This invention relates to authentication of digital medium data. More particularly, the present invention relates to authentication of multi-medium data for secured transportation.
The use of digital data for carrying a medium information, such as pictures, audio and video, has become widespread since the 1990's. With the advent of high performance processors at low costs and more efficient data compression techniques, equipment for converting medium information into digital data files, for example, digital cameras, digital video equipment and MPEG compatible devices, are available to the general public at very affordable costs while offering reasonable or high performance. The proliferation of internet users in recent years plus the ease and convenience associated with the transportation of digital medium files on the internet have rapidly made digital medium as the main stream for use by the general public.
As medium information is carried by digital data in the digital world and tampering of digital data files is always a concern in the digital information technology world, issues relating to authentication of digitized medium information have become increasingly important. In general, authentication is the process of proving the identity or authenticity of the content, owner and creation date of a document or a piece of information. Data authenticity is of particular importance if a medium information carries certain evidential value. Photographs or moving pictures, for example, those recorded by a surveillance camera, may be used as evidence in support of criminal prosecution or for investigative purposes. In such circumstances, the integrity and authenticity of the data will come under close examination and scrutiny, and the authenticity of the medium information may be pivotal in such cases.
In the physical world, the question of authenticity can be examined by the more traditional forensic methods which are based on examination of the physical and/or chemical properties of a piece of evidence. In the digital world, however, information is carried in a digital format comprising data of the form “1” or “0”. It is well known that digital data is prone to tampering unless security or authentication schemes are applied.
For authentication of digital medium information, especially digital multimedia authentication, there are two main types of authentication mechanisms, namely, digital watermarking and digital signature. Digital signature is a kind of stenography and is a technology characterized by the injection of hidden information into multimedia data. Although digital watermarking is known to be reasonably robust and tamper resistive, its security relies on a secret key which must be presented for retrieving the watermark. The requirement of a secret key means a digital watermark cannot be publicly verifiable. A disadvantage of digital watermarking is that it can only provide a relatively weak authentication as the exact location at which modification of the medium information has occurred cannot be detected.
Digital signature is based on cryptographic methods, especially public key cryptography (PKC), is widely used for authentication applications. An authentication scheme utilizing public key cryptography utilizes a private key to send a message and then a public key is used to verify the authenticity of the message. RSA, Diffie-Hellman Elliptic curve and El-Gamal are the better-known algorithms commonly used in public key cryptography. Although digital signature provides for a very useful tool for authentication, an efficient generation of a digital signature for video data application is difficult to achieve using this technique. In particular, the necessary logic calculation cannot be performed efficiently by a video hardware because the calculation usually requires modular exponentiation for a large integer.
Furthermore, for many real-time applications, the rate of media or multimedia data generation from a source can be prohibitively high so that neither a digital watermarking scheme nor the digital signatures are provide appropriate suitable techniques.
It is an object of the present invention to provide a method of processing medium data files which overcomes at least some of the disadvantages associated with the techniques of the prior art.
Broadly speaking, the present invention has described a method of a method of processing a plurality of digital data files including at least one group of medium data files for constituting a sequence of events or activities of a time interval for secure delivery of the digital data files, the method comprising the steps of:—
This method obviates the need of a digital signature for each individual medium data file so that security transportation can be achieved at a relatively low computational overhead and at the same time facilitating public verification of the data content.
Preferably, the method comprises construction of an authentication tree from said digital data files, said authentication tree having a root characterized with said root value, a plurality of leave nodes formed from the file identification values of said plurality of digital data files and a plurality of intermediate nodes derived from said leave nodes through one-way arithmetic operations of said file identification values, said intermediate nodes being intermediate the leave nodes and the root, said authentication tree being characterized by a plurality of authentication paths and each intermediate node is associated with an authentication path providing for establishment of the root value of the authentication tree from said intermediate node and the associated authentication paths associated with said intermediate node, the authentication path of an intermediate node is characterized by intermediate nodes which are siblings of said intermediate node, wherein said selected plurality of digital data files which are grouped for delivery comprising a plurality of medium data files for constituting a group of pictures and being under an intermediate node. The employment of a tree structure, especially a binary tree structure, facilitates an efficient authentication scheme particularly suitable for video and/or multi-medium applications.
Preferably, the root value of the authentication tree is encrypted by a digital signature scheme. This ensures a secured transmission of the root value for reliable authentication at destination.
Preferably, the file identification value of a digital medium data file is generated by one-way function such as a hash function. The use of one-way functions alleviates the risk of tampering of the individual medium data files.
Preferably, the medium data files comprise moving picture files or video data files. This method is particularly attractive for video application since a video recording is characterized by a voluminous generation of video data in a short period of time so that generation of individual digital signature for each picture frame or packet would be computationally extensive and impractical.
Preferably, wherein the video data files is in MPEG-4 or like formats.
Preferably, a plurality of medium data files and with their corresponding authentication paths are grouped for subsequent transmission, the plurality of medium data files forms moving pictures of a predetermined time period. This method is particularly advantageous for video recording comprising medium data files arranged in groups of pictures so that a single digital signature will be sufficient for a group of pictures.
According to another aspect of this invention, there is provided a method of verifying integrity of medium data files transmitted according to the aforementioned methods and comprising the steps of:—
According to yet another aspect of this invention, there is provided an apparatus for processing digital medium data files for transmission, the apparatus comprising:—
According to yet another aspect of this invention, there is provided an apparatus for verifying integrity of medium data files transmitted according to the aforementioned method and comprising:—
Preferred embodiments of the present invention will be explained in further detail below by way of example and with reference to the accompanying drawings, in which:—
a, 3b, 3c and 3d respectively show the schematic authentication tree of channels 1, 2, 3 and 4 of the video system of
a, 5b, 5c and 5d respectively show a schematic authentication tree for channels 1, 2, 3 and 4 of the video system of
a is a schematic diagram showing the reconstruction of a partial authentication path as an intermediate step for verifying the authenticity of a plurality of received medium content data files,
b shows yet a further step in the reconstruction of a partial authentication tree from the partial authentication path of
c shows a further step of reconstruction of a partial authentication tree from that of
d shows a final step in the reconstruction of an authentication path up to the computation of the root value for verification of the received medium data file characterized with the hash values of
a shows an exemplary partial authentication tree for packet 1 of stream 1 of
b shows an exemplary authentication tree of Channel 1 of
c shows another exemplary authentication tree of Channel 1 and Channel 2 of
a shows in detail an exemplary VSB,
b shows an exemplary data structure of a VSB,
a illustrates yet another exemplary authentication tree, and
b illustrates the authentication path information for Channel 1, Channel 2 and Packet 1 of the exemplary authentication tree of
Referring to the drawings, and more particularly to
The encoder is adapted for converting a digital medium content file into an encoded or compressed data file. The output of the encoder is fed into the controller which is adapted for controlling the picture recording process and the transmission of the encoded digital medium content files.
The authentication unit comprises a hash generation unit and a signature generation unit. The hash generation unit is adapted to generate a file identification value from a digital medium content file. A file identification value of a digital medium content file is characteristic of its medium content. Typically, a file identification value of a digital medium content file is a hash value generated by a one-way function, such as a hash function, by processing the medium data contained in the file. The timestamp can be used as a unique index of a specific data file in a stream of data file. The output hash value, the timestamp, the channel ID and the stream ID will be sent to the signature generation unit for processing. After the hash values have been calculated, an authentication tree is built.
The authentication tree is built on the medium data files with the file identification values of the individual medium data files as the leaves. The Merkle Hash Tree, initially described in the article: “A Digital Signature Based On a Conventional Encryption Function”, R. Merkle, Proceedings of Crypto '87, pp. 369-378, and then described in the article “Fractal Merkle Tree Representation and Traversal” by M. Jakobsson, T Leighton, S. Micali, and M. Szydlo, published on wwwrsasecurity.com, is an example of a suitable authentication tree for this application. The two published articles are incorporated herein by reference.
More particularly, the authentication tree is built with the hash values of the individual medium data files as the leaves. The leaves are grouped and processed to form intermediate or interior nodes which are in turn grouped and processed until a single root is generated. A plurality layers of intermediate nodes are formed depending on the number of leaves and each node layer is denoted by a layer height. For an authentication tree with a complete binary tree structure, the tree has height H and it has 2H leaves and 2H-1 interior nodes. The node heights range from “zero” (leaves) to “H” (the root) and the parent's interior node values are one-way functions of the children's interior node values such that:—
P(nparent)=hash(P(nleft)IIP(nright)),
where the altitude of any node n is the height of the maximum subtree for which it is the root, hash denotes the one-way function and a possible one-way function is SHA-1, MD2, MD5 and other appropriate hash functions. In addition, there is an assignment of a string of a predetermined length to each node in accordance with established hash functions. After the root value has been generated, a video signature will be generated.
To generate a video signature, the hash values together with the various identification information will be sent to the signature generation unit. The identification information may include, for example, the timestamp, channel identification and stream type identification for a particular data block.
The signature generation unit will store the hash values and the identification information of a data block in its storage, such as its memory device. When a predetermined number of digital medium content files have been received, for example, a set of digital medium content files retained within a specific time interval of say, 5 seconds, the signature generation unit will construct an authentication tree so that the medium content files can be subsequently authenticated.
For the specific time interval, the video and/or multi-medium data collected by the individual picture capturing devices after encoding and compression are as follows: —
Channel 1—2 frames, namely, F11, F12
2 packets, namely, P11, P12
Channel 2—4 frames, namely, F21, F22, F23, F24
2 packets, namely, P21, P22
Channel 3—8 frames, namely, F31, F32, F33, F34, F35, F36, F37, F38
2 packets, namely, P31, P32
Channel 4—2 frames, namely, F41, F42
4 packets, namely, P41, P42, P43, P44
In this example, the group of medium files comprising frames F11, F12 and packets P11, P12 together constitute a sequence of events or activities, such as a video stream or an audio stream. Likewise, the group of medium files comprising frames F21, F22, F23, F24 and packets P21, P22 together constitute another sequence of events or activities of Channel 2. When the medium content files arrived at the controller, they are fed into the hash generation unit and the hash values are generated as follows: —
Channel 1—HF11, HF12, HP11, HP12
Channel 2—HF21, HF22, HF23, HF24, HP21, HP22
Channel 3—HF31, HF32, HF33, HF34, HF35, HF36, HF37, HF38, HP31, HP32
Channel 4—HF41, HF42, HP41, HP42, HP43, HP44
Throughout this specification, the capital H is used as a symbol for hash operator. For example, the symbol HFnn or HPnn means the hash value of Fnn or Pnn. The term “medium data file” and “medium data file” is interchangeable used.
For secure transportation of the medium content files, a plurality of outputs each comprising (1) a leaf pre-image, which is a medium content file giving rise to the leave; and (2) the authentication path of the leaf, i.e., the values of all nodes that are siblings of nodes on the path between that leaf and the root, are generated and delivered. To verify the value of a medium content file, that is, a leaf pre-image, the potential values of the ancestors are calculated by iterated hashing utilizing the authentication path and a leaf pre-image is accepted as authentication if and only if the computed root value is equal to the known root value which is transported. The component authentication trees for the construction of the entire authentication tree are described below. Specifically, the Authentication Tree (AT) of the current Channel 1 is shown in
In
In
The complete AT of this specific time interval is constructed by the authentication trees of the 4 channels as shown in
Next, the root value of the AT, HROOT, is digitally signed. The Authentication Paths (AP) for the channels are computed as follows:—
Channel 1: {(HCh2, RIGHT), (HIB, RIGHT)}
Channel 2: {(HCh1, LEFT), (HIB, RIGHT)}
Channel 3: {(HCh4, RIGHT), (HIA, LEFT)}
Channel 4: {(HCh3, LEFT), (HIA, LEFT)}
When the digital medium content files, for example, F11, F12, P11, and P12 in case of Channel 1, are sent with the relevant AP, that is, the AP for Channel 1, a root value can be computed for verification with the publicly received and signed root value.
In a second preferred embodiment of the multi-medium system of
For Channel 1, AT1 is as shown in
For Channel 2, AT2 is as shown in
For Channel 3, AT3 is shown in
For Channel 4, AT4 is as shown in
The complete authentication tree of this second preferred embodiment is shown in
The root value of the AT, HROOT, is signed digitally and the Authentication Paths (AP) for the channels are computed:—
Channel 1: {(HPC1, LEFT), (HCh2, RIGHT), (HIB, RIGHT)}
Channel 2: {(HPC2, LEFT), (HCh1, LEFT), (HIB, RIGHT)}
Channel 3: {(HPC3, LEFT), (HCh4, RIGHT), (HIA, LEFT)}
Channel 4: {(HPC4, LEFT), (HCh3, LEFT), (HIA, LEFT)}
In the various partial authentication trees, the following keys apply:—
The medium content files are delivered together with a video signature block (VSB) which contains the necessary authentication information. In particular, there is one VSB for one channel in every time interval. Specifically, the Video Signature Blocks for the channels at a specific time interval contain the following:—
VSB of Channel 1
VSB of Channel 2
VSB of Channel 3
VSB of Channel 4
Upon receipt of the medium content files and the VSB, which contains the authentication information, a recipient of the medium content files can verify the integrity of the received data by reconstruction of the authentication trees based on the received medium content file(s) and the authentication information. For example, assuming the medium files to be verified are from Channel 2, the frames/packets belonging to a time interval will be verified in a single verification. The data blocks are verified against the VSB generated for that specific time interval) in the following exemplary manner.
Data to be Verified
4 Frames: F21, F22, F23, F24
2 packets: P21, P22
Content of the VSB at Hand
Digital Signature:Signed HROOT
Authentication Path:{(HPC2, LEFT), (HCh1, LEFT), (HIB, RIGHT)}
Hash values:HF21, HF22, HF23, HF24, HP21, HP22
Step 1
Calculate the hash values of each element (i.e. F21, F22, F23, F24, P21, P22)
Obtained HF21, HF22, HF23, HF24, HP21, HP22
Step 2
Reconstruct the partial Authentication Path with the calculated hash values, as shown in
Step 3
Rebuild the root value of Channel 2, i.e., HCh2, from the information contained in the Authentication Path of the VSB and using {(HPC2, LEFT), (HCh1, LEFT), (HIB, RIGHT)}, as shown in
Next, HIA is derived from {(HPC2, LEFT), (HCh1, LEFT), (HIB, RIGHT)}, as shown in
Finally, the root value is computed from {(HPC2, LEFT), (HCh1, LEFT), (HIB, RIGHT)}, as shown in
Step 4
Next, the computed root value, HCOMPUTED ROOT is checked against the Signed HROOT contained in the received VSB.
The data are considered valid if HCOMPUTED ROOT is equal to the Signed HROOT.
In a third preferred embodiment of this invention, the system is adapted for transmission of multi-medium data comprising video encoded in the MPEG-4 format. The MPEG-4 standard is becoming a popular format for streaming multi-media on the Internet. MPEG-4 encodes a bit-stream in groups of different frame types (I, P and B frames), where the I-frame is independent, while the P- and B-frames depend on the I-frame in the group. Specifically, the I-frame is an entire picture frame of video encoded in JPEG and the P-frame contains the “difference” between a subsequent video frame and the previous video frame. Thus, losing an I-frame will cause a noticeable worsening of the video quality of all the frames in the group.
The MPEG-4 standard arranges video data in groups of pictures (GOP) comprising a single I-frame and a plurality of P-frames. Groups of pictures are demarcated by I-frame intervals, that is, two consecutive I-frames are the bounding frames of a group of pictures and the P-frames in between a pair of consecutive I-frames belong to the same GOP. The use of group of pictures facilitates more efficient video extraction because frames within an I-frame interval (which is generally regarded as the minimum unit for video extraction) are arranged together and can be extracted separately. A schematic authentication tree of this embodiment is shown in
Each of the streams may be a stream of non-grouped packets or a stream of groups of pictures (GOP). Each grouped stream may comprise a plurality of groups in which each group may in turn comprise a plurality of frames, namely, frames 1-n.
An exemplary authentication tree of the current channel of Channel 1 comprising stream 1 with packet 1 under stream 1 is shown in
The video signature blocks (VSB) for various consequential time intervals are schematically shown in
The data structure of the VSB of
Another important feature of this authentication method is the time-based signature generation. More particularly, to reduce computational overheads, the time intervals between consecutive signature generations can be adjusted in accordance with system requirements. This flexibility enables the method to be applicable to system of different computational power. For example, digital signatures may be generated at the rate of one signature per 10 seconds for a low-end system while the digital signatures may be generated at a higher rate for a higher-end system.
Furthermore, if a medium content file, for example, packet 1 is tampered, the error in the computed hash values will be propagated upwards to the root. The erroneous hash value when compared with the hash values of the intermediate nodes of the authentication tree can be utilized to facilitate identification of the particular medium content files which has been tampered. This will enable a quick and efficient identification of a particular content file which has been tampered. For example, if the tampered file is a P-frame in the MPEG-4 system, the file may be discarded without seriously affecting the quality of the video whilst maintaining the authenticity of the video compared to traditional schemes in which the digital signature generation rate is dependent on the number of data blocks or the number of multi-media channels, the authentication method of this invention represents a substantial improvement.
Another exemplary partial authentication tree is shown in
From the above examples, it will be appreciated that although an authentication tree is constructed from multi-medium data streams of the various channels, only the authentication tree root signature, the authentication path information and the medium content data to be authenticated are required to be available during the verification process.
While the present invention has been explained by reference to the examples or preferred embodiments described above, it will be appreciated that those are examples to assist understanding of the present invention and are not meant to be restrictive. Variations or modifications which are obvious or trivial to persons skilled in the art, as well as improvements made thereon, should be considered as equivalents of this invention.
Furthermore, while the present invention has been explained by reference to video data or multi-medium data files, it should be appreciated that the invention can apply, whether with or without modification, to other multi-medium data or video only data without loss of generality.