Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong...
-
Upload
branden-powers -
Category
Documents
-
view
224 -
download
0
Transcript of Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong...
![Page 1: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/1.jpg)
Securing JPEG2000 (J2K)- The Next Generation Image Compression
Standard
Robert H. Deng, Yongdong Wu, Di MaInstitute for Infocomm Research
Singapore
![Page 2: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/2.jpg)
• JPEG2000 (J2K) is an emerging standard for image compression– Achieves state-of-the-art low bit rate compression
and has a rate distortion advantage over the original JPEG.
– Allows to extract various sub-images from a single compressed image codestream, the so called “Compress Once, Decompress Many Ways”.
– ISO/IEC JTC 29/WG1 Security Working Setup in 2002
Background
![Page 3: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/3.jpg)
“Compress Once, Decompress Many Ways”
A Single Original Codestream
By resolutions By layers Region of Interest
![Page 4: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/4.jpg)
Outline
• Data Structure of J2K Image Codestreams
• The Authentication Scheme
• The Access Control Scheme
• Prototype Demo
![Page 5: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/5.jpg)
Data Structure of J2K Image Codestreams
![Page 6: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/6.jpg)
Components
• Each image is decomposed into one or more components, such as R, G, B.
• Denote components as Ci, i = 1, 2, …, nC.
![Page 7: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/7.jpg)
Resolution & Resolution-Increments
1-level DWT
•J2K uses 2-D Discrete Wavelet Transformation (DWT)
![Page 8: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/8.jpg)
Resolution and Resolution-Increments
2-level DWT
1-level DWT
![Page 9: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/9.jpg)
Resolution and Resolution-Increments
2-level DWT
Resolution-increments:
R0
R1
R2
Resolution 0 = R0
Resolution 1 = {R0, R1}
Resolution 2 = {R0, R1, R2}
![Page 10: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/10.jpg)
Precincts
Each resolution level is further partitioned into rectangular regions known as Precincts,Pi, i = 1, 2, …, nP
![Page 11: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/11.jpg)
Layers & Layer-Increments
L0
L2
LnL
…
L1
• J2K encodes quantized wavelet coeffieicnts from MSB bit-plane to LSB Bit-plane
• Bit-planes are truncated some points. Data between two truncation points form a qualitylayer-increment, Li, i = 1, 2, …, nL
![Page 12: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/12.jpg)
Layers & Layer-Increments
L0 {L0, L1} {L0, L1, L2}
All layer-increments
![Page 13: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/13.jpg)
Packet (Cont.)
![Page 14: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/14.jpg)
Packets & Progression Orders
• A J2K codestream can be viewed as a set of series of packets; they are the most fundamental building blocks of a codestream.
• A packet is uniquely identified by four parameters C, R, P and L, all the packets in a codestream can be sorted with respect to these four parameters in some orders, called Progression Orders.
• There are five Progression Orders which are LRCP, RLCP, RPCL, CPRL and PCRL respectively.
![Page 15: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/15.jpg)
Progression Order
Resol uti on 0
Component 0
Preci nct 0 Preci nct 1
Resol uti on 1
Layer 0
Preci nct 0 Preci nct 1
Component 1 Component 0 Component 1
Resol uti on 0
Component 0
Preci nct 0 Preci nct 1
Resol uti on 1
Layer 1
Preci nct 0 Preci nct 1
Component 1 Component 0 Component 1
Packets in a codestream with progression order LRCP:
![Page 16: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/16.jpg)
J2K Authentication
![Page 17: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/17.jpg)
Third-Party Publication
Image Source
A single codestream
Client1
Client2
Client3
Owner
3rd PartyPublisher
(Signing key)
+ signature
Signature +& SIT1
Signature
Signature +& SIT3
“Sign Once, Verify Many Ways”
![Page 18: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/18.jpg)
The Merkle Tree
Root
A B
h(n1) h(n2) h(n3) h(n4)
hahb
hr
n1 n2 n3 n4
Sig(hr)
![Page 19: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/19.jpg)
A Codestream Example
4 resolutions:R0, R1, R2, R3
2 layers:L0, L1
2 precincts:P0, P1
![Page 20: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/20.jpg)
The Merkle Tree For the Example Root
R3
L0
R0
P0
L1
P1 P0 P1
L0
P0
L1
P1 P0 P1
L0
R2
P0
L1
P1 P0 P1
L0
R1
P0
L1
P1 P0 P1
y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 y14 y15 y16
12
User asks for resolution 1,
Publisher sends y1, …, y8, signed root, 1 2SIT= { }
![Page 21: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/21.jpg)
Resolution and Resolution-Increments
2-level DWT
Resolution-increments:
R0
R1
R2
Resolution 0 = R0
Resolution 1 = {R0, R1}
Resolution 2 = {R0, R1, R2}
![Page 22: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/22.jpg)
Layers & Layer-Increments
L0 {L0, L1} {L0, L1, L2}
All layer-increments
![Page 23: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/23.jpg)
The Optimized Merkle Tree
R0 R1
P0 P1 P0 P1
L0 L1
P0 P1 P0 P1
L0 L1
P0 P1 P0 P1
L0 L1
P0 P1 P0 P1
L0 L1
R3R2
Root
1
y1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 y14 y15 y16
User asks for resolution 1,
Publisher sends y1, …, y8, signed root, SIT={ } 1
In J2K, max resolutions 33, max layers 65535
![Page 24: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/24.jpg)
J2K Access Control
![Page 25: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/25.jpg)
The Super-Distribution Model
Publisher Encrypted Codestream
Client1 Client2 Client3
Key Server
Encrypt every packet will a different key? Too many keys are needed.
“Encrypt Once, Decrypt Many Ways”
![Page 26: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/26.jpg)
A Codestream Example
3 resolutions:R0, R1, R2,
3 layers:L0, L1, L2
2 precincts:P0, P1
![Page 27: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/27.jpg)
Security Classes in a Codestream
• Security Classes of Resolution-Increments– R2 > R1 > R0 (total ordering)
• Security Classes of Layer-Increments– L2 > L1 >L0 (total ordering)
• Security Classes of Precincts– P1 and P0 are incomparable (i.e., isolated classes)
• Form combined hierarchy, the resulting lattice is a Directed Acyclic Graph, not a rooted tree!
![Page 28: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/28.jpg)
Access Control Scheme 1
Master Key K
kR2=h(k|R) kL2=h(k|L)
kP1=h(k|P|1)
kR1=h(kR2) kL1=h(kL2)
kR0=h(kR1) kL0=h(kL1) kP0=h(k|P|0)
Packet key: krlp =h(kRr|kLl|kPp), (1) for r = 0, 1, 2; l =0, 1, 2, p = 0, 1
![Page 29: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/29.jpg)
Encryption & Decryption
• Encryption– Owner generates a master key, and the packet keys
for all the packets. Uses packet keys to encryption the corresponding packets. Distributes ciphertext to users.
• Decryption– To access a sub-image, user requests intermediate
keys from a server, derives packet keys to decrypt packets corresponding to the sub-image.
![Page 30: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/30.jpg)
• User1 asks resolution 2, layer 0, gets kR2, kL0, kP0, kP1
• User2 asks resolution 0, layer 2, gets kR0, kL2, kP0, kP1
• User1 & User2 collude, kR2, kR0 kR2
kL0, kL2 kL2
kP0 & kP1
Get resolution 2 & layer 2
Collusion Attack
![Page 31: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/31.jpg)
Access Control Scheme 2
• Assuming the preferred progression order is RLP
P0 (k220)
L2 (k22)R2 (k2)
R1 (k1)
R0 (k0)
Root (master key)
P
0
P1 (k221) P0 (k210) P1 (k211)
L1 (k21) L0 (k20)
P0 (k200) P1 (k201)
P0 (k120)
L2 (k12)
P1 (k121) P0 (k110) P1 (k111)
L1 (k11) L0 (k10)
P0 (k100) P1 (k101)
P0 (k020)
L2 (k02)
P1 (k021) P0 (k010) P1 (k011)
L1 (k01) L0 (k00)
P0 (k000) P1 (k001)
![Page 32: Securing JPEG2000 (J2K) - The Next Generation Image Compression Standard Robert H. Deng, Yongdong Wu, Di Ma Institute for Infocomm Research Singapore.](https://reader035.fdocuments.net/reader035/viewer/2022062422/56649f265503460f94c3ceff/html5/thumbnails/32.jpg)
Conclusions
• J2K codestream: “compress once, decompress many ways”
• Authentication scheme: “Sign once, Verify many ways” (has been incorporated in the standard document)
• Access Control scheme: “Encrypt once, Decrypt many ways” (under evaluation)