Download Scalable_Authentication_of_MPEG

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
Document related concepts
no text concepts found
Transcript 
Scalable Authentication of
MPEG-4 Streams
Yongdong Wu & Robert H. Deng
present: Yu-Song Syu
outline








Introduction
Preliminaries
Framework of Proposed Schemes
Flat Authentication Scheme
Progressive Authentication Scheme
Hierarchical Authentication Scheme
Security & Performance
Conclusion
Motivation

MPEG-4: a state-of-the-art technology





DMIF – generic platform
FGS – flexible multimedia distribution
IPMP – secure delivery framework
Authentication isn’t provided in IPMP
3 authentication schemes are presented
Related Works

Layer-based Priority


Object-based Priority


best possible quality for each video object
Different importance => different quality
A straightforward authentication



Append a digital signature to each packet
High computation
Large communication overhead
Related Works

SAIDA reduces space overhead and
increase tolerance of packet loss


Improved to reduce the packet overhead
by Pannetrat in 2003
A watermark based stream
authentication scheme rejects malicious
tempering
outline








Introduction
Preliminaries
Framework of Proposed Schemes
Flat Authentication Scheme
Progressive Authentication Scheme
Hierarchical Authentication Scheme
Security & Performance
Conclusion
Preliminaries





One-way Hash Function
Digital Signature
The Merkle Hash Tree
Erasure Correction Coding
Syntactic Structure of MPEG-4
One-Way Hash Function


Converting a variable-length string to a
fixed-length output string
Hash value: H(m)


m: pre-image
Hard to find the pre-image from a
known hash value
Digital Signature

Authenticating the integrity of a signed
message as well as its origin
m: message to send
Ks: private key
σ = Sign(Ks, m)
pubisher
σ
publish
receive
Ke
Verify received words by:
σ = Veri(m, σ, Ke )
client
The Merkle Hash Tree



A client requests for n3 and
needs the authentication
Source also sends d4, hA,
and hF
Client computes d3 and
H(H(hA||H(d3||d4))||hF)
Erasure Correction Coding

U=mG




m=m1, m2, … , mk
U=u1, u2, …, un
n-k bits of parity
Error correction
ability: dmin-1
Ref. Digital: Communications, Bernard Sklar
Syntactic Structure of MPEG-4



Each object layer has a
priority to represent its
importance
The base layer has the
highest priority
Other layers
(enhancement layers)
have progressively
lower priorities
outline








Introduction
Preliminaries
Framework of Proposed Schemes
Flat Authentication Scheme
Progressive Authentication Scheme
Hierarchical Authentication Scheme
Security & Performance
Conclusion
Content distribution framework
Problem Definition

Packet loss comes from:



A proxy discards unimportant content
intentionally so as to meet the network a&
client device requirements
A router discards packets due to network
limitation
A receiver discards packets failing
checksum verifications
Problem Definition

A stream authentication scheme should:



Reduce the computational & communication cost?
Increase the probability of successful authentication
in case of packet loss
Manage data removal at proxies so as to allow
successful authentication
Overview of the Proposed Schemes
Objects
Encode
Pack
Sign
Down-scale
Proxies
Down-scale
Trusted
Objects
Decode
UnPack
Verify
outline








Introduction
Preliminaries
Framework of Proposed Schemes
Flat Authentication Scheme
Progressive Authentication Scheme
Hierarchical Authentication Scheme
Security & Performance
Conclusion
Packaging an Object Group



Visual objects are
encapsulated into n
packets
Each row stands for
one Visual Object
Layer
: parity unit
Generating Signature on an
Object Group



hi = HLi1⊕ HLi2⊕ … ⊕ HLil
HLij = H(Pij||j), j=1, 2, … l
Packet hash of Pi:


Hash value of group G:




gi = H(hi||i)
hG = H(g1||g2||…||gn||GID||SID)
GID: group ID
SID: stream ID
σ = Sign(Ks, hG)
Encoding & Encapsulating



X = (h1,h2,…,hn,x1,…xn-k)
= Enc2n-k,k(h1,h2,…hn)
Divide X into k symbols yi∈GF(2w2)
Cr = Encn,k(y1,y2,…yk) = r1,…,rk


Cs = Encn,k(σ1, σ2,…σn) = σ1,…,σn


Integrity units
signature units
Append ri & si to the original packet Pi
Appending
Down-Scaling Objects


Layer t+1 ~ layer l are
discarded by proxies, a
patch e would be inserted
ei= HLit+1⊕HLit+2⊕…⊕HLil
Verifying Packets



Only k packets are rcv’d
yi,…yk=Decn,k(r1,…rk)
h1,…hn=HLi1⊕…HLik⊕ei





i = 1, 2, …, k
gi = H(hi||i)
hG=H(g1||g2||…gn||GID||SID)
σ= Dec(s1,…,sk)
Veri(hG,σ,Ke)
outline








Introduction
Preliminaries
Framework of Proposed Schemes
Flat Authentication Scheme
Progressive Authentication Scheme
Hierarchical Authentication Scheme
Security & Performance
Conclusion
PAS

Securer than FAS



Discuss later
Assuming that layer i has higher priority
than layer i+1 ,i = 1, 2, …, l
Almost the same as FAS
Differences

Generating signature



Down-Scaling Objects



gi=H(H(Pi1||H(Pi2||H(…||H(Pil))))||i)
gi=H(H(Pi1||1)⊕H(Pi2||2) ⊕…⊕H(Pil||l) || i)
ei=H(Pit+1||H(Pit+2||H(…||H(Pil))))
ei= HLit+1⊕HLit+2⊕…⊕HLil
Verifying Packets


gi=H(H(Pi1||H(Pi2||…)||ei) || i)
gi=H( (HLi1⊕…HLik⊕ei) || i)
outline








Introduction
Preliminaries
Framework of Proposed Schemes
Flat Authentication Scheme
Progressive Authentication Scheme
Hierarchical Authentication Scheme
Security & Performance
Conclusion
HAS
Generating Signature

Compute hash value D of leaf nodes:


For nonleaf nodes hash value Ni=


D=HLij=H(Pij||j), j=1,2,…,l
H(D1 || D2 || … || Dc)
For example, Bj is a node in Fig.10
Generating Signature (cont’)

Finally, the object group hash is:



hG=H(g1 || g2 || … || gn || GID || SID)
σ=Sign(Ks,hG)
The rest part is the same as FAS
Down-Scaling
Verifying Packets


Hash value gi is computed by client
according to
All the same as FAS
outline








Introduction
Preliminaries
Framework of Proposed Schemes
Flat Authentication Scheme
Progressive Authentication Scheme
Hierarchical Authentication Scheme
Security & Performance
Conclusion
Authentication Probability
Security & Computational Cost

Security



HAS > PAS > FAS
Computational cost of the producer is
the highest
For example, in RSA scheme, the
verification time is only 4% of the
signature generation time when Ke=17
outline








Introduction
Preliminaries
Framework of Proposed Schemes
Flat Authentication Scheme
Progressive Authentication Scheme
Hierarchical Authentication Scheme
Security & Performance
Conclusion
conclusion

3 schemes of authentication





FAS provided the max flexibility
PAS has stronger security strength but
requires that data is totally ordered
HAS is secure against active attacks and
has low authentication overhead
Sign once, verify many ways
Future work:

To minimize buffer space in client devices
Related documents