This section is intended to introduce the reader to various aspects of art, which may be related to various aspects of the present invention that are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present invention. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
As an illustrative example, the following description will be directed to protection of packetized video data streams, such as those obtained by for instance JPEG2000 encoding. The skilled person will however appreciate that the data protection of the present invention may also be used in analogous fields in which data is transmitted in packets having the necessary properties.
It has long been known to protect video data by encryption, notably in conditional access television systems. FIG. 1 illustrates a traditional prior art approach for content access control. The video signal CNT is first encoded 110 using a standard compression encoder, and the resulting bit stream CNT′ is then encrypted 120 using a symmetric encryption standard (such as DES, AES, or IDEA). The encrypted bit stream [CNT′] is then received by a receiver that decrypts 130 the encrypted bit stream [CNT′] to obtain an encoded bit stream CNT′ that is decoded 140 to obtain a video signal CNT that is, at least in theory, identical to the initial video signal. In this approach, called fully layered, compression and encryption are completely independent processes. The media bit stream is processed as classical plaintext data, with the assumption that all symbols or bits in the plaintext are of equal importance, i.e. the symbols are uniformly distributed.
This scheme is relevant when the transmission of the content is unconstrained, but it seems inadequate in situations where resources (such as memory, power or computation capabilities) are limited. Another way of putting this is that it is sometimes desired to increase the capacity of e.g. a processor to process encrypted data.
Further, much research shows the specific characteristic of image and video content—high transmission rate and limited allowed bandwidth—which justifies the inadequacy of standard cryptographic techniques for such content. This has led to researchers to explore a new scheme of securing the content—named “selective encryption”, “partial encryption”, “soft encryption”, or “perceptual encryption”—by applying encryption to a subset of a bit stream with the expectation that the resulting partially encrypted bit stream is useless without the decryption of the encrypted subset. The general approach is to separate the content into two parts: the first part is the basic part of the signal (for example Direct Current, DC, coefficients in Discrete Cosine Transform, DCT, decomposition, or the low frequency layer in Discrete Wavelet Transform, DWT, decomposition), which allows the reconstruction of an intelligible, but low quality version of the original signal, and a second part that could be called the “enhancement” part (for example Alternating Current, AC, coefficients in DCT decomposition of an image, or high frequency layers in DWT), which allows the recovery of fine details of the image and reconstruction of a high quality version of the original signal. According to this scheme, only the basic part is encrypted, while the enhancement part is sent unencrypted or in some cases with light-weight scrambling. The aim is to protect the content and not the binary stream itself.
FIG. 2 illustrates selective encryption according to the prior art. Encoding and decoding is performed as in FIG. 1. In selective encryption, the encoded bit stream CNT′ is encrypted 220 depending on selective encryption parameters 240. These parameters may, as mentioned, for example state that only the DC coefficients or the low frequency layer should be encrypted, while the rest of the encoded bit stream CNT′ should be left unencrypted. The partially encrypted bit stream [CNT′] is then (partially) decrypted 230 depending on the selective encryption parameters 240.
An exemplary selective encryption scheme is described by T. Kunkelmann and R. Reinema in “A Scalable Security Architecture for Multimedia Communication Standards”; Multimedia Computing and Systems '97. Proceedings, IEEE International Conference on Ottawa, Ont., Canada, 3-6 Jun. 1997, Los Alamitos, Calif., USA, IEEE Comput. Soc, US, 3 Jun. 1997, pages 660-661, XP010239268, ISBN: 978-0-8186-7819-6. To encrypt an 8×8-block, two integer values smaller than 64 is chosen; one value is for the DC components and one for the AC components. The individual blocks are then encrypted, for example using DES with a key length of 64 bits (e.g. described by Scheier B: “Applied Cryptography, Description of DES” Applied Cryptography, Second Edition, Protocols, Algorithms and Source Code in C, John Wiley & Sons, Inc, New York, 1 Jan. 1996, pages 270-277, XP002237575, ISBN: 978-0-471-11709-4). Other suitable block encryption methods, such as the one described in US 2001/0033656, may apparently also be used. The process is iterated until a number of AC and/or DC components have been encrypted. In other words, not all the components are encrypted, but each component is fully encrypted.
As the invention is particularly suitable for JPEG2000, which will also be used as a non-limitative embodiment of the invention, a brief introduction to relevant parts of this standard, i.e. its code stream structure, will now be given.
The JPEG2000 code stream is organized into packets, code stream packets are elementary units that transport data from a specific combination of entities called Resolution, Layer, Component and Precinct. A compressed image with R resolutions, L layers, P precincts and C components, thus results in RxLxCxP packets.
JPEG2000 makes use of an embedded bit stream: the code stream can be truncated at any given end of packet without adverse impact on previously coded ones.
FIG. 3 illustrates the main code stream structure, comprising:                A main header 310, comprising a Start of Code stream (SOC=0xFF4F) marker segment 312 and the main header marker segments 314. The SOC marker indicates the start of the code stream and is required as the first marker. The main header marker segments indicate many user defined compression parameters, such as for example progression order, main coding style, components coding style, and tile size.        One or more Tile-part headers 320a, 320b, each comprising a Start of Tile-part marker (SOT=0xFF90) 322, tile part information 324a, 324b, and a Start of Data marker (SOD=0xFF93) 326. As will be appreciated, the SOT 322 and the SOD 326 have standard values, while the tile part information 324a, 324b comprises information about the tile; e.g. tile part information 324a indicates that it belongs to Tile 0, while tile part information 324b indicates that it belongs to Tile 1. At least one tile-part header 320a, 320b is required at the beginning of each tile-part, which comprises the tile-part header 320a, 320b and, usually, a following bit stream 330a, 330b, where the SOD marker indicates the start of the bit stream 330a, 330b that contains the compressed data.        End of Code stream 340: this marker (EOC=0xFFD9) indicates the end of the code stream.        
As can be seen, the bit stream is mainly composed of packet headers and packet data that form packets. FIG. 4 illustrates an exemplary JPEG2000 packet comprising a packet header 420 and packet data 440. Packet headers may be used in the bit stream or in the main header depending on the user defined options. FIG. 4 shows the use of such headers within the bit stream: a Start of Packet header 410 (SOP=0xFF91) and an End of Packet Header 430 (EPH=0xFF92) respectively indicate the start and the end of the packet header 420.
It should be noted that for packet data, some code words—the ones in the range [0xFF90; 0xFFFF] are reserved in JPEG2000. Such reserved code words are used as markers that delimit the main building blocks of the stream. For example, the SOT (0xFF90), the SOD (0xFF93) and the EOC (OxFFD9) are such reserved code words. When encrypting the code stream, it is important to ensure that ‘normal’ (i.e. non-reserved) code words do not result in encrypted code words whose value are reserved. Packet data are entropy encoded and this property makes them very suited for cryptographically secure selective encryption as will be described later.
The packet header 420 comprises information needed by the decoder to correctly parse and decode the packet data:                Zero length packet: indicates whether or not the current packet is empty.        Code-block inclusion: for each precinct, a tag tree is used to encode inclusion information for code blocks included.        Zero-bitplane information: for each precinct, a tag tree encodes the first non zero bit-plane.        Number of coding passes: Huffman-style code words are used to encode the number of coding passes included for each code block.        Length of compressed data from each code block.        
In “Techniques for a Selective Encryption of Uncompressed and Compressed Images”, Proceedings of Advanced Concepts for Intelligent Vision Systems (ACIVS) 2002, Ghent, Belgium, Sep. 9-11, 2002, M. Van Droogenbroeck and R. Benedett propose to apply selective encryption to a Huffman coder. Indeed, JPEG Huffman coder terminates runs of zeros with code words/symbols in order to approach the entropy. Appended bits are added to these code words to fully specify the magnitudes and signs of non-zero coefficients, only these appended bits are encrypted using DES or IDEA.
In “Selective Encryption of Wavelet-Packet Encoded Image Data”, ACM Multimedia Systems Journal, Special Issue on Multimedia Security in 2003, A. Pommer and A. Uhl propose an algorithm based on AES encryption of the header information of wavelet packet encoding of an image, the header specifying the sub-band tree structure.
In “Compliant Encryption of JPEG2000 Codestreams”, IEEE International Conference on Image Processing (ICIP 2004), Singapore, October 2004, Y. Wu and R. H. Deng propose a JPEG2000 compliant encryption algorithm which iteratively encrypts Codeblock Contribution to Packets (CCPs). The encryption process acts on CCPs (in the packet data) using stream ciphers or block ciphers, preferably stream ciphers with arithmetic module addition. The key stream is generated using Rivest Cipher 4 (RC4). Each CCP is iteratively encrypted until it has no forbidden code words (i.e. any code word in the range [0xFF90, 0xFFFF]).
In “Selective Encryption of the JPEG2000 Bitstream”, in A. Lioy and D. Mazzocchi, editors, Communications and Multimedia Security. Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security, CMS '03, volume 2828 of Lecture Notes on Computer Science, pages 194-204, Turin, Italy, October 2003. Springer-Verlag, R. Norcen and A. Uhl observe that JPEG2000 is an embedded bit stream and that, in progression order JPEG2000 compressed images, the most important data is sent at the beginning of the bit stream. Based on this, the proposed scheme consists in AES encryption of selected packet data. The algorithm uses two optional markers SOP and EPH (as illustrated in FIG. 4) to identify packet data. Then, this packet data is encrypted using AES in CFB mode, as the packet data has variable length. The experiments were conducted on two kinds of images (lossy and lossless compressed), with different progression orders (resolution and layer progression orders). The evaluation criterion was the visual degradation obtained for a given amount of encrypted data. It was found that for the lossy compressed images, layer progression gives better results. For lossless compressed images, resolution progression gives better results.
European patent application EP 08300093.5, provides an improved solution that uses a distortion-to-rate ratio for each packet to order the packets in descending ratio and encrypt packets until a predetermined accumulated distortion is achieved.
The Applicant has discovered, however, that the there is still room for improvement when encrypting packet data.
It can therefore be appreciated that there is a need for a solution that allows further improvement to encryption without unacceptably diminishing the security of the encrypted content. This invention provides such a solution.