Saturday, July 23, 2005

Research Plan

I. Statement of Research Question
How can we ensure the security of video streaming from a server to a mobile device, both real-time and non, and if appropriate security mechanisms are found, which will be best suitable for implementation on our system?

II. Why is this important or interesting?
Video streaming from a server to a mobile device allows for hassle-free and virtually unlimited storage of mobile phone multimedia data. This is a commercially viable proposition; however, no wise company will invest in a system that is vulnerable to attacks by adversaries, such as professional pirates and casual hackers. Thus, the need for an impregnable system replete with authentication, encryption, and other security features.

III. What are some of the issues that need to be addressed?
The Secure Real-time Transport Protocol, a library for which exists in C, is a prime choice for any attempt at secure video streaming. However, the protocol has not yet been implemented in Java, the group’s language of choice.

IV. What is the general approach to the problem?
It has been decided that several key features of the SRTP are going to be ‘emulated’ in our system by creating lightweight versions of encryption (highest priority), authentication, and replay protection. If possible, existing Java security classes will be used. Also, we will build user interfaces (UIs) for the server-side Administrator account and the WAP client.

V. Detail related or background work
We have found more or less a dozen papers on topics such as secure multicasting over wireless, mobile phone security protocols, secure scaleable streaming, network security, general and specific video format encryption algorithms, and the RFC paper on SRTP itself. These papers are detailed in our First Progress Report.

VI. Detail the work done to date
The two groups assigned to the project have discussed which video format/s to use, and presently 3GP is in the forefront. Much research has been done, and we have compiled a catalog of related literature to review (and have already been reviewed). These papers can be found in detail in our First Progress Report. Also, we have identified a prime ‘sample’ mobile device on which to test our system, the 02 XDA, and have reviewed its various compatibilities and features. A thesis blog has also been set-up, the URL of which can be found at this paper’s header.

VII. Detailed Research Plan
We will conclude our literature review shortly, and proceed to apply our new knowledge to the system’s implementation. We will prioritize the creation of encryption mechanisms, then proceed to authentication. If time permits, we can implement replay protection. If the aforementioned are deemed to be stable and ready for deployment, we will proceed to creating a UI for the server-side Admin and the WAP client. Further extensive testing will follow, such as simulated attacks on the system’s security.

VIII. Research Schedule
By August, the group will commence the coding of encryption mechanisms, and this will continue for a month. By September, we can begin on the authentication, and shortly before the end of the semester (mid-October), we hope to finish with replay protection. UIs for the server-side Admin and WAP client can be done within the first weeks of the second semester, after which further troubleshooting and documentation can be accomplished.

0 Comments:

Post a Comment

<< Home