8/6/2019 A Secured Video Streaming System

1/6

20 I 0 Internatonal Coerence on System ence and Engneerng

A Secured Video Streaming System

ShinHo Liu, HanYn Yu, JiaYn Wu JiannJon Chn

Electrical Engineering DepartmentJunLin Liu and DHui Shiu

Information & Communications Research Labs.

National Taiwan University of Science and TechnologyTaipei, Taiwan 10673

Industrial Technology Research InstituteHsinchu, Taiwan 31040

{junlin,ryan64}@itri.org.tw{M9607321,d9607309,M9507327 ,jjchen}@mail.ntust.edu.tw

Abstract-The Inene Poool Televiion (IPTV) eviepovide ih mulimedi evie ove IP newok nd ionideed poenil kille ppliion ove he Inene.The inelleul popey mngemen poool (IPMP) yemeome impon in developing hi newok medi ppliion. In hi ppe, euiy funion, medi eming evieyem nd he ue eminl h doped IPMP e emlelyineged o povide eued live medi eming evie.

In ddiion, he peeopee (P2P) newok onneing mehodeween ue eminl i lo developed o povide leP2P IPTV yem. Fo one inoming pee, he IPTV yemwould ele pen pee wih lowdely nd wih ee uplinkpiliy hn he inoming pee. I would help o minin le medi eming fmewok. When one pee wn o levehe yem, i h o look fo eh hilden pee nd deigne new pen pee oding o ove ule efoe upding hepen pee pmee of uen one. In ddiion, he yem ndju he eming ndwidh of medi eve o o hedynmi newok ondiion. Fo euiy onol, he dvnedEnypion Sndd (ES) enypion i doped in ou yem,in whih he eie i enyped wih he egul upded Digil Video BodingCommon Smling lgoihm (DVBCS) key o peven poile k. Expeimen how hvege i e nd nmiion dely n e minined ingood pefomne even when mo pee e wih low uplinkpiliy.

x s-IPTV, Medi Seming, Digil Righ Mngemen, IPMP Teminl

I. NTRODUCTION

With the advance of multimedia codec technologies andthe high-speed network deployment, the live streaming service is considered as a potential killer application for theInteet. Related applications include IPTV, video conference

and distant leing etc. Among these Inteet multimediaapplications, IP multicast is probably the most efcient wayto broadcast video bitstream, which can be justied with therecent deployment of increased bandwidth [] [2]. In terms ofvideo bitstream delivery mechanism, the simple client-serverunicast has been improved to peer-to-peer (P2P) multicast, inwhich the later provides much more exible control platformcompared to the former. However, due to different transmission and computation capability among connected peers, itwould induce bandwidth allocation, information security andquality of service (QoS) problems. We proposed to maintaina stable transmission backbone and integrate different codec,transmission and security functions for the system to solve

these problems.

In P2P networks, users share legal media contents with eachother but it then evoked another intellectual property management issues: the system has to guarantee legal video consumption. The digital rights management (DRM) is adoptedfor the P2P multicast system to provide secured multimediatransmission and to manage user priority. The DRM is not justanother form of copy protection, which can be circumventedwithout modifying the le or device, such as license, serialnumbers or decipher keys. In addition to provide securedcontent delivery, the DRM has to act as a key generator, e.g.,common scrambling algorithm (CSA) [3]. It then transmits acipher key to the media server to provide real-time encryptedstreaming with acceptable delay. The system has to reach abest operation point between security and encryption delay.The CSA is used to encrypt streaming of live meta-data in thedigital video broadcasting (DVB) system. The control wordsare used to generate CSA keys, which are provided by aconditional access mechanism that utilize the DRM encryptedcontrol messages embedded in the transport packet. The CSA

can be seen as the layering of two cryptographic primitives: a64-bit block cipher and a stream cipher. Both ciphers employa common key; the stream cipher uses an additional 64-bit. Anew common key is usually published every 60 seconds.

In terms of media streaming, the proposed system adoptedthe video compression codec, H.264 [4], to provide scalablemedia streams. As compared to previous codecs, the H.264standard was proposed to provide good video quality atsubstantially lower bit rates, which allows users to developapplications under heterogeneous network environments. Themedia server can adjust the H.264 streaming bandwidth according to network conditions. Besides, it can also provide

privilege control for user access.The rest of this paper is organized as follows. The networkmodel are reviewed in Section II. Section III describes theimplementation details of the proposed P2P-IPTV system. Section IV is the experimental study and performance evaluations.Section V concludes this paper.

II. STREAMING ETWORK

The P2P networking is composed of participants that sharea fraction of their resources (such as processing power, diskstorage, and network bandwidth) directly to their peers withoutintermediary network hosts or servers. Peers act as bothsuppliers and consumers of resources. The networking can

be scaled and the resource utilization can be leveraged by

978-1-4244-6474-610$26.00 2010 IEEE - 625 - ISSE 2010

8/6/2019 A Secured Video Streaming System

2/6

2010 Inteatonal Coerence on System ence and Engneerng

Fig. 1: Purely Decentralized Architectures.

adopting the P2P network model. The media server design canbe found by many applications, like PPLive [5], PPStream [6],

CoolStreaming [7].In the centralized server-client video streaming, the server

suffers heavy computational load and network trafc problems,On the contrary, the P2P framework distributes computing andtrafc loading to connected peers which demonstrates highscalable streaming control while keeping low server workload.Different peer connection methods were developed accordingto different application requirements. These methods can beroughly categorized according to their extend of system centralization (1) purely decentralized; (2) partal centralized; and(3) hybrid decentralized architecture [8].

A. P2P Network Model

In the purely decentralized model, the P2P overlay networksare supposed to be totally decentralized. However, in practicalapplications, the P2P system can be operated with dierentextend of centralization.

Purely Decentlized Mode All nodes in the network perform exactly the same tasks, acting both as servers and clients,and there is no central coordination of their activities. Peernodes of such networks are often referred to as "servents(SERVers+clieENTS). As shown in Fig. 1, a peer sends toothers a search request, which comprises a search string andthe TTL (Time To Live) restriction of the responding host.

The peer that responds to the query with IP address/TCP port,network bandwidth, the number of matching les found andtheir indexed result set.

Partially Centlized Mode The basis is the same as thatin the purely decentralized system. However, some powerfulnodes would act as the local index centers for les shaed bylocal peers and is termed "super-nodes. The way in whichthese super-nodes are assigned their role by the network wouldbe different under different network conditions. This partiallycentralized mode does not suffer single point failure for a P2Pnetwork, in that super-nodes are dynamically assigned whichdemonstrate exible control capability. Once a super-nodefailed, the network will automatically take action to replace

them with others, as shown in Fig. 2.

Fig. 2: Partially Centralized Architectures.

Dw

X3

Fig. 3: Hybrid Decentralized Architectures.

Hybrid Decentlized Mode For this peer connection mode,there is a central server facilitating the interaction betweenpeers by maintaining a peer meta-data list, describing theshared les stored by the peer nodes. Although the end-to-endinteraction and le exchanges may take place directly betweentwo peer nodes, the central servers facilitate this interaction byperforming the lookups and identifying the nodes storing theles, as shown in Fig. 3.

. P2P Streaming

The P2P network operation acts as a load balanced system

which overthrows the static computing mode as in the clientserver approach. Each peer works as both a server and a clientsimultaneously over the network. To deal with peer connectionand transmission, the system still has to handle registration,le storage, connection coordination, node communications,load balance, relaying information and so on, to make multicast streaming over P2P framework feasible. The role of onepeer in the P2P network would vary dynamically accordingto network conditions and peer control capability. Some peercontrol schemes let all peers share the whole workload, whilesome let powerful peers take heavy operations.

In a P2P network, all les are shared among connectedonline nodes. Each peer node has to sustain basic trafc load.

For media server, the P2P streaming network needs to transmit

- 626- IeSSE 2010

8/6/2019 A Secured Video Streaming System

3/6

20 I 0 Inteatonal Coerence on System ence and Engneerng

the media bitstream in real-time and the end users need not toreserve a large disk space to store the whole media bitstream.There are several related researches about the P2P streamingnetwork. The streaming delivery can be roughly classied intotwo approaches, according to content distribution: (1) Tree

based framework [9] ; (2) Mesh-based framework [10] ;Tree-based fmework is also known as a hierarchical net

work, in which the central node (root) is connected by oneor more other nodes that are one level lower in the hierarchy.Each of the second level nodes connected to the root will alsobe connected by nodes that are one level lower in the hierarchy.Each node in the network has a specic number, referred toas the branching factor of the hierarchical tree.

Mesh-basedfmeworkis the networked peer system whichconnect to each other without priority, which are also calledviral communicators. It is a highly distributed network modelwhich uses special routing technologies, which provide more

exible control of peer connection but also suffer complexroutings.

C Securi

Security issues in a streaming delivery system include:(1) content condentiality; (2) content integrity; (3) contentavailability; (4) user authentication and (5) DRM. Most keydistribution schemes are carried out by a media-independentapproach, i.e., the key generation is triggered by time or anevent, which is independent of the media content. However,these control schemes cannot meet the secutiry requirement ofP2P streaming because: (1) users in the P2P network may viewdifferent content/frames at the same time and; (2) the overhead

of updating keys is too high. To solve these problems, themedia-dependent approach is adopted, i.e., keys are bundledwith media content packets. Specically, we use two types ofkeys, session keys and cluster keys. Generating session keysis time-driven while generating cluster keys is event-driven.Compared to the media-independent approach, the mediadependent one can signicantly reduce the communicationoverhead for key updating keys, and improve security byimposing rules for embedding keys in media packets.

III. IPTV MPLEMENTATION

The proposed IPTV system is developed based on the Visual

Studio platform [11] and the VideoLAN framework [12].The P2P-IPTV system comprises three main components:(1) media server; (2) DRM server and; (3) IPMP Terminal.The overall framework is demonstrated in Fig. 4. For theP2P network model, we adopted the centralized P2P modelat current stage for easy control. The tasks operated byDRM server comprise: user login and authentication, mediacodec and license check, and supervising the P2P networkconnections. The media server captures the real-time videoand then compresses the time-domain video into bitstreams.The license provided by DRM is used to perform contentencryption and deliver the cipher-text to user. The IPMPterminal provides a login interface. After identifying user by

DRM authentication, the DRM transfer the information of

Lve Steamg Seer

Mea (isibuto content laYbaCkeqUieenj '______reqiemenEncryptio Encrypted

key btsream8QDaabase

Decypion

key I Logn

requeent U UWeb bowser Fig. 4 The framework of proposed P2P IPTV.

certicate, video codec, connection policy back to the IPMPterminal, which then can begin to receive and decode themedia streams. When one peer joined the P2P network, itwould received media packets from its parent peer and alsoprovide these received packets for possible children peer.

A. Media Serer

The media server framework is shown in Fig. 5. The videosignal source can be from live TV tuner, webcam or mediastream les which would be captured by the VideoLANdevelopment tool. The captured video signal is compressedby H.264 coder, whose compressed bitstreams are encryptedby the cipher key provided by DRM. The capture service unitacquires images from the input video with RGB24 format.The DRM control unit deals with the message transfer withthe DRM server. The handshake between DRM server andstreaming server can be described with the following steps:(1) When the streaming server is invoked, it will register toinform the DRM server for live streaming; (2) The DRMserver transfers back the deciphering key and requests the peerconnection information of the streaming server to enable theP2P streaming; (3) When one new peer requests connectionfrom the streaming server, the DRM server will inform thestreaming server that the new peer is legal and the streamingserver can start to stream to the new peer.

. DRM and IPMP Teinal

The DRM server plays a critical role in the P2P-IPTVsystem. As shown in Fig. 6. The framework records the coredata elements of the DRM for user, digital media and digitalright. It will protect the media from illegal copy, transferor conversion to other format. All communication data areencrypted by 128-bit AES.

The login service unit deals with the communication between the streaming server and the client peer. When thestreaming server started, it has to inform the DRM serverto begin media streaming. After the DRM server transferredthe ciphering key for content encryption, it can start to build

the P2P-IPTV system by this media streaming server. The

- 627- IeSSE 2010

8/6/2019 A Secured Video Streaming System

4/6

2010 Inteatonal Coerence on System ence and Engneerng

C v

MUX

Ec

:@ 3 0-

Fig. 5 The framework of media streaming server.

l

Fig. 6 The framework of DRM server.

accreditation unit generates and manages the ciphering keyfor streaming encryption. It generates the cipher key for themedia server or the client peers according to the instruction oflogin service unit. The peer management unit deals with theinter-connection and maintains the peer list P = {pi}. Whena new peer nished the login procedure and got its license,

the peer list would be updated to the latest status. The toolmanagement unit manages decode tools. The default toolsfor a client peer are basic codec and would be updated whenneeded.

The framework of IPMP terminal is shown in Fig. 7. TheDisplay Thread deals with the bitstream deciphering, decodingand display. The user interface handles user login/logout.It also setups the upload bandwidth, decoding parameters,and output image size for the client peer. The DRM controlunit manages the communication between DRM server andthe client peer. The media player decodes and plays mediaaccording to the license contents, which comprise: decoding

parameters, image resolution and access level.

Fig. 7 The framework of IPMP terminal.

P f P

P2PNwk

Fig. 8 The joining procedure of a new peer.

C P2P Peer Management

The P2P-IPTV system adopts the centralized P2P networkmodel for efcient control. The DRM server handles themessage exchange between peers. It also manages the peerstatus and maintains a peer list. For peer connection control,we proposed to provide the maximum average frame rate forall system peers. To nd a good parent peer for the new peer toconnect, peers are categorized into dierent levels accordingto their estimated upload bandwidth. The peer list P is storedin DRM server. When one new peer joined the system andreceived the cipher key, it would report its information to the

peer management unit, which will assign the connection pointfor the new one. The P will add this new peer to the list whennished connection. The DRM server explicitly controls thepeer connection legal under the centralized P2P framework.The pros and cons of this approach are high peer connectionefciency and high system loading, respectively. In addition,the system scalability is conned by DRM server undercentralized P2P-IPTV framework. The joining procedure of anew peer is shown in Fig. 8. The new peer was rst registeredto the peer management unit and the peer management unitnd a parent peer from the system for this new one. It alsonotied the new peer to connect to the designated parent. Afternishing the peer connection procedure, the peer management

updates the peer list for the system.

- 628- IeSSE 2010

8/6/2019 A Secured Video Streaming System

5/6

2010 Internatonal Coerence on System ence and Engneerng

Fig. 9: The GUI of an IPMP terminal.

IV. XPERIMENTAL STUDY

To verify the streaming efciency, a practical P2P-IPTVsystem has been implemented to justify the operation eectiveness. Several computers are designed to act as the clientpeer nodes to playback live TV streaming. Each computer isassigned a public IP address. The DRM server is designed tosupervise the peer communications, maintain the P2P-IPTVsystem and handle peer login. The media server capturesthe live TV signal and then encodes it by H.264 coderwhose bitstream is then encrypted before transmission. Thebandwidth of video bitstream is set to 256 kbps with 640480

image resolution and additional 32kbps is allocated for theaudio signal.

A. IP Opetion

After identify the user, the DRM server transmits certication, license and connection port for the client peer, as shownin Fig. 9. This client peer then connect to its parent nodeaccording to the connection information provided by DRMserver. The GUI of media server is shown in Fig. 10. ThisGUI allows users to change the frame size and the encoded bitrate dynamically when streaming. The frame rate and qualityfor the streaming video are displayed on the GUI. The DRMinterface is shown in Fig. 11. The right sub-window showsthe parameters such that the system operation status can beknown by the operator. The right sub-window demonstratesthat there are two on-line users at this moment.

. Peoance Evaluation

The most distinguished feature of the proposed systemframework is that it can maintain stable network transmission for the multicast tree when the uploading bandwidth ofmost active peers were insufcient. For the practical ADSLcommunication environment, the upload bandwidth is muchsmaller than the download one. The administrator can adjustthe bit-rate dynamically according to the number of on-line

users or the network condition.

i N rFt

SouceLFf=_m_"_ ___-VdBIt-rate (kb/s)AudloBlt-rae(b/s) I

L rv k p\dBltfteb/s)AudiBltrae(kbs) om k.

Resolution 1640)480 v I I I

Fig. 10: The interface of the media server.

gn us

Seeimmv

T &R

Us nb

ys Mssagfree pee ,pee por1234 pee ip:40807224Incoming p ip4018072Shld numbr rt9Us1fr p p po234 p ip40807224Incoming p ip40.1B07224hld numb r23Free PeeUsfree pee peer por1234 pee ip40B07224Incoming ee pee ip401807224hld numb e rt23ree PeeUs999Cn CCn Cdaring Trak r

Fig. 11: The implementation of DRM server.

The image quality in PSNRs for dierent videos underdifferent bit rates are provided in Fig. 12. As shown, thePSNRs become stable when the bit rates are larger than64kbps. For medium and high motion videos, Foorball andNews, it demonstrated smooth visual quality for bit rate largerthan 64 kbps. For the low motion video, Akiyo, the requiredbandwidth can be smaller to yield smooth visual quality.

Fig. 13 shows the received bitrate for client peers at level4, 8, 12, and 20. As shown, the real-time video streamingcan maintain the stable bitrates at dierent levels. Becausethe transmission tree is constructed to maximize the backbonetransmission rate, it can aord to accommodate overloadingtransmission.

V. ONCLUION

The goal of this paper is to design a P2P-IPTV system thatcan effectively adjust the streaming rates according to availablebandwidth, device computing capability and user priority toprovide universal media access platform. It integrated theH.264 codec to provide spatial and quality scalable bitstreams.The encryption function is also integrated to protect themedia content from illegal usage. Contributions of this paper

comprise: (1) Construct a UMA media server that provides

- 629- IeSSE 2010

8/6/2019 A Secured Video Streaming System

6/6

2010 Internatonal Coerence on System ence and Engneerng

Bit rae (Kbps) se at the encoder

Fig. 12: The image PSNRs for different videos at theencoder.

I'("C)

(a) = 4

hm(IK

(c) = 12

(b) = 8

< .0 6 1 2lMet)

(d) = 20

Fig. 13: The received bit rates of peers at different levels: = 48 1220

the function of encode once and decoded by many, which

effectively reduces heavy CPU loading and memory usage.The most efcient H.264 video codec is adopted to providespatial, quality and temporal scalable control for multicaststreaming; (2) The encryption procedure is embedded intothe media server to provide real-time encrypted bitstreams,on which different update strategy can be imposed for robustsecurity control; (3) A peer connection method is proposed forthe centralized P2P model to provide stable streaming qualityand low delay video perception. The DRM server is used tomanage the inter-peer connection control. The decipher keyand decoding parameters are stored in the license to providesecurity and scalable control for media consumption. Futureresearches comprise: multi-channel streaming, large scale P2P

streaming control.

ACKNOWLEDGMENT

This work is partially supported by National Science Council R.O.C. with grants: NSC 98-2221-E-011-134 and NSC 98-2218-E--017 and by ICLITRI under grant 9352BR2100.

EFERENCE[] Live treaming Continues Momentum With March Madness.

http://www.mediapost.compublications/[2] The Numbers Are In, Live Video Online Is Blowing Up.

http://www.readwriteweb.com[3] R.-P. Weinmann, and K. W, "Analysis of the DVB Common cram

bling Algorithm, in Proc. IP sec2005 pp. 195-207, Boston: pringer.[4] ITU-T Rec. H.264 I IOIEC 11496-10, "Advance video coding, Final

Committee Draft, Document JVT-G050, March 2003.[5] . Xie, B. Li, G. Y Keung, and X. Zhang, "Coostreaming: design,

theory, and practice, IEEE Transactions on Multimedia May 2007.[6] Liang, J. Bi,R. W,Z. Li, and C. Li, "On characterizing PPeam:

measurement and analysis of P2P IV under large-scale broadcasting,Global Telecommunications Conference 2009.

[7] X. Zhang, J. Liu, B. Li, and T. . P. Yum, "CoolseamingDONet: adata-driven overlay network for peer-to-peer live media seaming, in

Proc. IEEE INFO COM Mar. 2005.[8] B. Pourebraimi, K. Bertels, and . Vassiliadis, "A survey of peer-topeer networks, in Proc. Annual Workhop on Circuits 2005.

[9] . Banerjee, B. Bhattachaee, and C. Kommareddy, "calable application layer multicast, in Procs. Con! Applications, Tech., Architect., Protocols for Computer Commun. pp. 205-217, 2002.

[10] Y H. Chu, . G. Rao, and H. Zhang, "Case for end system multicast,in Proc. ACM SIGMETRICS Int. Con! Measurement & Modeling ofComputer Systems pp. 1-12, 2000.

[] Microsoft Visual tudio.http://msdn.microsoft.comen-us/vs2005/default.aspx

[12] VLC media player. http://www.videolan.org/

- 630 - IeSSE 2010