Copyright © 2005 UCI ACES Laboratory Kyoungwoo Lee, Nikil Dutt, and Nalini Venkatasubramanian ACES and DSM Donald Bren School.

Copyright © 2005 UCI ACES Laboratory http://forge.ics.uci.edu/

Kyoungwoo Lee, Nikil Dutt, and Nalini Venkatasubramanian

ACES and DSM

Donald Bren School of Information and Computer Sciences

University of California, Irvine

<kyoungwl, dutt, nalini>@ics.uci.edu

http://forge.ics.uci.edu/

An Experimental Study on Energy Consumption of Video Encryption for

Mobile Handheld Devices

ICME 2005 July 7th #2 Copyright © 2005 UCI ACES Laboratory http://forge.ics.uci.edu/

Contents

1. Introduction of Video Encryption

2. Video Encryption Algorithms

3. Experiments

4. Conclusion and Issues


Motivation Mobile multimedia applications are vulnerable to security attacks in wireless networks Significant computation for video encryption is expected on battery-operated mobile devices

▶ Evaluate symmetric video encryption schemes from the perspective of energy consumption both analytically and experimentally

Problem

Introduction


Secure Video Conferencing

Insecurenetwork

Attacks

SymmetricEncryptionTechnique

CompressedBit Stream

Encrypted &CompressedBit Stream

RawVideo

Video EncoderMotion

EstimationQuantizationDCT

EntropyEncoding

Secure Video Encoder

Battery-OperatedDevices

DecompressedBit Stream

Encrypted &CompressedBit Stream

CompressedBit Stream

Video DecoderEntropy

DecodingInverse

QuantizationIDCT

MotionCompensation

Secure Video Decoder

Battery-OperatedDevices

SymmetricDecryptionTechnique


2. Video Encryption Algorithms

1) Naïve Algorithm

2) Selective Algorithm

3) Zig-Zag Permutation Algorithm

4) Video Encryption Algorithm

5) Sign-Bit Encryption Algorithm

6) Analytical Comparison


2. Video Encryption Algorithms (0) Symmetric Encryption Technique (DES)

Symmetric Encryption Technique The same encryption technique and the same security key areused to encrypt and decrypt the message (e.g. – DES and AES)

A SecretMessage

A SecretMessage

#P(&*(UV+*#$@JH}

Encrypt Decryptplaintext ciphertext plaintext

#P(&*(UV+*#$@JH}

ciphertext

network


2. Video Encryption Algorithms- 1) Naïve Algorithm

Encrypt the entire MPEG streamMost secure MPEG encryption algorithm because there is no effective

algorithm to break DESSlowSize of the encrypted stream does not change

I-frameP-frameP-frame

NAÏVEEncryption(DES)


VideoEncoding(H.263)


2. Video Encryption Algorithms- 2) Selective Algorithm

Use the features of MPEG layered structures Aegis

Encryption of I frames Encryption of MPEG video sequence header Encryption of ISO end code

Agi and Gong Great portions of video are visible

partly because of inter-frame correlation mainly from unencrypted I blocks in the P and B frames

In addition, encryption of all I blocks in P and B frames Encrypting only I frames can save 30-50 of encryption/decryption time

Increase the frequency of I frames increase the length of string and consequentially the encryption time.

SECMPEG : Meyer & Gadegast A new MPEG-like bitstream special encoder/decoder required 4 secure level

1) Headers2) Headers, CD coefficients & lower AC terms of I blocks3) I frames and I blocks4) All data

Not safe Encryption of only I frame visible partly because of inter-frame correlation mainly from unencrypted I blocks

in the P and B frames Encryption of headers (1) mostly standard information such as frame starting code, frame size (2) MPEG

stream is indexed by frame


2. Video Encryption Algorithms- 2) Selective Algorithm (cont’)


SELECTIVEEncryption(DES)


Intra-block



2. Video Encryption Algorithms- 3) Zig-Zag Permutation Algorithm

Two levels of security to digital image obscured image incomprehensible image

Basic Idea use a random permutation list to map the individual 8x8 block to a 1x64 vector

① Generate a random permutation list② Split DC coefficient and one of them is saved at the least AC coefficient③ Apply the permutation list to the split block

Tang (CMU)① DC coefficient is mapped to the first element in the 1x64 vector and the rest of the elements are permuted.

Obscured image ② DC coefficient of every bock is set to zero or a fixed value between 0 and 255 and rest of the elements are

permuted. Obscured image③ DC coefficient is mapped to any other position other than the first position in the 1x64 vector, and the rest of the

elements are randomly permuted Incomprehensible image④ AC63 coefficient is set to 0 Degradation is negligible⑤ Split the DC coefficient into two parts, first part remain in the same position, the second part is substituted for

AC63 and randomly permute the list Incomprehensible image Vulnerable to the cyphertext attack: Statical analysis(Qiao and Nahrstedt)

binary coin flipping sequence together with two different permutation lists Subject to the plain text attack

Not satisfying security Plaintext attack Cyphertext attack


2. Video Encryption Algorithms- 3) Zig-Zag Permutation Algorithm (cont’)


VideoEncoding& Zig-ZagPermutation(H.263 & Shuffle)


2. Video Encryption Algorithms- 4) Video Encryption Algorithm

Qiao and Nahrstedt (UIUC) Based on statistical properties of MPEG stream : Uniform distribution of streams faster(47%) than DES because DES is used on partial bit stream Immune to plain-text attack & cypher-text attack

Algorithm1) Choose odd-numbered bytes and even numbered bytes.2) XOR the two streams a1,a2… a2n-1 XOR a2,a4… a2n c1,c2… cn3) Choose an encryption function E (DES ) to encrypt a2,a4… a2n resulting cipher-text has the form

c1,c2… cn E(a2,a4… a2n) If a2a4…a2n has no repeated pattern, then the secrecy depends on function E because a2a4…a2n is

one-time pad well know to be perfectly secure


VEA(XOR & DES) I-frameP-frameP-frame



2. Video Encryption Algorithms- 4) Video Encryption Algorithm (cont’)

All tests on the different MPEG streams show similar statistical results

Frequency of Occurrence of Byte Values(The distribution of MPEG stream vs English)

Frequency of Occurrence of Byte Values(The distribution of different MPEG streams


2. Video Encryption Algorithms- 4) Video Encryption Algorithm (cont’)

It is not applicable since byte-values are not uniformly distributed in case of H.263 encoded video stream

Distribution of Byte Values in FOREMAN.263

0

100

200

300

400

500

600

700

1 23 45 67 89 111 133 155 177 199 221 243

Byte Value

Nu

mb

er o

f H

its

All Blocks inFOREMAN.263

Intra Blocks inFOREMAN.263


2. Video Encryption Algorithms-5)Sign-Bit Encryption Algorithm

Shi & Bhargava (Purdue) selective encryption scheme which operates on the sign bits of DCT coefficient of a MPEG compressed

video much more efficient than DES because it selectively encrypts the MPEG stream Light-weight and cost-effective Encryption function

Ek(S)=…(b1 XOR s1) …(bm XOR sm)(b1 XOR sm+1)…(bm XOR s2m)… Where s1s2…smsm+1…s2m…are all of the sign bits of DC and AC coefficients and the key k=b1b2….bm is a

randomly generated bit stream of length m A more effective modification

use a secret key randomly changing the sign bits of differential values of DC coefficients of I frames and the sign bits of differential values of motion vectors

very efficient in terms of computational complexity because it omits the encryption of AC coefficients altogether because DC coefficients and AC coefficients are related DC coefficients may be derived from AC coefficients for

an attack Secure Level

1) Encrypting all motion vectors of P frames and B frames2) Encrypting all DC coefficients of I frames3) Encrypting all DC coefficients of I frames and all motion vectors of P frames & B frames


2. Video Encryption Algorithms-5)Sign-Bit Encryption Algorithm (cont’)

Blurred but Comprehensible

Obscured but Comprehensible

incomprehensible


Comparison of Energy Consumption

Definition of the Size ST size of total encoded bit stream in Byte SI size of I frames in total encoded bit stream in Byte SP size of P frames in total encoded bit stream in Byte Sib_size of I blocks in SP in Byte SH size of Headers in total encoded bit stream in Byte ST = SI + SP + SH

Definition of amount of Energy Consumption eDES amount of energy consumption to encrypt 1 Byte plaintex using DES(Data Encryption

Standard) Ealgorithm amount of energy consumption to total bit stream using algorithm Eencoding amount of energy consumption to encode the video file


Comparison of Energy Consumption

Naïve Algorithm ENaive = eDES * ST

Selective Algorithm Encryption of I frames

ESel_I = eDES * SI

ESel_I = 0.5 * ENaive because SI is b/w 30% & 60% of ST

Encryption of I frames and I blocks in P frames ESel_I+ib = eDES * ( SI + Sib ) + eoverhead

Where eoverhead is amount of energy consumption to detect I blocks ESel_I+ib = 0.6 * ENaive + α because Sib is b/w 10% & 40% of SI


Comparison of Energy Consumption (cont’)

Zig-Zag Permutation Basic

EZZ_basic = 0 * ENaive + α where α is the energy consumption for split & permutation However Eencoding increases (similar to decrease Quantization value, ex: Q=10 Q=4)

Encryption of DC coefficients group EZZ_DC = EZZ_basic + {(# of blocks per frame)*(# of frames in an encoded stream)*eDES}

Coin Flipping Sequence EZZ_CFS = EZZ_basic + β where β is almost zero


Comparison of Energy Consumption (cont’)

Video Encryption Algorithm EVE = eDES *(½ * ST) + eXOR ≒ 0.5 * ENaive

where eXOR is amount of energy consumption for XOR computation∵½Sign-Bit Encryption Algorithm

ESB = ⅛ * SI * eXOR + δ where eXOR is amount of energy consumption for XOR computation and δ is the

energy overhead to extract sign-bits


Analyzing the Energy Consumption of Security Protocols

The larger data size, the more energy consumption


Comparison of Energy Consumption - example

Ealgorithm Etotal = Eencoding + Ealgorithm

Naive ENaive = 0.49 100 14.51

Selective Esel_I = 0.245

Esel_I+ib = 0.294

50

60

14.265

14.314

Zig-Zag EZZ_basic ≒ 0

EZZ_DC = 0.3744

EZZ_CFS ≒ 0

1

76

1

18.3 (when Q = 4)

14.3944

18.3 (when Q = 4)

Video Encryption EVE = 0.24 49 14.26

Sign-Bit Encryption ESB << 0.002 1 < 14.022

eDES = 2.08 uJ, ST = 233,414 Bytes and Eencoding = 14.02 J in Foreman.263 when resolution = QCIF, Q = 10 & I:P = 1:9


2. Video Encryption Algorithms- 6) Analytical Comparison

Algorithm Security Speed Relative

Energy Consumption

Size

Naive Very High Slow 100* No Change

Selective Moderate Fast 50*/60* Increase

Zig-Zag Permutation

Very Low Very Fast 1*/76*/1* Big Increase

Video Encryption High Fast 49* No Change

Sign-bit Encryption

Moderate Fast 1* No Change

* Analytical Expectation


3. Experiments

1) Experimental Setup

2) Encoding/Decoding/Encryption

3) Video Encoding by H.263 with Naïve Video Encryption by DES

4) Video Encoding by H.263 with Selective Video Encryption by DES

5) Video Decryption by DES & Video Decoding by H.263


3. Experiments- 1) Experimental Setup

Experimental Architecture

Windows 2000 Advanced

ServerDesktop PC

getpowerLinux / Arm 400

MHzSharp SL-5600

H.263 Coder /DES Crypto

National Instruments

Power Measurement

Device


3. Experiments- 1) Experimental Setup (cont’)



Experimental Environments

Testbed Machine Zaurus strongARM

Encoding Algorithm H.263 standard PeaCE

Encoded File Foreman.QCIF (11,404,800 Bytes)

News.QCIF (11,404,800 Bytes)

Akiyo.QCIF (11,404,800 Bytes)

Foreman.263 (233,414 Bytes)

News.263 (162,996 Bytes)

Akiyo.263 (81,438 Bytes)

Decoded File Encoded 263 files No output file

Encryption Algorithm DES OpenSSL



Experimental Procedure

To Do Where / Tool Input Output

1 Download Input files and Remove wireless NIC

PC / FTP FOREMAN.QCIF / H263Encoder / H263Decoder / DESCrypto

2 Execute GetPower PC / Win32 70 seconds Total Energy / Measured Power without Encoder ( = Pidle)

3 Execute H263Encoder & GetPower simultaneously

Zaurus / terminal & PC / Win32

FOREMAN.QCIF / 70 seconds

FOREMAN.263 / Execution Time / Measured Power with encoding ( = Pactive)

4 Extract Power Win32 / Calculator Measured Powers Measured Power for Encoding ( = Pactive-Pidle)

5 Compute Measured Total Energy

Win32 / Calculator Measured Power for Encoding / Total Execution Time

Measured Total Energy



Experimental Method

Power Time

Total Execution Time

Average ActivePower

Average IdlePower

MeasuredPower

Active Energy

Idle Energy

Measured Total Energy



Experiments

Individual Application(S1) Video Encoder (H.263)- FOREMAN.qcif w/ 300 framesof 11MB- 1:10 (IP ratio), 10 (Quant), FullSearch(S2) Video Decoder (H.263)- Variable encoded bit streams- 233 KB with default(S3) Crypto Application (DES)- 233 KB of encoded bit stream

Integrated Application(I1) Encoder with Full Encryption- Integrate (S1) and (S3)- Variable Quant & fixed others(I2) Encoder with Partial Encryption- Integrate (S1) and (S3) to encrypt only Intra-blocks with the same parameters (I3) Decoder with Full Decryption- Integrate (S2) and (S3)



Definitions Total Execution Time (second): total time to execute encoding, decoding or encryption on Zaurus Measured Total Energy (Joule): Total Execution Time * Measured Power[= Pactive-Pidle] Energy Consumption per byte (uJoule): Measured Total Energy / size of input file Energy Consumption per second (Watt): Power = Measured Total Energy / Total Execution Time =

Measured Power Ratio(%): Encryption Energy Overhead = 100 * (Energy Consumption for Encoding with

Encryption / Energy Consumption for Encoding)


3. Experiments- 2) Encoding/Decoding/Encrypt

H.263 Encoding

H.263 Decoding

DES Encryption [Decryption]

Total Execution Time (seconds) 75.53 10.53 1.70

Measured Total Energy (Joule) 74.77 11.37 1.50

Energy Consumption per Byte (uJoule)

6.56 48.71 6.43

Measured Power (Watt) 0.99 1.08 0.88

Input file: FOREMAN.qcif (11,404,800 bytes)Encoder parameters: Q=10, IP ratio=1:10 and default parameters


3. Experiments- 3) Video Encoding & Encrypt

Encoding

w/o

Encryption

Encoding

w/

Encryption

Ratio

(%)

Total Execution Time (second) 74.924 78.582 104.8823


Measured Power

(Watt)

0.974 0.954 97.94661


3. Experiments- 3) Video Encoding & Encrypt (cont’)

11.37

1.5

74.77

0

10

20

30

40

50

60

70

80

Application

Me

as

ure

d E

ne

rgy

(Jo

ule

s)

H.263 Encoder H.263 Decoder DES Crypto

HugeDifference

(98 %)



74.77 72.2675.78 72.87

77.6274.11

0

10

20

30

40

50

60

70

80

90

FOREMAN.qcif NEWS.qcifVideo Clips

Me

as

ure

d E

ne

rgy

(Jo

ule

s)

Encoding without Encryption

Encoding with Encryption (Selective)

Encoding with Encryption (Naïve)

(2.4%)(1.7%)

Negligible Energy Overhead



Difference between Expected Total Energies

0

0.5

1

1.5

2

2.5

3

FOREMAN.qcif NEWS.qcif AKIYO.qcif

Input Files

Ener

gy(J

oule

)

Difference betweenExpected TotalEnergies for Encodingand for Encoding withEncryption

Ratio of Encoded filesize to size of AKIYO


3. Experiments- 4) Naïve & Selective Encryption

FOREMAN.qcif Encoding w/o Encryption

Encoding w/ Naïve Encryption

Encoding w/ Selective Encryption

Total Execution Time (second)

75.32249 79.34177 76.0356

Measured Total Energy (Joule)

76.95435 79.28295 77.03585

Energy Difference from Encoding

- 2.3286 0.0815

Encrypted File Size (Byte)

- 233,408 20,536


3. Experiments- 4) Naïve & Selective Encryption (cont’)

757677787980

Energy(Joule)

Encoding withoutEncryption

Encoding with NAÏVE Encryption

Encoding withSelective

Encryption of I-blocks

Video Encryption Overhead (FOREMAN.qcif)

Energy Overhead for VideoEncryption

Expected Total Energy forH.263 Encoding withoutEncryption


3. Experiments- 5) Video Decrypt & Decoding

Decoding

w/o

Decryption

Decryption

and

Decoding

Ratio

(%)

Total Execution Time (seconds) 10.53 12.23 116.14



3. Experiments- 6) Quality and Security Level

0

20

40

60

80

100

120

140

160

1 2 3 4 5 6 7 8

Quality and Security Level

energy (Joules) time (seconds)


3. Experiments- 6) Quality and Security Level (cont’)

Level Quality Quantization Security Encryption

1 High Q=1 High Naïve

2 Low No/Sel

3 Mid-High Q=4 High Naïve

4 Low No/Sel

5 Mid-Low Q=10 High Naïve

6 Low No/Sel

7 Low Q=31 High Naïve

8 Low No/Sel



fps

0

1

2

3

4

5

1 2 3 4 5 6 7 8


fps



62

64

66

68

70

72

74

76

78

80

FOREMAN.qcif NEWS.qcif AKIYO.qcif

Input Files

En

erg

y (

in J

ou

les

)

Energy Consumed forEncoding without Encryption

Energy Consumed forEncoding with Encryption(Selective)

Energy Consumed forEncoding with Encryption(Naïve)



number of frames in 10K Joule

0

5000

10000

15000

20000

1 2 3 4 5 6 7 8


number of frames in10K Joule



Other Parameters to effect on QnS Level Resolutions Decoding Side Number of Users Others


4. Conclusion and Issues

1) Conclusion

2) Issues

3) Next Step


4. Conclusion and Issues- 1) Conclusion

① Energy Consumption for Video Encryption is not a big deal comparing to that for Video Encoding

② Energy Consumption for Video Decryption is critical

③ Energy for Video Encryption/Decryption increases with an increase of the encoded file size

④ Selective Algorithm is more energy-efficient but less secure than Naïve Algorithm


4. Conclusion and Issues- 1) Conclusion (cont’)

⑤ High quality Encoding (eg: quantization) [low compression) Increase energy consumption for encryption ( usually high quality video encoding ∵

increases the file size) Increase energy consumption for decoding

⑥ IP ratio (Naïve Video Encryption vs Selective) Decrease IP ratio in Encoding (assumption: only encrypting I-frames) Possible to decrease energy consumption

But we have to consider increase of energy in encoding & decoding and compare it with decrease of energy in encryption & decryption)


4. Conclusion and Issues- 2) Issues

② IdeasI. Hybrid Video Encryption Algorithms

Main Idea: Encrypt I-frames and I-blocks in P-frames by Video Encryption Algorithm

We can reduce computation to half of Selective Algorithm Assumption: Byte values in I-frames and I-blocks are even

distributed


4. Conclusion and Issues- 2) Issues (cont’)

Distribution of Bytes Values in Intra blocks of H.263encoded video video file

0

100

200

300

400

500

600

700

1 23 45 67 89 111 133 155 177 199 221 243

Value of Bytes

Nu

mb

er

of

Hit

s


Intra Blocks inNEWS.263

Intra Blocks inAKIYO.263



Distribution of Byte Values in FOREMAN.263

0

100

200

300

400

500

600

700

1 23 45 67 89 111 133 155 177 199 221 243

Byte Value

Nu

mb

er

of

Hit

s

All Blocks inFOREMAN.263




② Ideas (cont’)II. Key Chain using One-Way Hash function

Main Idea: Encrypt each block data using XOR with a Key Value generated by One-way Hash function.

One-Way Hash function such as MD-5 and SHA-1 is very hard to crash and very fast and XOR is absolutely fast as well.


H.263 EncoderUncompressedVideo Encoded

Bitstream

H.263 Decoder DecodedVideoDecrypted

EncodedBitstream

DES EncryptionEncryptedBitstream

EncryptedBitstream

DES Decryption

Hashed Key Chain

Hashed Key Chain

One-Time Pad

One-Time Pad


Internet

access point

Mobile Device

access point

Mobile Device

Proxy

routerrouter

1

2

3

1Proxy creates hash key chain for one session unit

2Proxy downloads(offline) hash key chain to Mobile Device

3Mobile Device encrypts video data by XOR operationof video block with key block

123




•H1 = h(K)•H2 = h(H1)•…•Hi = h(Hi-1)•…

B1 B2 B3 … Bi …

XOR H1 H2 H3 … Hi …

C1 C2 C3 … Ci …

Generate Key Values starting from a seed Key, K which is shared securely




1. Can I make a key chain using SHA-1 with one seed key?(one seed key is less than 264

bits and then 160 bits)2. SHA-1 is one-way hash function. How secure is SHA-1?3. Which one is more secure, sequential key chain or reverse key chain?4. Offline download from TTP server to MD is good in terms of security?5. How about making key chain using AES?

(reference shows that AES is more energy efficient than SHA-1)6. Overall this method, One-time pad with hashed key chain, seems secure?

•Questions



② Ideas (cont’)II. Spatially Partial Encryption of frame


4. Conclusion and Issues- 3) Next Step

Experiment H.263 Video Decoding with DES DecryptionDevise idea to guarantee video security and to decrease energy

consumptionAnalyze and simulate energy consumption for encryption/decryption

in multi-user video conferencing/video streaming/ broadcasting???


References

1) A Fast MPEG Video Encryption Algorithm :http://www.acm.org/sigmm/MM98/electronic_proceedings/shi/#Related2) Critical Analysis of MPEG Encryption Schemes :http://www.uow.edu.au/~ck12/Critical.doc3) http://www.cs.ualberta.ca/~anup/Courses/414/notes_part1.pdf4) T.B Maples and G.A.Spanos. Performance Study of a Selective Encryption Scheme for the Security of Networked Real-time Video. In Proceedings of 4th

International Conference on Computer Communications and Networks, Las Vegas, Nevada, September 1995.5) L.Agi and L.Gong. An Emprical Study of MPEG Video Transmissions. In Proceedings of the Internet Society Symposium on Network and Distributed System

Security, pages 137-144, San Diego, CA, Feb. 19966) L.Tang Method for Encrypting and Decrypting MPEG Video Data Efficiently. In Proceedings of the Fourth ACM International Multimedia Conference (ACM

Multimedia ’96), pages 219-230, Bosten, MA, November 1996.7) Qiao and Nahrstedt Comparison of MPEG Encryption Algorithms. International Journal of Computers and Graphics, special issue: “Data Security in Image

Communication and Network” vol.22 January 1998.8) Shi and Bhargava An Efficient MPEG Video Encryption Algorithm. Proceedings of the IEEE Symposium on Reliable Distributed Systems 1998, IEEE Comp. Soc.

Los Almitos, CA, USA 98CB36281 P381-386.9) Nachiketh R. Potlapally, Srivaths Ravi, Anand Raghunathan and Niraj K. Jha, “Analyzing the Energy Consumption of Security Protocols”

Copyright © 2005 UCI ACES Laboratory Kyoungwoo Lee, Nikil Dutt, and Nalini Venkatasubramanian ACES and DSM Donald Bren School.

Documents

video encryption algorithms

uci aces laboratory

framepframe video encoding

nave algorithm

stream compressed

gong great portions

selective algorithm

effective algorithm