Zhuo Wei

A scalable and format-compliant encryption scheme for H.264/SVC bitstreams

SVC (Scalable Video Coding) is designed to adapt to heterogeneous networks and various terminal devices. This paper presents an encryption scheme for SVC bitstreams which retains the valuable scalability properties of SVC. To this end, we explore PACSI (Payload Content Scalability Information) and RTP (Real-time Transport Protocol) payload format such that encrypted bitstreams are SVC format-compliant. Specifically, the proposed scheme processes the base layer and enhancement layers in different ways. For the base layer, the scheme encrypts VCL (video coding layer) NALU (Network Abstract Layer Unit) into either SEI (Supplement Enhancement Information) NALU or PACSI NALU. For an enhancement layer, the scheme replaces a coded slice in scalable extension NALU with an encryption of PACSI NALU. Thus, the proposed encryption scheme preserves SVC scalability and format-compliance. It produces encrypted bitstreams which have the original SVC structure without emulation markers or illegal codewords for any standard decoder. The analysis and experiments indicate that our algorithm is cost-effective and secure against chosen plaintext attack.

A Hybrid Scheme for Authenticating Scalable Video Codestreams

A scalable video coding (SVC) codestream consists of one base layer and possibly several enhancement layers. The base layer, which contains the lowest quality and resolution images, is the foundation of the SVC codestream and must be delivered to recipients, whereas enhancement layers contain richer contour/texture of images in order to supplement the base layer in resolution, quality, and temporal scalabilities. This paper presents a novel hybrid authentication (HAU) scheme. The HAU employs both cryptographic authentication and content-based authentication techniques to ensure integrity and authenticity of the SVC codestreams. Our analysis and experimental results indicate that the HAU is able to detect malicious manipulations and locate the tampered image regions while is robust to content-preserving manipulations for enhancement layers. Although our focus in this paper is on authenticating H.264/SVC codestreams, the proposed technique is also applicable to authenticate other scalable multimedia contents such as MPEG-4 fine grain scalability and JPEG2000 codestreams.

Efficient block-based transparent encryption for H.264/SVC bitstreams

Taking advantage of the inter-layer prediction technique used in H.264/scalable video coding (H.264/SVC), in this paper we propose an efficient block-based encryption scheme (BBES) for encrypting H.264/SVC enhancement layers (ELs). BBES operates in three modes, namely, Intra-MB mode, Group-MB mode and 4Group-MB mode. All the three modes are effective in securing ELs, preserve the “adaptation-transparent” property of H.264/SVC, and are format-compliant to the H.264/SVC bitstream format specifications. Moreover, Intra-MB and Group-MB modes also possess the property we termed as “transcoding transparency”. Experimental results indicate that BBES has low computational complexity and small compression overhead. Thus, BBES is suitable for transparent encryption of H.264/SVC bitstreams in which ELs are encrypted but base layers are left in cleartext.

A Secure and Synthesis Tele-Ophthalmology System

This paper describes a secure and synthesis ophthalmology telemedicine system, referred to as TeleOph. Under a Secure Socket Layer (SSL) channel, patient prerecorded data can be safely transferred via the Internet. With encrypted videoconference and white-board, the system not only supports hospital-to-clinic consultation, but also supplies hospital-tohospital joint discussion. Based on Directshow technology (Microsoft Corporation, Redmond, WA), video cameras connected to the computer by firewire can be captured and controlled to sample video data. By using TWAIN technology, the system automatically identifies networked still cameras (on fundus and slitlamp devices) and retrieves images. All the images are stored in a selected format (such as JPEG, DICOM, BMP). Besides offline-transferring prerecorded data, the system also supplies online sampling of patient data (real-time capturing from remote places). The system was deployed at Tan Tock Seng Hospital, Singapore and Ang Mo Kio, Singapore, where 100 patients were enrolled in the system for examination. TeleOph can be successfully used for patient consultation, and hospital joint discussion. Meanwhile, TeleOph can supply both offline and online sampling of patient data.

Generic attacks on content-based video stream authentication

The widespread use of mobile platforms for online multimedia on-the-go necessitates a secure and efficient multimedia authentication scheme catered for mobile devices. In this paper, we study the security of using existing content-based authentication schemes to efficiently protect the integrity of video streams while allowing content-preserving manipulations. We point out a common design flaw in existing content-based authentication schemes. Built upon the concept of video coding, we demonstrate generic attacks that exploit this flaw and show that existing schemes in the transform domain cannot detect content-changing attacks on the video stream.

A tele-ophthalmology system based on secure video-conferencing and white-board

The paper describes a multi-screen real-time ophthalmology telemedicine system between a clinic and a hospital, referred to as TeleOph. TeleOph aims to mimic face-to-face consultation over public Internet network. It automatically connects still cameras and video cameras, and takes samples of pictures and videos respectively for remote consultation. Additionally, TeleOph employs a shared electronic white-board to enable an ophthalmologist to handle (e.g. change, highlight, zoom out/in) images, as well as control (e.g., play, pause, stop) video streams in both hospital and clinic in a synchronized manner. Moveover, TeleOph provides a collaborative-consultation function that allows ophthalmologists from different hospitals to jointly discuss and share patient data in order to increase the accuracy of consultation.

No tradeoff between confidentiality and performance: an analysis on H.264/SVC partial encryption

Partial encryption is often used as a tradeoff between security and performance to protect scalable video data. In this paper, we argue that although partial encryption is strong enough for access control, it is not adequate for content confidentiality protection. We conduct experiments to show that partially encrypted H.264/SVC (scalable video coding) streams leak significant content information from the enhancement layers in all three scalability dimensions. Our analysis concludes that such leakage is caused by the underlying coding techniques used in H.264/SVC, and all layers should be encrypted to protect confidential video streams.

On Security of Content-Based Video Stream Authentication

Content-based authentication CBA schemes are used to authenticate multimedia streams while allowing content-preserving manipulations such as bit-rate transcoding. In this paper, we survey and classify existing transform-domain CBA schemes for videos into two categories, and point out that in contrary to CBA for images, there exists a common design flaw in these schemes. We present the principles based on video coding concept on how the flaw can be exploited to mount semantic-changing attacks in the transform domain that cannot be detected by existing CBA schemes. We show attack examples including content removal, modification and insertion attacks. Noting that these CBA schemes are designed at the macroblock level, we discuss, from the attackers point of view, the conditions in attacking content-based authenticated macroblocks.

Multidimensional Context Awareness in Mobile Devices

With the increase of mobile computation ability and the development of wireless network transmission technology, mobile devices not only are the important tools of personal life (e.g., education and entertainment), but also emerge as indispensable ”secretary” of business activities (e.g., email and phone call). However, since mobile devices could work under complex and dynamic local and network conditions, they are vulnerable to local and remote security attacks. In real applications, different kinds of data protection are required by various local contexts. To provide appropriate protection, we propose a multidimensional context (MContext) scheme to comprehensively model and characterize the scene and activity of mobile users. Further, based on the scheme and RBAC, we also develop a novel access control system. Our experimental results indicate that it achieves promising performance comparing to traditional RBAC (Role-based Access Control).

Technique for authenticating H.264/SVC streams in surveillance applications

Surveillance streams coded by H.264/SVC (scalable video coding), which consist of one base layer and one or multiple enhancement layers, support flexible and various quality, resolution, and temporal scalabilities such that clients with different network bandwidth and terminal devices can seamlessly access them. In this paper, based on characteristics of SVC layer and surveillance sequences, we present an efficient and hybrid authentication scheme to ensure the integrity of SVC surveillance streams, named AUSSS (Authenticating SVC Surveillance Streams). Distinguished from the existing schemes, AUSSS exploits both cryptographic-based authentication and content-based authentication. Compared to existing authentication schemes, experimental results demonstrate that AUSSS causes less computation complexity and smaller compression overhead.