Perceptual MPEG4 Video Encryption and Its Usage in Video-onDemand Systems Shiguo Lian, Dengpan Ye, Jinsheng Sun, and Zhiquan Wang
Abstract - In thi.s paper, a perceptual encpption algorithm is proposed ,fkr MPEG4 encoded videos. The algaru,.itlim e n o y t s MPEG4 stream seledivelv arid progrecsivels under the control oJqr~ulIr?, farttir. Bared on the
encryption algorithm. a smitre video-oil-demand svstem is lmsented. Tlieoretical arialvsis and e-rpwimental resu1t.s show !hat. die encvption algorithm is of high secnri~v,law cost, and si1pport.y direct hit-rate control. and the video-on-demand syteni is of higlier .secirriw, andsupports more applications. Index Terms - Video encryption, cryptography, Video-On-Demand system.
perceptual
1. INTRODUCTION
W "
the dcvclopnicnt of network tcchnology and multimcdta technology, multimedia data are used more and more widely in our lives. In ordcr to protect multimedia data on politics, economics or miliiary, multimedia encryption algorithm havc been studied [I-IO]. And since the past decade, video encryption has being a topic of great intcrest. For MPEG2 is an open video compression standard, most of the video algorithms arc bascd on MPEGZ codcc. And these algorithms all cncrypt multimedia data into chaotic ones that cannot be understood. Only the person with corrcct kcys can decrypt them correctly, and then understand their content. In some applications such as video-on-demand or audio-ondemand, videos or audios may bc degraded before transmission. Thus, customers can still understand them although there is some degradation on them. After watching or listcning, thcy may decide whether to buy the copies of higher qualitics. In order to solve this problem, a new multimedia encryption scheme nanicd pcrceptual cryptography [I I . 121 was recently reported, which dcgrades compressed data to certain degree under thc control of quality factor. Andres and Francisco proposed a pcrccptual cryptography on JPEC comprcsscd images [I I ] and a perccptual cryptography on MPEG-I Layer 111 compressed audios [I21 respectively. The former one encrypts JPEG compressed bit-stream by replacing the Huffman code undcr the control of user kcy. And the bigger the number of Huffman codes to he encrypted is, the higher the image dcgradation is. In thc later one, the quantization factors are encryptcd under the control of quality factor besides that some Huffman codes arc encrypted. And thc authors give some expcrimcntal results to show that the perceptual cryptography can degrade imageiaudio to thc ITH
This work was supporicd by the National Naiiiral Science Foundation of China through the gram number 60374066 and the Province Natunl Foundation of China through the grant number BKZO Shiguo Lian i s with the Auiomrtion Depanmen Science and Technology. Nanjing. 2 10094 China (e-mail:
[email protected]). Dengpan Ye. Jinsheng Sun and Zhiqiian Wmg are inow ail with the Autumiiliun Dcpurlment. Nnnjing University uf Science and Technology, Nanjing. 210094 China.
0-7803-8526-8/04/$20.00 02004 IEEE
certain degree under the control of quality factor. However, in practical applications, multimedia data needs often to be changed. For examplc, in nctwork transmission. thc bit-rate is often changcd to adapt diffcrent band-wide. For this kind of application, the encryption algorithm proposed in [ I I , 121 is not suitable. Recently, a novel video compression standard MPEG4 [13,14] is announccd, and now widcly used, which supports lossy or lossless compression, progressive recovery of video frames by fidelity or resolution, region of interest coding, random access to particular regions, a flexible file format, good error resilience and so on. Due to these features, it is suitable for applications in Internet, web browsing, document videoing and so on. In ordcr to enhance such applications in Intcrnet or web browsing, we propose a perceptual cryptography combining with MPEG4 codec. This scheme cncrypts bitsteam selectively and progressively. It is of high security, low-cost and supports direct bit-rate control. Based on it, a securc vidco-on-dcmand systcm is constructed, which has some extra advantages compared with traditional ones. The rest of the paper is arranged as rollows. In Section 2, thc pcrccptual cryptography is presented in detail. And its performances are analyzed in Section 3 . In Sectioti 4, a secure vidco-on-demand system based-on it is proposed. In Section 5 , some cxperimcntal results are given to show its properties. Finally. some conclusions are drawn, and future work is given in Scction 6. 11. PERCEPTUAL VIDEO ENCRYPTION BASEDON MPEG4
CODEC In MPEG4 [13,14] codcc, VOL cncoding and EBCOT cncoding are in relation with progressive property. The relationship between them is shown in Fig. I . Where, each VOL represent a level of resolution. The base VOL is composed of M*N sized VOPs. And each I-VOP is split into X*Y sized codc blocks. and cach code block is encoded from thc most significant bit-plane to the least significant one.
,
...
\OL
~~~~~~~
,
i&WP
"'
I
C,llC B L I L
"'Pb,,.
Fig. 1 . Tier-I Encoder
Here, we use this scalability to rcalizc perceptual encryption. That is, in each video objcct, VOLs are encrypted from thc highest layer to the lowest one; in each video object plane, code blocks arc cncryptcd from the highest subband to the lowest one: and in cach code block, bit-planes are encrypted from thc least significant one to the most significant one. That's just oppositc to thc encoding process. Thus, the relationship among VOL. code block and bit platic can be 83
shown in Fig. 2. Where, VOLi is the i-th VOL in each VO Enctytion method. In EBCOT codcc, bit-rate control is (i=n, n-I, :.., O), B i j is the j-th code block in the VOLi(i=O, realized by cutting some passes directly, which are often not I , ._.,m/4'), and P,.,, is the k-th bit-plane of codc block Bi,, of fixed size. So if block cipher is uscd here, smaller plaintext (k=O, I , ..., p). And the VOLs are numbered from basic layer size is recommended in order to achieve better video quality. to the highest layer, bit-planes are numbered from the least This may make it difficult to select suitable ciphers. Here, we significant one to the most significant one. and the codc propose a method to strengthen a cipher. Ifciphcr E is used to blocks are numbered from low-frequency band to high- encrypt i-th plaintext P, into ciphertext C , , then the modified frewuency ones. Thus, the bit-planes can consist of a sct in encryption scheme is shown in Fig. 3. The encryption process progressive order, Pset-{P,,.o, P..o.I, ..., P,.,.II,p,,.,,,. ..., p n . ~ , ~ ,is~ ~ 3 K K Pn-i,n,i, .../ PI.o.u,PI.u.I,..., PII,U.U, Pu.u.I,..., PO.^.^^. Based on this set, pcrceptual cncryption can be constructed by encrypting different bit-planes. That is, thc encrypted video by encrypting the later bit-planes (for example, form P,,e.U to Q, Po.,l.p)arcmore chaotic than the one by encrypting the former bit-planes (for example, form Pro,, lo P.B.D). Here, taking Fig. 3. The Proposed Secure Method quality factor q as the controller of the encryption strength, we give the perceptual encryption proccss: c, =E(C.:_,@C..K), (3) and the decryption process is P, = D ( C , . K ) 0 P , . , = D(Cj,K)OD(C,.,,K)OP,., (4)
3 - -
=
Fig. 2. Progressive Components
Step 1: Initializing quality factor q ( 0 5 y 2 100, and q is an integcr). The bigger q is, the better the quality of the encrypted video is. and the weak the encryption strength is. Othenvise, it is on the contrary. Step 2: Computing the number of bit-planes to be encrypted, Supposing the number of bit-planes to be encrypted as h, it is defined as
L 1 Here, means to round x to the biggest integer not bigger than x itself. Parameter m is the numbcr of code blocks in the basic layer I-VOP, and it can be computed as
1.~1
M and N a;e the video frame's width and height respectively. And the code block's width and height are X and Y rcspcctively. Each VO is decomposed of n VOLs. In each codc block the number of bit-planes is different from each other, but here we propose to encrypt the most significant p ones (p=6). Step 3: Bit-plane encryption.
Selection of pmses to he encvpted. In order to keep high spced and compression efficiency, we propose to encrypt bitplanes partially. Each bit-plane is encoded by three passes that have different importance to image dccoding: significant pass. refinement pass and clcan-up pass. Since the bitstrcam produced by clean-up passes is more sensitive to video understandability, we propose to encrypt it here.
D(c~.K)oLJ(c~.,, K)o...oD(c~ ,K)CBD(C,,K)B P-,
As can be seen that, the i-th decryption depends on all the previous ones. Thus, this kind of encryption mode is of high sensitive. And the i-th ciphertext's decryption will never be affected by the following ones, which means that the cncrypted data stream can be cut off from the end directly. This property makes it suitable for application with bit-rate control rcquirement. The encryption algorithm E may be either stream cipher or block cipher. If good bit-rate control function is more required, stream cipher is recommended. Otherwise, block cipher can be used to obtain high security. Step 4: Motion vcctor encryption. For inter-encoded frames, we propose to encrypt only thc signs of the motion vectors with the encryption method proposed in Step 3 . Additionally, in order to keep perceptual properties, the motion vectors are only encrypted when quality factor satisfies qs25. (5) And at this timc, the vidco is cncryptcd so grcatly that it cannot be understood.
111. PERFORMANCE ANALYSIS A . Secarifb' In this encryption scheme, the modified encryption method is uscd, which is not weaker than the original cipher E. So the security of cipher E keeps the system's security. It is not difficult to select suitable cipher that can keep high security against brute-force attack. Additionally. different I-VOPs, code blocks or bit-planes may use different encryption keys, which is also easy to be realized. Herc. the coefficients are encrypted by value substitution and diffusion, and they are in close relation with each other, which make such known-plaintext attack as differential attack difficult to brcak it. The clean-up passes are encrypted, which changes not only coefficients' position information but also their valucs. This makes select-plaintext attack difficult. Somconc may try to rcconstruct the frames by setting somc changcd cocfficicnts zcros, but the constructed images are often 110 better than the encrypted ones. This is becausc that, the clean-up pass is independent of significant or refinement one, thus thc cncryptcd clean-up pass cannot be recovered from the unencrypted significant and refinement passes. 84
B. Computational Coinple.rih, In this perceptual cryptography. I-VOP frames are encrypted by bit-plane encryption, while other frames are encrypted by motion vector encryption. For I-VOP frames, the computational complexity of encryption process is in relation with quality factor q. The bigger q is, the smaller the number of encrypted bit-planes is; otherwise, on the contrary. And the ratio between the number of encryptcd bit-planes and the one of unencrypted bit-planes is !???.
Notc that, in each bit-
100
owe,
plane. only clcan pass is encryptcd. Supposing r ( 0 2 r 5 I ) as the ratio between thc length of the data stream produced by clean pass and the one produced by all the three passes (significant pass, refinement pass and clean-up pass), then the ratio between encrypted data and the whole data is (100-y)r. IO0
Experiments on various videos show that, r is not bigger than 0.6 (sce Section 4), thus the cncryption ratio is (I 00 q)r 0s< F < 0.6. (6) ~
100
In fact, the numbcr of I-VOP is so smaller than other frames that the ratio will be much smaller. For other frames, only the signs of motion vectors of each code block are encrypted. If the whole frame is sign-encrypted and cach motion vector is of two signs, then the encrypted sign bit in each framc is E ,the bpp (bits per pixel) ratio is XY
1. For X, Y is often biggcr than
16, then the hbp ratio is
x/
often sinaller than 0,008. It is so small that the encryption scheme is often low cost.
C. Direct Bit-Rate Control In I-VOP, EBCOT codcc encodes code blocks into progressive bit-streams. The encryption algorithm encrypts compressed bit-streams dircctly. While bit-rate control, somc codc passes will be cut directly. The proposed encryption algorithm assures that the changed bit-stream can still bc decrypted corrcctly. which benelits from its advantage that the plaintext in former does not depend on the later ones. IV. TIIESECURE VIDEO-ON-DEMAND SYSTEM Based on the proposed encryption algorithm, a secure videoon-demand system can be constructed, which is shown in Fig. 4. The system is composed of three parts: sewer part, Transmission part and User part. The Server should have a secure encoder that can realize perceptual video encryption. The Uscrs can be classificd into two parts: the one with general player and the one with secure playcr. Where, secure player is a player with a perceptual decoder embcddcd in it. The transmission part means Internet or spccial network. This video-on-demand system has three properties:
I
Trilu,m-..*
,
"lrr
Fig. 4. The Secure Video-On-Demand Syrtcm
Proper@ I : The system can support secure video transmission.
The Server always encrypts the videos to be transmitted. That is, the vidcos on the channels arc cncrypted data streams. Although they have been encrypted under control of different quality factors, they can only be recovered by correct key. Compare with traditional VOD systems, this advantage keeps the videos secure against eavedroppers ovcr wire-lines. Properly 2: The system can provide sccure watch-trial.
The secure encoder in the Server can encrypt vidcos undcr the control of key K and quality factor q. Thus, the encrypted videos can be played in User 1 or User 2 with low quality. If they are interested in thesc videos, they may pay for the ones with high quality. If they have paid, they will obtain the key Cor these videos. And iCthis is their first time to use the system (for example Userl), they will be sent a secure player. Combining the player with thc key, the correctly decrypted vidcos can be watched frccly. Properp 3: The system can realize access control.
Not everyone can sce any of the videos even though he has a secure player. That is becausc rhc videos are encrypted under control of different keys and quality factors. This includes two kinds or conditions: 1 ) videos are classified into diffcrent groups, and each group is encrypted under control of the unique key pair (K, 4). 2) users are classified into difCerent groups, and cach group is arranged the same access key (K, 9). In the first condition, if a uscr has the key pair (K, 4). then he can watch all thc videos in the group freely, but cannot see other ones. In the second condition, a video can be watched by a group of users if the video's key pair is thc same to the group's acccss key. Of course, thcse cases have a prccondition that the users have a sccure player that can be obtained through registration. For example, in Figure 4, User I cannot see videos with high quality becdusc he has no secure player. While Uscr 2 cannot watch the videos with key pair (K, q) because his key K' is different from K. Property 4: The system has larger key space than traditional ones.
The proposed video-on-dcmand system has three control parameters: login password, quality factor q and cipher key K. Compared with traditional ones with only login password, the proposed one have larger key space, which makes it easier to realize new applications such as the one proposed in Proper@ 3.
85
such as video-on-demand system, pay-TV, video transmission over network, wireless or mobile multimedia, and so on.
V. EXPERIMENTAL RESULTS A . Perceplual Encryption Results In the proposed perceptual encryption scheme, quality factor controls the quality of encrypted videos. And the smaller the quality factor q is, the larger the number of encrypted bit-planes is, and the more chaotic the encrypted video is. Taking video Bundy for example, the encrypted videos under the control of quality factor are shown in Fig. 5. It's obvious that, the encrypted videos are slightly chaotic when q is bigger than 70, and i s too chaotic to be understood when q is smaller than 30. Experiments on various videos have the similar results. So quality factor can control the encryption strength, which can bc used to satisfy different applications.
REFERENCES L. Qao and K. Nahntcdt. "A new algorithm for MPEG video encryption." In Proceeding o f the First lnlematianill Conference on Imaging Science. Systems and Technology (CISST'97). piagcs 21-29. Lus Vegas. Nevilda. July 1997. L. Tang. "Methods for encrypting and decrypting MPEG video daw efficiently." in Proceedings of the Founh A C M lntematianrl Multimedia Conference (ACM Multimedia'96). pages 219.230, Boston. MA, November 1996. Ali Sainan Tosum and Wu-chi Feng, "Efficient mulli-layer coding and encryption uf MPEG vidco s~rceilms."IEEE Intemalional Conference on Multimedia and Expo (I) 2000. L. Qiao. K. Nahntedt. and I. Tam. "Is MPEG encryption by using random list insteud UI zigzag order secure.'' IEEE lntemitional Symposium on Conrumcr Electronics. December 1997. Singapore. Chiinggui Shi. Bhartt Bhargwa. "A fast MPEG vidco encryption algorithm." In Proceedings of the 6th ACM Intemationill Multimcdia Conference. Brialol. UK. pages XI-XX. September. 1998. Wenjun Zeng and Shawmin Lei. "Efficient frequcncy domain selective scrambling ofdigital video." IEEE Trans. Multimedia 2002. [7] *
Changgui Shi.-Shangyin Wang and Bharat Bhargava, "MPEG video encryption in real-time using secret key clyptognphy." in Proc. of PDPTA'99.(Las Vegas, Nevada), 1999.
[XI
Chunping Wu and C. C. Jay Kuo. "Fan encryption meihods for audiovisual datu confidentiality." in SPlE Inlcmatianill Symposia on Information Technologies 2000. Pracccdings of SPlE Vol. 4209. pp. 284-295. (Baston. MA. USA). NOV. 2000. Jiangtao Wen. Mike Sevn. Wenjun. Man Luttrell. and Weiyin Jin. "A format-compliant configurable encryption framework for access control ofmultimedia." In Pro. IEEE Workshop on Multimedia Signal Proc.. pp.
[9]
(C)
q=30
(d)q=10
Fig 5. Video Encnption Under Different Qualit?.Factors
B. Encryprioi?Speed Test Taking various videos with different sizes for example, we test the time ratio between encryption process and the summation of encryption and encoding process. The results are shown in Table I . Where, the quality factor is q=0, and the number of encrypted bit-planes is p=6. As can be seen that, the encryption time ratio is not bigger than IS%, which shows that the encryption process is of low cost.
435.440. Cannes. F C ~ Wa~t .. mi [ I O ] Ali S a m n Tosun and Wu-chi Feng. "On error preserving encryption algorithms for wireless video transmission." Proceedrngs OJ rhe ACM I n f r a l i o n a l Mdrimedio Con/&ence ond Eyhihifiori. n IV. Ouawa. Ont. 2001. pp 302-308. [ I I ] Tormbia A., Mora F.. "Perceptual cryptography of JPEG compressed images on the JFlF bit-stream domain." Proceedings o f the IEEE
Inlcmutiunal Symposium on Consumer Electronics. ISCE. I7-lY June ~003, sx-sq. (I21 Tormbia A., Mora F.. "Perceptual cryptography on MPEG Layer 111 bit-
streams," IEEE Transactions on Consumer Electronics. v 48. n 4. w e m b e r . 2002. io46-imo. [i3] ISO/IEC JTCIISC2YIWGI I Dmumcnt N2552. MPEG-4 Video Verification Model Version 12. I . Dec. 1998. [ 141 ISOIIEC JTCIISC29IWGI I N3 156. Overview of the MPEG4 Standard. Dec. 1999.
Table 1. E n c r ~ ~ t i oTime n Ratio Test
Video
Sire (NN")
Bundy
384'288
BUS
352-240 352'240
Fluurr
Hulla Car
~1-240 320'240
Encryption
I:PB 8:35:XI m 4 0 100
Time Ratio 9.5"/0
8:38:96
10.4% 9.6%
10:30:0
13.2%
86:43:172
12.996
VI. CONCLUSIONS AND FUTURE WORK In this papcr, a perceptual cryptography on MPEG4 encrypted videos is proposcd and analyzed. Bascd on it, a secure video-on-demand system is presented, which has some properties compared with general systems. Experimental results show that, the proposed encryption scheme can realize pcrccptual encryption, is of low cost, and supports direct bitrate control. These properties make it suitable for real-time applications with different security or bit-rate requirements,
86
