''': A Library for Authenticating H.264/SVC Video Streams
  
We are investigating the above three challenges and several other subtle issues for authentication of scalable video streams in an efficient manner, with low communication overhead, and without limiting the flexibility of the stream. We also performed systematic tamperings with scalable videos to justify our approaches. Our main focus is on the recent and well favored scalable video structure H.264/SVC.
 
  
  
Line 10: Line 31:
 
* [http://www.cs.sfu.ca/~mhefeeda/ Mohamed Hefeeda] (Assistant Professor)
 
* [http://www.cs.sfu.ca/~mhefeeda/ Mohamed Hefeeda] (Assistant Professor)
  
* [http://www.cs.sfu.ca/~kma26/personal/ Kianoosh Mokhtarian] (MSc Student)
+
* [http://www.cs.sfu.ca/~kma26/personal/ Kianoosh Mokhtarian] (MSc Student, Graduated Fall 2009)

Latest revision as of 16:10, 30 August 2010

Overview

The demand for multimedia services has been rapidly increasing over the past few years. More and more users rely on multimedia services for many aspects of their daily lives, including work, education, and entertainment. Multimedia content, however, is often distributed over open and insecure networks, such as the Internet. Accordingly, secure delivery of multimedia streams is an important and critical problem. Secure delivery means authenticating multimedia streams so that all receivers can ensure that the content is original and is not tampered with by any attacker.

Various challenges need to be dealt with for this purpose. First, the authentication mechanism, which can be computationally expensive, has to keep up with the online nature of the streams. Second, media content is often distributed over unreliable channels, where packet losses are not uncommon. The authentication scheme needs to function properly even in the presence of these losses. Third, media streams can be encoded in scalable (or layered) manner to accommodate heterogeneous clients and varying network conditions. In this case, the authentication scheme has to successfully verify any substream extracted from the original stream. Finally, the authentication information added to the streams should be minimized in order to avoid increasing the already-high storage and network bandwidth requirements for multimedia content.

We investigate these challenges for authentication of scalable video streams in a computationally efficient manner, with low delay and communication overhead, and high resilience against packet losses. Our main focus is on scalable videos encoded using the state-of-the-art video coding standard H.264/SVC, the Scalable Video Coding (SVC) extension of H.264/AVC video coding technique. H.264/SVC offers great flexibiliy while incurring much lower overheads compared to classic scalable coding techniques. We have designed an authentication scheme for H.264/SVC streams that supports its full flexibility: it takes into account the coding characteristics of H.264/SVC scalability model and enables verification of all possible substreams. In addition, the proposed scheme is designed for end-to-end authentication of streams. In an end-to-end authentication procedure, a content provider prepares the authenticated video and sends it to receivers, possibly through a third-party Content Delivery Network (CDN) with proxy servers that may need to adapt the flexible video streams. These proxies or any other entity involved in the delivery process do not have to understand our authentication scheme, which is an important advantage of the proposed scheme.


Publications

  • M. Hefeeda and K. Mokhtarian, Authentication of Scalable Multimedia Streams, Book Chapter in Handbook on Security and Networks, World Scientific Publishing Co., To appear in 2011.


Software

  • svcAuth: A Library for Authenticating H.264/SVC Video Streams


People