Other Free Encyclopedias » Online Encyclopedia » Encyclopedia - Featured Articles » Contributed Topics from K-O

Multimedia Encryption - Streaming Video Encryption, Preserve real time playback and decrease cost via partial encryption

data security client proxy

Heather Yu
Panasonic Digital Networking Laboratory, New Jersey, USA

Definition: Multimedia data encryption attempts to prevent unauthorized disclosure of confidential multimedia information in transit or storage.

If we call a multimedia data stream (message) plaintext , the process of transforming the plaintext into unintelligible data stream is referred to as MultiMedia Encryption (MME) where the encrypted message (data stream) is often named ciphertext. The process of transforming the ciphertext back into plaintext is termed decryption (see Figure 1.)

Naïve approach: The most straightforward technique for multimedia encryption is to treat the multimedia signal to be protected as a traditional digital data stream, such as text, and select an application appropriate classical encryption scheme and key management scheme to encrypt the entire data stream. Upon reception, the entire ciphertext data stream would be decrypted and playback can be performed at the client device. The key factors to consider when choosing an application appropriate encryption scheme include:

  1. It should provide suitable security for the target application
  2. It should be cost effective for the specific application and the end user device capability

Which determine, for example, whether a lightweight encryption algorithm is sufficient, if an asymmetric key encryption algorithm is more proper than a symmetric key algorithm, the key length, and the key management approach.

Today, many recognize the importance of selecting an application adequate encryption. For instance, in the Real-Time Transport Protocol (RTP) standard, the default encryption algorithm is specified to be Data Encryption Standard (DES) algorithm in cipher block chaining (CBC) mode where strong encryption algorithms, such as Triple-DES, can be used in place of the default algorithm for better security. This allows different multimedia streaming applications to choose a corresponding encryption algorithm that best fits its application requirements.

The successful attack on DVD CSS (Content Scramble System)using DeCSS, a small piece of software that breaks the CSS encryption and allows the reading of encrypted DVDs, is a good example that shows the importance of selecting a suitable cipher scheme to satisfy the application security requirement.

Assume E and D denote the encryption function and the decryption function respectively, we have:

where P denotes the plaintext multimedia data stream and C designates the ciphertext.

Challenges: However, life is not always that simple. Multimedia data stream has different characteristics from traditional digital data stream. They are often larger in size (which is especially true for video data stream), compressed for transmission and storage, structured in different ways for different applications, with transcoding and other requirements at times. For average consumer multimedia applications, low decryption and re-encryption cost overhead is critical for many applications and end user devices. Using streaming multimedia application as an example, because content is being viewed while streaming, the client player must be able to perform reassembling, decoding, decryption, error control, (and reencrption if specified by usage rules) prior to displaying the next segment. Computational overhead and/or additional hardware requirement at the client device is entailed. This processor-intensive routine can significantly deter the end-user experience if the computational overhead caused by the decryption and re-encryption processes is more than the client device can handle. (That is, it is critical to satisfy the 2nd requirement above. Obviously, the larger the data stream is, the more data need to be encrypted and decrypted, the more processing power is required at both the server and the client, and hence the higher the cost is.) The essence of complexity trades security, i.e., the difficulty to satisfy both the 1st and the 2nd requirements simultaneously, makes it harder to design a secure multimedia system with minimum additional client device cost. Consequently, large computational overhead due to the large size of multimedia data stream became the most commonly known challenge of multimedia encryption. Classical encryption schemes, for instance, the traditional online encryption model for credit card information which has no need to address the computation intensity problem caused by large data set, were rarely designed to serve large amounts of data, and hence may not satisfy the requirement for many today’s multimedia applications. These imply the need for new ways to handle multimedia, especially video encryption.

Furthermore, VCR-like or audio player-like function, end-to-end system security, interoperability, upgradeability, and renewability impose additional challenges for MME in various applications.

Design requirements: To maintain a user-friendly, yet secure, end-user experience, there are a number of reasonable requirements, which include a secure multimedia system:

  • Should be secure but low cost in implementation to appeal to more content creators and providers
  • Should provide end-to-end system security throughout the entire distribution chain
  • Should sustain current and new heterogeneous environment to attract more applications and more customers
  • Should be scalable from distributed caches and storage device to heterogeneous client devices
  • Should be extendable from PCs to mobile devices and still remain secure, for flexible new business models
  • Should be easily renewable
  • Should not reduce the playback quality of the streaming media, i.e., it should not impact continuous playback, loss resilient capability, and scalability of the system in realtime streaming applications
  • Should be able to preserve entertainment like experience – users should be able to fast-forward or rewind content without any degradation on the viewing or playback experience

Among various types of applications, streaming video encryption perhaps is the most challenging one due to its time constraint for continuous playback at client device. In the following, we use streaming video encryption as an example to study the design requirement.

Streaming Video Encryption

Traditional cryptography systems are not intended for large continuous media, especially video, and are not designed for streaming media services in heterogeneous environment. The design of a secure streaming media system is non-trivia. The real-time constraint of streaming video, the potential cost increase introduced by complex encryption algorithms, possible bit rate increase due to intermediate data structure change caused by data scrambling, the dynamic network along with the heterogeneous communication channel capacity and end user device capability, and VCR-like function requirement are just some of the challenges need to be considered when designing a streaming video encryption system.

To deal with some of the streaming video encryption challenges, for instance, the real time constraint and the cost challenge, the bitrate preservation challenge, and the heterogeneous environment challenge, several techniques, such as selective encryption (or called partial encryption) and light weighted encryption, format compliant encryption, and scalable encryption, maybe employed.

Preserve real time playback and decrease cost via partial encryption

Selective encryption intends to encrypt only some parts of the entire bitstream to reduce the overall computational requirement, and hence the cost, introduced by encrypting large volumes of video data stream in a limited period of time. That is the multimedia data stream to protect P is partitioned into subsets: P A and P B, P = P A U P B , where P A is the subset to be encrypted while P B is left in the clear.

C = E select K Enc (P) = E K Enc (P A )

For instance, the I-frames or I-frames plus the I-blocks in P and B frames of a MPEG video are encrypted. Another simple light weighted algorithm is to encrypt only the sign bits and leave the rest in the clear.

Security considerations: It’s not too difficult to notice, partial encryption does not strive for maximum security. It trades off security for computational complexity. One key for crafting a suitable partial encryption scheme for a particular application is to exploit the application specific data structures, partition the data stream in a way that the most critical information will be hidden (encrypted) and only the critical information is contained in P A ; and therefore creating a most efficient encryption system. An empirical study on the security of some selective video encryption schemes was reported in. It suggests that partial encryption may cause information leakage if care is not taken. For instance, they found for MPEG video, encrypting I-frames alone may not be sufficiently secure for some types of video. When playback such encrypted MPEG video, they found patterns of movement and sometimes even large chunks of plaintext video. Instead, encrypting the I-blocks improves security. Hence, identify the most important part of a multimedia data stream for encryption and further partition the data stream in a most efficient and effective way based on the specific application requirements is an important step for MME to warrant both adequate security and computational cost.

and both presented comprehensive surveys of partial encryption algorithms in the literature. Interested readers can reference these two articles for different partial encryption algorithms and their strength.

Avoid bitrate increase via format compliant encryption

When a bitstream is scrambled, the original format of the bitstream maybe compromised if care is not taken. This is especially serious for compressed multimedia data stream. If scrambling destroys certain inherent structure, compression efficiency can be compromised. For streaming video applications, user experience could be noticeably worsened due to quality reduction or playback delay at the client machine caused by bitrate increase. Let’s look at a simple example. Assume we encrypt only the I-frames of MPEG video using intra-block DCT coefficient shuffling. That is we shuffle the DCT coefficients within each DCT block. Assume a low bit rate video transmission over wireless network. As a result of shuffling, some clustered zero coefficients maybe shuffled apart that results in considerable bit rate increase.

To guarantee a full compatibility with any decoder, the bitstream should only be altered (encrypted) in ways that do not compromise the compliance to the original format. This principle is referred to as format compliance Suggests a framework under which encryption of compressed content can be achieved in the compressed domain securely while still maintaining compliance to the compression format. For instance, bits from the fields chosen to encrypt are extracted, concatenated in an appropriate way, encrypted, and then put back into their original positions to achieve format compliance.

Secure Multimedia Proxy

To provide quality of service, video proxies may be used to cache some part of a video data stream, so that client can access the cached video from their nearby proxy to minimize delays and converse bandwidth. For protected video, care has to be taken to reduce the risk of revealing the original data stream or critical visual information to unauthorized parties at the proxy. If the cached part of the video is decrypted at the proxy (method 1 in Figure 2), this part of the video shall be vulnerable to attacks since it is in the clear at the proxy and from the proxy to the client. If the cached part of the video is kept encrypted and transferred to the clients at a later time (method 2 in Figure 2), the video is subject to attacks when the key is compromised at any client since all clients share the same decryption key. If this part of the video is decrypted and reencrypted at the proxy before sending to the clients (method 3 in Figure 2), assuming the proxy is secure, the drawback is the computational overhead at the proxy caused by constant decryption and reencryption with frequent client access requests. To solve the problem and improve the security, a multi-key encryption scheme (method 4 in Figure 2) is proposed in. By means of multi-key encryption at the proxy with a single key decryption at the client, the system adds lesser computational overhead (compared with previous approaches) at proxy without compromising the security of the system.

Interestingly, in a heterogeneous environment where streaming media are transmitted through time-varying communication channels, transcoders are often used at intermediate network nodes to perform transcoding operations on compressed bitstreams to provide proper QoS for different clients. If a transcoder requires decryption and re-encryption of the encrypted streaming media for all transcoding operations, extra computational overhead and additional security threat at the intermediate network node are imposed.

Scalable encryption together with a secure proxy design perhaps can provide more adequate solutions for these sets of applications.

Some other related interesting readings

Since streaming video encryption is one of the most challenging ones to handle, we used that as an example to study MME requirements and design in this chapter. For those interested in other types of media encryption and applications, the following are some interesting references to read. In, several selective image encryption algorithms were described. A partial-encryption scheme for MPEG audio is discussed in, a low-complexity, perception-based partial encryption scheme for compressed telephone-bandwidth speech is presented in , and provides some general information about voice encryption. For those interested in a comprehensive survey, summarizes many multimedia encryption algorithms, especially image, video, and audio selective encryption algorithms available in the literature.

Multimedia Entertainment Applications - Concepts, Enabling Technologies, Enabling Technologies: Formats and Compression, Enabling Technologies: Networks [next] [back] Multimedia Design

User Comments

Your email address will be altered so spam harvesting bots can't read it easily.
Hide my email completely instead?

Cancel or

Vote down Vote up

over 6 years ago

Is there any suggestion of a tool that encrypt a video transmission???