Encryption of MPEG Video Streams Habib Mir M. Hosseini, Pong Mee Tan

School of Electrical and Electronic Engineering, Nanyang Technological University Singapore 639798

Abstract- Security is an important issue for video streaming applications. Unauthorized access and duplication of copyrighted content is almost inevitable. Hence, service providers are often fearful to offer digital multimedia content. Encryption provides a secure video transmission over the network. Real-time encryption scrambles the video data in real-time. In this paper, we will propose a framework for secure MPEG video streaming. The system will support multiple communication modes. An overview of the system structure, requirements and experimental results on different fast encryption algorithms will be presented and discussed.

I. INTRODUCTION

A. Demands for Video Security The development of digital video and networking

technology has made it possible to use digital video for many telecommunication applications, such as video-on-demand, video broadcast, etc. However, the problem of unauthorized access, copying and/or redistributing the digital data has caused serious legal, social and economic effects. The new rapidly evolving technology has raised many issues such as the security of multimedia, copyright protection, and management of digital rights. Apparently, the need to provide a secure means of digital video delivery is urgent.

B. Multimedia Encryption Unlike plain text, encryption of multimedia data, including

compressed audio and video, has its own unique properties. First, size of multimedia data is very large. The video CODEC, storage systems, and network communications have to bear a great burden when processing the huge volume of data. Second, encryption needs to be done in real time. Heavy-weight encryption algorithms (during or after the encoding phase) will aggregate the problem and increase the latency, and are likely to become a performance bottleneck for multimedia applications. Third, multimedia data is time-dependent and must be well synchronized. Encryption must be done within time restrictions and keep temporal relations among multimedia streams intact. These three facts add the difficulty of multimedia data encryption.

Traditional cryptography techniques encrypt the entire MPEG bit-stream like plain text. The Naive algorithm approach encrypts the entire MPEG stream using standard encryption methods such as DES [1]. The padding algorithm encrypts only one half of a frame with DES/IDEA, and encrypts the other half of the frame with “one-time pad” generated from that frame [2]. The pure permutation algorithm simply scrambles the MPEG bit stream by permutation. The cardinality of the permutation key can be varied depending on the security level and the application

requirement. The bigger the cardinality is, the higher security level can be achieved. Zigzag-Permutation Algorithm [6], [7] presents a method where the encryption is an integral part of the MPEG compression process. The basic idea is that, instead of mapping the 8x8 block to a 1x64 vector in “zigzag” order, it uses a random permutation list to map the individual 8x8 block to a 1x64 vector within the MPEG compression process.

Adaptive, content-based multimedia encryption applies the latest encryption algorithms to specific portions of the content. Portions are selected based on quality, semantics or even objects of the multimedia scene. This partial encrypting of MPEG bit-stream offers faster speed to secure real-time MPEG transmission, which reduces the computation complexity. There are several proposals which take into account some characteristics of MPEG layered structures [3], [4], and [5]. These algorithms all fall into the category of selective algorithms.

II. PROPOSED PROXY-BASED INFRASTRUCTURE

A. Secure MPEG Delivery Framework The proposed system architecture for secure MPEG

delivery is shown in Figure 1. First client and server establish a common secret key by the key management system. Then, server begins to transmit encrypted video to the client. Encryption and decryption are done at server and client side, respectively.

We have implemented a 3-tier structure (server-proxy-client), which includes an “Encryption Proxy” server in-between the streaming server and clients. The basic structure of the system is shown in Figure 2.

Figure 1: Secure MPEG video delivery over Internet.

The main task of the proxy server is to intercept the video that is streamed by the video server and encrypt it before

1-4244-0549-1/06/$20.00 ©2006 IEEE.

sending it to the client. Apparently, the interception and encryption procedures must be fast enough so as not to affect the smooth streaming of the video data between the server and client. Ideally, the proxy should achieve that it acts to be transparent for both the video server and clients. This video delivery structure can work with any type of standard streaming video server, as no modification is needed in the video server.

Figure 2: Proxy-based delivery system.

B. Video Encryption Process Figure 3 shows how the proxy server intercepts and

encrypts the video stream. The proxy intercepts the RTP payloads of video stream and buffers a whole frame before starting the encryption process. After encryption, the encrypted frame is re-assembled back to RTP payload format and is sent to the client.

Figure 3: Encryption process.

III. VIDEO STREAM ENCRYPTION

In this section we review different encryption algorithms we have used in our system.

A. Naïve Encryption Algorithm We have used Data Encryption Standard (DES) [8] as the

default encryption engine when encrypting the whole stream and also in some of our selective encryption techniques. The DES algorithm specification was published in January 1977, and became a very widely employed algorithm. DES encrypts and decrypts data in 64-bit blocks, using a 64-bit key. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm, DES is both a block cipher and a product cipher. DES has 16 rounds, meaning that the main algorithm is repeated 16 times

to produce the cipher text. Although the input key for DES is 64 bits (8 bytes) long, the actual key used by DES is only 56 bits in length. The least significant (right-most) bit in each byte is a parity bit, and only the seven most significant bits of each byte are used. DES is considered with high security for most applications. We have used DES for Encryption of the Whole Stream Algorithm (EWA). The encryption program encrypts the payload of all RTP packets it receives.

B. Selective Algorithms In selective algorithms, encryption is applied only to

specific portions of the content. Portions are selected based on quality, semantics or even objects of the multimedia scene. As shown in Figure 4, partial encrypting video bit-stream offers faster speed to secure real-time MPEG transmission, which reduces the computation complexity.

Figure 4: Selective MPEG Encryption.

We will now review of the selective encryption algorithms we have used in our system.

Encryption of the I-frame Algorithm (EIA):

The basic idea for selective encryption algorithms is to only encrypt the information of the stream with the highest information contents [3]. Encryption of the I-frame Algorithm (EIA) is a basic selective algorithm based on the MPEG I-P-B frame structure. It only encrypts the I-frames, as conceptually P and B frames are useless without knowing the corresponding I frames. In our experiment, the Picture-Type bits in RTP header are checked to decide whether or not to encrypt the packet.

Encryption of the MPEG Header Algorithm (EHA):

The Encryption of the MPEG Header Algorithm (EHA) was proposed by [5], and it only encrypts MPEG video headers. The MPEG video headers include SEQUENCE, GROUP OF PICTURE, PICTURE, and SLICE. In RTP based delivery system, the sequence header of the MPEG video stream will always be at the beginning of an RTP payload. Group of picture header will always be at the beginning of the RTP payload, or will follow a sequence header. A picture header will always be at the beginning of a RTP payload, or will follow a GOP header. It means all kinds of MPEG headers are only present at the very beginning of each RTP payload. This information will help the player to synchronize while decrypting the video stream.

VLC Permutation Algorithm:

As an alternative to zigzag permutation, we attempted to directly scramble the video stream at VLC level, as shown in Figure 5. The Variable Length Coding (VLC) is a statistical coding technique that assigns codeword to values to be encoded.

Figure 5: Example of VLC Permutation.

Permutation at the VLC level is very fast and it suits the real time requirement at the proxy server. The reason is that there is no need for decompression or compression and also the encryption process does not involve heavy mathematical calculations. As the number of VLCs in each block is different, we have to arrange different secret key for all of the possibilities.

IV. RESULTS AND DISCUSSION

In this section we provide the experimental results for the performance of the proxy server. In these experiments, the proxy server concurrently encrypts the video streams delivered to multiple clients. We have used two different MPEG video clips named Antenna, and Castle. They have been carefully selected based on their characteristics. Antenna is a cluster of fast moving antennas. Castle is an overlook from a helicopter of a scene of castles, in which pictures move rapidly. Some characteristics about these samples are presented in Table 1.

TABLE I STATISTICS OF MPEG SAMPLE FILES

ANTENNA CASTLE

Size (MB) 4.70 4.73

Bit rate (bps) 1353 1600

Playing time (seconds) 28 24

I-frame data volume percentage (%)

15.82 31.76

Figures 6, 7 and 8 show the processing delays at the proxy server for different video samples. For Antenna video, EWA algorithm introduces the largest delay, as it encrypts the whole stream. EIA has the best performance, as I-frames of Antenna occupy only 15.8% of the file compared to other video clips. EHA‘s performance is close to EIA. The delay

introduced by the encryption at the proxy server is negligible when number of concurrent clients is relatively small.

Figure 6: Delay for the Antenna video.

For the Castle video, the EHA algorithm outperforms the EIA because I-frames of Castle occupy about 31.8% of the file.

Figure 7: Delay for the Castle video.

The experimental results for VLC permutation show that, on average, it takes about 9 milliseconds for a frame to be encrypted at the proxy server. Considering that the delay will not be accumulated, the client will only start to receive the stream slightly delayed. This means that introducing the encryption proxy will not affect the stream delivery. Although the permutation of VLC is very fast, but the security of this algorithm depends on the number of VLCs in blocks. For those videos that are highly compressed and the number of VLC per block is not that big, it will be easy to attack and decrypt the stream and the technique does not look very secure. For example, one of the samples we used in our experiments has a distribution of VLC as shown in Figure 8. As the numbers of block with one or two VLC are

large, the VLC permutation technique cannot highly encrypt the data and the video is still perceivable.

In order to reduce the dependency of the VLC permutation algorithm to the number of VLCs in a block, we can extend the permutation of the VLC to a macro-block. In this method, instead of permuting VLCs in a block the permutation happens at the macro-block VLCs.

Figure 8: Distribution of VLCs for sample video.

V. CONCLUSIONS

In this paper, we have introduced a proxy-based system for secure delivery of video streams. The features of the proposed system for secure MPEG video streaming system are as follows:

(1) It supports multiple communication modes such as multi-unicast, multicast and broadcast for different application needs.

(2) It could adopt many MPEG video encryption algorithms. Through performance analysis, we have concluded that these algorithms achieve an acceptable quality of service and are suitable for different security level of video and available computing resource.

(3) The object-oriented design strategy facilitates incorporating new MPEG video security algorithms into the system.

(4) It makes use of a secure key management scheme.

We have also introduced a VLC permutation encryption algorithm which is very fast algorithm.

REFERENCES

[1] I. Agi and L. Gong, “An Empirical study of Mpeg Video Transmissions”, In Proceedings of the Internet Society Symposium on Network and Distributed System Security, San Diego, CA, Feb 1996, pp. 137-144.

[2] W. Strallings, “Cryptography and Network Security: Principle and Practice”, Prentice Hall International, Inc, 1999.

[3] Y. Li, Z. Chen, S. Tan, and R. Campbell, “Security enhanced MPEG player”, In Proceeding of IEEE First International Workshop on Multimedia Software Development (MMSD’96), Berlin, Germany, Mar 1996.

[4] T. B. Maples and G. A. Spanos. “Performance Study of a Selective Encryption Scheme for the Security of Networked, Real-time Video”, In Proceeding of 4th International Conference on computer Communications and Networks, Las Vegas, Nevada, Sep 1995.

[5] J. Meyer and F. Gadegast, “Security Mechanisms for Multimedia Data with the Example MPEG-1 Video”, Proj. description of SECMPEG, Tech. Univ. of Berlin, Germany, May 1995.

[6] L. Qiao and K. Nahrstedt, "Comparison of MPEG encryption algorithms," Inter. Journal on Computer &Graphics, Special Issue on Data Security in Image Comm, and Network, Vol. 22, No. 3, 1998.

[7] L. Qiao and K. Nahrstedt, “Is MPEG Encryption by using Random List instead of Zigzag Order Secure?” IEEE international Symposium on Consumer Electronics, Singapore, Dec 1977, pp. 226-229.

[8] Data Encryption Standard (DES), Federal Information Processing Standards Publications, Jan 1977.