A Scalable Security Architecture for Multimedia Communication Standards

In multimedia conferencing systems the need for confidentiality gains in importance. This goal can be achieved by encry:,ptiotr. III real-time video processing systems there is a special need jar partial data encryption. Existing methods and their weaknesses are investigated. In this paper we present a new approach for partial encryption of’ video data, which allows a security level of nearly ever!, granularit~~. It can be applied to all JPEGbased video c,ony,res.siorl methods. 1 Security requirements Since multimedia data can be effectively handled by computers there is an increasing demand for remote video communication. For confidential or reliable information, security aspects have to be considered. The basic building blocks to achieve security are encryption, authentication, certification ancl integrit!, preservation, which can be handled by different algorithms and modules [I]. Processing video streams and software encryption simultaneously is often a problem for modern computers. In [3] some encryption performance measures are shown. A solution for this problem is partial encryption, picking up only the portions of data forming the core content of a picture for the encryption process. Special attention must be paid for preserving the confidentiality when encrypting only parts of the data. Therefore the scalability to the user’s security needs is a requirement. 2 Methods for partial video encryption In this work we focus on video schemes based on the JPEG standard, e.g. Motion-JPEG, MPEG and H.261/ H.263. For details on the techniques used there (e.g. the DCT transformation), see [2]. Some related work on partial video encryption is presented here: l SEC-MPEG [3] is a toolkit for partial encryption of MPEG-I data to achieve confidentiality and integrity checks, confidentiality is achieved by using the DES algorithm [I]. The toolkit supports different levels of confidentiality and integrity. Partial encryption is GMD TKT D-64295 Darmstadt, Germany E-mail: [email protected] achieved by protecting intracoded blocks or the header information only. Some work has been done in partially encrypting only the I-Frames of an MPEG stream [4] or the intracoded macroblocks in I-Frames. In [5] an example is given, the authors also show the limits of this technique. An encoding method with no significant encryption delay [6] is applicable to JPEG-based video schemes, generating no temporal overhead for encryption. It is based on a random permutation of the zigzag-ordered DCT coefficients. The drawback is a bandwidth increase of 20% to 40%. There are several commercial solutions for Pay-TV and VoD services, namely the DVB standard. The details of the encryption process are kept secret. Possible Attacks against Partial Encryption Assuming that an eavesdropper can always locate and reconstruct unencrypted parts of a data stream, for the examples above these are the motion data of the video. In Figure 2 (top) an example of a restored video frame is presented, using only information available from nonintracoded blocks. For some clips, like the flowers example, the information gathered from the motion vectors is sufficient to recognize nearly all details in the scene. 3 A new scalable partial encrypting method We present a scalable partial encryption method, which allows a security level of nearly every granularity. It can be applied to every JPEG-based video compression method. The method takes advantage of decreasing importance for the image composition of the DCT coefficients, so it is sufficient to encrypt only the first few of them. Our method is as follows: 1. Choose two integer values n; and n,,l 5 63. These values give the minimal amount of DC + AC coefficients which will be encrypted, for intracoded (ni) and motion-compensated (n,,,) blocks. 2. In the video encoding process, at the beginning of the first DCT block, mark the following N bits as “to encrypt”. Here the value N is the block size of the encryption method used, e.g. for DES goes N=64. O-8186-7819-4/97 $10.00