Embedding Source Signature in Multicast Wireless ... - Semantic Scholar

2 downloads 0 Views 532KB Size Report
algorithm which combines signature amortization based on hash chains and watermarking to embed hash chains in the video stream. The algorithm exploits a ...
Embedding Source Signature in Multicast Wireless Video Streams Stefano Chessa

∗† ,

Member, IEEE, Gaetano Giunta

∗‡ ,

Member, IEEE, Gabriele Oligeri



∗ ISTI-CNR,

Pisa Research Area, Via G.Moruzzi 1, 56124 Pisa, Italy Science Department, University of Pisa, Largo B. Pontecorvo 3, 56127 Pisa, Italy ‡ Department of Applied Electronics, University of ROMA TRE, Via della Vasca Navale 84, 00146 Rome, Italy. † Computer

Abstract— We consider the problem of source authentication of video streams in multicast environments. We proposed a novel algorithm which combines signature amortization based on hash chains and watermarking to embed hash chains in the video stream. The algorithm exploits a novel watermarking procedure using Reed-Solomon mark encoding which ensures error-free and fast convergence mark extraction. We show that the algorithm has a negligible impact on the video stream quality and we evaluate the configuration parameters of the algorithm which ensure proper verification of the source authenticity.

I. I NTRODUCTION Video broadcasting/multicasting is one of the most important services in many environments. In particular it is a very popular application in satellite communications (due to their implicit broadcasting capability) as it is also witnessed by emerging video streaming standards such as DVB-S [1]. In order to enable a widespread and trusted streamed media dissemination are necessary in this scenario integrity and authenticity guarantees. In fact users need assurance that the data stream originated from the supposed sender and malicious entities cannot replace parts of the stream with different material. The classical approach to this issue makes use of cryptography (either symmetric or asymmetric). For example in [2] the authors present a solution for the multicast streams authentication based on shared key mechanisms using MAC (Message Authentication Code). Entities acting as sender and receivers use MAC code to authenticate the message through the shared key. [3], [4] give a solution based on symmetric cryptography such that only the members of a multicast group can decrypt (and thus access) the messages. These approaches are however inadequate for source authentication, since they don’t distinguish between different senders belonging to the same group (since all nodes share the same key). For this reason research has oriented towards systems based on asymmetric cryptography. A straightforward solution for the video stream multicast based on asymmetric cryptography consists in signing each packet of the stream through a digital signature [5]. This This work was supported by the CNR/MIUR program ”Legge 449/97 (project IS-Manet) and by the European Commission under the European Satellite Communications NoE (SatNEx II, IST-27393) within the 6th Research Framework Programme.

1-4244-0992-6/07/$25.00 © 2007 IEEE

scheme has two main problems, a high computational overhead both at the sender and at the receiver ends, and a high bandwidth overhead due to the length of current digital signatures. For this reason the concept of signature amortization has been introduced [6], [7], [8]. It exploits a combination of digital signatures and hash functions to reduce the memory and computational overheads. In its basic scheme (the hash chain), given a sequence of packets each packet carries the authentication information for the successor (the hash of the successor), and only the first packet is authenticated. At the receiver side the hash chain is analyzed starting from the first packet which contains the information to guarantee for the next. In this paper we consider the use of signature amortization techniques within the satellite multicast transmission framework. Our idea is to implement signature amortization hiding the hash chain in the video stream. This approach is independent of network and lower layers and avoids the overhead of security protocols introducing transparent modifications to video pictures. In particular we observe that the features of satellite communications are quite specific with respect to communications in other networks. Multicast satellite networks present characteristics such as like low bit error rate [9] and no packet re-ordering for which simple authentication chains could be very efficient. There are various techniques for embedding data into uncompressed video stream pictures but the frequency-based method has obvious advantages due to the processing stages that an image may undergo [10]. In particular, spread spectrum watermarking allows to place the mark in perceptually insignificant regions of the image preserving the mark robustness to geometric distortions. The mark is inserted in the frequency domain of the host picture after its redundancy, amplification and multiplication by pseudo noise sequences. Classical watermarking does not provide for error-free mark extraction, that is strictly necessary in our case. In order to increase the performances of mark extraction we use a watermarking algorithm based on erasure codes [11]. In our simulation experiments we have used Reed-Solomon codes [12]; note however that any other erasure code can be used to our purposes. The rest of the paper is organized as follows: Section II-A revises the related works, the system model is presented in

Section III and the authentication procedures is presented in Section IV. Section V presents the embedding and extraction algorithms, Section VI presents the simulation results and Section VII draws the conclusions.

1111 0000 0000 1111 0000 1111 0000 1111 0000 1111 0000 1111 0000 1111 0000 1111 0000 1111

111 000 000 111 000 111 000 111 000 111 000 111 000 111 000 111 000 111

II. R ELATED WORK A. Signature amortization In [2] authors proposed a solution to multicast communication through a shared key mechanism where each member has a different set of keys. Sender holds a set of l keys and attaches to each packet l MACs, each one computed with a different key. Each recipient holds a subset of the l keys and verifies the MAC according to the keys it holds. In this schema the communication overhead is important and the security is only defined up to a coalition of w malicious recipients forging data for a chosen recipient. A different approach to multicast authentication is an efficient and simple scheme that guarantees authenticity, integrity and non repudiation using a digital signature for the first packet and propagating authentication through a hash chain. In [6] authors present a procedure in which the sender signs the first packet, then ties in subsequent blocks in a way that guarantees the stream authenticity. For a finite and known stream, the sender inserts the hash of each block into the block that precedes it. This solution does not tolerate packet loss, because losses break the chain preventing next authentications. Moreover, this solution applies only if both sender and receiver are able to buffer the entire stream in advance. Various solutions have been proposed for tackling packet loss phenomena, in [13], authors propose an authentication scheme that amortizes a single signature operation over multiple packets encoding the hash values and signatures with IDA (Information Dispersal Algorithm) erasure code. Other solutions are given by redounded chains like in [8], [14], [15]. B. Watermarking Hartung and Girod [16] proposed methods for embedding additive digital watermarks into uncompressed and compressed video streams. The first method regards inserting sequences of repeated bits (the redounded mark) in the spatial domain of the video image after their amplification and modulation by pseudo noise sequences. They also presented a marking procedure in the MPEG-2 bit stream domain concluding that in this case watermarking scheme is less robust than its counterpart in the pixel domain. Cox et al. [17] proposed spread spectrum watermarking scheme by embedding data in perceptually insignificant DCT (discrete cosine transform) coefficients of the cover image and presented a methodology that can be generalized to audio, video and multimedia data. The basic idea is to spread narrow band watermark signal over many frequency bins of the host image using pseudo random spreading sequences so that the watermark energy content for each bin becomes small and could hardly be detected. At the same time, any attempt to remove watermark causes image impairment to an extent that

Fig. 1.

Multicast satellite scenario.

fails to preserve the acceptable quality of the watermarked image. C. Erasure codes The retrieval of the mark from video stream needs a redundancy obtained by mark replicas in one or more pictures as reported in Section V. An interesting approach is to use an error correcting code reducing the number of replicas. ReedSolomon [12] is one of the most used coding algorithms. Using a codeword size of n bit and a data word size of k bit (thus the redundancy of the code is n − k) the Reed-Solomon code can correct up to n−k wrong bits if the positions of the errors are known, and up to (n − k)/2 errors if the positions of the errors are not known. Note however that any other erasure codes [11], like Tornado codes, LT codes and IDA can be used. III. S YSTEM MODEL Multicast satellites networks present some significant security challenges due to their broadcast nature which makes eavesdropping and active intrusion easier than in terrestrial fixed or mobile networks. Satellite systems exhibit low packet loss most of the time, with typical project constraints of 10−8 bit error rate 99% of the time [9], except for a few days a year when the atmospheric conditions are so bad that they heavily affect data transmissions. In our scenario we consider a multicast group of satellite stations. Each station can broadcast an MPEG-2 [18] video stream to the other stations in the group (as shown in Fig. 1). To ensure source authentication we assume that each station has its own pair of public/private keys and that it uses the private key to sign its transmissions. In turn the receiving stations authenticate the source and the transmissions using the source public key. IV. T HE AUTHENTICATION PROCEDURE In this section we present the authentication procedure used for the source authentication of a video stream. The authentication procedure exploits a signature amortization scheme

based on single hash chains, this because the bit error rates of satellite transmissions is in most cases very low, and the probability that a hash chain gets broken due to packet losses is negligible. It should be observed that in presence of lossy links multiple hash chains could be employed, however we judge their use unnecessary in the considered scenario and, in any case, the extension of the algorithm to include multiple hash chains is straightforward. The authentication procedure exploits hash functions and signature. For our purposes good candidates are the SHA-1 hash function [19] which produces a 160-bit digest from a message x with a maximum size of 264 bits and a standard RSA algorithm which computes signatures of 1024 bits. Hereafter we use the functions H(◦), Signature(◦) and V erSignature(◦) which compute the SHA-1 hash of a data, the RSA signature of a data and perform the authentication test, respectively. In the single hash chain signature amortization scheme, given a sequence of packets B1 , . . . , Bn each packet is augmented with a witness which is the hash of the successor. In particular the source computes the sequence B1′ , . . . , Bn′ , ′ =< Bn−1 , H(Bn′ ) >, and Bi′ =< where Bn′ = Bn , Bn−1 ′ Bi , H(Bi+1 ) > for each 1 ≤ i < n − 1. The source then computes the signature S of H(B1′ ) as S = Signature(H(B1′ )) and transmits the sequence of packets S, B1′ , . . . , Bn′ . Figure 3 shows a simple example of hash chain for a sequence of 3 blocks. At the receiver side the authentication of the sequence starts once S and B1′ =< B1 , h2 > are received. In particular the receiver computes h = H(B1′ ) and performs an authentication test V erSignature(S, h). If the test succeeds then B1′ is authentic, and the receiver uses h2 to authenticate packet B2′ . Similarly, once the receiver has authenticated packet Bi′ =< Bi , hi > it uses hi to verify the authenticity of packet Bi+1 . This is iterated until all the packets are authenticated. Note that if the packets are received in arbitrary order then in the worst case the receiver should buffer all the packets before beginning the authentication. In our scheme the witness of each packet is embedded in the packet itself using a watermarking technique. This is possible because the packets carry video streams. To this purpose we assume the existence of two functions W (◦) and E(◦) which perform data embedding and data extraction from a video sequence, respectively. In particular given a sequence B of picture and a value H function W (B, H) computes a video sequence B ′ which is obtained embedding H into B, and function E(B ′ ) extracts H from B ′ . Functions W (◦) and E(◦) are described in Section V. The authentication procedure is as follows: Given a video stream it is divided by the source into n blocks B1 , . . . , Bn of k pictures each one (see Figure 2). The source then produces blocks B1′ , . . . , Bn′ as follows: Bn′ ′ Bn−1

...

= Bn = W (Bn−1 , H(Bn′ ))

B1′

= W (B1 , H(B2′ ))

where W (X, H) embeds hash H in the block X. The source than computes the signature S of of H(B1′ ) as S = Signature(H(B1′ )) and transmits the sequence S, B1′ , . . . , Bn′ . This procedure is summarized in Table I. The satellite link behaves as a FIFO pipe in which the packets transmitted first are received first, thus the receiver receives first S and B1′ and can immediately proceed to the authentication test without buffering the incoming traffic. It first performs the authentication test V erSignature(S, H(B1′ )). If this test succeeds then the receiver computes E(B1′ ) to extract the hash embedded in B1′ . This hash is used to authenticate the block B2′ . In general, once Bi′ has been authenticated, the receiver computes hi = E(Bi′ ), and then it checks whether ′ ′ hi = H(Bi+1 ) to authenticate Bi+1 . The complete procedure is shown in Table II. TABLE I Construction of the single hash chain

let B1 , . . . , Bn be the input blocks; Bn′ = Bn ; for i = n − 1 to 1 { ′ hi = H(Bi+1 ); ′ Bi = W (Bi , hi ); } S = Signature(H(B1′ )); Transmit (S, B1′ , . . . , Bn′ );

TABLE II ′ Verification of the authenticity of sequence S, B1′ , . . . , Bn

receive S; receive B1′ ; h = H(B1′ ); if not ( V erSignature(S, h) ) { authentication failed; exit; } for i = 1 to n { hi = E(Bi′ ) ′ receive Bi+1 ; ′ if h 6= H(Bi+1 ) { authentication failed; exit; } }

V. T HE EMBEDDING PROCEDURE A. Embedding information as watermark In this section we describe the technique used to embed the hash chain into the video stream. In particular we describe the functions W (◦) and E(◦) used in the previous section. It should be observed that our use of watermarking techniques is not standard. Classical watermarking is used to

S B1 B2 B3 B4

Bn−1 Bn

p1..... p k Fig. 2.

Video stream as a picture sequence.

Fig. 3.

Pi

B

B

H(B 2)

H(B 3)

1

RSA(H(B 1))

Reed-Solomon codes, however other encodings can be used [22]. Thus the embedding algorithm first computes HRS as the Reed-Solomon encoding of H. In our simulation experiments we have considered different parameters of this encoding. Note that, due to specific features of the mark extraction which will be discussed in Section V-B the mark must be represented as a sequence of {−1, 1}. For this reason HRS (which is a sequence of {0, 1}) is first trivially converted into a sequence of {−1, 1}. Then, for each picture pi (with 1 ≤ i ≤ k) in Bl , the mark HRS is embedded in pi using the following equation:

2

B

PiH

=

DCT{pi (Y)}

= PiHF + |PiHF | ∗ α ∗ ni ∗ HRS

(1) (2)

3

Hash chain constructed on three blocks .

embed a logo (generally a picture) within a video stream. This embedding is hidden in the video and it can be extracted to witness the ownership of the video. The extraction is in general lossy, that is, the logo can be extracted with errors, provided it remains recognizable. In our case instead we use watermarking to embed hashes of blocks. The extraction of the hashes must not be affected by errors, otherwise the hash chain would result broken and the receiver would be unable to authenticate the source of the video stream. For this reason in this section we propose an embedding technique which ensures the extraction of the hashes without errors, and we evaluate the performance of this technique in the next section. The proposed embedding algorithm is based on spread spectrum watermarking [17], and exploits Reed-Solomon codes to improve mark extraction performances. A video stream can be considered as a three dimensional signal whose components are a bi-dimensional matrix (the picture) and the time. Each picture is formed by a w×h matrix of pixels; each pixel expresses a color which can be represented by three values: R (red), G (green), B (blue) or, equivalently, by Y(luminance) and U, V (chrominance) components. In our algorithm we consider the Y-U-V representation, and we embed a mark (hash) on each picture of the video stream on its luminance component (Y). We use a Fourier domain method based on the DCT (discrete cosine transform) assuring the robustness with regard to various type of coding algorithms like MPEG-2 or MPEG4 [20], [21]. This procedure is based on modifications of the image frequency domain coefficients; it thus have a minimal impact on the whole picture in the spatial domain. Given a block Bl (with 1 ≤ l ≤ n), let H be the the hash of the next block which should be embedded in Bl . In our algorithm H is embedded in each picture of the block using redundant codes. To our purposes we have considered the

Equation 1 computes the DCT transformation of the luminance (Y) component Pi of pi . Equation 2 embeds HRS in the high frequency of Pi , denoted PiHF , using parameters α, an amplification factor, and ni , a pseudo-noise sequence which is changed for each picture. In particular ni are matrices of binary pseudo noise sequences whose items belong to {−1, 1}. TABLE III Function W (◦) embedding hashes into video stream pictures

let B be a video block belonging to the stream S; let H be the hash to be embedded in B; let p1 , . . . , pk be the pictures belonging to Bi ; let α an amplification factor; let PRSG() a pseudo random sequence generator algorithm; HRS = E RASURE E NCODING(H) Rep HRS = [HRS , HRS , HRS , . . . , HRS ] // concatenation of the // HRS replicas Rep−M Rep HRS = Reshape to a square matrix RS µ ¶ // Place data Hinto high 0 0 HW = // frequency DCT domain Rep−M 0 HRS for i = 1 to k { ni = PRSG() Pi = DCT{pi (Y)} PiH = Pi + |Pi | ∗ α ∗ ni ∗ HW pi (Y ) = DCT−1 {PiH (Y)} }

The spreaded sequence ni ∗ HRS is multiplied by an amplification factor (α), replicated according to a replication factor, and finally reshaped to a matrix of the picture dimensions. The mark is now scaled by the luminance frequency coefficients, so that it is spread proportionally to the DCT coefficients. Finally, the resulting sequence is summed to the highest frequencies coefficients of the DCT transformed picture Pi . The pseudo code of the embedding algorithm is shown in Table III. B. Retrieval of information Once the receiver receives a block, it performs the mark extraction. Since the mark has been embedded in each picture of the block, the receiver extracts the mark from each picture.

TABLE IV Function E(◦) retrieving the hashes from video stream pictures

let B be a video block belonging to the stream S; let p1 , . . . , pk be the pictures belonging to B; let PRSG() a pseudo random sequence generator algorithm; let SIGN {◦} is the mathematical signum function x=0 for i = 1 to k { ni = PRSG() Pi = DCT{pi (Y)} ∗ ni PiHF = Extract high frequency from Pi PiHF V = Reshape PiHF to a vector HF V // Consider as [HRS , HRS , HRS , . . . , HRS ] P Pi Hi = HRS (j) x = x + Hi } H = SIGN{x} HRS = E RASURE D ECODING(H)

This is necessary because the extraction from a single picture is, in general, affected by errors, thus the mark is obtained combining the information extracted from all the pictures in the block. Given a picture pi in an incoming block, the receiver performs a DCT transform over the luminance component (Y) of the picture denoted Pi . Then it extracts the mark from the high frequencies of Pi (which are the frequencies where it had been embedded). This is achieved using the following equations: PiHF ∗ ni

= PiHF ∗ ni + |PiHF | ∗ α ∗ ni ∗ HRS ∗ ni = PiHF ∗ ni + |PiHF | ∗ α ∗ H

Let Hi (j) be the j th hash replica inside picture i and Red be the number of hash replicas in each picture. The receiver combines the mark extracted from each picture using the following equation:

H

i=1

i=1

(3)

j=1

where the inner sum accumulates the component extracted from each replica within a given picture, and the outer sum accumulates all the marks extracted from all the pictures in the block. Since the first term in Equation 3 (Pi (j) ∗ ni (j)) expresses uncorrelated signals, their sum tends to 0, thus, if the number of pictures in a block is sufficiently high, Equation 3 becomes: i=k j=Red X X {|Pi (j)| ∗ α ∗ Hi (j)} i=1

j=1

Thus the mark extraction is performed over 4 as:

(4)

j=1

½X ¾ i=k j=Red X = sign {|Pi (j)| ∗ α} ∗ HRS i=1

j=1

= HRS The extracted sequence is now decoded according to ReedSolomon coding parameters used by the sender. The pseudo code of the extraction algorithm is shown in Table IV. VI. R ESULTS AND DISCUSSION We have performed simulation experiments aimed at (i) evaluating the impact of the watermarking over the video stream quality (transparency of the mark embedding), (ii) evaluating the impact of Reed-Solomon encoding (hereafter RS) of the hash in the embedding algorithm, (iii) evaluating the minimum size of the block ensuring, with high probability, the error-free extraction of the mark, and (iv) evaluating the effect of the MPEG-2 coding algorithm over an uncompressed video stream watermarked with our algorithm. In all of our experiments we have considered an uncompressed video stream with 500 pictures of [320, 240] pixels. To the purpose of mark transparency evaluation we compare the watermarked and the original video using the standard PSNR metric [23]. The PSNR computed over the Y component of two pictures is expressed as: (2n − 1)2 PSNR = 10 log √ MSE(Y) where n is the number of bit used in each pixel to represent the Y component and MSE(Y) is : N

MSE(Y) =

X 1 2 (po (Y) − pw ∗ i (Y)) 3wh i=1 i

where [w, h] are the picture dimensions while poi (Y) and are the luminance components of the original and watermarked pictures respectively. In Figure 4 we have reported the PSNR evaluation for each video stream picture. PSNR values are always greater than 50dB which is commonly accepted as a proof of mark transparency. To evaluate the impact of RS and estimate the number of pictures needed for mark extraction we have performed simulations with and without RS in the embedding and extraction algorithms over an uncompressed video stream. When RS is used we have considered 2 different codewords and data word bit lengths (RS 21,15 and RS 60,44). In particular RS 21,15 corresponds to a codeword length of 21 bits and a data word length of 15 bits, while RS 60,44 corresponds to a codeword length of 60 bits and a data word length of 44 bits. Figures 5 and 6 show the probability mass function associated with the number of needed picture for mark extraction and pw i (Y)

i=k j=Red X X {Pi (j) ∗ ni (j) + |Pi (j)| ∗ α ∗ Hi (j)}

½X ¾ i=k j=Red X = sign {|Pi (j)| ∗ α ∗ Hi (j)}

PSNR

60

dB

58 56 54 52 50 0

50 100 150 200 250 300 350 400 450 500

Pictures Fig. 4.

Mark extraction probability

1 0.8 0.6 0.5 0.4 0.3 0.2 0.1 0

2

0.9

0.8

0.7

0.6 No Reed-Solomon RS 21,15 RS 60,44

0.5 1

2

3

Fig. 6. Cumulative distribution function of mark extractions with regard to processed pictures.

PSNR of 500 video stream pictures.

0.7

1

1

Processed pictures

No Reed-Solomon RS 21,15 RS 60,44

0.9

Cumulative mark extraction probability

62

3

Number of needed pictures for mark extraction Fig. 5. Probability mass function associated with the number of needed pictures for mark extraction.

the cumulative distribution function of mark extractions with regard to processed pictures, respectively. It is seen that 3 pictures per block are sufficient to ensure error-free mark extraction with high probability, and that RS ensures a faster convergence to this result. It is also observed that RS 60,44 (which is more redundant) outperforms RS 21,15. The last simulations are aimed at evaluating the effect of MPEG-2 [18] coding algorithm over a watermarked video stream with our algorithm. An MPEG-2 coded video stream can be considered as a GOP (Group Of Pictures) sequence. A GOP is composed of three different types of pictures: I-picture (Intra), P-picture (Predictive), and B-picture (Bidirectionally predictive). Inside a GOP there is only one I-picture and one or more B and P-pictures. Compression is computed over two different levels: The spatial and the temporal ones. Spatial compression is performed only over the I-picture, while temporal compression is carried out over the B and the Ppictures. These pictures are obtained via difference from the I-picture. It should be observed that the MPEG-2 conversion would,

in principle, disrupt the hash chain embedded in the uncompressed video stream. However we observe that the embedding procedure operates GOP by GOP, and it injects the hash of the next GOP in the current GOP (as in Figure 3). Hence, in order to have an effective embedding procedure, we preliminarily encode in MPEG-2 the next GOP, compute its hash and then embed the hash in the current GOP (which is still in uncompressed format). We have performed experiments on video streams coded and subsequently decoded with MPEG-2 algorithm in which the mark embedding was performed without RS, with RS 21,15, and finally with RS 60,44. Figure 7 shows the probability mass function associated with the number of needed picture for mark extraction after MPEG-2 coding/decoding while Figure 8 shows the cumulative distribution function of mark extractions with regard to processed pictures after MPEG2 coding/decoding. It is seen that MPEG-2 decreases the extraction performances because of only intra coded pictures can be used for mark extraction. In our case we have one intra-frame every 5 pictures or group of pictures (GOP) [18], therefore there is a decreasing factor equal to 5 that increases the number of needed pictures for mark extraction. VII. C ONCLUSIONS We have presented a novel scheme for authenticating multicast video stream in satellite environments. Our approach combines signature amortization based on hash chains and a novel watermarking algorithm which allows embedding of the hash chains into the video stream with a negligible impact on the video quality. The watermarking algorithm exploits Reed-Solomon codes to ensure error-free extraction of the hash chains from the video with high probability. We have proved by a standard PSNR metric the transparency of the embedded mark and we have shown by simulation that RS encoding allows a faster convergence of the mark extraction algorithm. By simulation we have also evaluated the effect of MPEG-2 coding/decoding algorithm over the proposed authentication scheme.

Mark extractions probability

1

No Reed-Solomon After Mpeg2 RS 21,15 After Mpeg2 RS 60,44 After Mpeg2

0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 0

1

2

3

4

5

6

7

8

9

10 11 12

Number of needed pictures for mark extraction

Cumulative mark extraction probability

Fig. 7. Probability mass function associated with the number of needed pictures for mark extraction after MPEG-2 coding/decoding algorithm. 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 No Reed-Solomon After Mpeg2 RS 21,15 After Mpeg2 RS 60,44 After Mpeg2

0.1 0 2

3

4

5

6

7

8

9

10

11

12

13

14

15

Processed pictures Fig. 8. Cumulative distribution function of mark extractions with regard to processed pictures after MPEG-2 coding/decoding.

Future work include the extension of this algorithm to deal with lossy channels and the extensive study of the proposed algorithms over different video stream encodings. R EFERENCES [1] R. de Bruin and J. Smits, Digital video broadcasting: technology, standards, and regulations. Norwood, MA, USA: Artech House, Inc., 1999. [2] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, “Multicast security: A taxonomy and some efficient constructions,” in INFOCOM’99, 1999.

[3] S. Mittra, “Iolus: a framework for scalable secure multicasting,” in SIGCOMM ’97: Proceedings of the ACM SIGCOMM ’97 conference on Applications, technologies, architectures, and protocols for computer communication. New York, NY, USA: ACM Press, 1997, pp. 277–288. [4] A. Ballardie, “A new approach to multicast communication in a datagram internet,” 1995. [5] R. L. Rivest, A. Shamir, and L. M. Adelman, “A method for obtaining digital signatures and public-key cryptosystems, Tech. Rep. MIT/LCS/TM-82, 1977. [6] R. Gennaro and P. Rohatgi, “How to sign digital streams,” Lecture Notes in Computer Science, vol. 1294, pp. 180+, 1997. [7] J. M. Park, E. K. P. Chong, and H. J. Siegel, “Efficient multicast packet authentication using signature amortization,” in SP ’02: Proceedings of the 2002 IEEE Symposium on Security and Privacy. Washington, DC, USA: IEEE Computer Society, 2002, p. 227. [8] P. Golle and N. Modadugu, “Authenticating streamed data in the presence of random packet loss,” 2001. [9] A. Annese, P. Barsocchi, N. Celandroni, and E. Ferro, “Performance evaluation of udp multimedia traffic flows in satellite-wlan integrated paths,” in Proceedings of the 11th Ka and Broadband Communications Conference, Sept. 2005, pp. 267–275. [10] I. J. Cox and M. L. Miller, “A review of watermarking and the importance of perceptual modeling,” in Proc. of Electronic Imaging ’97, February 1997. [11] F. J. Macwilliams and N. J. A. Sloane, Eds., The Theory of Error Correcting Codes. North-Holland Mathematical Library, 1977. [12] S. B. Wicker and V. K. Bhargava, Eds., Reed-Solomon Codes and Their Applications. New York, NY, USA: John Wiley & Sons, Inc., 1999. [13] J. M. Park, E. K. P. Chong, and H. J. Siegel, “Efficient multicast packet authentication using signature amortization,” in SP ’02: Proceedings of the 2002 IEEE Symposium on Security and Privacy. Washington, DC, USA: IEEE Computer Society, 2002, p. 227. [14] A. Perrig, R. Canetti, J. D. Tygar, and D. X. Song, “Efficient authentication and signing of multicast streams over lossy channels,” in IEEE Symposium on Security and Privacy, 2000, pp. 56–73. [15] Wong and Lam, “Digital signatures for flows and multicasts,” IEEETNWKG: IEEE/ACM Transactions on NetworkingIEEE Communications Society, IEEE Computer Society and the ACM with its Special Interest Group on Data Communication (SIGCOMM), ACM Press, vol. 7, 1999. [16] F. Hartung and B. Girod, “Digital watermarking of raw and compressed video,” in Proc. European EOS/SPIE Symposium on Advanced Imaging and Network Technologies, Berlin, Germany, October 1996. [17] I. J. Cox, J. Killian, T. Leighton, and T. Shamoon, “Secure spread spectrum watermarking for images, audio, and video,” in IEEE International Conference on Image Processing (ICIP’96), vol. III, 1996, pp. 243–246. [18] D. L. Gall, “Mpeg: a video compression standard for multimedia applications,” Commun. ACM, vol. 34, no. 4, pp. 46–58, 1991. [19] D. Eastlake 3rd and P. Jones, “US Secure Hash Algorithm 1 (SHA1),” RFC 3174, Sept. 2001. [20] M. Barni, F. Bartolini, and N. Checcacci, “Watermarking of mpeg-4 video objects.” IEEE Transactions on Multimedia, vol. 7, no. 1, pp. 23–32, 2005. [21] S. Biswas, S. R. Das, and E. M.Petriu, “An adaptive compressed mpeg2 video watermarking scheme,” IEEE Transactions on Instrumentation and Measuremnent, vol. 54, no. 5, pp. 1853–1861, 2005. [22] M. O. Rabin, “Efficient dispersal of information for security, load balancing, and fault tolerance,” J. ACM, vol. 36, no. 2, pp. 335–348, 1989. [23] B. G. Haskell and A. N. Netravali, Eds., Digital Pictures: Representation, Compression, and Standards. Perseus Publishing, 1997.