Bin Zhu

Scalable protection for MPEG-4 fine granularity scalability

The newly adopted MPEG-4 fine granularity scalability (FGS) video coding standard offers easy and flexible adaptation to varying network bandwidths and different application needs. Encryption for FGS should preserve such adaptation capabilities and enable intermediate stages to process encrypted data directly without decryption. In this paper, we propose two novel encryption algorithms for MPEG-4 FGS that meet these requirements. The first algorithm encrypts an FGS stream (containing both the base and the enhancement layers) into a single access layer and preserves the original fine granularity scalability and error resilience performance in an encrypted stream. The second algorithm encrypts an FGS stream into multiple quality layers divided according to either peak signal-to-noise ratio (PSNR) or bit rates, with lower quality layers being accessible and reusable by a higher quality layer of the same type, but not vice versa. Both PSNR and bit-rate layers are supported simultaneously so a layer of either type can be selected on the fly without decryption. The base layer for the second algorithm may be unencrypted to allow free view of the content at low-quality or content-based search of a video database without decryption. Both algorithms are fast, error-resilient, and have negligible compression overhead. The same approach can be applied to other scalable multimedia formats.

Efficient and fully scalable encryption for MPEG-4 FGS

The newly adopted MPEG-4 Fine Granularity Scalability (FGS) video coding standard offers full scalability to enable easy and flexible adaptation to changing constraints and different requirements. Encryption of an FGS stream should preserve the full scalability. In this paper, we propose a novel and low complexity scheme to encrypt MPEG-4 FGS streams which enables full FGS functionalities. The encrypted FGS stream can be processed by middle stages directly on the ciphertext without decryption. In addition, the proposed scheme has no degradation on either FGS compression efficiency or error resilient performance, and allows random access. Experimental results as well as a preliminary security analysis of the proposed scheme are also included in this paper.

Layered access control for MPEG-4 FGS video

MPEG-4 has recently adopted the fine granularity scalability (FGS) video coding technology which enables easy and flexible adaptation to bandwidth fluctuations and device capabilities. Encryption for FGS should preserve such adaptation capabilities and allow intermediate stages in the delivery to process the media on the ciphertext directly. In this paper, we propose a novel scalable access control scheme with this property for the MPEG-4 FGS format. It offers free browsing of the low-quality base layer video but controls the access to the enhancement layer at different service levels based on either PSNR or bitrates. Both types of service levels are supported simultaneously without jeopardizing each others security. The scheme is fast and degrades neither compression efficiency nor error resilience of the MPEG-4 FGS. The approach is also applicable to other scalable multimedia.

A secure image authentication algorithm with pixel-level tamper localization

In this paper, we use a generalized model for all the previously proposed pixel-wise authentication schemes. Then we show how this model can be compromised with an Oracle attack. This motivated us to develop a novel authentication scheme to be described here. The new scheme is designed to detect any changes to a signal. It consists of two mechanisms dedicated to authenticity verification for a signal and localization of tampered pixels, respectively. The scheme is secure yet it maintains the fine tamper localization capability of a pixel-wise scheme. Experimental results show that the proposed scheme has a good accuracy in locating tampered pixels.

JPEG 2000 syntax-compliant encryption preserving full scalability

An efficient syntax-compliant encryption scheme for JPEG 2000 and motion JPEG 2000 is proposed in this paper. Compressed visual data is completely encrypted yet the full scalability of the unencrypted codestream is completely preserved to allow near RD-optimal truncations and other manipulations securely without decryption. Compared with other reported schemes, our scheme shows advantages on syntax compliance, compression overhead, scalable granularity, and error resilience. In addition to preserving the original scalability, a JPEG 2000 codestream encrypted with our scheme has the same error resilience capability as the unencrypted codestream. The encrypted codestream is still syntax-compliant so that an encryption-unaware decoder can still decode the encrypted codestream, although the decoded visual data is completely garbled and meaningless. Our scheme has virtually no adverse impact on the compression efficiency.

JPEG 2000 encryption enabling fine granularity scalability without decryption

We propose a novel encryption scheme for JPEG 2000 (J2K) and motion JPEG 2000. A block cipher in CBC mode is used to encrypt the bitstream of each J2K code-block. The encrypted J2K codestream preserves almost the same fine granularity scalability as the original J2K codestream, yet with small or negligible overhead, and has fine and near RD-optimal truncations for a large range of bitrates. The proposed scheme enables desired transcoding directly on a single encrypted codestream without decryption to fit diverse capabilities of devices and heterogeneous networks with time-varying bandwidths. Any node, trusted or not, along the delivery path is able to perform the desired transcoding without sacrificing the end-to-end security of the system.

A framework of scalable layered access control for multimedia

Scalable coders offer various scalabilities with a single codestream. In this paper, we extend our previous work to propose a general framework to enable a single encrypted scalable multimedia stream to support different access types and different access layers for each access type. Access types are protected orthogonally such that access to one type does not deduce the secret to access to other types. Layers are protected one-directionally such that a higher layer accesses and reuses the data of all the lower layers of the same type but not vice versa. An efficient key scheme is proposed to minimize complexity of key management for the framework. With an appropriate encryption scheme, an encrypted stream generated by our proposed framework enables fine granularity of scalability to achieve encrypting once and decrypting multiways, which is very desirable in many DRM applications. The proposed framework works with all scalable coders. This paper describes the detail to work with JPEG 2000 and MPEG-4 FGS.

Efficient oracle attacks on Yeung-Mintzer and variant authentication schemes

The Yeung-Mintzer (Y-M) image authentication scheme has been well studied. Several vulnerabilities and modified schemes to fix them have been reported. In this paper, we propose a novel oracle attack on the Y-M scheme and its variations. Our attack is very different from the previously proposed attacks. A single authenticated image plus access to a verifier (oracle) is enough in our attack. The verifier returns if a testing image is authentic or not. Locations of tampered pixels are not needed. To launch the attack, a single pixel is modified and the resulting image is sent to the verifier. Observation of outputs of the verifier is used to deduce the secret mapping functions and the embedded logo within an uncertainty of two possibilities. The deduced mapping functions are then used to modify the content of an authenticated image without detection or to authenticate an arbitrary image of the same size. Note that the logo is not used in the forgery so sophisticated protection of the logo cannot thwart the attack. Our attack is very efficient. Only 255 trials are needed to attack an 8-bit grayscale image and 765 trials for a 24-bit color image. The proposed attack can also be applied to attack pixel-wise variations of the Y-M scheme proposed to fix the previously reported vulnerabilities

Efficient and syntax-compliant JPEG 2000 encryption preserving original fine granularity of scalability

A novel syntax-compliant encryption primitive and an efficient syntax-compliant JPEG 2000 encryption scheme are presented in this paper. The syntax-compliant encryption primitive takes, as input, syntax-compliant plaintext and produces syntax-compliant ciphertext. It is faster than all the other syntax-compliant encryption primitives we know. Our JPEG 2000 encryption scheme encrypts independently either each codeblock segment (normal mode) or each intersection of a codeblock segment and a codeblock contribution to a packet (in situ mode). Truncation-invariant parameters uniquely identifying each independently encrypted data block are combined with a global initialization vector to generate on the fly an initialization vector (IV) used to encrypt the data block. These IVs can be correctly regenerated even when the encrypted codestream is truncated. Encrypted codestreams are syntax-compliant. The original granularity of scalability is fully preserved after encryption so that an encrypted codestream can be truncated to adapt to different representations without decryption. Our JPEG 2000 encryption scheme is fast, error-resilient, and has negligible file-size overhead.

An efficient key scheme for multiple access of JPEG 2000 and motion JPEG 2000 enabling truncations

JPEG 2000 provides multiple scalable accesses to a single codestream. Digital Rights Management of a JPEG 2000 codestream should preserve the original flexibility of scalability yet provide a mechanism to ensure what you see is what you pay: a low resolution version displayed on a smart phone should pay less than a high resolution version displayed on a PC. We present an efficient key scheme for multi-type, multilevel scalable access control for JPEG 2000 and motion JPEG 2000 codestreams. The scheme is based on a poset representation of the scalable access control and a hash based hierarchical access key scheme, both proposed elsewhere. The proposed key scheme exploits the information contained in a codestream and the features invariant under truncations to minimize the file size overhead for DRM applications yet preserve correct derivation of keys for descendants even when an encrypted codestream is truncated.