Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu.
-
date post
22-Dec-2015 -
Category
Documents
-
view
221 -
download
1
Transcript of Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu.
Scalable Authentication of MPEG-4 Streams
Yongdong Wu & Robert H. Deng
present: Yu-Song Syu
outline
Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
Motivation
MPEG-4: a state-of-the-art technology DMIF – generic platform FGS – flexible multimedia distribution IPMP – secure delivery framework
Authentication isn’t provided in IPMP
3 authentication schemes are presented
Related Works Layer-based Priority
best possible quality for each video object Object-based Priority
Different importance => different quality A straightforward authentication
Append a digital signature to each packet High computation Large communication overhead
Related Works
SAIDA reduces space overhead and increase tolerance of packet loss Improved to reduce the packet
overhead by Pannetrat in 2003 A watermark based stream
authentication scheme rejects malicious tempering
outline
Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
Preliminaries
One-way Hash Function Digital Signature The Merkle Hash Tree Erasure Correction Coding Syntactic Structure of MPEG-4
One-Way Hash Function
Converting a variable-length string to a fixed-length output string
Hash value: H(m) m: pre-image
Hard to find the pre-image from a known hash value
Digital Signature
Authenticating the integrity of a signed message as well as its origin
pubisher client
σ
Ke
m: message to sendKs: private key
σ = Sign(Ks, m)publish receive Verify received words by:
σ = Veri(m, σ, Ke )
The Merkle Hash Tree
A client requests for n3 and needs the authentication
Source also sends d4, hA, and hF
Client computes d3 and H(H(hA||H(d3||d4))||hF)
Erasure Correction Coding
U=mG m=m1, m2, … , mk
U=u1, u2, …, un
n-k bits of parity Error correction
ability: dmin-1
Ref. Digital: Communications, Bernard Sklar
Syntactic Structure of MPEG-4
Each object layer has a priority to represent its importance
The base layer has the highest priority
Other layers (enhancement layers) have progressively lower priorities
outline
Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
Content distribution framework
Problem Definition
Packet loss comes from: A proxy discards unimportant content
intentionally so as to meet the network a& client device requirements
A router discards packets due to network limitation
A receiver discards packets failing checksum verifications
Problem Definition A stream authentication scheme should:
Reduce the computational & communication cost?
Increase the probability of successful authentication in case of packet loss
Manage data removal at proxies so as to allow successful authentication
Overview of the Proposed Schemes
Objects Encode Pack Sign
Down-scale
Down-scale
Decode UnPack VerifyTrustedObjects
Proxies
outline
Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
Packaging an Object Group Visual objects are
encapsulated into n packets
Each row stands for one Visual Object Layer
: parity unit
Generating Signature on an Object Group
hi = HLi1⊕ HLi2⊕ … ⊕ HLil HLij = H(Pij||j), j=1, 2, … l Packet hash of Pi:
gi = H(hi||i)
Hash value of group G: hG = H(g1||g2||…||gn||GID||SID) GID: group ID SID: stream ID
σ = Sign(Ks, hG)
Encoding & Encapsulating
X = (h1,h2,…,hn,x1,…xn-k)
= Enc2n-k,k(h1,h2,…hn) Divide X into k symbols yi∈GF(2w2) Cr = Encn,k(y1,y2,…yk) = r1,…,rk
Integrity units Cs = Encn,k(σ1, σ2,…σn) = σ1,…,σn
signature units Append ri & si to the original packet Pi
Appending
Down-Scaling Objects Layer t+1 ~ layer l are
discarded by proxies, a patch e would be inserted
ei= HLit+1⊕HLit+2⊕…
⊕HLil
Verifying Packets
Only k packets are rcv’d yi,…yk=Decn,k(r1,…rk) h1,…hn=HLi1⊕…HLik⊕ei
i = 1, 2, …, k gi = H(hi||i) hG=H(g1||g2||…gn||GID||SID) σ= Dec(s1,…,sk) Veri(hG,σ,Ke)
outline
Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
PAS
Securer than FAS Discuss later
Assuming that layer i has higher priority than layer i+1 ,i = 1, 2, …, l
Almost the same as FAS
Differences Generating signature
gi=H(H(Pi1||H(Pi2||H(…||H(Pil))))||i) gi=H(H(Pi1||1)⊕H(Pi2||2) ⊕…⊕H(Pil||l) || i)
Down-Scaling Objects ei=H(Pit+1||H(Pit+2||H(…||H(Pil)))) ei= HLit+1⊕HLit+2⊕…⊕HLil
Verifying Packets gi=H(H(Pi1||H(Pi2||…)||ei) || i) gi=H( (HLi1⊕…HLik⊕ei) || i)
outline
Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
HAS
Generating Signature Compute hash value D of leaf
nodes: D=HLij=H(Pij||j), j=1,2,…,l
For nonleaf nodes hash value Ni= H(D1 || D2 || … || Dc)
For example, Bj is a node in Fig.10
Generating Signature (cont’)
Finally, the object group hash is: hG=H(g1 || g2 || … || gn || GID || SID)
σ=Sign(Ks,hG) The rest part is the same as FAS
Down-Scaling
Verifying Packets
Hash value gi is computed by client according to
All the same as FAS
outline
Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
Authentication Probability
Security & Computational Cost
Security HAS > PAS > FAS
Computational cost of the producer is the highest
For example, in RSA scheme, the verification time is only 4% of the signature generation time when Ke=17
outline
Introduction Preliminaries Framework of Proposed Schemes Flat Authentication Scheme Progressive Authentication Scheme Hierarchical Authentication Scheme Security & Performance Conclusion
conclusion 3 schemes of authentication
FAS provided the max flexibility PAS has stronger security strength but
requires that data is totally ordered HAS is secure against active attacks
and has low authentication overhead Sign once, verify many ways Future work:
To minimize buffer space in client devices