Secure Multimedia Communication

1. Secure Multimedia Communication Curtsey of Professor Min Wu Electrical & Computer EngineeringUniv. of Maryland, College Park

2. Evolving Multimedia and Comm. Technologies • Well-developed multimedia standards @ • Source compression has matured: MPEG-1 Layer 3, JPEG-2000, MPEG-4 • Mature standards have created many devices and applications: MP3, DVD, Streaming video • Rapid development of communication technologies • Broadband: DSL, Cable Modems, Satellite • HDTV will convey data and media • Wireless for any-where any-time connections: 3G, 802.11A/B • Advances in networking technologies • Promise of ubiquitous, heterogeneous networks. Min Wu @ U. Maryland 2002

3. @ Compression • Color image of 600x800 pixels • 600*800 * 24 bits/pixel = 1.44M bytes • After JPEG compression (popularly used on web) • only 89K bytes • compression ratio ~ 16:1 • Movie • 720x480 per frame, 30 frames/sec, 24 bits/pixel ~ 243M bits/sec • DVD ~ about 5M bits/sec • Compression ratio ~ 48:1 • Audio • 44.1KHz * 16bit * 2 ch. = 1.4 Mbps • MP3 ~ about 64K – 128 Kbps “Library of Congress” by M.Wu (600x800) Min Wu @ U. Maryland 2002

4. MM + Data Comm. = Effective MM Comm.? • Multimedia vs. Generic Data • Perceptual no-difference vs. Bit-by-bit accuracy • Unequal importance within multimedia data • High data volume and real-time requirements • Need consider the interplay between source coding and transmission and make use of MM specific properties • E.g. wireless video need “good” compression algo. to: • Support scalable video compression rate ( from 10 to several hundred kbps) • Be robust to the transmission errors and channel impairments • Minimize end-to-end delay • Handle missing frames intelligently Min Wu @ U. Maryland 2002

5. (a) original lenna image (b) corrupted lenna image (c) concealed lenna image 25% blocks in a checkerboard pattern are corrupted corrupted blocks are concealed via edge-directed interpolation Example: Error Concealment • Multimedia-specific ways of error recovery Examples were generated using the source codes provided by W.Zeng. Min Wu @ U. Maryland 2002

6. H.263 encoder H.263 decoder Output sequence Input sequence Error concealment MB detection LRM Random noise H.263 with FRM H.263 with LRM Error-Resilient Coding with Localized Synch Marker • Reduce error propagation (From D. Lun @ HK PolyUniv. Short Course 6/01) Min Wu @ U. Maryland 2002

7. Demands on Info. Security and Protection • Intellectual property management for digital media • Promising electronic marketplace for digital music and movies • Napster controversy • Conventional encryption alone still leaves many problems unsolved • Directly apply conventional encryption to compressed MM bitstream? • May lose error resilience and scalability • Require much computation power • Exploring MM property in encryption is desired • How to distinguish changes introduced by compression vs. malicious tampering? • Bit-by-bit accuracy is not always desired authenticity criterion for MM • Protection from encryption vanishes once data is decrypted • Still want establish ownership and restrict illegal re-distributions Min Wu @ U. Maryland 2002

8. Visible Digital Watermarks from IBM Watson web page“Vatican Digital Library” Min Wu @ U. Maryland 2002

9. Invisible Watermark • human visual model for imperceptibility: protect smooth areas and sharp edges • 1st & 30th Mpeg4.5Mbps frame of original, marked, and their luminance difference Min Wu @ U. Maryland 2002

10. Data Hiding for Annotating Binary Line Drawings pixel-wise difference marked w/ “01/01/2000” original Min Wu @ U. Maryland 2002

11. original media Customer: Eve Sell Content = Fingerprint 101101 … compress embed Fingerprint Tracing: Candidate Fingerprint = Suspicious Search Database extract 101101 … Customer: Eve Multimedia Fingerprinting: Trace Traitors Min Wu @ U. Maryland 2002

12. ( -1, 1, 1, 1, 1, 1, …, -1, 1, 1, 1 ) User#4 User#1 ( -1,-1, -1, -1, 1, 1, 1, 1, …, 1 ) Collude by Averaging Uniquely Identify User 1 & 4 Extracted fingerprint code ( -1, 0, 0, 0, 1, …, 0, 0, 0, 1, 1, 1 ) 16-bit Anti-Collusion Code (ACC) Example for Detecting 3 Colluders Min Wu @ U. Maryland 2002

13. Conveying One-bit Through Noisy Channel • Optimal detection ~ minimize prob. of error MAP ~ maximize posterior probability => ML ~ maximum likelihood detector [for equal prior] => Minimum distance detector [for iid Gaussian noise] => Maximum correlation detector [for equal-energy sig.] • Detection statistics • [correlator] i yi si • Prob. distribution under each hypothesis ~ N( ||s||2 , ||s||2d 2) • [correlator with unit-variance] i yi si/ [(i si 2) d 2]1/2 ~ N( ||s||/d ,1) Min Wu @ U. Maryland 2002

14. Performance of Optimal Detector • Probability of detection error = Q (||s||/d ) • Q (x) is monotonically decreasing for non-negative x • Signal-to-noise ratio (SNR) ~ (||s||2/n) / d 2 • Communications under very low SNR • Choose large n • collect info. (energy) from many signal components • a basic idea behind “spread spectrum communications” • Useful in invisible watermarking (data hiding) • Adding or subtracting a weak signal to convey one-bit hidden info. • Will go into more details next time • Extension for non-i.i.d. Gaussian noise Min Wu @ U. Maryland 2002

15. Add Security Layers to Communications • Confidentiality => • Messages for “your eyes” only • Integrity • Message is what sender intended to deliver at this moment • Threats and Attacks on information (1) Use limited info. to find out ways to decipher confidential msg. • Prefer a system s.t. the best attack strategy is guessing and exhaustive search => unbreakable within reasonable time period (2) Altering a message s.t. authentication system still regard it as unaltered (3) Replaying an old message as if it is being sent by sender right now Min Wu @ U. Maryland 2002

16. Useful Crypto Tools/Building-Blocks • Crypto’ly strong one-way function f(x) • Easy to compute f(x) given x, but difficult to find x when given f(x) • Given a set of (xi, f(xi)) and f(x), difficult to find x • SHA (Secure Hash Algorithm) and DES are popular choice for one-way function • “Low-cost” crypto’ly strong random number generator • Generating truly random seq. via natural randomness ~ flip coins, etc. • slow and difficult to store/transmit efficiently • prefer low cost in both computation and storage/delivery • Use “pseudo-random” generator that can • Given a subset of output bits, the rest are unpredictable • Produce output using a small secret ~ say, a small set of parameters • Produce output fast and be easily implementation, say, in software • Use one-way function to generate unpredictable bits Xj = f( s + j ) • seed “s”, one-way function “f( )” Min Wu @ U. Maryland 2002

17. Useful Crypto Tools/Building-Blocks • Crypto’ly strong hash or digest function H( ) • One-way “compression” function • M-bit input to N-bit output often with fixed N and M >> N • Often used to produce a short ID for identifying the input • Properties to be satisfied: 1) Given a message m, H(m) can be calculated very quickly 2) Given a digest y, it is computationally infeasible to find a message m s.t. H(m) = y (i.e., H is one-way) 3) It is computationally infeasible to find messages m1 & m2 s.t. H(m1) = H(m2) (i.e. H is strongly collision-free) • Keyed Hash: • H( k, m ) = Hash( concatenated string derived from k & m ) • Commonly used crypto hash • 160-bit SHA (Secure Hash Algorithm) by NIST • 128-bit MD4 and MD5 by Rivest Min Wu @ U. Maryland 2002

18. Encryption / Ciphers • Examples <= • Shift cipher: e.g. “plaintext” => “sodlqwhaw” (shift by +3) • Substitution cipher ~ equiv. to apply a permutation of alphabet to plaintext • Stream cipher using XOR ~ Xi Ki = Yi • one-time pad with key size as large as the message • Block cipher • encrypt a large block of data at a time to make freq. attack difficult • many modern ciphers are block ciphers • Attacks • A small number of searches/guesses • Cipher-text and Plaintext attack • use some knowns to find/guess unknowns ~ solving equation arrays • Frequency analysis (esp. when plaintext is natural language) Min Wu @ U. Maryland 2002

19. Encryption Keys • Symmetric • Encryption and decryption share the same key • Key establishment and update are often non-trivial • Asymmetric (public-key crypto) • Different keys for encryption and decryption • Difficult to derive one key from the other key • Useful for confidentiality, identity verification, key establishment, etc. • Message for Bob’s eye • Alice encrypts a msg using Bob’s public key • only private key holder can decrypt a ciphertext encrypted by the corresponding public key • Message only Bob can produce • Bob encrypts a msg using his private key • only private key holder can produce a ciphertext decryptable by the corresponding public key Min Wu @ U. Maryland 2002

20. K F1 K F2 A Few Widely Used Ciphers • DES and new AES • A building block (“Feistel”) scrambles the input • Apply a given number of rounds of Feistel blocks • Extensive cryptanalysis • A good crypto system should not rely on the secrecy of the algorithm • RSA (public-key encryption): • Security strength based on discrete log problem • Fix a large prime p, let nonzero integer a and b (mod p) s.t. b = a x=> difficult to find x • Encryption and Decryption perform exponential modulo operation with different exponents • slow Min Wu @ U. Maryland 2002

21. Data Integrity Verification (data authentication) • Authentication is always “relative” • with respect to a reference • How to establish and use a reference [Method-1] Give a “genuine” copy to a trusted 3rd party [Method-2] Append “check bits” • Want hard to find a different meaningful msg. with same “check bits”=> use crypto’ly strong hash • Want tamper-proof if hash func. is public • Encrypt concatenated version of message and hash • Keyed Hash (Message Authentication Code) ~ no extra encryption needed • Digital signature algo. (using public-key crypto) • Signed Msg|Hash ~ i.e., encrypt by private key s.t. others can’t forge Min Wu @ U. Maryland 2002