1. Field of the Invention
The present invention relates to a method for processing ciphered data, and to apparatus and media for its implementation.
The technical field of the present invention is the manufacturing of video data encoders.
The present invention relates more particularly to a method for processing audio or video data partially ciphered by a block cipher algorithm, the data being compressed and organized according to a standardized format.
2. Description of the Related Art
Today, the secured distribution of video documents is limited to the broadcasting of “pay-as-you-go” cable or satellite television; the security is provided by “proprietary” cipher systems, which are defined, implemented and controlled by a single provider: the broadcaster.
The new standards of low-rate video, broadband Internet and wireless-network handheld terminals, of 3G telephone or personal assistant type, should soon enable the distribution of video documents: teleconferencing, multimedia messages, film trailers, live sporting events and video on demand, in particular.
Some security specifications are emerging which cannot be met by the current solutions. The specifications are as follows:
a—the syntax of the ciphered stream should remain as compliant as possible with the coding standard, so as to facilitate the transport by network; the method for processing data should provide transparency to the transcoding and to the changes in data rates, as well as transparency to the routers and servers for reasons of confidence; the method should enable random access and other video processing without deciphering the complete stream, and should enable the transport by protocols provided for standard video;
b—the compression efficiency should not be reduced as a result of the securing of the data by ciphering;
c—the securing should be compatible with various tools provided for by the video data compression standards (MPEG4, H264), particularly the resistance to errors, for wireless transmission and the losses of IP (Internet protocol) packets, as well as the multi-level coding, for heterogeneous bandwidth client terminals;
d—the security and backward masking level should be adapted to the application: robustness to video-specific attacks;
e—the required computing power should remain compatible with embedded terminals, for applications such as the wireless streaming of multimedia documents.
According to the MPEG standard, a video sequence is made up of a series of groups of images, each image group comprising a series of images of type I (intrinsic), P (predicted) and B (bi-directional); each type-I image is split into macroblocks; each macroblock is converted into four luminance blocks and into two chrominance blocks, this conversion resulting in a first loss of information.
Each 64-pixel block is converted into a 64-coefficient table by a DCT (“discrete cosine transform”); this table is compressed by quantization and then ordered and coded (“zig-zag ordering” and “run-length coding”) according to the number of zero-value coefficients encountered during a zig-zag scan of the table; the resulting compressed data are coded into words of variable length (“Huffman coding”); these transformations also result in a loss of information.
Various methods for ciphering a standardized video data stream—particularly an MPEG-standard stream—have been proposed in order to meet some of the aforementioned requirements.
The document “A Fast MPEG Video Encryption Algorithm”, Changgui Shi et al., ACM Multimedia 98, describes a method for ciphering MPEG-compressed video data, by a secret key; the sign bits of the Huffman coefficients (AC and DC)—which are codewords of variable length—are combined bit by bit with XOR gates with a key of determined length, and are respectively replaced—in the video data stream—with the bit value resulting from this operation; this document proposes using one or more long key(s); a 128-bit key is used as an example.
This selective cipher method, which operates on a small part of the data stream, requires fewer computing resources than those required by the methods for fully ciphering the stream; on the other hand, the darkening of the ciphered images is relatively low.
U.S. Pat. No. 6,505,299-B1 (Zeng et al.) describes alternatives of this method, and proposes ciphering the motion vectors of the P and B-type images; this increases the darkening of the ciphered images.
According to the aforementioned document Changgui Shi et al., sync points, which are added to the data stream, enable a decoder that has the key to know which position in the ciphered stream it must start using the deciphering key from again; these sync points are added at the beginning of each image group, at the beginning of each type-I image or at the beginning of a predetermined number of images.
According to schedule E to the ISO standard 14496-2, in a “video packet resynchronization” mode, a periodic synchronization marker can be created at the end of a macroblock when the number of bits since the previous marker is higher than a certain threshold; a video packet (part of the stream between two successive markers) thus has a variable number of macroblocks.
When the data stream is partially ciphered with a block cipher algorithm, such as the DES (64-bit block) and a fortiori AES (128 bits) standards, the number of data bits to be ciphered inside this video packet can be lower than the number of bits of the cipher block, particularly when the packet contains the motion vectors associated with the P and B-type images; in this case, this packet will be transmitted without ciphering, and the darkening of the sequence will be reduced.