Secure Content Distribution Infrastructures

(1)

University of Oslo

Department of Informatics

Secure Content Distribution Infrastructures

Thomas Kvalv˚ ag Master Thesis Department of Informatics

University of Oslo thomaskv@ifi.uio.no

14th August 2005

(2)

2

Acknowledgements

First I would like to thank Karl-Andr`e Skevik and Thomas Peter Plagemann who both function as my guidance counselors during my work with this thesis. They have provided me with valuable feedbacks on my work. Guided me in my work and given me directions for where I should head with this thesis. I would also like to thank Carsten Griwodz for introducing me to the problem area of which this thesis is based on. A special thanks I want to regard to Steffen Fiksdal for support, motivation and feedback during the writing of this thesis and through the entire study for my MSc degree. I also like to thank Jørgen Strand for his feedback and fruitfull discussion during the last period while finishing this thesis.

(3)

3

Abstract

As the Internet has become one of the most wide spread communication channel today the need for new and better services will continuously be required. From the start of the Internet, ARPANET [1], most of the content where text based.

From the mid nineties and until today the use of new services as multimedia has increased tremendously. As more services are moving to the Internet, a great challenge will be to support heavy load on the Internet with new services and with a growing number of users. A common problem with services as multimedia is their bandwith consumption as of the vast amount of data involved. To support such services and the load they put on the network both the server architecture and the network will have to be designed to support these load requirements. One could argue that it is only a matter of increasing the bandwith. However this will always have some limitations. This is why we need networks, and supporting technologies, that can provide high bandwith and handle an increasing number of users.

We have seen that with these new services, as for multimedia, new content types have made its way to the Internet. With these new content types there has followed a need for security to protect the content. As many service providers wants to distribute copyright protected content they require that there is technology available to support this; for the protection of this content. This has also been the case for the movie industry, where they want to make their movies available but has some skepticism to the protection of their copyrights. These protection requirements have lead to a lot of research in this area, and now we see that there are several competing technologies available. In this thesis we will be looking at several techniques for how to enable secure transfer of multimedia content over the Internet to support both copyright protection and content protection. This will include both distribution infrastructures and security protocols.

We will do a comparison of these techniques to find the advantages and disadvantages with these competing technologies. While looking at all these technologies we found that we could use some of these in combination to build an architecture for secure distribution of movies on the Internet. So by using this knowledge we have proposed an architecture design, which will form the basis of a secure distribution architecture for movies.

(4)

4

List of Tables

1 Selective encryption schemes . . . 28

2 Group key management schemes . . . 34

3 Requirements Table . . . 79

4 Requirements Table for Tool based Superdistribution . . . 94

5 Cipher configuration . . . 103

6 Serverside encryption time . . . 103

7 Clientside decryption time . . . 104

8 Selective encryption schemes . . . 109

List of Figures

1 Thesis Layout . . . 14

2 Unicast and Multicast connectivity . . . 18

3 Partitioned multimedia server . . . 19

4 Externally switched multimedia server . . . 20

5 Fully switched multimedia server . . . 20

6 Multimedia server with proxy caches . . . 21

7 Prefix caching [2] . . . 23

8 Client Server vs. Peer-to-Peer . . . 24

9 RVEA bit selection order . . . 30

10 SECMPEG Header . . . 31

11 Zig-Zag Serialization . . . 32

12 Hierarchical tree for secret sharing . . . 35

13 Secret Share Creation . . . 37

14 A Secure distribution tree in Iolus . . . 39

15 A key graph. . . 41

16 The common components in DRM system . . . 55

17 The DRM reference architecture . . . 56

18 Digital Item Declaration Model. . . 61

19 Digital Item Declaration Model as XML . . . 62

20 IPMP Sequence Diagram . . . 64

21 The REL Data Model . . . 65

22 Architectural layers . . . 69

23 Structure of S-program . . . 71

24 Overall Architecture . . . 84

25 System usage scenario . . . 85

26 Infrastructure . . . 86

27 A DRM system using tools . . . 88

28 IPMP Modified DRM reference architecture . . . 89

29 Structure of MPEG IPMP . . . 90

30 HCDN Distribution . . . 91

31 The 3DES algorithm . . . 100

32 Lost frame count . . . 105

33 CPU and Contextswitch reading from disk . . . 106

34 CPU and Contextswitch reading from memory . . . 106

35 CPU and Disk read sharing the same file . . . 107

36 CPU and Disk read using separate files . . . 107

(9)

1: Introduction 9

1 Introduction

1.1 Overview

As the Internet has grown tremendously the latest years both in number of users and content size, as more users are using Internet the load on the network increases. This results in reduced bandwith available for each individual user. Lately the use of multimedia services has become very popular on the Internet. We have seen services for movie rental have been made available from service providers like Movielink and Cin- emaNow. When these services become available the load on both server and network will be high, because movies often consist of more than 1 GB, depending on the length of the movie and its quality. If streaming a movie, data have to be transferred to clients in real-time. Lately, it is become more common for home users to upgrade their In- ternet connection, to get more bandwidth. More and more home Internet users have a broadband connection provided by their local Internet Service Provider (ISP). As a result of this, Internet users are capable of downloading new content types, as movies.

As more bandwidth becomes available to users it is more natural to expect Internet users to download larger amount of data. This leads to new opportunities for companies like video rental companies to make their services available through the Internet.

We have seen great success with services like iTunes, which distribute music to users where the user has to pay a small fee to retrieve the requested tune. We have not yet seen this same success for distribution of movies. This is probably related to the cost of implementing a system for distribution of such large content type. To support the load of several clients requesting to download a movie on the Internet requires enough available bandwidth and server capacity. We believe that services like video rental on the Internet will be an area of growth in the next few years. Article [3] said:

”While the VoD(Video on Demand) market has still not fully caught on for even the most committed movie-watching fanatics, there are still high expectations that by 2006, movies delivered over the Internet or television will account for 25-35 percent of the $10 billion video rental business.”

To find some information on what is happening in the market for video rental on the Internet we forwarded the following question to CinemaNow:

Where do you see the market is going regarding video rental on the Internet ? Right now, three things are happening.

1. Broadband penetration is increasing.

2. More content is being made available online and

3. convergence devices (devices that bring the Internet to the TV) are finally arriv- ing.

As all of these factors continue to grow, renting (and purchasing) digital copies of movies over the Internet will grow in conjunction. Like in music, piracy will put pres- sure on content owners to make more content available and new devices will make it easier to access this content on the TV through convergence or the burning of files to disc. Either way, we believe digital distribution over the Internet offers the most scalable, portable and flexible way to bring media to the masses and it is poised for

(10)

1.2: Problem 10

tremendous growth.

(Jared Goldsmith, Director of Marketing, CinemaNow)

The general concept when distributing movies, are to make the movies available so that clients can retrieve the movies. There are basically two ways to get a movie off the Internet, that is, either stream the content directly from the Internet or to download the entire movie as one large file.

As for music, the service provider needs to charge the user for the usage of their service. The customer will also require some benefit from renting or buying a movie of the Internet compared to making his purchase at the local video store. The users experience of using such service will probably the factor that determines if the service become a success or not. Another essential ingredient when distributing movies in an open network as for the Internet is security. Content providers want to make sure that malicious users don’t missuse their service and content owners want to protect their copyrights.

1.2 Problem

When distributing movies over an open network such as the Internet several challenges have to be addressed. A movie often consists of more than 1 GB of data depending on its length and quality. And as the HDTV standard is finding its way in to the market the size of movies continues to increase. When such large amount of data is to be transferred over a network it requires a lot of available bandwidth. The bandwidth itself is not the only factor that affects the time it takes to download a movie from the Internet. To deliver a movie, the movie have to be made available in the Internet through a server or server parks. There are high requirements for the performance of such a server. When such large data volumes are served from a server in the Internet the server hardware and operating system also have large impact on the performance.

Each movie have to be read from the disk and sent to the network interface. Several studies have been done in this area [4, 5, 6, 7, 8]. When streaming a movie from the Internet high bandwidth itself is not enough. The real-time requirements when streaming will require constant bandwidth. If there are errors in the stream, this will have to be handled in real-time to not affect the playback. Errors could occur any place in the network. As a packet is sent over the network through several intermediate nodes it increases the chances for both packet errors and congestion in the network infrastructure. Another, and probably more important, problem when distributing movies in an open network is security and copyright protection. This has been an issue for the music industry where mp3 music files has been freely made available through Peer-to-Peer networks. This has also happened with movies as more bandwidth has become available. To get the movie industry to make their movies available through the Internet a good security scheme must be provided. This is a field that has been done a lot of research in lately, we have seen large software vendors like Microsoft, with Windows Media Player, and Apple, with iTunes, making great effort in finding ways to protect content and also to trace content back to its original owner. Another security issue, when a service provider wants to distribute movies is that a secure payment mechanism is needed. This so the customer can be charged for their usage of the service and the customer can make sure that no malicious users interferes in the payment process.

Probably, the biggest challenge when talking about security is to protect the solution from malicious users. However, one might say that you could never be sure that the solution is secure against malicious attacks. What is important is that we continue to

(11)

1.3: Usecase 11

improve security. There are a lot of technologies involved to enable secure distribution infrastructure for multimedia in the Internet today. There has been done research in several fields for both security and distribution. The problem is that there is a myriad of technologies to select between. And when building an architecture for secure distribution of movies these technologies have to be combined. Further, it is not always obvious when and how to used this technologies. By this there should be done a taxon- omy of the myriad of technologies to provide some understanding for when these are needed.

In this thesis, we examine some of the technologies involved to enable secure distribution of movies in the Internet. We compare and analyze similar technologies by looking at the advantages and disadvantages they have to offer. Further, we build a set of requirements for what to expect from technologies involved in secure distribution and rate these technologies using our requirements. Using the output of this analyzes, we combine some of these technologies to propose an architecture to supports for secure distribution of movies on the Internet.

1.3 Usecase

To put the content of this thesis into a context we provide a usecase that will be used to evaluate the relevance of topics discussed throughout this thesis.

The short version of the usecase is as follows:

A service provider that want to deliver a movie distribution service on the Internet where customers will be allowed to get a set of service alternatives from this distributor. There will be two main type of services, either buy the movie or rent a movie for some period.

We will divide the usecase into the involved parties in a distribution model for movies in the Internet, that is the service provider and the customer.

1.3.1 The service provider

When a company wants to make business of selling and renting movies they need a way to distribute the movies to their customers and provide for protection of their content.

First they need to choose how they want to encode their movies.

Choose format: There are several encoding formats available to encode and com- press a movie from it’s raw format. This could be MPEG2, MPEG4 or a preparatory format as Widows Media Format.

When a encoding format has been chosen a platform for secure distribution is needed.

This, so they can protect the content from customers that have not payed for the movie and to protect the copyrights of the content.

Choose security architecture: Most likely the company will choose a Digital Rights Management (DRM) system to protect the content. There are several DRM systems available that can be chosen from both preparatory and non-preparatory solutions. The choice made here can force the service provider to use a specific encoding format. By this it is most likely that the DRM system is chosen before the encoding format.

(12)

1.3: Usecase 12

Choose encryption algorithm: To protect the content the service provider may like to choose some encryption algorithm to use for encrypting the movies before they are distributed made available on the Internet. As for the encoding format the chosen DRM solution may force or provide some recommended encryption algorithm.

Choose distribution platform:

The service provider will be forced to choose a distribution platform. There are a lot of issues related to distribution of movies. Due to the vast amount of data involved the platform will be required to support large data handling. Several choices will be available:

Central Server - This platform is based on a server of several servers located at a centralized site and are owned by the service provider.

Caches - This is a platform where caches are placed in location closer to the cus- tomers, this to get the content closer to the client. These caches are usually installed in the server park owned by an Internet Service Provider.

Peer-to-Peer - This is a application layer protocol where all clients in the network will become a server in the network and all communication is done in a one to one relationship.

Hybrid Content Delivery Network - This is usually a combination of the above.

When selecting a distribution platform it might be necessary to have others helping with distribution of the content. Such service will, in most cases, have to be paid for by the service provider. This could either be to pay the owners of the intermediate nodes or in other way credit for their effort. Following is a list of potential ways to credit intermediates for helping to distribute content.

Peer Online time: The intermediate or peer distributor is paid for their uptime.

Flat rate: The distributor is paid per byte, or at what rate, it distribute for the service provider

Per segment: This is if the movie is divided into segments, then several distributors may provide the customer with a piece of the movie and can be paid for each segment it contributes with in the distribution of the entire movie.

Per Movie: Credited per movie the distributor sends to a customer.

1.3.2 The customer

The customer will be faced with several choices when he wants to watch a movie over the Internet. The first choice the customer will face is how to retrieve a movie.

Choose how to retrieve the movie:

Download entire movie: The customer could choose to download the entire movie to his computer, or other devices, and play it from his local storage.

Stream movie: Or he can choose to stream directly from a server or several servers.

(13)

1.4: Goal 13

Before selecting on of the above the customer often have the opportunity of choosing at what quality to retrieve the movie. This choice does often depend on the available bandwidth on the customer’s device. With a fast Internet connection the customer will be able to stream at better quality than with a slow connection.

Choose payment type: The customer has to choose some type of payment to retrieve the movie. Here several options could be made available:

Pay per view: This will allow the customer to view the movie once, either by down- loading it with restrictions to play it only once or to stream it of the net once.

Subscription: This is a payment type that will allow, depending on the subscription type, the customer to use a service for a given period.

Buy rights to own: This type could be compared with buying a movie in a store. The customer buys the rights to store the movie locally and play it as many times as he wants.

Choose quality:

The customer will need to choose at what quality he wants to retrieve the movie. This will depend on the available bandwidth the customer has and on what device the movie is to be played.

1.4 Goal

The original goal of this thesis is to perform a literature study and analyze some of the technologies involved in secure distribution of movies on the Internet. We also look at the dependencies between these technologies. While doing these analyzes and reading through literature we found that these technologies could be put together to form an architecture for secure distribution of movies. We have extended this thesis from being just a literature analyzes to design a secure distribution architecture for distributing movies.

1.5 Composition and Methodology

As described in the section above, we use a use case to put the content of this thesis into context. The use case are used to put the technologies and descriptions into a usage scenario. Figure 1 shows a model of how this thesis is structured, to provide an understanding of the thesis layout while reading. The figure is a simplified overview of the layout that will be described in more detail in this section. The figure should be read bottom up to see the layout of this thesis. First, we explain the concepts of distributing content in open networks, such as the Internet. Next, we provide some general concepts of security used to protect the content distributed in a network. Next, we provide a description of more advanced security technologies used to protect content. The last part of this thesis gives a deeper explanation for our proposed solution and compares this solution against existing technologies. This high level structure is split up into the following sections:

Section 2 gives an introduction into Content Distribution Network. When planning on distributing content a distribution architecture must be selected. In this section we give the reader an understanding of the available technologies for providing a distribution platform.

(14)

1.5: Composition and Methodology 14

Content Distribution Networks content distribution and security

Bacis Specification for Advanced Security

Proposal

Figure 1: Thesis Layout

Section 3 looks at how we can encrypt movies before they are distributed to customer.

Here we look at two alternatives for how this could be done, full and selective encryption. We have compared several selective encryption schemes most of them can only be applied to MPEG encoders.

Section 4 provides a deeper understanding of group key management and compare several schemes for group key management.

Section 5 gives an introduction into other security related topics that are used when content are to be protected and access limitation is needed.

Section 6 gives an introduction to Digital Rights Management which is a hot topic today when it comes to usage limitation and control of digital intellectual property.

Section 7 gives an overview of the MPEG-21 specification from Moving Picture Ex- pert Group. This new specification tries to define a transparent way to use multimedia across a wide range of networks and devices. This includes both metadata and DRM support.

Section 8 looks at what requirements that need to be fullfilled when building an ar- chitecture for distribution of movies in an open network. This include both service provider requirements and end-user requirements. These requirements will form the basis for our discussion of the technologies given in Section 2-7 and are used when we propose our architecture in Section 9.

Section 9 propose an architecture based on the previous discussed technologies. This section first gives an introduction to one of the technologies that we base our architecture on, called Superdistribution. Further we rate the earlier discussed technologies against the requirements given in Section 8, before we propose a design for our architecture.

Section 10 concludes our work by doing a short summary of the thesis. Further,

(15)

1.5: Composition and Methodology 15

looks at our research contribution and some future work where our contribution form the basis.

(16)

2: Content Distribution Networks (CDNs) 16

2 Content Distribution Networks (CDNs)

Efficient content delivery on the Internet has been, and still is, a hot research topic.

Even though the bandwidth is increasing and technology is improving the way network is utilized there is still a need to look at the content distribution architecture. This is mostly related to the fact that new large content types, such as music and video, have become more popular. When service provider want to distribute data, as multimedia and video, the need for good content delivery types and more resources will be a result.

When distributing a movie over a network in MPEG-1 format, this involves as much as 1 Gigabyte of data for a movie length of about 1 1/2 hour; this of course depends on the resolution. When the population on the Internet has access to this content it could have a great impact on the network, if many people simultaneously access this content. With today’s technology as DVD and HDTV (High Definition Television) the requirements for data to be transferred continues to increase. As technology evolves, the people will require access to it and ways to use this technology.

Finding techniques to distribute these media types will require creative ways to use both the network and devices. We argue that there will always be a need to reduce network load - even as the bandwidth increases, the amount of content increases proportionally.

Getting the content closer to the end user and reducing the load on a single server will be key features of the network of the future. This reduces the long distance load on the network infrastructure and also the number of intermediate nodes to pass through for the content moving from the source to its destination. For some content types it might be useful to serve the same content to a group of receivers without sending the same packet several times over the same link in the network. This section looks at several ways to distribute content from a source to its destination.

2.1 Network delivery technologies

To distribute a data packet in a network, several techniques exist to send this packet from a sender to a receiver. In the following subsections we describe the most common techniques used to distribute packets in a network topology.

2.1.1 Unicast

Unicast is the traditional one-to-one communication over a network. Unicast is ev- erything that is not broadcast or multicast. As a definition of unicast there is only one sender process and one recipient process, which works as peers. For many years, unicast was proven to be sufficient for the Internet, until 1993, when the first implemen- tation of multicast was released in 4.4 BSD release. An example of sending a packet from a server to several receivers is given in Figure 2a, this shows that a packet will be sent once for each client. These results in one single packet will be sent over the same link as there are clients attached to this link. This will cause the network to be unnecessary loaded and can be avoided by using multicast.

2.1.2 Multicast

Multicast is a way to send a single packet to a group of receivers. Compared to unicast and broadcast this technique reduces the load on the source and the network in general. Instead of sending the same packet from the source for each request, multicast will only send a single packet once and it will be delivered to all members in a group.

(17)

2.1: Network delivery technologies 17

Multicast reduces traffic by simultaneously delivering a single stream of information to potentially thousands of corporate recipients and homes.

A multicast datagram is not guaranteed to arrive at all members of the destination group or in the same order. Multicast is based on the concept of group membership. A set of receivers will send a request for participating in a group, this is done through the use of a join request which is supported by IGMP [9]. As part of the group the receiver will receive the requested data along with all the other members in the group. With the use of multicast, connection-oriented protocols as TCP [10] are not supported. The most common transport protocol used in multicast networks is UDP [11].

A problem with multicast today is that it has to be enabled in intermediate routers. Not all Internet Service Providers have enabled multicast in their routers, so this will make it difficult to base a service on the Internet on multicast. However, there have been done some research in Application Level Multicast [12] to solve the issues in network supported multicast as discussed above. This is done, by creating an overlay network where applications are used to enable multicast. By doing so, the application will be used to avoid sending the same packet over the same link several times while the un- derlying network uses unicast.

To give a short introduction to IGMP.

Internet Group Management Protocol (IGMP) defines how hosts join and leave multicast groups. The protocol is dynamic, this means that a member can join and leave the group at any time during a multicast session. There is no restriction to host location and the number of hosts in a group. A host identifies its group memberships by sending IGMP messages to its local multicast router. Under IGMP, routers listen to IGMP messages and periodically send out queries to discover active groups on its subnet. When there is more than one multicast router on a given LAN, one of them is chosen to be the querier. The querier have responsibility for keeping track of the membership state of all active multicast groups on the LAN.

2.1.3 Broadcast

The definition of broadcast is that the source sends one packet to all the nodes whether they want to receive it or not. Broadcast is the common way to send messages to more than one receiver. Network broadcast is usually used in Local Area Network to send a packet to all nodes. Broadcast is not part of the basic IP specification, there is no agreed-upon way to do broadcast.

2.1.4 Summary of network delivery techniques

As seen from the previous sub sections, all of the network delivery technologies behave differently and in some cases one may be preferred ahead of another. To summarize, if a single packet is intended to only one recipient, unicast is preferred. If we want the entire network to receive the packet we will choose broadcast. If we have n numbers of recipients it is not obvious what technology we should choose. Surely, multicast seems to be an efficient way to distribute a packet if we have more than one recipient, but due to overhead of group management when working in multicast network this is not always the obvious choice. The overhead of group management will be higher for dynamic groups than for more static groups. By dynamic we mean, at what frequency customers join and leave the group.

(18)

2.2: Central server 18

Figure 2: Unicast and Multicast connectivity

2.2 Central server

The central server approach is a common approach for any server configuration running an application. One of the greatest challenges when distributing multimedia is the vast amount of data involved and the possible large number of clients requesting the data.

In this section we will discuss three approaches for using central servers. All these central server alternatives are further explained in [13]. Some of these alternatives are further discussed in [14].

2.2.1 Partitioned multimedia server

In this server configuration, several central servers are partitioned, in groups of clients, to support an increasing number of users. One server is dedicated to serve a single population of client. If we have one dedicated server to serve the request from a small group of receivers, dependent on the resources provided by the server, these clients shares the server resources. As the population of clients grows, on each server, these clients will need to divide the available resources between themselves. To increase the available resources, the population of clients can either be partitioned in smaller sub- groups or more capacity can be added to the server. An example of such a configuration is given in Figure 3. One of the problems with the partitioned multimedia server is that the servers do not share a single repository of data, so all servers have to hold all the data they want to distribute. An example of such a solution is VideoLAN [15].

2.2.2 Externally switched multimedia server

In this configuration, the clients are not directly attached to one single server as for the partitioned servers. A new component called the control server is used to dispatch

(19)

Figure 3: Partitioned multimedia server

the user to a server. This could either be done by load balancing or by splitting the data between them, where the Control server has an index of where the content the client is requesting can be located. By externally switched we mean that the control server is dedicated to dispatch the request between the set of available servers. An example of such a configuration is given in Figure 4. With this solution, compared to a partitioned configuration, the servers could be more equally loaded. This is due to the fact that an external component is responsible for routing the client to one of the servers, compared to the partitioned server configuration where the client is always attached to the same server. Still, there are some challenges with this solution, such as where to put the data. If a load balancing technique is used, the same data have to be available at all switch servers. If the control server uses an index to decide where to dispatch the request, the content have to be equally balanced between the servers related to their popularity. If some content is extremely popular for a period, the load on the server would not be balanced and the one server with the most popular content could be overloaded. A solution to this could be to have the most popular data on both servers. However this leads to duplication of data, and the point of using such a solution is to reduce duplication. Helix DNA Server [16] is an example of an externally switched multimedia server.

2.2.3 Fully switched multimedia server

This configuration is in some way quite like the one above. However, this solution adds an I/O switch so that the server shares the same pool of disk space. With this solution we do not need to duplicate data at the servers and will save disk space. An example of a fully switched server can be seen in Figure 5. This configuration solves some of the problems pointed out in the previous configuration. But this solution requires more

(20)

Figure 4: Externally switched multimedia server

Figure 5: Fully switched multimedia server

(21)

2.3: Server hierarchy (Proxy caches) 21

Figure 6: Multimedia server with proxy caches

hardware and increases the cost. With this solution the I/O switch needs to handle the request from several server at high speed. This solution requires that the connection between the server and the I/O switch is fast. This means that most likely the servers need to be located at the same site to enable such fast connectivity. An example of a fully switched multimedia server can be found for IBM Video Charger [17].

2.3 Server hierarchy (Proxy caches)

As mentioned, one of the great challenges when distributing multimedia is the vast amount of content involved. When the amount of data increases, the bandwidth required to transfer it to the client will become tremendous. To reduce the amount of data requested from one single point of access a server hierarchy is one solution. The main goal of this configuration is to get the data closer to the clients so that the content does not need to be transferred from a single server that might be far from the client.

One way to get the content closer to the client is through the use of proxy caches. These caches are located at a site closer to the client, often placed in the LAN of an Internet Service Provider. A challenge when using caches is how to use the cache, by this we mean what content should be stored in the cache an how to replace content in the cache when it is full. This field has been the focus of many research papers, and is further discussed in [18] and is well described in a book by Markus Hofmann [19]. Another key feature of proxy caches is to move the load from the root server to other nodes.

This leads to a load balancing effect between the root server and the proxy caches. The content is only requested from the root server when it cannot be found in any of the proxy caches on the path to the root server. See Figure 6 for an example of a proxy cache architecture. In this figure there is only one level of caching. In some config- urations it might be a solution to install a larger hierarchy of proxy servers. Several

(22)

2.4: Peer-to-Peer networks 22

caching approaches for multimedia are discussed in [19] with different characteristics:

Fast Prefix Transfer: This technique is used to reduce the response time, i.e. the time from the client request to the content is received at the client. This is done by storing a portion of the content at a proxy cache closer to the client. When the client request is received, the proxy can start sending the prefix. While this happens, the root server can send the rest of the content to the proxy so that the entire content will be available for the client from this proxy cache. See Figure 7a. An extension made to this approach is the use of multicast to send the content stored on the root server to the clients. By this, the prefix can be read from the closest proxy cache and the rest of the content is multicast from the root server to several clients. This can be seen from from Figure 7b. This technique was defined as MCache, See [20]. In this example, the second client joins the stream later than the first client, as this is not the start of the content, the retrieved content is stored in the client’s buffer. Then the client can retrieve the prefix from the proxy cache and be part of the same multicast stream as client one. This technique has the advantage that it reduces the load on the root server by serving several clients in one multicast stream. There are several design issues using prefix caching, one of the most challenging ones are how large the prefix should be. This is extremely important when using Mcache [20] since this will define how ”late” a late joiner can join the same multicast stream. This is discussed in more detail in [20]. There are also other studies done in this field, like Gleaning, Periodic Multicasting with pre-storage and many others. More details on these techniques are discussed in [18].

Object segmentation and cache replacement: When streaming multimedia content, a vast amount of data is involved. To enable caching of this data requires large storage capacity. For more efficiently use of caches segmentation of these large objects can be used. This results in smaller segments that can be cached and a replacement algorithm used to find which segment to cache. With smaller segments it is easier to utilize the storage capacity of the disk.

Dynamic caching: This technique is based on the concept that two or more clients requesting the same stream only differ in time. So if the delta between the first client request and the next can be cached then both clients can retrieve data from the cache. The minimum storage required is the delta. This technique uses a ring buffer, so that the stream from the root continuously fills the buffer as the later joiner has read from the buffer. By doing so, the root server only need one stream to fill the buffer and two or more clients can read the content from cache.

2.4 Peer-to-Peer networks

Peer-to-Peer (P2P) [21] networking is a communication model that builds an application layer logical network on top of lower level network protocols. This type of network is often referred to as overlay network or application layer networking. The key concept is that each node in the network is an equal node. Each node acts as both server and client in the network. The network is built in such a way that all clients and servers directly communicate with each other, see Figure 8b. Following is a definition made by [22]:

(23)

2.4: Peer-to-Peer networks 23

Figure 7: Prefix caching [2]

”Peer-to-peer is a communications model in which each party has the same capabilities and either party can initiate a communication session.

Other models with which it might be contrasted include the client/server model (See Figure 8a) and the master/slave model. In some cases, peer-to- peer communications is implemented by giving each communication node both server and client capabilities. In recent usage, peer-to-peer has come to describe applications in which users can use the Internet to exchange files with each other directly or through a mediating server.”

This technology has become extremely popular, and since the launch of Napster in 1999 many P2P networks have entered the Internet, here are some of them; Napster, Gnutalla, KaZaA, Freenet, FastTrack, Morpheus, OpenFT, BitTorrent.

Using P2P networks has brought up a lot of legal issues related to content ownership and copyrights. All kind of illegal content has become available through P2P networks.

This has resulted in, some of these P2P network founders have end up in court. Napster was the first one to be taken into court, and as a result were stopped in 2000.

In P2P networks there are usually two ways to find the content available in the network:

Centralized index: With this, an index of what content is available is stored on a central server and are known by all Peers. This solution has its limitation by a single point of failure.

No centralized index: With this solution no centralized index is made available. This type of index is also referred to as Distributed Hash Tables (DHT) [23]. To find content in these structure, there are usually used some kind of network prune technique to find the content.

(24)

2.5: Hybrid content delivery network 24

Figure 8: Client Server vs. Peer-to-Peer

2.5 Hybrid content delivery network

Hybrid Content Delivery Network (HCDN) has been a popular subject for research in the latest years. The main idea of this approach is to use the best in the wide choice of Content Delivery Network (CDN) architecture. Many research papers look at com- bining P2P networks with content servers and proxy caches [24, 25, 26]. One of the advantages when using P2P are their resilience to error, since all peers in this architecture are equal nodes and it is likely that more than one peer contains the same content.

A detailed study using BitTorrent in combination with proxy caches is done in [25].

Using P2P in combination with other techniques as Proxy caches will help the content distributor to get the content closer to the consumer. This could be seen as the main goal of any distribution architecture. Getting the content closer to the consumer will reduce the load on the network on a single point and no single point of failure will exist.

By moving the content away from the distributor, the responsibility for the distribution is also moved. However, there are challenges with this approach related to bandwidth.

The content distributor cannot guarantee for the bandwidth given by a peer in a P2P networks.

To get around the problem outlined above it is possible to create a Hybrid Content Delivery Network where the distributor owns all nodes in the network. By doing so the distributor of the content will be able to guarantee for bandwidth or at least have more control of the available bandwidth. The architecture of this private HCDN is to create a network of nodes that work as proxy caches. The content distribution in this network and the load balancing is done through the use of P2P networking technology. This will cache the content to the node where the request is made from a client. The other peers in this Private HCDN request the content from this cache. An approach like this will help reduce the load on a single server and the content will be replicated between the network nodes as content is requested. And the content provider or distributor is in full control of all nodes in the network.

(25)

2.6: Business models 25

2.6 Business models

If a Service provider wants to distribute movies to potential customers on the Internet they have to find a way to charge for this services. This can be done in several ways and some of them are outlined in the following subsections. Some of these models has also been mentioned in the use case from the introduction, see Section 1.3.

2.6.1 Pay per view

Pay per view is a model that has been around for a while. When you are at a hotel and browsing their TV-channels, you will often find channels that need you to sign up for a view of a movie at a given time. If you want to see this movie at that time you just sign up for it and can start watching as soon as the movie starts. Then, when you check out of the hotel later you will see, on your hotel check, that you have been charged for that movie. This is what is called pay per view. This model has become quite popular in cable networks where you can pay to see a movie or a program, as for the hotel scenario. The requirement when having a pay per view system is that your Set top Box needs to have a return channel so you can order you Pay per view program. In several Set top boxes there is a modem line that can be used for this purpose. For the case of using this on the Internet this will not be a problem since you already have a two-way connection.

2.6.2 Subscription

The subscription model has been around quite a while for both magazines and television programs. Most of the broadcasting done today is based on this model. Like for TV1000, this is the most common way to enforce payment and by this get income for the broadcasting company. Users who want to watch some channel, order a subscription for the channel for some period. And most likely they are charged on monthly basis for the subscription. Most television networks send the customer a smartcard that is to be used in a set top box. This card contains a set of decryption codes that does not work when the time of the subscription period is due.

2.6.3 P2P and redistribution credits

With P2P distribution, the user will get more involved since every peer in the network now will become a cache for the distribution of the content. When using P2P distribution, the users functions as intermediate caches and by this removes the load from a central server. If using such a model for distribution this forces the user to help distribute the content. And by doing so the user should in some way get some credits from the content owner for helping to distribute their content. If the user can get some credit when redistributing content this will probably help to build a more stable and robust P2P network. It is more likely that a user will redistribute and stay online, connected in the P2P networks, if he gets something back for helping distribute the content. To enable such a solution the users that are willing to stay connected and work as a cache in the network will have to get credits for redistribution. If a user that distributes much content could get signed up for free download, or at some discount, clients are more likely to contribute with resources to the network.

(26)

2.6: Business models 26

2.6.4 Financial transaction

When moving businesses to the Internet some mechanism for financial transactions has to be implemented. This is also the case for distribution of movies over the Internet.

Most modern DRM systems has support for financial transactions as part of the DRM system, often called a clearinghouse. The clearinghouse is responsible for charging the customers account and transfer the transaction to the content owner.

There are several ways to perform a withdraw a customer account:

Pre paid: This kind of payment may be most known as a way to charge for cell phone usage, you buy a card that is withdrawn for usage of the phone. This kind of payment can be used for other services as well, as for movie distribution on the Internet. As a client you will buy some credits from the distributor and may download or watch movies as long as you have enough credits on your pre paid card. As soon as the credit balance is too low you will have to fill up with more credits before you can use a service. This form of payment has been used by iTunes [27]. Hence, they have two types of pre paid options, gift certificate and allowance account.

Credit card: This is probably the form of payment used the most in the Internet today.

Clients register their credit card as the form of payment and are charged as soon as the client asks for a service.

Subscription: A subscription service is almost like pre paid, except you will pre-agree on how much content you will be allowed to use during the subscription period.

This type of payment has been used in broadcast services for some time now, one example is Canal Digital [28].

(27)

3: Content Encryption 27

3 Content Encryption

Probably the most essential part when protecting content is related to encryption. The use of encryption is to make the content ”unreadable” without the appropriate encryption key. Encryption is used to avoid content from ending up in the hands of malicious users or more correctly not readable for malicious users if they get the encrypted content. It is essential to find the best suited encryption algorithm for data encryption, a good algorithm can be measured by the following:

Key length: The length of the key is often used as a measure point for how strong the algorithm is. The length of a key is described in bits.

Performance: The performance of an encryption algorithm is measured on how fast it can encrypt and decrypt content and also the CPU it requires while performing encryption.

Secure against known hacking algorithm: This is a measure of how strong the algo- rithm protects from known hacking algorithms as brute force.

Error tolerant: If there are data errors in the encrypted data and how well this is handled by the algorithm.

Redundant data added: The overhead, redundant data, added by the algorithm.

The key length is not necessary an indication of the quality of the encryption algorithm but it gives some idea of how strong the encryption is. The performance of the algorithm might be the most important point of measure when dealing with real time data and vast amounts of data, as with video streaming. To avoid delays and the need for processor power it is important that the algorithm is fast. This is not necessary the case when dealing with home computers, as home computers’ processing power has become quite good the latest years, but for mobile and handheld devices the processing power is very limited. It is of course important that an encryption is secure against attack. There is no algorithm that is 100 % secure against attack if enough computer power is put on to hack one. Though a good algorithm should be secure against known attack methods e.g. plaintext attack.

When distributing data in an open network as the Internet, one can never be sure that an error could not occur, like packet loss or bit errors in the network. A good encryption algorithm should be designed to be resilient against errors so it can handle some bit errors to recover the original data after it is decrypted even if some bit error have occurred. Many algorithms add some redundant data to enable error resilience.

There is often a tradeoff between error resilience and data size. We want to send as little data as possible but the data that is received should be recoverable even if some small bit error have occurred. We now look at two methods for encrypting a digital movie.

3.1 Full encryption

There are two main types of encryption available for protection digital movies. Either to encrypt the entire movie as a whole or only encrypt parts of it, see next section.

Encrypting the entire content is quite easy but will still involve some other challenges.

When encrypting the entire movie, a vast amount of data is involved, this requires processing power to handle. One might say that processing power is not an issue in

(28)

3.2: Selective encryption 28

Author Scheme Cipher Technique

B. Bhargava and C. Shi [31] Permutation huff N/A Permutation of Huffman codetable

B. Bhargava and C. Shi [32] VEA XOR

B. Bhargava, C. Shi, S. Wang [33] REVA Any secret key algorithm

B. Bhargava and C. Shi [34] MVEA N/A

Meyer and Gadegast [35] SECMPEG DES and RSA

Maples and Spanos [36] I frames and header enc. N/A Encrypt the I Frames, I blocks and headers

Lei Tang [37] Zig-Zag replacement N/A Permutation of the zig-zag

serializable algorithm Hung-Ping Wu, C.C. Jay Kuo [38] Entropy Codec N/A

Table 1: Selective encryption schemes

today’s computer but when a movie is to be sent and processed in real-time this will result in high requirements on the equipment. And as it is getting more popular to move from a traditional computer to more portable devices, the processing power continues to be an issue due to limited processing power in these devices. Another issue when the entire content is to be encrypted is that some encryption algorithms will increase the amount of data transferred due to data redundancy and error protection mechanisms. As for MPEG encryption all of the articles listed in Table 1 agrees that encrypting the entire stream requires to much computational power to fulfill the real-time requirements of MPEG video streaming. There is one exception to this agreement, discussed by Salah Aly [29], in this article they agreed using AES encryption is fast enough to provide a real-time encrypted stream.

3.2 Selective encryption

As noted in the previous section, selective encryption is the second option for encrypting digital movies. The goal of selective encryption is to reduce the computational cost and to provide the best possible security level while doing so. There exist several schemes for selective encryption and some of them are discussed in the next section.

The use of selective encryption will reduce the amount of data that has to be encrypted, but it could reduce the protection provided for the content.

3.3 Selective encryption schemes

There is a set of proposed solution to selective encryption, which has all been tested, and is evaluated in the articles cited in the table above. In this section we will focus on selective encryption for MPEG-1 encoders. Before reading this section you should be familiar with the details of the MPEG-1 encoder as we go quite into the details of the functions and the terminology used in [30]. All of the schemes listed in the articles can be grouped in either changing the MPEG encoder or building add-on to the encoder to enable encryption of the data. The add-on will have to analyze the MPEG video find GOP and other parts of the MPEG encoding to add security. This will require extra computational cost. Changing the MPEG encoder, which most of the schemes

(29)

3.3: Selective encryption schemes 29

propose does, requires both the MPEG encoder and decoder to be change. This is not necessarily a good solution since MPEG is a defined standard and many encoder and decoders are already in the marked. This makes the add-on more suitable to enable security in existing application if desirable.

All the authors, see Table 1 agrees, that the quality of a selective encryption scheme can not be compared, in security, to encrypting the entire stream. It will always be a tradeoff between security and performance cost.

3.3.1 Permutation of Huffman

This algorithm does encryption and decryption in the same step as compression and decompression. This reduces the overhead in computation by adding security to the MPEG encoding/decoding process. When designing this algorithm B. Bhargava and C. Shi tries to add the security to the MPEG while not affecting the compression ratio.

The basic concept of the algorithm is to use a permutation of the Huffman codeword, and replace the original codeword. Without the secret key, the permutation, the movie becomes un-viewable to humans.

Advantage No overhead added to the MPEG coder

Disadvantage The length of the secret key is limited to the size of the Huffman code- word. This could be changed, but as a result the compression ratio changes.

3.3.2 VEA - Video Encryption Algorithm

The concept of VEA is to only encrypt the signed bits of the DCT coefficient of MPEG encrypted data. The key used for the encryption is a randomly generated key of a given length. VEA encryption uses XOR encryption. The VEA scheme is an add-on to the MPEG standard; it takes a MPEG video and a secret key as input. The output is encrypted MPEG video. This scheme can also be implemented as a change to the MPEG encoder. In an analysis given on the Tennis Table video only 13.8% of the video is affected by the encryption, which tremendously reduce the computational cost compare to encrypting the entire stream.

Advantage Little overhead compare to DES or other block ciphers.

Disadvantage It is still possible to get an idea of what is being viewed after the en- cryption, if just a partial key is used, due to the structure of the MPEG and DCT.

And the algorithm is week for plaintext attack.

3.3.3 MVEA

The MVEA is an extension to the VEA algorithm, the change is that in addition to encrypting signed bits of the DCT coefficient, it also encrypts the signed bits of the motion vector. By this it is no longer necessary to encrypt the DCT factor of B and P frames due to the changes in the generation of these frames when changing the motion vector. When doing encryption of signed bits of the motion vector the direction of the motion vector will be randomly changed. In MVEA they only encrypt the DC coefficients compared to VEA where the non-zero AC coefficients where also included.

Advantage This scheme in addition encrypts or changes the motion vector which re- sult in better protection from plaintext attacks.

Disadvantage As more of the data is encrypted, the performance are reduced.

(30)

Figure 9: RVEA bit selection order

3.3.4 RVEA

The RVEA encryption is designed do improve the drawbacks of both VEA and MVEA in their weakness to plaintext attack. RVEA is based on the same concept as MVEA by the means of encrypting signed bits of the DCT coefficient and the motion vectors.

The extension made in this algorithm is the method for selecting the signed bits. The structure of MPEG is that each 16x16 macroblock is divided into 4 Y 8x8 blocks, one Cr and one Cb block. The selection of the signed bits for encryption is based on organizing these blocks and selecting first the DC coefficient and then the most significant AC blocks. This selection is shown in figure 9. The DC coefficient are shown asβand the AC coefficient asα.

Advantage Improved security compared to VEA and MVEA.

Disadvantage More data has to be processed for the bit selection process 3.3.5 SECMPEG

SECMPEG provides four levels of security, this to make it flexible to the security requirements of a single application. These four levels are as follows:

• Encrypt all headers

• Encrypt all headers and all DC coefficients of I-Macro blocks

• Encrypt all I-Frames and I-Macro blocks in P and B Frames

• Encrypt the entire bit stream

One of the benefits of this algorithm is the possibility to choose the level of encryption.

The biggest limitation is that the algorithm changes the header information to be more resilient to package loss. This makes the bit stream of the SECMPEG incompatible to the standard MPEG player. See Figure 10 for details about the SECMPEG header.

(31)

Figure 10: SECMPEG Header

Advantage This scheme provides for several options depending on the strength re- quired for the encryption.

Disadvantage Incompatible with a standard MPEG player.

3.3.6 I Frames and header encryption

This encryption scheme is quite simple, it is based on encrypting the I-Frames of the MPEG stream in addition to header encryption. The encryption is based on DES cipher encryption. The problem with this scheme is that headers contains mostly standard information and can be reproduced with the right knowledge. Encrypting the I-Frame will produce a image that is not viewable for the human eye if not decrypted. Since I-Frames contains most of the information of the video one would believe that this should be secure. One problem is that both B- and P-Frames usually contain some I-Macroblocks, which is viewable to humans.

Advantage It is easy to implement and works fine with a standard MPEG compatible player.

Disadvantage If the header encryption is broken it is possible to get a see the MPEG video without the I Frame as there are still lot of information that is not encrypted. Another problem is that as much as 30% -90% of a MPEG video stream consist of I-Frames. Another issue with this scheme is that it is weak for plaintext attacks.

3.3.7 Zig-Zag replacement

This scheme is based on replacing the default Zig-Zag serialization algorithm provided by the MPEG standard with a permutation list. The Zig-Zag algorithm works as follows; the 8x8 blocks is arranged with the DC value at the upper left corner of the matrix

(32)

Figure 11: Zig-Zag Serialization

and the most significant AC coefficient, depends on the frequency, is located near the DC value. This can be seen in Figure 11. The idea of this algorithm is to change the serialization order of the Zig-Zag algorithm. To do this the author, Lei Tang, has proposed to use permutations to replace Zig-Zag. The permutation used in this algorithm is done by splitting the DC value into 2x4 bits, where the most significant split is placed in the DC position, upper left corner, and the least significant split is placed at the position of the last AC coefficient, down right. After this has been done a random permutation is run over the matrix.

Advantage Easy to implement and with good performance as the serialization is the only thing that is changed.

Disadvantage The Zig-Zag algorithm is based on the concept of starting at the most significant part of the matrix and by this as it traverse its pattern it picks the most significant parts of this matrix. When this changes it could affect the compression rate as the least significant parts cannot be removed for compression purposes.

3.3.8 Entropy codec

This scheme is based on adding encryption in the entropy coding of the MPEG coding model. The entropy coding is the last step performed by the MPEG encoder, and experiment has shown [38] that it does not add much computational overhead by utilize the this step to add encryption. The Huffman coder and the QM coder is the most commonly used entropy coder. The problems with these coders are their limited size resulting in reduced key length, which affects the security provided. In [38] they proposed using multiple Huffman tables to reduce the probability of cracking the code.

Advantage Does not affect the performance as it is only the lookup table for the en- tropy coder.

(33)

3.4: Comparison 33

Disadvantage The drawback here is the storage need for the tables as they might be larger than the standard Huffman table.

3.4 Comparison

As we have described in the sections above, all of the selective encryption schemes have both advantages and disadvantages. At first, all the authors referred to in Table 1 agrees that using a block cipher scheme introduces too much computational overhead.

There is one scheme, AES, which can be used with the real time requirements. But still it is not always necessary to encrypt the entire stream. This depends on the cost of implementing the scheme compared to the value of the content to protect. Selective encryption schemes are most suited for content that is not too expensive, like for video on demand applications or non-critical data.

(34)

4: Key Management 34

Author Year Scheme

A. Ballardie [40] 1996 SMKD

H. Harney and C. Muckenhirn [41] 1997 GKMP

Suvo Mittra [42] 1997 Iolus

Wong et al. [43] 1998 CTKM

M. Steiner and G. Tsudik and M. Waidner [44] 2000 GDH Y. Kim and A. Perrig and G. Tsudik [45] 2000 TGDH Y. Kim, A. Perrig, G. Tsudik [46] 2001 STR A. Eskicioglu and M. Eskicioglu [47] 2002 CKMSS

Table 2: Group key management schemes

4 Key Management

When implementing security in open networks such as the Internet we need a way to distribute and agree on a set of keys between the communication members. The key that the members agree on is to be used for encryption and decryption of messages sent between the members. For unicast when we have only two communication peers, a well know algorithm, Diffie Hellman [39], has been used for several years. For group communication there are many challenges that we do not have for a two party communication. The main difficulty is the dynamics of a group, members that join and leave the group. When this event happens, the key management scheme must take this into account and rekey the group so that only the current members in the group can decrypt the messages sent to the group. The problem is that if a member leaves the group, and if the group is not rekeyed, the leaving member can still listen to the traffic sent to the group. If a member joins the group and the group is not rekeyed the new member can decrypt messages that has been sent in the group before the member joined the group. This is also referred to as forward and backwards secrecy. Another problem, with group communication, are the overhead added by rekey messages in large dynamic groups.

In this section we will discuss some proposed schemes, see Table 2, for key management in multicast trees. Enabling security in multicast groups has been seen as one of the biggest challenges in network communication today.

4.1 CKMSS

Centralized Key Management with Secret Sharing (CKMSS) is a Hierarchical node based scheme that assigns a set of keys to each member. Depending on the location of the given member in the tree structure where the node acts as a manager for the subgroup. The CKMSS scheme is based on CTKM scheme proposed by Wong et al.

[43]. The keys are generated as a secret key along the path from the root (the server) to the members in the group. These keys are used to encrypt the message sent in the multicast network. CKMSS uses a group-oriented strategy when sending a rekey message; this means that a single rekey message is sent to the entire group, except to the joining member.

Secure Content Distribution Infrastructures

University of Oslo

Department of Informatics