Elsevier

Signal Processing

Volume 91, Issue 5, May 2011, Pages 1103-1114
Signal Processing

Transparent encryption techniques for H.264/AVC and H.264/SVC compressed video

https://doi.org/10.1016/j.sigpro.2010.10.012Get rights and content

Abstract

Transparent encryption of video content requires to provide a video preview that is left in plaintext, while the enhancement information is encrypted. In this paper we propose three algorithms that provide transparent encryption. The first two ones are based on the idea of generating controlled drift in such a way as to obtain the desired quality level, while the third algorithm employs scalable video coding. We provide experimental results on several video sequences, as well as a security analysis, showing that the proposed algorithms provide an effective framework to perform transparent encryption.

Introduction

Encryption is a key enabling technology for multimedia security. Recent techniques such as the advanced encryption standard (AES) [1] provide a high degree of security with a reasonable computational cost. On the other hand, the increasing popularity of digital video is calling for suitable digital rights management schemes.

Regarding security, encryption can be employed to achieve different functionalities. In selective encryption, only the visually most significant information is ciphered [2], and the objective is to make the whole video sequence unintelligible. In transparent encryption [3], a low-quality version of the image is left in plaintext, and can be used to preview the multimedia content. The user can purchase a key, and then decode the content at full quality. A more sophisticated encryption functionality is to provide a set of different quality levels, which are delivered to the users depending on the amount paid for the multimedia content. In this paper we address the transparent encryption problem, that is, we want to obtain a compressed video that can be viewed only in low quality without purchasing a key (i.e., a low-quality free preview application), and that can be decoded at full quality with knowledge of the key, without having to download any additional video information (i.e., from the same compressed file). In transparent encryption the free preview has to be of significantly lower visual quality with respect to the full-quality media. In this paper we analyze a number of possible approaches using drift in the video decoder to create the low-quality preview.

The ciphering process can take place in several ways. Some authors have attempted to process the information in the compressed domain, which is more amenable to providing enhanced functionalities. Encryption can be carried out on the original pixels, the transform coefficients, the quantization indexes, the bit-planes, the entropy coder, or the final codestream [4], with different drawbacks. For example, encrypting data before the entropy coder may result in a coding efficiency loss due to the modified data statistics. Ciphering in the pixel domain, e.g. on the least significant bit-planes [5] or applying a secret transform to each pixel before compression [6], usually leads to major compression impairment. Several algorithms have been investigated that operate in the transform domain. In [7] the signs of some wavelet coefficients are randomly changed. In [8], [9] the discrete cosine transform (DCT) coefficients of MPEG video, along with the motion vectors (MVs) and color planes, are changed. In [10], [11] the DCT coefficients are shuffled, while in [12] they are shifted. In [13] wavelet code-blocks are shuffled during the JPEG 2000 encoding process. In [14] the MVs are also scrambled. In [15] different wavelet packet transforms are used to hide the original information, whereas in [16] different wavelet filters, belonging to the same family, are used in JPEG 2000. A few authors [3], [4] propose modifications of the bit-planes of the transformed coefficients.

A large body of work has also been made to perform encryption in conjunction with the entropy coding stage. In [17] the syntactical elements are mapped onto indices in a table, which are then encrypted, and the resulting integers used as indices of new codewords. Encrypting fixed-length parts of entropy-coded codewords has been proposed, such as the eight-bit Huffman fields in JPEG [5], or some bits of Exp-Golomb codes [18], [8], [19], which are used in many standards to encode all but the quantized DCT coefficients. A potential problem with these techniques is that the encrypted codewords can be individually extracted from the codestream, facilitating an attack. In secure Huffman codes, [20], [21], [22] ciphered codewords have variable lengths, and hence cannot be straightforwardly extracted from the codestream. However, Huffman codes are memoryless, and this facilitates possible attacks. Another option is to adopt secure arithmetic codes (AC) [23], [24], [25]. The basic versions of these codes generate a compressed file whose expected size is the same as that of the non-encrypted file. Several researchers have investigated encrypting the information after entropy coding. In [26], [27] it is proposed to iteratively encrypt portions of the compressed file until marker emulation is completely avoided. A survey of JPEG 2000 encryption is given in [28].

In this paper we propose to employ spatial and temporal drift as a way to generate low-quality versions of H.264/AVC sequences. Building on our prior work [29], [30], we propose two different algorithms that employ drift control, with different levels of redundancy and syntax-compliance. Note that the main benefit of format-compliant encryption is its transparent application in systems, for which security features have not been built in. The first algorithm is based on [29]. The second algorithm is an enhanced version of [30], and uses redundant slices to store the ciphertext; while [30] duplicated a complete I frame in a redundant slice, the new algorithm encodes only the difference information; several entropy coding schemes are investigated. Moreover, we propose using the H.264/SVC [31] scalable extension of H.264/AVC, to encrypt all enhancement layers, leaving the base quality layer in plaintext as a low-quality video. It should be noted that these methods may appeal to different classes of users. The drift-based methods do not require the use of H.264/SVC, and may be appeal more to those users that want to stick with the H.264/AVC encoder. Moreover, drift control is a computationally simple way to achieve different qualities. The H.264/SVC based method allows a finer quality control, and can be desirable if the application requires the use of a scalable video coder for reasons other than the encryption, or if the additional complexity is not an issue.

This paper is organized as follows: in Section 2 we briefly review H.264/AVC and H.264/SVC; in 3.1 Algorithm 1: encoding with drift control, 3.3 Algorithm 2—redundant slices, 3.4 Algorithm 3—H.264/SVC with encryption of enhancement layers we describe the proposed algorithms; in Section 4 we provide experimental results on several video sequence; in Section 5 we analyze the related security issues, while in Section 6 we draw some conclusions.

Section snippets

The H.264/AVC standard

H.264/AVC [32] is the latest video coding standard jointly delivered by ISO and ITU. It provides a significant performance gain with respect to prior standards, and allows to efficiently organize the data for communication over networks. H.264/AVC is based on the hybrid motion-compensated video coding paradigm, whereby a macroblock (MB) of the current video frame is predicted from another MB in a previous or future reference frame; the prediction error is transformed, quantized and entropy

Proposed techniques

In the following we describe the three algorithms proposed in this paper. The algorithms have been designed with the following goals.

  • The main functionality should be transparent encryption, that is, a user that decodes the video without knowledge of the key will see a low-quality preview of the content, whereas full content is obtained decoding also the encrypted parts of the video.

  • The transparent encryption functionality should not imply a significant rate overhead.

  • It is desirable that the

Experimental results

We have tested the proposed techniques on several CIF video sequences, with parameters summarized in Table 1. Baseline H.264/AVC and H.264/SVC have been used, with CAVLC as the entropy coder.

We first show results for Algorithm 1. For MV perturbation, when it is used, we have set α=0.6, which leads to an overhead always less than 2%.

Table 2 reports the performance of Algorithm 1 under several parameter sets. The first set (LI=2, LP=0, imin=12, α=0) generates a relatively small quality decrease.

Security analysis

In the following we discuss the security of the proposed algorithms. The security problem can be phrased as follows: Given the information contained in the compressed and protected video, as well as knowledge of the protection techniques employed, an attacker aims at either reconstructing the full-quality video, or at least improving the video quality. The information available to the attacker is different for the three proposed algorithms. For Algorithm 1, it consists of the following.

  • The

Discussion and conclusions

We have proposed three different algorithms for transparent encryption to H.264 video; Algorithms 1 and 2 can be applied to H.264/AVC, whereas Algorithm 3 is designed for H.264/SVC.

The algorithm that consistently provides the smallest overhead is Algorithm 1; an overhead of less than 2% typically yields satisfactory results. The only drawback of Algorithm 1 is that it requires external compression tools.

Algorithm 2 is a very attractive choice, since the protected file is fully syntax-compliant.

References (40)

  • H. Hellwagner et al.

    Efficient in-network adaptation of encrypted H.264/SVC content

    Signal Processing: Image Communication

    (2009)
  • FIPS PUBS 197, Advanced Encryption Standard,...
  • H. Cheng et al.

    Partial encryption of compressed images and videos

    IEEE Transactions on Image Processing

    (2000)
  • R. Grosbois et al.

    Authentication and access control in the JPEG 2000 compressed domain

  • Y. Mao et al.

    A joint signal processing and cryptographic approach to multimedia encryption

    IEEE Transactions on Image Processing

    (2006)
  • M.V. Droogenbroeck et al.

    Techniques for a selective encryption of uncompressed and compressed images

  • M. Pazarci et al.

    A MPEG2-transparent scrambling algorithm

    IEEE Transactions on Consumer Electronics

    (2002)
  • S. Lian et al.

    Perceptual cryptography on SPIHT compressed images or videos

  • S. Lian et al.

    Secure advanced video coding based on selective encryption algorithms

    IEEE Transactions on Consumer Electronics

    (2006)
  • B.B. Zhu et al.

    Scalable protection for MPEG-4 fine granularity scalability

    IEEE Transactions on Multimedia

    (2005)
  • M.S. Kankanhalli et al.

    Compressed domain scrambler/descrambler for digital video

    IEEE Transactions on Consumer Electronics

    (2002)
  • W. Zeng et al.

    Efficient frequency domain selective scrambling of digital video

    IEEE Transactions on Multimedia

    (2003)
  • C. Wang et al.

    A DCT-based MPEG-2 transparent scrambling algorithm

    IEEE Transactions on Consumer Electronics

    (2003)
  • S. Lian et al.

    Perceptual cryptography on JPEG2000 compressed images or videos

  • Y. Bodo et al.

    A scrambling method based on disturbance of motion vectors

  • D. Engel et al.

    Secret wavelet packet decompositions for JPEG 2000 lightweight encryption

  • D. Engel et al.

    Security enhancement for lightweight JPEG 2000 transparent encryption

  • J. Wen et al.

    A format-compliant configurable encryption framework for access control of video

    IEEE Transactions on Circuits and Systems for Video Technology

    (2002)
  • S. Li et al.

    On the design of perceptual MPEG-video encryption algorithms

    IEEE Transactions on Circuits and Systems for Video Technology

    (2007)
  • C. Bergeron et al.

    Compliant selective encryption for H.264/AVC video streams

  • Cited by (21)

    • Transparent encryption with scalable video communication: Lower-latency, CABAC-based schemes

      2017, Journal of Visual Communication and Image Representation
      Citation Excerpt :

      CFB mode is normally employed to use the block encryption method of AES.) In [34] the BL at a lowered quality acts as the preview layer along with some of the ELs. However, simply encrypting the remaining ELs through the AES means that the stream is not decoder format compliant.

    • Scalable secret sharing of compressed multimedia

      2015, Journal of Information Security and Applications
    • Confidentiality of a selectively encrypted H.264 coded video bit-stream

      2014, Journal of Visual Communication and Image Representation
    • A scalable and format-compliant encryption scheme for H.264/SVC bitstreams

      2012, Signal Processing: Image Communication
      Citation Excerpt :

      For computation complexity, [20–24] and our proposed scheme require XOR-ing every bit, this causes a medium computation complexity; [12–17,19] need to perform XOR operations on each sign of non-zero coefficients, Intra mode and motion vector, thus it has a low computation complexity. For compression overhead, [12–17] have no compression overhead except of [19]; [20–24] can cause compression overhead if stream and block cipher have an initial vector (128bit) for each NALU and handle synchronization markers of H.264. Our proposed scheme cause similar compression overhead while this trades-off with additional properties e.g., adaptation-transparency, format-compliance and low computation complexity.

    • Video Cryptosystem Using Chaotic Systems

      2023, Studies in Computational Intelligence
    View all citing articles on Scopus
    1

    Tel.: +39 011 6706711; fax: +39 011 751603.

    View full text