1

Multimedia Encryption

Sistem Multimedia

2

Multimedia Encryption Special application of general encryption

to multimedia such that the content cannot be rendered intelligibly or to an acceptable perceptual quality.

Have a number of unique requirements and desirable features that a general cryptosystem lacks.

Different applications may have a different list of requirements and a different order of priorities. Trade-off may be necessary

3

Applications Confidential videoconferences Confidential facsimile transmissions Medical image transmission and storage Streaming media DVD content protection Pay-TV Digital transmission through IEEE 1394

interface

4

Characteristics of Multimedia Applications Characteristics High data rate Power hungry Real-time constraint Continuous Synchronous Loss-tolerant Prioritized components Different values of content

Different security requirements Different distribution channels

DVD, Satellite TV, Internet, wireless

5

Box Office Revenues vsTime

6

Major Requirements and Desirable Features Complexity is an important consideration

Real-time applications, low-power device Content leakage (or perceptibility)

Content degradation vs. secrecy Compression efficiency overhead

Due to change of compression parameters/procedure, change of data statistics, additional header etc.

Error resilience. Error confinement in lossynetwork, synchronization

Adaptability and scalability Dynamic bandwidth/resources, Encryption be

transparent to an adaptation process

7

Major Requirements and Desirable Features(cont.) Multi-level Encryption

Enable multiple accesses: resolution, quality, size, frame rate

“what you see is what you pay “ Syntax compliance

Transparent , “backward”compatibility, inherit other nice properties of compression standards.

Content agnostic Encryption does not depend on content types or the

specific coding technology E.g., Windows Media Rights Manager , OMA’sDRM

Random access, transparency, scene change detection without decryption

8

Encryption and Compression

9

Security Break of Multimedia Encryption Complete break

Recover full plain bitstreamby finding the key etc, Perceptual break

Render acceptable perceptual quality or recover certain content information without a key

Local break Deduce a local plain bitstream/content information

Information deduction Gain certain information, less severe break

10

Attacks on Multimedia Encryption Traditional attacks Additional attacks that exploit the unique

features of multimedia data Statistical attack

Exploit correlation between different portions of multimedia data

Especially for selective encryption Compression makes the attack difficult, fortunately

Error-concealment based attack Perceptual redundancy exists in compressed media Perceptual break is possible, i.e. conceal encrypted

data

11

Multimedia Encryption Approaches Conventional/Naïve approach

Encrypt a compressed codestreamas a whole Full Encryption Selective Encryption Joint Compression and Encryption Syntax-Compliant Encryption Scalable Encryption and Multi-Access

Encryption

12

Conventional Approaches Directly distort visual data in spatial domain

Difficult to compress, potentially high complexity Vulnerable to correlation attacks

Encrypt compressed data using DES etc. Significant processing overhead

Difficulty in some real-time application with low-power device

Plain text attack using known syntax Not secure for adaptation at intermediate nodes

require key to decompress/decrypt/re-code/re-encrypt Little transparency

13

Fast Encryption Encrypt half of the compressed

bitstream( Qiao& Nahrstedt’97 ) Using XOR + DES

Encrypt (A, B) as (DES(A), (A XOR B) ) Secure, speedup by a factor of two

14

Full Encryption Approach

Partition and packetizecompressed bitstreaminto structured data packets with header and data field

Apply encryption to the data field and leave headers unencrypted

Decryption info inserted into headers Usually works with a multimedia format that supports

encryption,e.g., Microsoft’s ASF Strength

Allow parsing and extracting basic info without decryption

Highest security, small overhead for decryption info Content agnostic

Limitation: complexity, limited flexibility

15

Selective Encryption Only I-frame/blocks encrypted (Maples &

Spanos’95, Meyer & Gadegast’95 ) Reduce processing overhead/delay Not sufficient security Plain text attack using known syntax Not very secure for trans-coding Little transparency

Sign bits, MVs(Shi & Bhargava’98, Zeng & Lei’99, Wen et al’01)

Privacy/security low due to information leakage Useful for apps focusing on introducing quality

degradation

16

Joint Scrambling and Compression Shuffle DCT coefficients within 8x8 block (Tang

96) Randomize 8x8 DCT coefficient scan order

Simple Some level of security

Local scrambling -> spatial energy distribution unchanged -> less effective scrambling

Significantly reduce compression efficiency (up to 50%) –destroy run-length statistics

Shuffle lines of wavelet coefficients ( Macq& Quisquater’94 ) Change 2-D statistical property, Reduce compression efficiency

17

Joint Scrambling and Compression Selective scrambling in transform domain, prior

to compression (Zeng & Lei’99) Advantages

Simple and efficient. Provides different levels of security, Allows more flexible selective encryption

easier for locating what data to be selected Limited adverse impact on compression efficiency, Allow transparency Allow trans-coding without decryption Allow other useful features without decryption

18

Overview

19

Wavelet Based Systems

A 3-level subbanddecomposition

• Allow some level of transparency•e.g, free access to low resolution•require key for high definition TV

20

Wavelet Based Systems Goal:

Scrambling/shuffling that does not destroy statistical properties of each subband

Selective bit scrambling Sign encryption

sign bits: “uncompressible”, but critical to image quality

Block shuffling Divide each subandinto kblocks Shuffle the blocks within a subband

retain local2-D statistics Different shuffling tables for different subbands

21

Wavelet Based Systems Block rotation

Rotate each block Special case of shuffling coefficients

within block

22

Security Analysis Sign encryption

M: # of non zero coefficients 2Mtrials (including inverse transform) for complete

recovery example: M=256 ------> 1075trials

Block shuffling kblocks, nzero blocks # of different permutation: k!/n! example: k=64, n=48 ----> K!/n!=1028

each permutation requires an inverse wavelet transform Block rotation (+shuffling)

# of configuration: (8*k)!/(8*n)! >>K!/n! Other attacks? Your exercises!

23

Wavelet-based System

24

Wavelet-based SystemPSNR

Table 1: Impact of different scrambling techniques on compression efficiency. Image sizes are 512x512, 5-level decomposition, 64 blocks each band.

25

DCT Based Systems JPEG/MPEG/H.26x Video compression

GOP (I BBPBBP…) I: intra-frame P, Bpredictive-coded frames

block: 8x8, for DCT coding, zigzagordering of DCT coefficients

Macroblock(MB): 4 lum. blocks + 2 chrom Blocks unit for motion compensation intra-coded vs. predictive coded

Slice: a horizontal strip of MBs

26

DCT Based Systems DCT coefficient scrambling

Sign encryption Coefficient shuffling within each slice

shuffle coefficients of sameband little impact on compression efficiency each band has a different shuffling tables

Motion vector scrambling for P, B frames Sign flipping MV shuffling within each slice Important for distorting motion information

Dynamic-keys for more secure video transmission

27

I-Frames of DCT-based System

28

I-Frames of DCT-based System

Table 2: Impact of different scrambling techniques on compression efficiency for one I frame of “carphone”sequence.

29

DCT-based System (Sequence)

Table 3: Impact of different scrambling techniques on compression efficiency for 41 (one I frame followed by 40 P frames) frames of “carphone”sequence

30

Video Demo

31

References T. Maples and G. Spanos, “Performance study of a selective encryption

scheme for the security of networked, real-time video," Proc. 4th Inter. Conf. Computer Communications and Networks, Las Vegas, Nevada, Sept. 1995.

J. Meyer and F. Gadegast, “Security mechanisms for multimedia data with the example MPEG-1 video,”http://www.cs.tuberlin.de/phade/phade/secmpeg.html, 1995.

C. Shi and B. Bhargava, “A fast MPEG video encryption algorithm,”Proc. ACM Multimedia, pp. 81-88, 1998.

L. Tang, “Methods for encrypting and decrypting MPEG video data efficiently,”Proc. ACM Multimedia, 1996.

W. Zeng and S. Lei, “Efficient frequency domain selective scrambling of digital video”, IEEE Tran. Multimedia,vol. 5, no. 1, pp. 118-129, March 2003. A preliminary version also in Proc. ACM Multimedia, Nov. 1999.

Bin Zhu, “Multimedia encryption, “book chapter in Zeng, Yu, and Lin (Eds), Multimedia Security Technologies for Digital Rights Management, ISBN: 0-12-369476-0, Elsevier, July 2006.