In the last few years, there has been considerable progress in the area of multimedia streaming. We have seen, and continue to see a variety of applications being developed, which stream digital multimedia content like video and audio to a set of clients, which can be in the same building, on a local network, or even half way across the world, over the Internet.
As new and exciting applications continue to develop, an important issue is how to provide security to these applications. Security could involve a number of issues, like authentication of clients, data transmission security and copyright protection. For each of these security needs, a number of security protocols (especially for multicast) have been developed and a great deal of research continues in this area. The problem then is how to flexibly integrate security protocols into multimedia streaming applications, given that these applications are usually developed without security in mind.
As a solution to providing easy and flexible integration of data transmission security into multimedia streaming applications, we have designed and developed the Distributed Security Framework for Multimedia Transmission (DSFMT). DSFMT is an object oriented framework, which can be used to get a variety of security protocols, encryption/decryption schemes, network protocol suites and multimedia applications to work together in a flexible way. DSFMT can be configured to work in a variety of scenarios – high security, multiple sender military video conferencing; medium security, but high performance commerical video-on-demand on the Internet (single sender); a smart room application which streams video at different qualities (and possibly security requirements) to a set of receivers and so on.
DSFMT is designed to work either as a black box Application Programming Interface (API) or a white box objected oriented framework. At the bare minimum, all a multimedia streaming application needs to do, in order to incorporate data transmission security, is to use DSFMT’s standard socket library-style interface for communication. DSFMT will then use its default implementations. But application developers can also easily reimplement one or more DSFMT components, if they need to.
DSFMT is made of 4 components:
- The SecureSender, on the sender side, and SecureReceiver, on the receiver side, function as facades between other DSFMT components and the application. The application deals with DSFMT only through their interfaces. Therefore, changes in other DSFMT components do not usually affect the application. The implementation of these classes will rarely need to be changed by the application developer.
- The SecureProtocol component encapsulates the security protocol used. Typically, this component is responsible for key management and distribution. DSFMT currently provides two implementations – Manual Key Distribution, suitable for multipoint unicast communication, and Hierarchical Tree Key Distribution, which is a protocol useful for scalable multicast applications. The application may need to implement a new protocol or use one of these, depending on its characteristics and requirements.
- The Crypter component implements the encryption/decryption routines and is also responsible for functions like key generation. Our implementation uses the Microsoft Windows CryptoAPI, and provides three security levels, which correspond respectively to 56-bit DES, 112-bit triple DES and 168-bit triple DES.
- The Network component encapsulates the networking implementation. We currently provide TCP/IP and UDP/IP communication.
Our experiments indicate DSFMT is successful both in terms of ease of integration into applications, and in minimizing the security overhead. To provide for the real time requirements of multimedia, DSFMT provides asynchronous rekeying, due to which rekeying at any point during the session has very little affect on data transmission itself.
We anticipate that as more and more applications begin to use DSFMT, a variety of implementations of its components will become available, and developers can reuse those in their applications. Further, although currently DSFMT is designed to provide only data transmission security, we believe its design is general enough to evolve into a complete security solution for a large class of multimedia content delivery applications.
This research was supported by DARPA grant number F30602-97-2-0121 and NSF infrastructure grant number EIA 99-72884 EQ.
- Raghavendra Prabhu – M.S. Thesis, Distributed Security Framework for Multimedia Transmission, University of Illinois at Urbana-Champaign, May 2002. (PS) (PDF)
The complete source code for DSFMT, along with two sample applications, is available for download, in the form of a WinZip file about 8.7MB in size. Instructions for building and running the code, along with other documentation, are part of the package. Begin by reading the README.txt file in the “DSFMT Source” directory that is created on unzipping.
Download DSFMT Source