School of Computing Science Simon Fraser University, Canada
28
Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada End-to-End Secure Delivery of Scalable Video Streams Mohamed Hefeeda (Joint work with Kianoosh Mokhtarian) 5 June 2009 NOSSDAV 2009
description
School of Computing Science Simon Fraser University, Canada. End-to-End Secure Delivery of Scalable Video Streams Mohamed Hefeeda (Joint work with Kianoosh Mokhtarian) 5 June 2009 NOSSDAV 2009. Motivations. Increasing demand for multimedia services - PowerPoint PPT Presentation
Transcript of School of Computing Science Simon Fraser University, Canada
Mohamed Hefeeda 1
School of Computing ScienceSimon Fraser University, Canada
End-to-End Secure Delivery of Scalable Video Streams
Mohamed Hefeeda(Joint work with Kianoosh Mokhtarian)
5 June 2009NOSSDAV 2009
Mohamed Hefeeda
Motivations
Increasing demand for multimedia services Content often transported over open and insecure
networks (Internet) Many applications require secure delivery of content
- Videos for: surveillance, documentary, political debates, …
Secure delivery = Ensuring authenticity of content Detect any malicious tampering
- Removing, inserting, or modifying and portions of content
Allow legitimate adaptation- Different frame rates, resolutions, quality levels
2
Mohamed Hefeeda
Our Work
New authentication scheme for scalable video streams- End-to-end: transparent to proxies/CDN servers No need to
trust third-parties or distribute keys- Ensures authenticity of any substream
Focus on most flexible, recent, scalable streams- 3-d scalability (at the same time)- e.g., H.264/SVC
svcAuth: Open-source authentication library (Java)- for H.264/SVC
3
Mohamed Hefeeda
Outline
Brief background- Scalable streams (old and recent)- Previous authentication works
Overview of the proposed authentication scheme Performance evaluation Conclusion
4
Mohamed Hefeeda
Background: Scalable Streams
Scalable coding: encode once, decode in many ways- Spatial, temporal, and
quality scalability- Heterogeneous receivers- Varying network
conditions- Coding efficiency penalty
Traditional scalable (layered) video streams- 1 Base layer, 0+
enhancement layers- 1-d scalability- Cumulative layers
5
Base layer
Enhancement layer 1
Enhancement layer 2
Enhancement layer N
Mohamed Hefeeda
Recent Scalable Streams (H.264/SVC)
Higher flexibility, yet with higher coding efficiency
3-d scalability - three types at same time
Very flexible adaptation and truncation
more challenging to authenticate
6
Mohamed Hefeeda
Recent Scalable Streams (H.264/SVC)
Non-cumulative Video packet-level truncation inside quality layers
7
Mohamed Hefeeda
Previous Work
Only for traditional 1-d scalable streams
Two main approaches: - Based on hash chaining [Skraparlis 03, Yu 04]- Based on Merkle hash trees [Kaced 06, Gentry 06, Wu 06]
Can not support flexibility of recent 3-d scalable streams
8
Mohamed Hefeeda
Previous Work: Hash Chaining
Assumes cumulative and complete layers
Base layer
Enhancement layer 1
Enhancement layer 2
Frame 1
Hash
Hash
Hash
Base layer
Enhancement layer 1
Frame 2
Hash
Hash
Hash
Enhancement layer 3
Hash Enhancement layer 2
Enhancement layer 3
Hash
9
Mohamed Hefeeda
Previous Work: Merkle Hash Trees
Requires trust/cooperation of proxies/CDN serves not end-to-end
Assumes complete layers
Layer 1
Layer 2
Layer 3
Layer 0
Layer 1
Layer 2
Layer 3
Layer 0
Layer 1
Layer 2
Layer 3
Layer 0
Layer 1
Layer 2
Layer 3
Layer 0
10
Mohamed Hefeeda 11
H.264/SVC: Spatial and Quality Scalability
Spatial scalability- Dependency between layers is a
DAG; not simple chain
Quality scalability- Coarse-Grained Scalability (CGS)
• Layer-level granularity- Medium-Grained Scalability (MGS)
• Packet-level granularity
Mohamed Hefeeda 12
H.264/SVC: Temporal Scalability
Hierarchical B-pictures in Group-of-Pictures (GoP)
1
5
4
6
3
8
7
9
2Temporallayer 0
GoP
Temporallayer 3
Temporallayer 2
Temporallayer 1
1 2 3 4 5 6 7 8 9
. . . . . .
Mohamed Hefeeda 13
H.264/SVC: Stream Structure
Stream: sequence of GoPs GoP: set of video frames Video frame: multiple spatial layers Spatial layer: multiple CGS quality layers CGS quality layer: multiple MGS quality layers MGS quality layer: multiple video packets
Mohamed Hefeeda 14
Proposed Scheme: Overview
Content provider- Generate auth info bottom up (packets, MGS, CGS, …, GoP)- Auth info is embedded into video stream- Transparent to third-party proxies
Receivers- Verify substreams if their corresponding auth info received- Digests are re-computed and compared
Mohamed Hefeeda 15
Proposed Scheme: Overview
Authenticating MGS quality layers
: MGS packet
: MGS layer
: HashingFrame digest
: Hash value
: Video frame
Spatial orCGS layer:
Mohamed Hefeeda 16
Proposed Scheme: Overview
Authenticating MGS layers of a CGS/spatial layer
: MGS packet
: MGS layer
: HashingFrame digest
: Hash value
: Video frame
Spatial orCGS layer:
Mohamed Hefeeda 17
Proposed Scheme: Overview
Authenticating video frame
: MGS packet
: MGS layer
: HashingFrame digest
: Hash value
: Video frame
Spatial orCGS layer:
Mohamed Hefeeda 18
Proposed Scheme: Overview
Authenticating temporal layers
FEC
FEC
Temporallayer 4
GoP
FEC
FEC
GoP digest
Temporallayer 0
Temporallayer 1
Temporallayer 2
Temporallayer 3
Mohamed Hefeeda 19
Proposed Scheme: Overview
Authenticating a sequence of GoPs- GoP blocks (individually signed)- Auth info of any GoP suffices for the block
GoP n
AuthInfo
GoP 1
AuthInfo
Digital SignatureHash AuthInfo
GoP digest GoP digest
Mohamed Hefeeda 20
Analysis and Evaluation
Security analysis- Theorem: Proposed scheme ensures authenticity of any valid
substream
Simulation Setup- Simulate streaming 1-Mbps video over lossy network channel- Video: 4 temporal, 1 spatial, 2 CGS (each has 3 MGS) layers
CIF, 30 fps, 40 dB (Y-PSNR)
Performance metrics- Computation cost- Delay and buffering requirements- Robustness against packet losses- Communication overhead
Mohamed Hefeeda 21
Evaluation: Computation Cost
n adjusts computation cost ~ delay
Mohamed Hefeeda 22
Performance Evaluation: Delay/Buffer
Server-side delay- Generating a block of n GoPs
Receiver-side delay- Typically zero; few GoPs if high loss rate
Total delay- n GoPs for live streaming- Negligible for on-demand
Buffer required- Few GoPs if high loss rate
Mohamed Hefeeda 23
Performance Evaluation: Delay/Buffer
Delay for live-streaming
Mohamed Hefeeda 24
Performance Evaluation: Delay/Buffer
Delay ~ computation cost Buffer required: n GoPs worst case (< 1 MB)
Mohamed Hefeeda 25
Evaluation: Communication Overhead
Communication overhead impact: ~ 1 dB at most (< 8%)
Mohamed Hefeeda 26
Performance Evaluation: Loss Resilience
Quality reduced by communication overhead: ~ 1 dB Quality reduced by increase in loss impact: Marginal
Mohamed Hefeeda 27
Conclusion and Future Work
New scalable video streams offer high flexibility- 3-d scalability (temporal, spatial, quality)
Current authentications schemes do not support such flexibility
Proposed new authentication scheme - Supports full flexibility (H.264/SVC)- End-to-end authentication- Low overheads (delay, buffering, computation, …)
Future work- Further reduce communication overhead- Release svcAuth library
