Saturday, July 23, 2005

Research Plan

I. Statement of Research Question
How can we ensure the security of video streaming from a server to a mobile device, both real-time and non, and if appropriate security mechanisms are found, which will be best suitable for implementation on our system?

II. Why is this important or interesting?
Video streaming from a server to a mobile device allows for hassle-free and virtually unlimited storage of mobile phone multimedia data. This is a commercially viable proposition; however, no wise company will invest in a system that is vulnerable to attacks by adversaries, such as professional pirates and casual hackers. Thus, the need for an impregnable system replete with authentication, encryption, and other security features.

III. What are some of the issues that need to be addressed?
The Secure Real-time Transport Protocol, a library for which exists in C, is a prime choice for any attempt at secure video streaming. However, the protocol has not yet been implemented in Java, the group’s language of choice.

IV. What is the general approach to the problem?
It has been decided that several key features of the SRTP are going to be ‘emulated’ in our system by creating lightweight versions of encryption (highest priority), authentication, and replay protection. If possible, existing Java security classes will be used. Also, we will build user interfaces (UIs) for the server-side Administrator account and the WAP client.

V. Detail related or background work
We have found more or less a dozen papers on topics such as secure multicasting over wireless, mobile phone security protocols, secure scaleable streaming, network security, general and specific video format encryption algorithms, and the RFC paper on SRTP itself. These papers are detailed in our First Progress Report.

VI. Detail the work done to date
The two groups assigned to the project have discussed which video format/s to use, and presently 3GP is in the forefront. Much research has been done, and we have compiled a catalog of related literature to review (and have already been reviewed). These papers can be found in detail in our First Progress Report. Also, we have identified a prime ‘sample’ mobile device on which to test our system, the 02 XDA, and have reviewed its various compatibilities and features. A thesis blog has also been set-up, the URL of which can be found at this paper’s header.

VII. Detailed Research Plan
We will conclude our literature review shortly, and proceed to apply our new knowledge to the system’s implementation. We will prioritize the creation of encryption mechanisms, then proceed to authentication. If time permits, we can implement replay protection. If the aforementioned are deemed to be stable and ready for deployment, we will proceed to creating a UI for the server-side Admin and the WAP client. Further extensive testing will follow, such as simulated attacks on the system’s security.

VIII. Research Schedule
By August, the group will commence the coding of encryption mechanisms, and this will continue for a month. By September, we can begin on the authentication, and shortly before the end of the semester (mid-October), we hope to finish with replay protection. UIs for the server-side Admin and WAP client can be done within the first weeks of the second semester, after which further troubleshooting and documentation can be accomplished.

Tuesday, July 19, 2005

Deliverables for July 23

(from UPJ2L)


on July 23
Submit article summaries (literature search) and research plan
(e-mail to spancho[at]acm.org)


Article summaries: Let's follow a format of one paragraph per paper.
Research plan: Er... o_O


Guys?

Re: Ia's Recent Post

In Ia's recent post, she mentioned the following (regarding secure multicasting):

"Minimal Set of Security Requirements:
  • Confidentiality
  • Authenticity
  • Traffic backward secrecy: newcomers should not be able to read former traffic
  • Traffic forward secrecy: former members should not be able to read present & future traffic"
Of the last two, I believe only the fourth one concerns us. For example, when a "subscriber" ceases to be in the Telco's official list of paying members, he should not be able to access any new video streams or the video archives (same w/ an e-group). However, when a new subcriber joins the list of paying members, he/she should be able to view past videos, so item #3 isn't a problem for us (this actually depends on the Telco's strategy; but then, the catch-phrase "Over 10 gigs of stored videos of your favorite Pinoy stars, ready for your downloading!" to potential subscribers will prove to be very attractive.

Guys, what do you think?

Pseudo-Summary of Network Security (Tanenbaum)

From Chapter 8 of Computer Networks (4th Ed), Tanenbaum
PART I

Possible main threats to our system:
  • casual intruders who have fun snooping on others' private video streams and/or test out security systems
  • professional intruders who steal data (i.e. the paid video streams on the Telco server/s) and pirate it
Data Link Layer security -- use link encryption (easy to implement on packets on a point-to-point line)

Basics of Cryptography
  • cryptanalysis - breaking ciphers
  • cryptography - devising ciphers
  • cryptology - item one and two combined
  • Decryption(Encryption(P)) = P
  • substitution ciphers, transposition, one-time pads
  • Principles: redundancy, freshness (protect against replay attacks)
Symmetric Key Algorithms
  • Data Encryption Standard (DES) // Triple DES
  • Advanced ES (AES) // Rijndael (great security and speed; best-known symmetric key encryption algorithm together with DES)
Cipher Modes
  • Electronic Code Book Mode
  • Cipher Block Chaining Mode
  • Stream Cipher Mode
  • Counter Mode
Cryptanalysis Developments
  • Differential cryptanalysis
  • Linear cryptanalysis
  • Power analysis (3v for 1 bit, 1v for 0 bit)
  • Timing analysis (if-then-else loops have predictable time durations which can be exploited)
Next: Public Key Algorithms

Friday, July 15, 2005

Notes: Two Security Papers

Secure Multicast in Wireless Networks and Mobile Hosts
Danilo Bruschi and Emilia Rosti
Dipartimento di Scienze dell’Informazione, Università degli Studi di Milano, Via Comelico 39/41, 20135 Milano, Italy

"Since cryptography is employed to satisfy such requirements, the design of efficient key management scheme is the critical aspect for the realization of a secure multicast primitive."

Critical Factors:
  • Members' limited computational power
  • Host mobility
  • Tracking keying material during handoff
  • Role of MSSes (mobile support stations)
Configurations:
  • Non-trusted, Semi-trusted, Fully-trusted
Minimal Set of Security Requirements:
  • Confidentiality
  • Authenticity
  • Traffic backward secrecy: newcomers should not be able to read former traffic
  • Traffic forward secrecy: former members should not be able to read present & future traffic
Classifications of Protocols:
Flat Schemes, Clustered Schemes, Tree-based Schemes, etc

Wrap-up:
Amount of work done by components depends critically on level of trust in MSSes.


------------------------------------------------------------------------------------
------------------------------------------------------------------------------------


Security protocols for 2G and 3G wireless communications
T. Newe & T. Coffey
Data Communications Security Group,
Department of Electronic & Computer Engineering,
University of Limerick, Ireland.
E-Mail: (Thomas.Newe@UL.ie) (Tom.Coffey@UL.ie)


Generic set of security requirements for mobile device protocols:
1. Mutual Authentication of user and network
2. Exchange of certified public keys
3. Session key agreement
4. Joint control of session key
5. Mutual implicit key authentication
6. Mutual key confirmation
7. Mutual assurance of key freshness
8. Confidentiality
9. Initialisation of payment mechanism
10. Non-repudiation of origin


2G Mobile Protocols:
  • Beller-Chang-Yacobi and Carlsen's BCY
    • Combination of symmetric and asymmetric encryption
    • Suggested improvements to orig. BCY by Carlsen:
  • Beller-Yacobi and Boyd-Mathuria's BY
    • Low-cost, two-way public-key authentication and key agreement

3G Mobile Protocols:
  • ASPeCT (Variant B) Protocol
    • In UMTS environments
  • Boyd-Park and NC Boyd-Park Key Agreement Protocols
    • Corrects the mobile identification delay weakness in the ASPeCT protocol

Wrap-Up:

The 3G protocols meet the 10 listed requirements given by the paper.
Then: only link security is feasible. Now: End-to-end security is primary concern.
Question: Will this work for non-UMTS services?


------------------------------------------------------------------------------------
------------------------------------------------------------------------------------

EDIT: I forgot to give credit where it is due.

First Progress Report

The group has already decided (with the advice of the thesis adviser) to prioritize the creation of encryption mechanisms (as compared to the authentication and replay subsystems). However, before we can begin on any coding (whether on Java, C, C++, or Visual C++), we need to be thoroughly familiar with the technologies and principles we will be working on. Thus, we are in the midst of reviewing related literature, and the following papers have already been read (brackets indicate the team member assigned to the paper):

  1. “Secure Multicast in Wireless Networks and Mobile Hosts”, Bruschi and Rosti [Lucero]
  2. “Security Protocols for 2G and 3G Wireless Communications”, Newe and Coffey [Lucero]
  3. “Secure Scalable Streaming Enabling Transcoding Without Decryption”, Wee and Apostolopoulos [Roque]
  4. “Securing Media for Adaptive Streaming”, Venkatramani et al [Roque]
  5. “The Secure Real-time Transport Protocol (SRTP) – RFC 3711”, Cisco Systems and Ericsson Research [Kimpo]
  6. “Network Security” (Chapter 8 of Computer Networks 4th Ed.), Tanenbaum [Kimpo]

We have also bookmarked essential pages on ciphers [Roque], IEEE MPEG papers [Lucero], and SpringerLink researches [Lucero]. However, we are having a problem accessing the full versions of some of the papers as we do not have the necessary accounts to open them.

Allow us to mention in passing that we have been able to set-up our PC at the thesis laboratory, and have installed the operating system.

In queue for our ongoing literature review are the following:

  1. “On the Use of Destination Set Grouping to Improve Fairness in Multicast Video Distribution,” Cheung et al [Roque]
  2. “A Software-Optimized Encryption Algorithm”, Rogaway and Coppersmith [Roque]
  3. “Secure Scalable Video Streaming for Wireless Networks”, Wee and Apostolopoulos [Roque]
  4. “A Fast MPEG Video Encryption Algorithm”, Shi and Bhargava [Kimpo]
  5. “On the Performance of Group Key Agreement Protocols”, Amir et al [Kimpo]
  6. “A Survey of Key Management for Secure Group Communication”, Rafaeli and Hutchison [Kimpo]

Jonas'

Has read:
Secure Scalable Streaming Enabling Transcoding Without Decryption >> Wee, Apostolopoulos
Securing Media for Adaptive Streaming >> Venkatramani, Westerink, et al


To read:
On the Use of Destination Set Grouping to Improve Fairness in Multicast Video Distribution >> Cheung, Ammar, Li
A Software-Optimized Encryption Algorithm >> Rogaway, Coppersmith
Secure Scalable Video Streaming for Wireless Networks >> Wee, Apostolopoulos



Has Bookmarked:
(Non-exhaustive Encryption) List of Stream Ciphers
http://www.esat.kuleuven.be/~jlano/stream/designs.htm

Wednesday, July 13, 2005

Unreadable Bookmarks, and then some

I'll be reading Secure Multicast in Wireless Networks and Mobile Hosts (other link) tonight -- it seems promising. Hope I can post what I've absorbed from it soon.



IEEE:
MPEG (Moving Pictures Expert Group) is an industrial standard for video processing and is widely used in multimedia applications in the Internet. However, no security provision is specified in the standard. We conducted an experimental study of previously proposed selective encryption schemes for MPEG video security. This study showed that these methods are inadequate for sensitive applications. We discuss the tradeoffs between levels of security and computational and compression efficiency.


SpringerLink:
  • Secure Service and Network Framework for Mobile Ethernet
  • Secure cellular data services have become more popular in the Japanese market. These services are based on 2G/3G cellular networks and are expected to move into the next-generation wireless networks, called Beyond 3G. In the Beyond 3G, wireless communication available at a user's location is selected based on the type of the service. The user downloads an application from one wireless network and executes it on another. Beyond 3G expects core and wireless operators and allows to plug-in new wireless access. A security model that can accommodate these requirements needs to be sufficiently flexible for end users to utilize with ease. In this paper, we explain the Mobile Ethernet architecture for all IP networks in terms of the Beyond 3G. We discuss usage scenario/operator models and identify entities for the security model. We separate a mobile device into a personal identity card (PIC) containing cryptographic information and a wireless communications device that offers security and flexibility. We propose a self-delegation protocol for device authentication and use a delegated credential for unified network- and service-level authentication. We also propose proactive handover authentication using the security context between different types of wireless access, such as Third Generation Partnership Project (3GPP) and WLAN, so that the secure end-to-end communication channels established by service software on the TCP/IP are not terminated. Lastly, we raise security issues regarding the next-generation platform.
  • Provable Cryptographic Security and its Applications to Mobile Wireless Computing
  • Many attempts to secure mobile wireless systems have failed abysmally. Notable examples include 802.11 WEP, as well as major cellular phone standards such as TDMA, CDMA, and GSM. The attacks typically result from the correct use of a bad cryptographic primitive or the incorrect use of a good one.

    By designing provably secure algorithms and protocols, we not only minimize the time required to gain confidence in the security of a system, but we virtually eliminate the possibility of a cryptographic vulnerability. Unfortunately, the concept of "provable securit" is often misunderstood. In this survey paper, we state precisely what provable security is and is not, and describe the benefits of the approach.

    Craig Gentry
    Email: cgentry@docomolabs-usa.com

    Zulfikar Ramzan
    Email: ramzan@docomolabs-usa.com


lastly,



ACM Digital Library:

Thursday, July 07, 2005

A Rather Incomplete 'Summary' of the Cisco-Ericsson SRTP Paper

Secure Real-time Transport Protocol
- high throughput, low packet expansion
- encryption (cryptographic transforms)
- authentication (key-based)
- a profile of RTP (extension of the RTp Audio/Video Profile)


RTP <----> SRTP <----------> SRTP <----> RTP

<----> denotes "intercept" (different from <---------->)


If AUTHENTICATION FAILURE occurs:
- packet is discarded
- log the event


REPLAY protection:
- packet is replayed when it is stored by an adversary, and then reinjected into the network
- implement a Replay List


Replay List:
- continuously updated with each authenticated packet
- implement using a bitmap
- if a packet is checked to be already in the replay list, discard the packet and log the event


REMINDERS:

*No meeting on Saturday (Wednesday na lang ulit).

*Task 1 -- Create lightweight versions of Encryption (highest priority), Authentication, and Replay Protection for the Java RTP (if possible, use existing security classes); Encryption can be shared key (symmetric), public key based (asymmetric), or hybrid (BEST CHOICE)

*Task 2 -- UIs for Admin (server side) and WAP client

Wednesday, July 06, 2005

summary [sss transcoding w/o decryption]

Secure Scalable Streaming (SSS)

Keywords

- secure scalable packets using jointly designed scalable coding and progressive encryption techniques

- has unencrypted headers that can provide hints

- has low complexity and can support many simultaneous transcoding sessions

- Motion JPEG-200, 3D subband coding, MPEG-4 FGS

*********
(1) scalability - to enable streaming to a multitude of clients with different device capabilities

(2) efficiency - to maximize the utility of available network and device resources

(3) security - to protect content from eavesdroppers

*********
scalable coding

- encodes a video sequence into a scalable bitstream
- first segment of the scalable bitstream can be used to decode baseline-quality video
- progressively longer segments can be used to decode progressively improved video
- video quality ---> spatial resolution, bit plane resolution, frame rate

*********
progressive encryption (encrypt and decrypt sequentially)

- bitstream could be divided into small blocks which are encrypted independently
- large degree of security ---> encrypting small blocks sequentially and feeding the encrypted data of earlier blocks into the encryption of later blocks
- first small block of ciphertext is decrypted into plaintext, second block of ciphertext is decrypted and the result is XORed ---> until the entire message is encrypted
- stream ciphers encrypte plaintext into ciphertext one bit a time

*********

sss coding and transcoding

- scalable coding, packetization, progressive encryption combined into code video into secure scalable packets
- characteristics : (1) scalable - enable downstream transcoding with packet truncation (2) encrypted - end-to-end security (3) independently decodable - resilient to errors such as packet loss

coding ------
- if the coded data will not fit into a single facket, modifications will have to be made
- input video ---> regions ---> scalable video data + header data ---> encrypted with progressive encryption ---> scalable packets (unencrypted header data + progressive scalable video data)

transcoding ------
- read header data ---> discard/truncate packets ---> decrypt and decode received packets
- resolution and quality of the reconstructed video will depend on the transcoding operation

Tuesday, July 05, 2005

O2, 3GPP, etc.

O2 Xda microsite
Supports 3GPP, both in Album (playback) and Capture modes! Yay! ^_^

3GPP
Specs, etc

--------------------

From Phillip:

Nuvo: humanoid robot with video streaming
The 15-inch, 5.5 pound nuvo from ZMP, Inc. walks and responds to voice commands, as well as linking to your mobile phone both to receive commands and to send you images of your home taken with the camera inside its head.

Streaming, Streaming

Streaming Media over the Internet with the Real Time Streaming Protocol

RTP = Transport Protocol
RTSP = Streaming Protocol; more of controls such as playback


I haven't found anything tied to the keyword "Java". =(



From IEEE:

Yima: A Second-Generation Continuous Media Server
Continuous media data requires a streaming architecture that can manage real-time delivery constraints and address the large size of CM objects. Although commercial systems ordinarily use proprietary technology and algorithms, making it difficult to compare their products with research prototypes, the authors have designed and developed Yima, a second-generation CM server that demonstrates several advanced concepts.Although this system has not yet achieved the refinement of commercial solutions, it is operational and incorporates lessons learned from first-generation research prototypes, including complete distribution, efficient online scalability, and synchronization of several media streams within a single frame.


From SF:

Project: Medio4RTSP
We are to develop an RTSP/RTP based Video on Demand middleware (transparent proxy) to do service at high-evel.

Project: RTFSPP: Real-Time File Streaming & Proxy
An RTSP-based protocol to allow static files and live streams to be distributed from one computer-device, no matter how powerful, to theoretically an infinite number of recieving clients.

Monday, July 04, 2005

Related Links

HP Labs Research

On Streaming

Saturday, July 02, 2005

All Systems Go

Welcome to the our online scribblesheet for CS 198-199.