Security in multimedia systems
Security in Multimedia SystemsPh.D. Program in Multimedia Communication
Claudio Piciarelli
Security in multimedia systems
Why should we bother about security?
2
• Digital communication of multimedia data leads to a whole
set of new problems to be faced
• Some examples…
– Video and music piracy: you can copy and distribute digital contents at negligible cost
– Data streaming could be intercepted by unauthorized users
– Stealing digital photos published on the Internet
– Protection of bank transactions
• Protection of…
– Data
– Digital Rights
Security in multimedia systems
Data / DR protection
3
• Need for information hiding and obfuscation techniques
Steganography Cryptography
Security in multimedia systems
Steganography
4
• Aim: hide a secret message within a public, cover message
• Fails when an attacker realizes there is an hidden message (even without knowing it)
Beware: nothing in common with
stenography !
Security in multimedia systems
An example from ancient times
5
• The Greek historian Herodotus writes about
Histiaeus, tyrant of Miletus, encouraging his son-in-
law Aristagoras to rise against Darius I, king of
Persia.
• He wrote a secret message on
the head skin of a slave, then
waited for the hair to grow…
Security in multimedia systems
A more recent example
6
• A message from a German spy during WW II
• Reading only the second letter of each word…
Apparently neutral's protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by products, ejecting suets and vegetable oils.
Pershing sails from NY (r) June 1
Security in multimedia systems
Modern steganography – an example
7
• The pixels of a digital photography are typically
affected by noise
• Noise can be substituted by an hidden message
Security in multimedia systems
Least Significant Bit steganography
8
• Pixels are stored in RGB format (8 bits for each channel)
• The Least Significant Bits are affected by noise. Changing
the LSB leads to minimal color changes (hardly visible by
human eye)
• Modification of LSB -> byte value changes by ±1
• Modification of MSB -> byte value changes by ± 128
1 0 0 1 1 0 1 0 1 0 1 1 0 0 0 1 0 0 1 1 0 1 1 1
1 0 0 1 1 0 1 1 1 0 1 1 0 0 0 0 0 0 1 1 0 1 1 0
=
=
Security in multimedia systems
Original image
Least Significant Bit steganography
9
MSB information LSB information
Security in multimedia systems
Least Significant Bit steganography
10
• Hide a message in the least significant bits of a
digital image
• Max site of the hidden message (using 1 bit per
channel):
For a 640x480 image…
640 x 480 x 3 channels = 921.600 bits
921.600 / 8 = 115.200 bytes
Maximum hidden message size is ~100 KB
Using more bits per channel leads to larger hidden message sizes, but the image changes could be more visible
ImageHide: http://www.dancemammal.com/imagehide.htm
Security in multimedia systems
Watermarking
11
• Watermark: information hidden in a digital document, identifying the legitimate owner of the document
• Aim of a watermak is to mark a digital document with an unremovable«signature» identifying the owner, e.g. for copyright claims
• Similarities with standard steganography: the watermark must be invisible and must not alter the container in a visible way
• Differences: extra requirement: watermark removal should be impossible
• Common applications: apply copyright notes to digital photos, banknote anti-counterfeit systems
Security in multimedia systems
Banknotes watermarking
12
• Trying to open this image with Photoshop…
• Will give you this pop-up:
Security in multimedia systems
Fingerprinting
13
• Conceptually similar to a watermark, but each copy of the
marked document has a different fingerprint. The aim is to
identify the end-user, rather than the original author.
• E.g. a fingerprint could be inserted in an MP3 file
downloaded from an online store, in order to identify the
buyer. If illegal copies are made, the buyer can be identified.
Security in multimedia systems
Cryptography
14
• The process of transforming a message in order to make it
unreadable for everyone, except for the legitimate receiver
• The aim is not to hide the message (as in steganography),
but to make it unreadable
• Codes vs. ciphers
• Two main approaches:
– Simmetric ciphers
– Asimmetric (public-key) ciphers
Security in multimedia systems
Simmetric ciphers
15
X: plaintext, Y: ciphertext, K: key.X’, K’: attacker’s guesses of X and K
sender receiver
attacker
encryption decryption
Key source
Secure channel
Kerckhoffs’ principle:The cipher must be secure even if the
attacker knows the
encryption/decryption algorithms
(«security through obscurity» is bad!)
Security in multimedia systems
Example: monoalphabetic ciphers
16
• Each letter of the original alphabet is substituted by
the corresponding letter in the ciphering alphabet:
a b c d e f g h i j k l m n o p q r s t u v w x y z
C N T K L B S I V M A W G H U Y R J E O D Z X Q F P
orig:
ciphering:
venividivici
ZLHVZVKVZVTV
(monoalphabetic ciphers belong to the wider class of substitution ciphers, where each
letter of the plaintext is substituted by a different one)
Security in multimedia systems
Monoalphabetic cipher cryptoanalysis
17
• The key is the ciphering alphabet (a permutation of
the original alphabet)
• How many permutations of 26 letters exist?
• Answer: 26! = ~ 4 x 1026
• The number of keys is quite high, a brute force
attack is hardly feasible
Security in multimedia systems
Monoalphabetic cipher cryptoanalysis
18
• Suppose we can test 106 permutations each second…
• 3.6x109 keys/hour
• 8.64x1010 keys/day
• 3.15x1013 keys/year…
• We need 1013 years to test all the possible keys (the age of
the universe is 1.3x1010 years)
• Does this mean monoalphabetic cipher is secure?
No…
Security in multimedia systems
Monoalphabetic cipher cryptoanalysis
19
• In the IX century, the Arabic philosopher and mathematician
Abu Yusuf Ibn Ishaq Al-Kindi, developed the «frequency
analysis» technique
• Main idea (for text documents): every language has its own
specific letter frequency. This frequency does not change in
the ciphertext!
• For example, the letter ‘a’ has a frequency of 11.74% in text
documents written in Italian. If the ciphertext has a
letter with that frequency, it is probably an ‘a’
Security in multimedia systems
Monoalphabetic cipher cryptoanalysis
20
• Frequency table for the Italian language:Letter Frequency
a 11.74%
b 0.92%
c 4.50%
d 3.73%
e 11.79%
f 0.95%
g 1.64%
h 1.54%
i 11.28%
l 6.51%
m 2.51%
n 6.88%
o 9.83%
p 3.05%
q 0.51%
r 6.37%
s 4.98%
t 5.62%
u 3.01%
v 2.10%
z 0.49%(source: http://it.wikipedia.org/wiki/Analisi_delle_frequenze)
Security in multimedia systems
Modern symmetric ciphers
21
• Working on digital data
• Two main approaches
– Stream ciphers
– Block ciphers
• Based on a rigorous formulation of information theory (Shannon).
Security in multimedia systems
Properties of modern symmetric ciphers
22
• Shannon’s properties:
– Confusion: the relationship between key and ciphertext is
as complex as possible
– Diffusion: the relationship between plaintext and
ciphertext is as complex as possible
SAC (Strict Avalanche Criterion): if a single bit of the plaintext or the key is flipped, then every bit of the ciphertext has a 50%
probability of being flipped
Intuitively, the ciphertext appears like random and does not have any statistical
relationship with the plaintext or the key.
Ciphertexts must be indistinguishable from random sequences of bits.
Security in multimedia systems
The XOR binary operator
23
• Exclusive-or (XOR, ⊕) is a boolean operator returning 1 if
the two x-ored bits are different, 0 otherwhise
p q p⊕⊕⊕⊕q
0 0 0
1 0 1
0 1 1
1 1 0
Example:
110101001 ⊕
010011011 =
100110010
Fundamental properties:• A ⊕ A = 0• A ⊕ 0 = A• A ⊕ ( B ⊕ C ) = ( A ⊕ B ) ⊕ C
Security in multimedia systems
Stream ciphers
24
• A stream cipher encrypts the plaintext input stream
bit-by-bit
• One-Time Pad (OTP) is an extremely simple yet
theoretically perfect stream cipher. It simply XORs
the input stream with a random stream of bits
• The random stream is the key
Encrypt: C = M ⊕ K
Decrypt: M = C ⊕ K
(using the XOR properties: C ⊕ K = M ⊕ K ⊕ K = M )
M: plaintext message
C: ciphertext
K: key
Security in multimedia systems
Stream ciphers
25
• OTP problem: the key must be truly random (no
computer-generated keys, no reusable keys).
the key has the same length of the message
• Solution: use Pseudo-Random Generators.
PRG are algorithms that create an apparently
random stream of bits starting from a short key
Security in multimedia systems
Block ciphers
26
• A block cipher encrypts
data in blocks of fixed size.
•
• In order to meet the
Shannon properties, block
ciphers are typically built
from several iterations of
substitution and
permutation steps
• S-P network architecture
Security in multimedia systems
S-Boxes
27
• A Substitution Box (S-Box) is a function substituting the input
bits with a set of output bits satisfying the avalanche criterion
(changing a single input bit -> half of the output bit change)
S-Box
i1 i2 i3 i4
o1 o2 o3 o4
S-Box Example
0001 0100
1001 1010
Security in multimedia systems
P-Box
28
• A Permutation Box (P-Box) is a permutation of the
input bits
1 0 0 1 0 1 0 1 1 1 0 1 0 0 1 1
0 1 0 1 1 1 1 0 1 0 1 0 1 0 1 0
Security in multimedia systems
SP networks
29
• The structure of SP-Networks guarantees that the Shannon properties are satisfied
• Decrypt: just apply the same steps in reverse order (S-boxes must be invertible)
• Popular examples of block ciphers based on SP-Net architecture: AES, 3-DES…
Security in multimedia systems
How to use block ciphers
30
• What if the plaintext is longer than the size of the
block?
• First attempt: Electronic Codebook
• Bad choice!
Security in multimedia systems
How to use block ciphers
31
• A better approach: Cipher Block Chaining
• Equal blocks in the plaintext are no longer
encrypted into equal blocks in the ciphertext
Security in multimedia systems
Asymmetric ciphers
32
• Problems with symmetric ciphers
– The key must be transmitted over a secure channel
– Each pair of sender-receiver needs a new key
• During the 70s, new mathematical techniques have
been proposed to face these problems, leading to
the definition of asymmetric ciphers
Security in multimedia systems
A possible solution?
33
• Unfortunately, doesn’t work with modern ciphers
Security in multimedia systems
An even simpler solution
34
• This is the basic idea used in asymmetric cryptography
Security in multimedia systems
Asymmetric ciphers
35
• Each user has two keys (the public and the private one)
• Alice uses Bob’s public key to encrypt the message
• Only Bob can decrypt it, using the corresponding private key
Public keys can be
transmitted over
unsecure channels!
Security in multimedia systems
Basics of modular arithmetic
36
• a mod m = remainder of the division a/m
• a ≡ b (mod m) notation for a mod m = b mod m
(read «a congruent b modulo m»)
• Modular arithmetic:
[(a mod m) + (b mod m)] mod m = (a+b) mod m
[(a mod m) - (b mod m)] mod m = (a-b) mod m
[(a mod m) · (b mod m)] mod m = (a · b) mod m
Security in multimedia systems
RSA
37
• RSA (from the name of the inventors Rivest, Shamir
and Adleman) is nowadays the most popular
asymmetric encryption algorithm.
• Two main components:
– Key generation algorithm
– Encryption / decryption algorithms
Security in multimedia systems
RSA – key generation
38
• Choose two prime numbers p and q
• Compute n = pq
• Choose e, coprime and smaller of (p-1)(q-1)
• Compute d such that de ≡ 1 mod (p-1)(q-1)
• The pair (n, e) is the public key
• The pair (n, d) is the private key
• It is not possible to compute d from e, since it would require
the knowledge of p and q, and computing it from n is an hard
problem (factorization problem)
Security in multimedia systems
RSA – encrypt and decrypt
39
• Given a message m ( 0 < m < n )
• encrypt: compute c = me mod n
• decrypt: compute m = cd mod n
(RSA Hypothesis: inverting the exponentiation is an hard
problem in modular arithmetic).
Remember: (n,e) (n,d)
are the public and
private keys of the
receiver (Bob)
Security in multimedia systems
Hybrid Cryptography
40
Symmetric Asymmetric
Pros: extremely fast Pros: no need for a secure
channel
Cons: key exchange
problems
Cons: slow, because of heavy
use of mathematics
Hybrid approach: - use the public key cryptography to transmit a secret key- use this secret key to encrypt the message by means of symmetric cryptography
Security in multimedia systems
Digital signatures
41
• The techniques described up to now aim to guarantee the
message secrecy (security against passive attacks), but
cannot guarantee the identity of the sender (vulnerability to
active attacks)
• Solution: Alice encrypts a message with her own PRIVATE
key. Bob will be able to decrypt it using Alice’s public key.
• Encrypt: c = md mod n
• Decrypt: m = ce mod n
Remember: (n,e) (n,d)
are the public and
private keys of the
receiver (Bob)
Security in multimedia systems
Digital signatures
42
• Secrecy is no more guaranteed, since anyone can decrypt the message using Alice’s public key. However it can guarantee…
• Authentication: Bob surely knows that the sender is Alice, because only Alice has the private key associated to the public key Bob used for decryption
• Integrity: the message has not been modified by an attacker, since this would imply the attacker knows Alice’s private key
• Non-repudiability: Alice cannot deny she wrote the message (direct consequence of authentication + integrity)
Security in multimedia systems
TLS
47
• A set of cryptographic protocols to add secrecy and integrity
features to already existing protocols
• Some protocols commonly used with TLS:
– ESMTP: e-mail transmission
– POP3S, IMAPS: e-mail download
– HTTPS: world-wide web
– … (VoIP, Instant Messaging, ecc.)
• Aims:
– Guarantee data secrecy by encrypting the connection
– Guarantee server authentication
Security in multimedia systems
Basics of TLS
49
• Hybrid approach:
– The server sends a certificate with its identity and its
public key (typically an RSA key)
– The client checks the server identity and creates a secret
key. The key is sent to the server using public
cryptography
– The server uses the secret key to encrypt all the
remaining data with a symmetric cipher (e.g. AES).
Security in multimedia systems
TLS certificates (X.509 v3)
50
• The protocol works if the client can trust the data contained
in the certificates
• Certificates are digitally signed by an external certification
authority, which guarantees for the certified data
• The certification authorities are well-known and their identity
is guaranteed by certificates pre-installed in every browser.
Whe have no choice other than trusting the root authorities
Security in multimedia systems
Certificates
51
• Example:
https://mail.google.com
• certificate
Server identity
Certification Authority
Security in multimedia systems
In practice…
53
• The owner of a HTTPS website must create a certificate with
its identity and public key, and ask a Certification Authority to
digitally sign it (not for free…)
• Some websites use self-signed certificates, where the site
owner acts as a “fake” Certification Authority
• Self-signed certificates don’t guarantee authentication, but
are sometimes used to guarantee at least the encryption of
the transmitted data
Security in multimedia systems
Another application of cryptography…
55
• PEC (Posta Elettronica Certificata, certified e-mail) is an
Italian standard to give emails the same legal validity of
recorded-delivery letters with advice of receipt.
• PEC guarantees…
– Authentication of the sender
– Encryption of the data
– Integrity of the data
– A system of receipt messages to inform the sender on the delivery status of the mail
• Basic idea: the service is offered by trusted operators. The
operators guarantee for the identity of their users.
Security in multimedia systems
PEC mail delivery
56
Suppose Alice wants to send a PEC email to Bob…
• Alice sends the mail to her operator. The operator checks Alice’s identity (password, smart card, etc.)
• Alice’s operator checks the message validity and sends an acceptance receipt to Alice
• Alice’s operator signs and encrypts the mail and sends it to Bob’s operator
• Bob’s operator checks the message validity and acknowledges Alice’s operator using a receipt
• Bob’s operator stores the email in Bob’s mailbox and sends Alice a «message delivered» receipt
All the receipts are digitally signed by the originating
operators