Multimedia cloud transmission and storage system ... - Springer Link

Download PDF
4 downloads 3841 Views 894KB Size Report
Comment
lyzed the impact of access control and cloud storage on multimedia file, and proposed a mixed security cloud storage framework based on Internet of Things.
Multimed Tools Appl DOI 10.1007/s11042-015-2967-9

Multimedia cloud transmission and storage system based on internet of things Jiachen Yang1 · Shudong He1 · Yancong Lin1 · Zhihan Lv2

Received: 20 July 2015 / Revised: 10 August 2015 / Accepted: 22 September 2015 © Springer Science+Business Media New York 2015

Abstract For the issues of large space and storage security of multimedia files, we analyzed the impact of access control and cloud storage on multimedia file, and proposed a mixed security cloud storage framework based on Internet of Things. This paper introduced the concept of multimedia protection into the method based on role access control. Moreover, we also adopted a scheme based on the combination of multimedia data state and role access control. At the same time, all input and output devices were connected to this system. Internet of Things is used to judge whether circuits are connected and whether the devices are normally operated, so as to improve the access efficiency. On this basis, we also described in detail the complete process of registration, role assignment, multimedia file owner’s request for data encryption, and user login and access to multimedia file. According to the result, this scheme can be used to resist the known attacks. It guarantees security of multimedia files. Keywords Internet of things · Multimedia · Security of cloud storage · Role access control · Multimedia data state

 Yancong Lin

[email protected] Jiachen Yang [email protected] Shudong He [email protected] Zhihan Lv [email protected] 1

School of Electronic Information Engineering, Tianjin University, Tianjin, People’s Republic of China

2

SIAT, Chinese Academy of Science, Beijing, China

Multimed Tools Appl

1 Introduction With rapid development of multimedia technology [6, 17, 18] and higher and higher network transmission efficiency, the definition of multimedia file is continuously enhanced. Many researches are about multimedia, including multimedia security [2], multimedia retrieval [4], social media [15], and so on. Both transmission and storage occupy a large storage space. Therefore, it is imperative to cloud storage of multimedia files. At present, cloud computing [3, 7, 19, 20] has already been used to solve the issue of multimedia file storage space in many researches. Zhu et al. [24] proposed a concept of multimedia perceptive cloud, solving the issue of distributed multimedia processing and storage with cloud, and improving the quality of service. Nan et al. [12, 13] adopted the queue model to optimize the service response time of multimedia cloud. The proposed method can be used to minimize average response time and resource costs, so as to improve multimedia service efficiency. Altamimi et al. [1] researched the impact of cloud computing multimedia on resource utilization of smart phone. According to the research result, cloud computing multimedia can substantially reduce energy costs of smart phone. Nan et al. [11] used new cloud based on network for effective processing of multimedia sharing and releasing. They encouraged the use of cloud computing and streaming media shared in social environment to watch live videos. At the same time, Nan et al. [11] also concentrated on management of distributed resources and bandwidth allocation. To realize large-scale multimedia storage and transmission, hardware devices are essential [8–10]. Nowadays, more and more multimedia technologies are correlated with configuration and service condition of devices. Service condition of device has direct impact on multimedia transmission efficiency. In the field of multimedia transmission, therefore, there are more and more researches on application of Internet of Things. Zhou et al. [21] designed a new valid security framework of media perception, and used relevant knowledge about multimedia communication, security service and Internet to set up Internet of Things through wired and wireless sensor, so as to guarantee its application in multimedia. Ros´ario et al. [16] proposed a high-efficiency video transmission method about mobile multimedia Internet of Things based on link quality and geographic information or protocol. This protocol depends on a beacon. Route decisions measured with multiple indicators (including link quality and geographic location) are used, so as to meet relevant needs of mobile Internet of Things in the future. In this paper, the technology of cloud computing is combined with the technology of Internet of Things. It is applied in real-time transmission equipment of multimedia system. It can be used to realize real-time collection of picture and video, such as monitoring field. Real-time monitoring system has high quality requirements for picture transmission. Once the network transmission speed slows down, it is easy for the quantity of video transmission to cause network congestion. As a result, video quality cannot be guaranteed. It may also cause system breakdown. If a significant event occurs at this moment, shortage of monitoring video will result in immeasurable impact. A scheme is proposed in this paper: transmit snapshots taken in busy hours to public cloud in real time. We can perform data recovery at cloud side. Due to over large video transmission quantity, it is easy to cause congestion of transmission path. Therefore, we adopt the mode of intercepting snapshots in short time. When transmission line is detected busy, the mode of real-time snapshoot transmission is adopted to upload to public cloud for storage. Thus, improvement is made to data transmission efficiency. At the same time, the bandwidth occupied by data transmission is also saved.

Multimed Tools Appl

Our major contributions include: used the technology of Internet of Things and the technology of cloud platform to link together devices in the monitoring system, and improved the access efficiency of the system by judging the linking condition of system devices. On this basis, we also proposed role access control over a mixed cloud storage system based on multimedia state. In this system, we can make sure the security of multimedia in the transmission process. In this system, we can decide whether users can have access to this multimedia file according to user role and multimedia data state. Organizational structure of this paper is shown as follows: in Section 1, an introduction is made to the present research situation of multimedia data transmission and storage. Then, it is proposed to combine multimedia transmission and storage with cloud computing and Internet of Things. On this basis, its application in the field of real-time multimedia transmission is proposed. In Section 2, a brief description is made on a scheme based on role encryption. Besides, this scheme is applied in the next system. In Section 4, a detailed description is made on how to use Internet of Things and cloud computing to construct a real-time multimedia transmission system and on the transmission process of the whole system. In Section 5, an analysis is made on the issue of system security, making sure the security of multimedia data transmission and storage. The last part is the conclusion.

2 A scheme based on role encryption Zhou et al. [22, 23] proposed a security cloud storage scheme based on role encryption. The method of RBAC and data encryption was used for cloud storage of encrypted files, so as to guarantee user access security and data storage security. In total, there are four roles in this system: system administrator, role manager, multimedia file owner and user. The entire scheme includes seven stages: setup, extract, manage role, add user, revoke user, encrypt and decrypt.

2.1 Setup Setup(λ): generate master key mk and public key pk by security parameter λ, mk stored by system administrator and used to generate user key and role key, publish pk to all users in the system, and take pk as a part of decryption key.

2.2 Extract Extract (mk, I D): user key dkU and role key skR generated by system administrator according to master key mk and relevant I D of the system.

2.3 Manage role ManageRole(mk, I DR , P RR ): System administrator manages different roles according to role ID I DR .P RR is the ancestor role list of role R. It will be stored in public cloud according to the parameter pubR generated by master key mk.

2.4 Add user AddU ser(pk, skR , RulR , I Du ): role manager adds user ID I Du to the role list RulR and updates cloud role parameter pubR and role list RulR .

Multimed Tools Appl

2.5 Revoke user RevokeU ser(pk, skR , RulR , I Du ): role manager removes use ID I Du from the role list RulR and updates cloud role parameter pubR and role list RulR .

2.6 Encrypt Encrypt (pk, pubR ): Multimedia file owner encrypts information M, generates encrypted file C, and uploads to cloud according to public key pk and role parameter pubR .

2.7 Decrypt Decrypt (pk, pubR , dkU , C): Users belong to role R generate information decryption key K and obtain information M according to public key pk, role parameter pubR , user decryption key dk and encrypted file C downloaded from cloud. The algorithm based on role encryption guarantees security of cloud storage, and realizes data storage security and user access security. On the basis of the said algorithm, the author combined the features of real-time multimedia transmission, and proposed a system combining cloud storage structure based on multimedia data state and role access control on the basis of the framework of Internet of Things.

3 Multimedia transmission storage framework proposed in this paper According to relevant features of real-time multimedia monitoring equipment, we designed a system of Internet of Things, and linked various monitoring devices (such as camera) with display devices (such as video player and picture viewer), so as to master their state in real time. For security of multimedia file, the author combined multimedia data state with role access control, and proposed a scheme of security cloud storage. Mixed cloud structure is adopted in this system. In other words, this system is composed of public cloud and private cloud. Public cloud is used to store public information, i.e. user encrypted data Multimedia C and multimedia data state StatusM . Private cloud is used to store information with high sensitivity, i.e. role hierarchical structure P RR and role list RulR . The identity of visitors includes system administrator, role manager, multimedia file owner and user. Administrator is responsible for generating user decryption key parameters used by users to decrypt relevant data. Role manager is responsible for adding/ revoking user for a role. Multimedia file owner is the owner of original data. After data collection via monitoring camera, multimedia file owner encrypts original data and uploads it to public cloud. User is the visitor of multimedia file, who applies for access from cloud. Multimedia file will be decrypted after identity verification. At the same time, user side is directly connected to such devices as printer, video player and picture viewer. It can be used to play videos or print pictures. See Fig. 1 for the structure of the entire system. For security, the method of encrypted file storage is adopted for multimedia data storage. In the transmission process, session key is used for data encryption. Besides, the algorithm of digital signature is used for identity verification. In the system, session key is used in the following steps: it is necessary to create session key with public cloud when role manager applies for adding/ deleting user. It is necessary to create ses-

Multimed Tools Appl

Fig. 1 Structure of the system

sion key with public cloud when multimedia file owner applies for data encryption. It is necessary to create session key during information interaction between public cloud and private cloud. It is necessary to create session key with public cloud when user applies for data access. It is necessary to create session key during information interaction between public cloud and private cloud. In 1978, Diffie et al. proposed a key management protocol [3]. Key management protocol RFC 2631 [14] was formulated by IETF. In this paper, RFC 2631 is used to create session key. Considering high security requirements, the algorithm of digital signature with long key length is used for identity verification [5]. Public cloud will compute B = g N mod q and S = (N −1 (h(I D, B) + x · g N )) mod q according to ID of the users when the user register the system. Then verify the identity of the users by g S ? B · y h(B,I D) mod p, if it holds, we can make sure that the user login the =

system is the one who register the system, or the users cannot login the system. The entire scheme includes five stages: registration, role management, data encryption, login and user access. For the convenience of description, some symbols of this scheme are listed in Table 1.

3.1 Registration It is necessary for all members in the system to submit and equipment number to public cloud for registration and obtain signature information for identify verification during

Multimed Tools Appl Table 1 Symbol description Parameter

Meaning

I DX

ID of X

P WX

Login password of X

m

Signing message

msk

Master key generated by public cloud

xX /yX

Private key/ public key of X, yX = g xX mod p

SKab

Session key between a and b

Ek (.)/Dk (.)

Symmetrical encryption/ decryption algorithm by using key k

verif yy (.)

Verify the validity of signature with public key y, y = g x mod p

h(.)

one-way hash function

MACi

Verification code of the i th message

||

Continuous operator



Or operator

+

Addition operator



Subtraction operator



Insecure channel

system access. The registration process of role manager, multimedia file owner and user is described below (Fig. 2):

3.1.1 Registration of role manager Step 1: Step 2:

role manager transmits I DRM to public cloud via encryption channel, so as to generate random value NRM ∈ Z∗q . calculate: BRM = g NRM mod q (1) SRM = (NRM −1 (h(I DRM , BRM ) + xRM g NRM )) mod q

(2)

(3) MAC1 = h(I DRM ||NRM ) Store (I DRM , MAC1 ) to public cloud, and send (BRM , SRM , MAC1 ) to role manager.

3.1.2 Registration of multimedia file owner Step 1: Step 2:

multimedia file owner submits I DO and camera ID set I DCi = {I DC1 , ..., I DCm } to public cloud, so as to generate random value NO ∈ Z∗q . calculate: BO = g NO mod q (4) −1 NO (5) SO = (NO (h(I DO , I DTi , BO ) + xO g )) mod q (6) MAC2 = h(I DO ||I DTi ||NO ) Store (I DO , I DTi , MAC2 ) to public cloud, and send (BO , S O , MAC2 ) to multimedia file owner.

Multimed Tools Appl

Fig. 2 Registration Process

3.1.3 Registration of user Step 1:

Step 2: Step 3: Step 4:

user logs in the system through the terminal, and transmits I Du and terminal system ID set I DTi = {I DT1 , ..., I DTm } to public cloud via secure channel, so as to generate master key msk and random number rpublic . calculate G = h(I Du ||I DTi ||h(P Wu )) (7) calculate V = h(I Du ||I DTi ||h(P Wu )||h(rpublic ||msk))

(8)

MAC3 = h(I DU ||rpublic )

(9)

calculate Store (I Du , I DTi , U ) to public cloud, and return (Q, V , h(.), MAC3 ) to user.

3.2 Role management The method of role management is adopted in this system. Users are provided with different limits of authority according to different roles. This stage describes the process in which role manager adds/ revokes user for a certain role to the role list and system administrator updates role inheritance structure. Here, role list RulR is a set of all users containing role R. Role inheritance structure P RR is ancestor role set of role R, as shown in steps 2, 3, 4 and 5 in Fig. 1. Step 1:

create session key SKRM−publicc between role manager and public cloud;

Multimed Tools Appl

Step 2:

role manager calculates signature key x1 : x1 = SRM mod q

(10)

Signing message m1 (m1 = (BRM , SRM , I DRM , I DRi , τ )) of signature key x1 : τ stands for the request message of add/ revoke user; τ = 1 is the request for add user;τ = 2 is the request for delete user. σ1 = Signx1 (m1 )

Step 3: Step 4:

(11)

(12) C1 = ESKRM−publicc (m1 ||σ1 ) Role manager sends (I DRM , C1 , MAC1 ) to private cloud; after the reception of the message, private cloud sends (I DRM , C1 , MAC1 ) to public cloud; public cloud verifies the validity of authentication code via the message: MAC1  = h(I DRM ||NRM )

(13)

MAC1  ? MAC 1

(14)

Verify

=

If above formula is feasible, it indicates that data is complete and source of data is valid. Decrypt data with decryption key SKRM−publicc : (m1 ||σ1 ) = DSKRM−publicc (C1 ) Verify the validity of signing message: g SRM ? BRM yRM h(BRM ,I DRM ) mod p =

(15)

(16)

Verify according to public verification key y1 : y1 = g SRM mod p

(17)

m1 ? V erif yy1 (σ1 )

(18)

=

After successful verification, add/ delete user ID to the role list: If τ = 1, add user:

If τ = 2, delete user:

RulRi = Add(I Duk )

(19)

RulRi = Revoke(I Duk )

(20)

3.3 Multimedia file owner’s request for data encryption at public cloud For user’s access security, multimedia file owner collets multimedia data through monitoring devices (such as camera), encrypts original data, and uploads encrypted file and multimedia data state to public cloud. When the user login the system, he/she can make sure the line connected to the public cloud is unimpeded through the Internet of things. Then we can login the system without the problem of the equipments. That is more efficiency than login the system without confirm the connectivity of the system and save time. It can be shown in step 6 in Fig. 1. For access, user needs to apply at public cloud. After obtaining encrypted file, the file can be decrypted at cloud side. Data encryption process is shown in steps 6, 7, 8 and 9 as shown in Fig. 1.

Multimed Tools Appl

Step 1: Step 2: Step 3:

Step 4:

create session key SKO−publicc between multimedia file owner and public cloud; create session key SKpubliccO−privateO between private cloud and public cloud; multimedia file owner determines whether the device is normally operated according to camera state; transmits ID set I DCi = {I DC1 , ..., I DCm } of device under normal operation to multimedia file owner; multimedia file owner calculates signature key x2 : x2 = SO mod q

(21)

Signing message m2 (m2 = (BO , SO , I DO , I DTi , I DRi )) of signature key xO :

Step 5:

σ2 = Signx2 (m2 )

(22)

C2 = ESKO−publicc (m2 ||σ2 )

(23)

Multimedia file owner sends (I DO , I DTi , C2 , MAC2 ) to public cloud; public cloud verifies the validity of authentication code via the message: MAC2  = h(I DO ||I DTi ||NO )

(24)

MAC2  ? MAC2

(25)

Verify

=

If above formula is feasible, it indicates that the message is valid. Use decryption key SKO−publicc for data decryption: (m2 ||σ2 ) = DSKO−publicc (C2 )

(26)

g So ? Bo yo h(Bo ,I Do ,I DTi ) mod p

(27)

=

Verify according to public verification key y2 : y2 = g So mod p

(28)

m2 ? V erif yy2 (σ2 )

(29)

=

Step 6:

after successful verification, public cloud encrypts role identity: C2public = ESKpubliccO−privatecO (I DRi )

(30)

Send to private cloud, and request to obtain role parameter; private cloud decrypts encrypted file with session key: I DRi = DSKpubliccO−privatecO (C2public )

(31)

Inquire role parameter pubRi according to I DRi , and encrypt both items: C2private = ESKO−publicc (I DRi ||pubRi )

Step 7:

(32)

Send back to public cloud; public cloud forwards C2private to multimedia file owner; multimedia file owner receives C2private , and decrypt with session key SKO−publicc : (33) (I DRi ||pubRi ) = DSKO−publicc (C2private )

Multimed Tools Appl

Multimedia file owner generates data encryption key with role parameter pubRi : SKencrypt = KeyGen(pubRi )

(34)

Use encryption key for data encryption: MultimediaC = ESKencrypt Multimedia Step 8:

encrypt the following message with user private key: σO = SignxO (I DMj ||MultimediaC ||I DRi ||StatusMj )

Step 9:

(35)

(36)

Multimedia file owner uploads (σO , I DMj , MultimediaC , I DRi , StatusMj ) to public cloud.I DMj is ID of this multimedia file.StatusMj stands for the state of encrypted data. Data state is a kind of protection for data. Only under specific state, user can have access to data. Under other states, even roles with limits of authority still have no access to data. verify the validity of signature with public key yO of public cloud: (I DMj ||MultimediaC ||I DRi ||StatusMj )? V erif yyO (σO ) =

(37)

If above formula is feasible, save (I DMj , I DRi , StatusMj ) to public cloud, or we cannot make sure the identity of the file owner is true, so we will refuse the response of the submit of the multimedia file.

3.4 Login Prior to data access, user needs to log in the system with a terminal and verify the validity of user identity. Step 1:

Step 2:

determine whether circuits are connected according to terminal ID I DTi = {I DT1 , ..., I DTm } used by each user at registration; if relevant circuits are not connected or the present device is in a trouble, the system will distribute other circuits or devices for it. Or, turn to Step 2. user logs in the system, and inputs username I Du  , password P Wu  along with the device number I DTi  .h(rpublicc ||msk) can be calculated according to the parameter (Q, V , h(.)) stored at user side. h(rpublicc ||msk) = Q ⊕ h(I Du ||I DTi  ||h(P Wu ))

(38)

V  = h(I Du ||I DTi  ||h(P Wu  )||h(rpublicc ||msk) )

(39)

V  ?V

(40)

Verify =

If above formula is feasible, the user succeeds in logging in. Or, the user fails to log in.

3.5 User’s request for data access at public cloud After successful login, the user applies for data access at public cloud. After verifying limits of authority of the user, public cloud will transmit encrypted file and decrypted message

Multimed Tools Appl

to user side. Data will be decrypted at user side. After decryption, file can be outputted to video player or picture viewer, as shown in Steps 10, 11, 12 and 13 in Fig. 1. Step 1: Step 2: Step 3:

create session key SKU −publicc between user and public cloud; create session key SKpubliccU −privatecU between private cloud and public cloud; use signing message m3 (m3 = (BU , SU , I DU , I DMj )) of signature key xO : σ3 = SignxU (m3 )

(41)

C3 = ESKU −publicc (m3 ||σ3 ) The user sends (I DU , C3 , MAC3 ) to public cloud; Step 4: calculate public cloud:

(42)

MAC3  = h(I DU ||rpublic )

(43)

MAC3  ? MAC3

(44)

Verify

=

If above formula is feasible, decrypt data: (m3 ||σ3 ) = DSKU −publicc (C3 )

(45)

Step 5: public cloud obtains (C, I DRi , StatusMj ) according to I DMj . If StatusDj is in the state of inaccessible, refuse user access; if it is in the state of accessible, continue Step 6; Step 6: public cloud encrypts (I DU , I DRi ): C3public = ESKpubliccU −privatecU (I DUi ||I DRi )

(46)

Send to private cloud, require for the parameter, and obtain by decryption of private cloud: (47) I DUi ||I DRi = DSKpubliccU −privatecU (C3public ) Inquire the role list RulRi and the role lists RulR1 , ..., RulRm of ancestor roles P RRi = {I DR1 , ..., I DRm } according to I DRi ; inquire whether I DUi is among these role lists; if yes, calculate according to role parameter pubRi of I DRi : C3private = ESKpubliccU −privatecU (I DUi ||I DRi ||P ubRi ) Send back to public cloud; decrypt by public cloud: I DUi ||I DRi ||pubRi = DSKpubliccU −privatecU (C3private ) Obtain (I DUi , I DRi , pubRi ) . Step 7: public cloud encrypts the following message and sends it to user: C3U = ESKU −publicU (IDMj ||MultimediaC ||StatusMj ||I DRi ||pubRi ) Step 8:

(48)

(49)

(50)

the user receives C3U and decrypts it: (IDMj ||MultimediaC ||StatusMj ||I DRi ||pubRi ) = DSKU −publicU (C3U )

(51)

Step 9: generate decryption key according to decryption parameters dkui and role parameter pubRi distributed by system administrator to user: SKdecrypt = KeyGen(pubRi , dkui ) Decrypt data to obtain data: Multimedia = DSKdecrypt (Multimedia C )

(52) (53)

Multimed Tools Appl

Step 10: output decrypted multimedia file Multimedia to video player or picture viewer and other devices; the system will choose available device for transmission by judging whether the device is available.

4 Security analysis This section analyzes and proposes security of the scheme. As verified, this scheme can resist known attacks. See Table 2 for the method used by this system to resist known attacks.

4.1 Resist known attacks 4.1.1 Anti-tamper attack In wireless network, information is transmitted in secure channel. It is easy to be tampered by attackers. In this system, it is necessary for verification of message authentication code while public cloud or private cloud accepting a verification message,seeing in (14), (25) and (44). If an attacker wants to tamper corresponding information (I DRM , C1 , MAC1 ), (I DO , C2 , MAC2 ) and (I DU , C3 , MAC3 ); if above formula is unfeasible after verification, refuse the request; In the transmission process, use SKpubliccO−privatecO and SKpubliccU −privatecU for information encryption, so as to make sure not to be attacked.

4.1.2 Anti-replay attack To prevent the opponent from intercepting and retransmitting messages, the method of generating random value is adopted to guarantee inconsistency of verification information transmitted in each time, seeing in (14), (25), (44). In each conversation NRM , NO and NU are different. Therefore MAC1  , MAC2  , MAC3  are also different, making it unable for attackers to spitefully retransmit a valid transmission message.

4.1.3 Resistance against man-in-the-middle attack To prevent messages of relevant parties from being intercepted, session keys SKRM−publicc , SKO−publicc and SKU −publicc are used for encryption of important information in the transmission process.

Table 2 Resist known attacks Attack type

MAC

Session key

One way hash

Tampering attack

Yes

No

No

Replay attack

Yes

No

No

Man-in-the-middle attack

No

Yes

No

Password guessing attack

No

No

Yes

Multimed Tools Appl

It can be known from Formulas (12), (23) and (42) that it is unable for attackers to intercept important messages due to encryption protection of session key.

4.1.4 Resistance against password guess attack To prevent attackers from obtaining h(I Du ||I DTi ||h(P Wu )) and thus guessing password, password is separately protected by one-way hash friction h(P Wu ). Therefore, it is very difficult for attackers to guess password.

4.2 Validation question With multimedia file owner as an example, cloud may verify the user’s identity through g So ? Bo yo h(I Do ,Bo ) mod p. As the user’s ID I DO is included in SO = =

(NO −1 (h(I DO , BO ) + xO g NO )) mod q, public cloud can verify the visitor’s identity through digital signature. Cloud can also verify the identity of role manager and user through this method.

4.3 Undeniable question To make sure that verification will not suffer from any false denial in each time, digital signature is used to solve non-repudiation issues. With role manager as an example, role manager is taken as the certifier.(BRM , S RM ) is taken as undeniable proof to prove that the possessor is public cloud.g SRM ? BRM yRM h(BRM ,I DRM ) mod p is taken as proof to reach non-repudiation =

questions. Multimedia file owner and user are verified with the same method.

4.4 Recognizable question To make sure that the receiving party can recognize the message sender. In the process of applying for adding/ revoking user, role manager can verify the identity of role manager by verifying MAC1  in (14). Similarly, the identity of multimedia file owner and user can be verified with (25) and (44).

4.5 Privacy revocation question If role manager, multimedia file owner or user are involved in any behavior violating relevant regulations, revoke its limits of authority according to ID I DRM , I DO , I DU stored in SRM , SO , SU .

5 Conclusion In this paper, the technology of Internet of Things and cloud computing is used in combination to propose a mixed cloud storage system based on the combination of multimedia data state with role access control according to real-time multimedia monitoring system. Besides, the author also analyzed relevant researches on security of existing multimedia storage systems, and proposed the method of introducing multimedia data state into role

Multimed Tools Appl

access control for improvement of the flexibility of access control. Moreover, this paper also gives a detailed description on five phases of this system: registration, role assignment, user login, data encryption and decryption. For security of multimedia data, the method of encrypted file storage is adopted for storage. In this transmission process, session key is used for data encryption. During reception, the algorithm of digital signature is used to verify the identity of sender. According to the analysis result, this system can effectively improve the flexibility of user access control. At the same time, it can also properly resist various possible attacks, guaranteeing system security. Acknowledgments This research is partially supported by the National Natural Science Foundation of China (No.61471260).

References 1. Altamimi M, Palit R, Naik K, Nayak A (2012) Energy-as-a-service (eaas): On the efficacy of multimedia cloud computing to save smartphone energy 2012 IEEE 5th International Conference on Cloud Computing (CLOUD). IEEE, pp 764–771 2. Benrhouma O, Hermassi H, Belghith S (2013) Security analysis and improvement of a partial encryption scheme. Multimedia Tools and Applications 3. Chen CL, Chen YY, Lee CC, Wu CH (2014) Design and analysis of a secure and effective emergency system for mountaineering events. J Supercomput 70(1):54–74 4. Dias R, Fonseca MJ, Silva N, Cardoso T (2013) Encontra: a generic multimedia information retrieval meta-framework. Multimedia Tools and Applications 74(11):3691–3713 5. Forouzan BA (2007) Cryptography & network security. McGraw-Hill Inc. 6. Kim SK, Liu F, Choi SS (2015) Multimedia applications for intelligent fusion computing. Multimedia Tools and Applications 74(10):3273–3276 7. Li Y, Wang P (2014) Ndm-cache: A network cache for cloud computing system. Appl Math 8(6):3159– 3166 8. Lv Z, Halawani A, Fen S, Li H, et al. (2015) Touch-less interactive augmented reality game on vision based wearable device. arXiv:1504.06359 9. Lv Z, Halawani A, Feng S, Li H, R´ehman SU (2014) Multimodal hand and foot gesture interaction for handheld devices. ACM Trans Multimed Comput Commun Appl (TOMM) 11(1s):10 10. Lv Z, Tek A, Da Silva F, Empereur-Mot C, Chavent M, Baaden M (2013) Game on, science-how video game technology may help biologists tackle visualization challenges. PloS One 8(3):57,990 11. Nan G, Mao Z, Li M, Zhang Y, Gjessing S, Wang H, Guizani M (2014) Distributed resource allocation in cloud-based wireless multimedia social networks. Network, IEEE 28(4):74–80 12. Nan X, He Y, Guan L (2011) Optimal resource allocation for multimedia cloud based on queuing model 2011 IEEE 13th International Workshop on Multimedia Signal Processing (MMSP). IEEE, pp 1–6 13. Nan X, He Y, Guan L (2014) Queueing model based resource optimization for multimedia cloud. J Vis Commun Image Represent 25(5):928–942 14. Needleman M (2000) The internet engineering task force. Ser Rev 26(1):69–72 15. Pohl D, Bouchachia A, Hellwagner H (2013) Social media for crisis management: clustering approaches for sub-event detection. Multimedia Tools and Applications 74(11):3901–3932 16. Ros´ario D, Zhao Z, Santos A, Braun T, Cerqueira E (2014) A beaconless opportunistic routing based on a cross-layer approach for efficient video dissemination in mobile multimedia iot applications. Comput Commun 45:21–31 17. Yang J, Ding Z, Guo F, Wang H (2014) Multiview image rectification algorithm for parallel camera arrays. Journal of Electronic Imaging 23(3):033,001–033,001 18. Yang J, Guo F, Wang H, Ding Z (2013) A multi-view image rectification algorithm for matrix camera arrangement. Artif Intell Res 3(1):18 19. Yao Q, Han X, Ma XK, Xue YF, Chen YJ, Li JS (2014) Cloud-based hospital information system as a service for grassroots healthcare institutions. J Med Syst 38(9):1–7

Multimed Tools Appl 20. Zhang Q, Cheng L, Boutaba R (2010) Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications 1(1):7–18 21. Zhou L, Chao HC (2011) Multimedia traffic security architecture for the internet of things. Network, IEEE 25(3):35–40 22. Zhou L, Varadharajan V, Hitchens M (2013) Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans Inf Forensics and Security 8(12):1947–1960 23. Zhou L, Varadharajan V, Hitchens M (2014) Secure administration of cryptographic role-based access control for large-scale cloud storage systems. J Comput Syst Sci 80(8):1518–1533 24. Zhu W, Luo C, Wang J, Li S (2011) Multimedia cloud computing. IEEE Signal Proc Mag 28(3):59–69

Jiachen Yang received the M.S. and Ph.D. degrees in Communication and Information Engineering from the Tianjin University, Tianjin, China, in 2005 and 2009, respectively. He is an associate professor at Tianjin University. He was also a visiting scholar in the Department of Computer Science, School of Science at Loughborough University, UK. His research interests include stereo camera, network technique, pattern recognition, workflow management.

Shudong He is a M.S. student with School of Electronic Information Engineering, Tianjin University, Tianjin, China. Her research interests include record, batch data processing, transmit electronic information in financial system, workflow management, network technique, website construction.

Multimed Tools Appl

Yancong Lin is a M.S. student with School of Electronic Information Engineering, Tianjin University, Tianjin, China. His research interests include stereo vision research, 3D quality assessment, and information network technique.

Zhihan Lv is an engineer and researcher of virtual/augmented reality and multimedia major in mathematics and computer science, having plenty of work experience on virtual reality and augmented reality projects, engage in application of computer visualization and computer vision. In 2012, he was granted PhD. degree in Computer applied technology from Ocean university of China (2006-2012). Before that, he has sixteen months full-time research experience at Centre national de la recherche scientifique(CNRS)-UPR9080 in Paris (2010-2011). After then, he has fulfilled two-year postdoc research experience at Umea university and a short invited teaching experience at KTH Royal Institute of Technology in Sweden. Since 2012, he has held an assistant professor position at Chinese Academy of Science.