School of Computing Science Simon Fraser University, Canada
description
Transcript of School of Computing Science Simon Fraser University, Canada
![Page 1: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/1.jpg)
Mohamed Hefeeda 1
School of Computing ScienceSimon Fraser University, Canada
Analysis of Multimedia Authentication Schemes
Mohamed Hefeeda(Joint work with Kianoosh Mokhtarian)
12 May 2009
![Page 2: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/2.jpg)
Mohamed Hefeeda
Motivations
Increasing demand for multimedia services Content often transported over open and insecure
networks (Internet) Many applications need to ensure authenticity of content
- Videos for surveillance, documentary, political debates, etc
Numerous authentication schemes exist- Merits and shortcomings against each other not clear
No comprehensive analysis/comparison in literature
2
![Page 3: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/3.jpg)
Mohamed Hefeeda
Our Work
Define common performance metrics/scenarios Analytically analyze all schemes Conduct simulation and quantitative comparisons
Recommendations for choosing appropriate scheme for a target environment
Insights for further research
3
![Page 4: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/4.jpg)
Mohamed Hefeeda
Outline
Performance Metrics
(Brief) Overview of Authentication Schemes
Analysis Results- Detailed derivations are given in the paper
Conclusions and Recommendations
4
![Page 5: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/5.jpg)
Mohamed Hefeeda
Performance Metrics
Computation cost- Limited capacity receivers
Communication overhead- Limited bandwidth
Tolerance against packet losses- Bursty & random
Receiver buffer size required- Memory constraints
Streaming delay- Live streaming
5
![Page 6: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/6.jpg)
Mohamed Hefeeda
Authentication Schemes for Videos
Present basic ideas of most important schemes
Only representative sample- See our paper for details
6
![Page 7: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/7.jpg)
Mohamed Hefeeda
Hash Chaining [Gennaro 97]
No receiver buffer required Delay: duration of a block (sender side) + zero (receiver side) No loss tolerance
Packet 2 Packet nSign Hash
h(pkt3)
Packet 1
h(pkt2)
BlockSignature
Hash
7
![Page 8: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/8.jpg)
Mohamed Hefeeda
Hash Chaining: with Loss Tolerance
Attach hash of packet to multiple other packets Choose other packets carefully Hashes of a block form Directed Acyclic Graph (DAG)
- Packet is verifiable if it has path to signature packet
8
![Page 9: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/9.jpg)
Mohamed Hefeeda
Butterfly Hash Chaining [Zhishou 07]
Improved loss tolerance
Delay: duration of block (sender side) + zero (receiver side)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
9
![Page 10: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/10.jpg)
Mohamed Hefeeda
Tree Chaining [Wong 99]
Based on Merkle hash tree
Each packet carries all info needed for its verification- Complete loss tolerance
No receiver buffer required
Delay: duration of ablock (sender side) + zero (receiver side)
a b c d
e f
Pkt 1 Pkt 2 Pkt 3 Pkt 4
h() h() h() h()
b,f,s a,f,s d,e,s c,e,s
g
Block signature: s = sign(g)
10
![Page 11: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/11.jpg)
Mohamed Hefeeda
SAIDA: Signature Amortization using Information Dispersal Algorithm [Park 03]
Disperse auth info over n packets such that any m suffice to verify block- m: determines overhead—loss tolerance tradeoff
Receiver buffer: m packets Delay: 2 times duration of block (sender + receiver side)
FEC coding
Packet n
Partial auth info
Packet 1
Partial auth info
HashHash
Digital SignatureHash
11
![Page 12: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/12.jpg)
Mohamed Hefeeda
SAIDA Improvements
eSAIDA (enhanced SAIDA) [Park 04]- To reduce comm overhead, one hash for each pair of packets
• If packet is lost, its couple cannot be verified- A packet’s hash is put in its couple with probability s
• s (input): determines overhead—loss tolerance tradeoff
cSAIDA (communication overhead-reduced SAIDA) [Pannetrat 03]- A systematic FEC coding, keeping parity symbols only- An additional FEC coding
Delay and receiver buffer of both: as in SAIDA
12
![Page 13: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/13.jpg)
Mohamed Hefeeda
TFDP: Tree-based Forward Digest Protocol [Habib 05]
For streaming pre-encoded videos Similar to SAIDA, but block digests are not signed
- Hash tree over block digests, root is signed- One signature for the whole stream
Receiver buffer: nearly a complete block
Delay: not relevant!
13
![Page 14: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/14.jpg)
Mohamed Hefeeda
Sample of our Results
Analytic and numerical analysis
Simulation analysis
14
![Page 15: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/15.jpg)
Mohamed Hefeeda15
Computation Cost
n: block sizel: packet sizeshash: hash size
64/ln
num signature verif per block
num 512-bit hash operations per block
Hash Chaining 1Tree Chaining 1SAIDA 1
32/)log(64/ hashsnnnln
64/64/ nsln hash
Complete Table is given in the paper
![Page 16: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/16.jpg)
Mohamed Hefeeda
Computation Cost
Time to verify block on limited-capability device Lower bound on block size
16
![Page 17: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/17.jpg)
Mohamed Hefeeda
Communication Overhead
cSAIDA is the most efficient, Tree Chaining the least
17
![Page 18: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/18.jpg)
Mohamed Hefeeda
Delay and Buffer Requirements
With a block size of 100 packets:
Buffer required (pkts) Delay (seconds)Hash Chaining 1 3-4Augmented Chaining
n 3-4
Butterfly Chaining n 3-4Tree Chaining 1 3-4SAIDA n 6-7eSAIDA n 6-7cSAIDA n 6-7TFDP n Not relevant
18
![Page 19: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/19.jpg)
Mohamed Hefeeda
Simulation Results
Realistic parameter values from measurement studies Loss models
- Bursty: Internet (router congestions)- Random: wireless networks and when interleaved
packetization is used
Best parameters are chosen for each scheme
19
![Page 20: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/20.jpg)
Mohamed Hefeeda
Simulation: Loss Resilience (Bursty Loss)
cSAIDA is the most efficient20
![Page 21: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/21.jpg)
Mohamed Hefeeda
Conclusions
Conducted analytical and simulation comparisons among most authentication schemes for video streams
Our Findings …
Minimal computation cost- TFDP; for on-demand streaming only- Live streaming: all schemes almost the same
Minimal communication overhead- cSAIDA
21
![Page 22: School of Computing Science Simon Fraser University, Canada](https://reader035.fdocuments.us/reader035/viewer/2022062410/56816420550346895dd5dfaf/html5/thumbnails/22.jpg)
Mohamed Hefeeda
Conclusions (cont’d)
Minimal delay- Hash/Augmented/Butterfly/Tree Chaining
Maximal loss tolerance- Tree Chaining: high overhead, no buffering, low delay- cSAIDA: low overhead, but requires buffering one
block, and incurs twice the delay of Tree Chaining
Minimal buffering (memory) requirement- Hash Chaining; reliable data transfer only- Tree Chaining; fully loss tolerant
22