Professional Documents
Culture Documents
While leveraging the cloud media centre is quite promising, the wide attacking
surface of the public cloud and the growing security awareness from the society are
both calling for data encryption before outsourcing data to cloud. Firstly, public cloud
might be vulnerable to security breaches, and unauthorized data disclosure incidents
occur from time to time in recent years. Secondly, semantically rich media data such
as videos may easily reveal content-sensitive information.
While leveraging the cloud media centre is quite promising, the wide attacking surface
of the public cloud and the growing security awareness from the society are both
calling for data encryption before outsourcing data to cloud. Firstly, public cloud
might be vulnerable to security breaches, and unauthorized data disclosure incidents
occur from time to time in recent years. Secondly, semantically rich media data such
as videos may easilyrevealcontent-sensitiveinformation.Forguaranteedconfidentiality,
data encryption is considered by many as the only viable approach that needs to be
adopted for building privacy assured cloud based applications. Despite the
effectiveness in addressing the security concerns, directly applying data encryption to
multimedia data would explicitly invalidate many benefits of deploying the cloud-
based media applications. Accordingly, in the literature there have been recent
endeavours on investigating how to enable the cloud to support various desirable
functionalities over encrypted multimedia data, such as encrypted feature extraction,
encrypted scalable sharing, and encrypted social discovery. Under the circumstance
of encrypted videos, how to still preserve all the service benefits of cloud media centre
remains to be fully explored. In this work, we show a secure system design along this
direction, which aims to bring together the advancements of video coding techniques
and secure deduplication. We target the crucial deduplication functionality at cloud,
which can eliminate the burdensome storage and bandwidth overhead when storing
encrypted videos from different entities. Our design is also fully tailored to the
scalable video coding (SVC) techniques from the very beginning, and supports the
ubiquitous adaptive video dissemination in the context of heterogeneous networks and
devices.
Specifically, for deduplication over encrypted data, message locked encryption (MLE)
is known as the state-of-the-art approach, which generally uses keys deterministically
derived from the data (e.g., the hash value) to generate tags for duplicate checking in
the encrypted domain. But directly applying MLE over videos would not be suitable,
as MLE is known to be
vulnerable to offline brute-force guessing attacks, when the target plaintext is from a
small space or considered as predictable. In video applications, popular videos,
trending searches, and near-duplicate videos, might all fall into this predictable space
category, and could be the easy breach point of such offline guessing attacks,
threatening the video confidentiality guarantee. Besides, for proper video
dissemination, the encrypted deduplication design must also prevent malicious users
from illegitimately accessing unauthorized videos by simply using the checking tags.
We propose an on-trivial secure deduplication frame work that will address the above
problems completely and suit the needs of cloud-based video applications.
Specifically, it supports secure deduplication with resistance to bounded data leakage,
and with defence against offline brute-force attacks over predictable videos,
respectively. Meanwhile, we provide designs for our secure framework in the
centralized and decentralized settings, respectively, where the design in the
decentralized setting provides stronger security. To our best knowledge, no prior work
enables an encrypted cloud media center with such comprehensive protection. Under
this encrypted framework, we then consider how to facilitate the fast-growing demand
of adaptively disseminating videos to heterogeneous networks and devices, such as
PCs, smart mobile devices, and Smart TVs. One direct approach is to store multiple
encrypted versions of the same video content at the cloud. However, it would incura
considerable amount of storage and bandwidth overhead, increasing the capital cost
of using cloud services. To further mitigate such a burden while preserving the
adaptive delivery functionality, we resort to the SVC techniques. With the special
structure of layers, including one base layer and several enhancement layers, SVC
enables multiple versions of the same video content to be contained in a single video
file, which can greatly improve the storage efficiency and dissemination scalability.
In light of these benefits, we carefully tailor our secure deduplication design to be
compatible with the inherent characteristics of SVC videos. The proposed structure-
aware layer-level deduplication strategies effectively enable encrypted SVC video
deduplication, while efficiently supporting adaptive video delivery. Aiming for a fully
functional system implementation, we also present a structure-aware encryption
mechanism for SVC videos, similar to the work in, with further optimization on the
storage part to support efficient video retrieval and dissemination. The structure-aware
encryption mechanism and the structure-aware deduplication strategies are both
completely compliant with the video format of SVC. Thorough security analys is
shows that our system design achieves strong protection of the video confidentiality.
We conduct experiments through an end-to-end prototype implementation deployed
on Azure. Various performance measures justify the effectiveness and efficiency of
our system. To cover a wide range of encrypted cloud media applications, we also
show how to extend our work to support other media files that are inherently with
scalable structures. The rest of this paper is organized as follows. Section II describes
the related work. Section III presents our problem formulation. Section IV presents
the preliminaries. Section V formulates the general system framework for secure
deduplication. Section VI provides the construction of adaptive video delivery with
structure-aware secure deduplication. Section VII presents the security analysis.
Section VIII gives the experiment results. Section IX concludes the whole paper.
In this section, we study secure deduplication in the encrypted cloud media centre. To
support video deduplication with strong confidentiality guarantee, we formulate a
secure system framework supporting secure deduplication with resistance to offline
brute-force attacks over predictable videos by cloud, and ownership cheating attacks
by the user. Note that we do not explicitly consider the underlying video structure
when designing the framework, and defer structure-aware secure video deduplication
to Section VI. Such a treatment makes the system framework able to embrace generic
data, e.g., textual files and images.
A. Design Rationale:
Deduplication is crucial for the encrypted cloud media centre to eliminate the
burden some storage and band width redundancy when storing encrypted videos
from different users. Our systemtargetssecuresource-baseddeduplication1
where the video redundancy is eliminated at the source side. More precisely,
duplicate check is performed before users upload their encrypted videos so that
the transmission of duplicate videos would be saved. Our security design
focused on addressing potential security threats by building on top of the recent
advancements in secure deduplication [13], [14]. First, we consider a strong
security model of secure deduplication, i.e., the bounded leakage setting first
proposed by Xu et al. [14], in which a certain amount of deterministically and
efficiently extractable information of the plaintext data could be leaked. Under
this model, MLE is not suitable for use in our system as its key for encryption
is not leakage resilient. In particular, the key is generated from the data in a
deterministic way and might already be leaked before the encryption process in
practice [14]. For similar reasons, under this model, simply using the plain text
video has has a proxy for the video ownership could also be insecure. To
address the threats from bounded data leakage, we note that the following
treatment inspired from [14] could be used. First, duplicate check is achieve
date cloud via the hash value H(V )of the video V sent by the user. Second, the
key τ for encrypting videos is randomly selected by the user that initially
uploads that video. And seal shades τ byaone-time message-derived mask via a
keyed hash function, i.e., hs(·), where s is a random string. In this way, even the
video hash value H(V ) is possibly leaked, the video is still well protected since
τ is randomly generated. Moreover, the mask enables all the subsequent users
owning the duplicate videos to extract the key τ, and further prove to cloud that
they indeed have the videos via a proofs-of ownership (PoW) protocol.
B. The Proposed Secure System Framework:
Based on the above design rationale, we are now ready to present our secure
system framework for the encrypted cloud media center. It comprises three
phases, i.e., initial upload, subsequent upload, and video retrieval. (KGen,
Enc,Dec) be a deterministic symmetric encryption scheme with λ bits long key
length and hs :{0,1}∗ →{ 0,1}λ be a key-ed hash function.
C. De centralized Secure System Framework:
In the above proposed system framework, we consider a single agency server
for the defence against offline brute-force attacks. Sometimes, from the
perspectives of security and reliability, one agency server might not be enough.
Specifically, a single agency server is not able to provide compromise resilience
and fault tolerance. In terms of security, when the single agency server is
corrupted, the defence will be invalidated. In terms of reliability, when the
single agency server breaks down, the system is not able to run normally since
the user would fail to obtain α and β. Therefore, to address the limitations of the
centralized setting of a single agency server, we also consider extending the
proposed framework to the decentralized setting of multiple agency servers.
Note that introducing decentralized agency servers is affordable in practice. As
mentioned before, the agency service could be provided by other independent
economical cloud service providers and the multi-server model has been widely
used in the literature for secure applications.
In the decentralized setting, we replace the underlying RSA signature scheme
of the OPRF protocol with a threshold version. Let n be the number of signers
and t<na threshold parameter. A (t,n)-threshold signature scheme allows any
subset of t signers to produce a valid signature, but prohibits any t−1 or less
signers from doing so. Recall that the agency server in our system framework
plays the role of a signer. It assists in generating the message-derived tag α and
label β, via signing the blinded input. Therefore, applying the (t,n)-threshold
RSA signature scheme in the decentralized setting of n agency servers enables
a user to derive α and β from any subset of t agency servers. In this way, if an
attacker wants to break the defence line against offline brute-force attacks, it
must corrupt at least t out of n agency servers. Meanwhile, the system now is
running without relying on a single point any more. Hence, both the security
and reliability are boosted.
Cloud computing is a general term for the deliver of hosted services over the
Internet. Cloud computing enables companies to consume compute resources as
a utility just like electricity -
Private: cloud services are delivered from a business' data centre to internal
users. This model offers versatility andzconvenience while preserving
management, control and security. Internal customers may or may not be billed
for services through IT chargeback.
Public: model, a third-party provider the cloudservice over Internet
cloud delivers the .
on-demand typically the the
Public cloud services are sold by minute or hour.
Customers only pay for the cycles, storage bandwidth they
CPU or consume. Leading
providers AmazonWebService MicrosoftAzu
public cloud include s (AWS), re,
IBM/SoftLayer and Google Compute Engine.
cloud for busty workloads that must scale on-demand. The goal of
hybridcloud is to create aunified, automated scalable environment which
takes advantage of all that a public cloud infrastructure can provide while
still maintaining control over mission-critical data.
Although cloud computing has changed overtime, it has always been divided
into three broadservice categories: Infrastructure as a service (IaaS),
Platform as a service (PaaS) and Software as service (SaaS).
Cloud User
Several definitions are available in the literature survey for home Automation.
Before the IOT technology controlling monitoring and alerting of devices is not
possible. IOT technology provides many advantages including cost saving,
security, safety and improve comfort. In this work communication between the
remote user and the home devices is implemented using restful based Web
services.
Secure De-Duplication:-
[2] ] K. Ren, C. Wang, and Q. Wang, “Toward secure and effective data
utilization in public cloud,” IEEE Netw., vol. 26, no. 6, pp. 69–74, Nov./Dec.
2012.
Propose to use a key server to obliviously provide message-derived keys for
encryption. They also adopt rate-limiting strategies on the key server to mitigate
online brute-force attacks in practice. Later, resort to threshold signatures and
extend the framework of to the setting of distributed key servers. In Puzio et al
resorts to an extra server to further encrypt user data protected under convergent
encryption. Very recently, Liu propose a scheme that can resist offline brute-
force attacks without introducing additional server. However, their scheme
requires a number of online users to actively assist the cloud to perform duplicate
check and help transfer encryption keys.
[4]M.Bellare,S.Keelveedhi,andT.Ristenpart,“Message-lockedencryption
and secure deduplication,” in Proc. Adv. Cryptol., 2013, pp. 296–312.
Portions of the work presented in this paper have previously appeared as a next
ended abstract in We have revised the paper a lot and improved many technical
details as compared to. The primary improvements are as follows. Firstly, we
provide Section V-C to extend our system framework to the decentralized setting,
enhancing the security and reliability. The security of this new design is analysed
in detail in Section VII. We also add Section V-D to show how our system
framework can be adapted to meet other security notions in secure deduplication,
and discuss near-duplicate video detection in new Section V-E. Secondly, we add
Section VI-C to generalize the construction of secure SVC video deduplication,
and also discuss structure aware secure deduplication over other scalable media
in new Section VI-D. We also elaborate on the encryption for both the SVC video
header and content in Section VIII-A. Thirdly, we provide security evaluation in
new Section VIII-D to measure the effectiveness of rate limiting in slowing down
online brute force attacks. Finally, we redo all the experiments and extend the
performance evaluation.
Existing System
Despite the effectiveness in addressing the security concerns, directly applying
data encryption to multimedia data would explicitly invalidate many benefits of
deploying the cloud-based media applications. Accordingly, in the literature there
have been recent endeavours on investigating how to enable the cloud to support
various desirable functionalities over encrypted multimedia data, such as
encrypted feature extraction, encrypted scalable sharing , and encrypted social
discovery. Under the circumstance of encrypted videos, how to still preserve all
the service benefits of cloud media centre remains to be fully explored.
Problem Statement
We consider an encrypted cloud video hosting service involving three different
entities, as ills the cloud media centre (abbr. cloud), the user, and the agency
server. Cloud serves as a video hosting platform storing encrypted videos
outsourced by users. It enforces deduplication to eliminate the storage and band
width redundancy, and is required to adaptively deliver the encrypted videos to
heterogeneous devices and networks. After outsourcing the encrypted videos, the
user may delete them at local, and later access her own videos at cloud. The
agency server, hosted by a third party, facilitates our system.
Our security goal is to provide strong protection for the video confidentiality. Our
system considers two types of adversaries, i.e., external adversary and internal
adversary. The external adversary may refer to a user who might obtain some
knowledge of a video (e.g., a hash value) via some public channel and attempt to
cheat the video ownership from cloud. For example, file hashes are widely used
over the Internet for integrity verification of downloaded files, and they are not
really meant to be secret . We assume that the external adversary will not upload
a fake video to compromise the integrity of other users’ videos. Video tampering
detection is not the focus of our work, and it can be handled by various orthogonal
mechanisms such as proof of storage.
Proposed System
FEASIBILITY STUDY
Performance Analysis
For the complete7functionality of the project7work, the project7is
run7with the help of healthy7networking7environment. Normally, the
OS7is7windows XP. The main7theme of this project7is to7allocate path
channels7based on the hot7spot and clod7spot. Performance7analysis is7done to
find out7whether our algorithm7is more7efficient. It is essential7that the
process7of performance7analysis and definition7must be7conducted7in parallel.
We7measure the7parameter called7Packet delivery7to measure7the
effectiveness7of the7approach.
Technical Analysis
2.2.3 Economical7Analysis
2.3.1 Java9Technology
The Java9Programming9Language
The Java7programming language9is a high-level7language that can
be7characterized by all7of the following7buzzwords:
Simplle
Architecture9neutral
Object9oriented
Portable9
Distributed9
High9performance
Interpreted9
Multithreaded
Robust9
Dynamic
Secure9
With most programming9languages, you either9compile or interpret
aprogram so9that you can9run it on your9computer. The
Javaprogramming9language is unusual9in that9a program9is9both9compiled
and9interpreted. With the9compiler, first9you9translate9a program into9an
intermediate9language called9Java byte codes —the platform-
independent9codes interpreted by9the interpreter9on the Java platform. The
interpreter9parses and runs9each Java byte9code instruction9on the computer.
Compilation9happens just9once; interpretation9occurs each time9the program
is9executed. The following figure9illustrates how this9works.
HARDWARE REQUIREMENTS:
3.1 USERS:
3.3.1 Product8Requirements
Portability8: Since the software8is developed in8java it can be8executed on
any8platform for8which the8JVM is available8with minor8or no8modifications.
3.3.2 Organizational8Requirements
3.3.3 BasicOperational8Requirements
The8customers are8those that8perform the8eight primary8functions
of8systems8engineering, with8special emphasis8on the operator8as the
key8customer. Operational8requirements will define8the basic8need and8at a
minimum, 8will be8related to8these following8points:-
Mission8profile or8scenario:It describes8about8the procedures8used8to
accomplish8mission objective. It8also finds8out the8effectiveness8or
efficiency8of th8 system.
User
Check Department
Apply SVC
Check Department
User
Apply SVC
7.2 Integration
Working of User must be able listen and Receive the images Success
Reciever receive the images that the
sender sends.
Input8Screen8design
Output8Screen8design
Menu8driven8system
Incorrect0or missing0function.
Interface0errors.
Performance0errors.
Initialization0and termination0errors.
Errors0in0objects.
Advantages
[2] Z. Qin, J. Yan, K. Ren, C. W. Chen, and C. Wang, “Towards efficient privacy-
preservingimagefeatureextractionincloudcomputing,”inProc. ACM Int. Conf. Multimedia,
2014, pp. 497–506.
[9] Y. Zhou, T. Z. J. Fu, D. M. Chiu, and Y. Huang, “An adaptive cloud downloading service,”
IEEE Trans. Multimedia, vol. 15, no. 4, pp. 802–810, Jun. 2013.
[11] H. Schwarz, D. Marpe, and T. Wiegand, “Overview of the scalable video coding extension
of the H.264/AVC standard,” IEEE Trans. Circuits Syst. Video Technol., vol. 17, no. 9, pp.
1103–1120, Sep. 2007.
[12] S. Xiang, “Scalable streaming,” 2012. [Online]. Available: https://sites.
google.com/site/svc http streaming/storage saving
[14] T. Stutz and A. Uhl, “A survey of H.264 AVC/SVC encryption,” IEEE Trans. Circuits
Syst. Video Technol., vol. 22, no. 3, pp. 325–339, Mar. 2012.