Study On The Content Protection Of Mobile Video Service

Providing the customers with mobile video service through mobile communication networks or mobile digital video broadcasting networks is widely considered as the next"Killer Application"for the mobile networks operators and broadcasters. The ability to provide users with video entertainment choice at any place at any time is another feature promoted by these operators. Accompanying with the business plans to deliver mote valuable mobile video programs to the subscribers in order to promote the mobile video service further, how to ensure the valued content's security in order to protect the revenues of these operators is the key technical element after the success of the efficient video source coding and transmission systems. Different mobile video service and content protection system architectures will result in different receiver universality and security, which are the key factors for the popularization of the mobile video service. This paper focus mainly on how to improve the universality and security of the video content protection subsystem at the receiving end for the current two major industry technical specifications: OMA BCAST and DVB-IPDC SPP. We proposed to include a newly designed universal security platform (USP) in the mobile video receivers, which can keep the receivers still being compatible with these two technical specifications, meanwhile supporting any content protection head-end systems being employed by the mobile video service. By doing so we can solve the dilemma between the universality and the security existed between the two major industry technical specifications.The main contributions of this paper can be concluded as follows:1) This paper overviewed the two major mobile video service content protection system technical specifications: OMA BACST and DVB-IPDC SPP. By layering the whole system we outlined the content protection framework's layered architecture model and corresponding layered key architecture model for those content protection systems defined in the above mentioned two specifications. We classified those content protection systems into two types: open or closed content protection framework and analyzed their advantages and shortcomings in universality and security. This paper proposed a receiving-end content protection subsystem implementation way which is compatible with the both frameworks: including a universal security platform (USP) in the mobile video service receiver (consisting of one open and one closed USP). By doing so, we can get a receiving-end content protection subsystem which is compatible with both of the specifications and supporting any kind of head-end content protection systems being employed by the mobile video service. The USP can solves the incompatibility between the receiving-end content protection subsystems following different content protection frameworks, in the meantime with the introducing of new security algorithms the security of the USP is ensured.2) This paper proposed the open USP and the closed USP's implementation schemes and gave out several key technical elements of the USP. The main contribution includes: 1) gave out the USP's function modules and their working principle, especially the most complex one, the way to filtering out the content protection system's various security messages; 2) designed and proposed the key security algorithms needed by our proposed USP in order to proof it from the vulnerable part of the whole content protection system, in the meantime having quite high computing efficiency. Our proposed security algorithms used by the USP include: The USP's identity authentication algorithm and the authenticated security channel setup algorithm between the USP and the UICC (the content protection subsystem's security module at the receiving end). This paper designed a new USP's identity authentication algorithm based the enhanced NTRU encryption mechanism, which inherits the high computation efficiency of the NTRU encryption mechanism and in the meantime having no shortcoming of the potential decryption failure of the NTRU encryption mechanism. In order to protect the security sensitive data communicated through the ISO/IEC 7816-3/4 standard communication interface between the USP and the UICC, this paper proposed an integrated authentication and key negotiation algorithm for the establishment of the authenticated security channel (ASC) based on the above designed USP's identity authentication algorithm. Due to the combination of both authentication and key negotiation algorithm, this ASC establishment protocol gets rid of many redundant protocol procedures thus greatly reduces the whole protocol communication volume. Compared to the ASC establishment protocol proposed in the technical specification for the digital video broadcasting employing smartcard as the conditional access security module, our proposed ASC establishment protocol is more computation efficient and having lower storage requirement for the UICC.3) The security of the mobile video service's program content is ultimately dependent on the security of the content encryption algorithms employed, in addition, due to the versatility of the mobile video service the adaptability and the computation efficiency are also a very important performance mark for one content encryption algorithm. Based on the H.264/AVC video coding standard employed by the mobile video service, this paper proposed two video selective content encryption algorithms utilizing the characteristics of the CAVLC and CABAC entropy encoder: the CIME and the BACE content encryption algorithms. The Constrained Index Mapping Encryption (CIME) algorithm utilized the characteristics of the CAVLC entropy encoder, which selectively encrypts the video content at the entropy encoding level. Compared to the various Index Mapping Encryption (IME) algorithms proposed in many literatures, the CIME algorithm can make a balance between the code rate overhead and the security of the encrypted video content numerically in a constrained way and ensure the legitimacy of the encrypted video coded stream. The Binary Arithmetic Coding Encryption (BACE) algorithm utilized the characteristics of the CABAC entropy encoder, which is based on the strong poor resynchronization capability of the arithmetic coding. BACE algorithm selectively encrypts the video content through pseudo-randomly modifies the binary arithmetic coding process of the CABAC entropy encoder, in the meantime does affect the"symbol binarization"and"context modeling"stages of the CABAC entropy encoder. BACE algorithm has the desired property that does not reduce the encoding efficiency of the CABAC entropy encoder compared to the CIME algorithm for CAVLC entropy encoder. Both CIME and BACE algorithms can adapt to the content security level by choose the amount and different key parts of the video stream to be encrypted, the theoretical and experimental results show that both these algorithms can effectively encrypt the video content. Due to the ability of encrypting the video content without violating the syntax, the BIME and BACE algorithms can be employed used for many advanced H.264/AVC coding options without first decrypting the video stream, like Data Partition (DP) and UnEqualized Protection (UEP) for the enhancement of transmission robustness, and the scalable coding in order to match the different channel capacity.The previous research for mobile video service is mainly focus on how to efficiently encode and transmit the video content, with the standardization and maturity of the mobile video service, the mobile video service's content protection system will definitely be the next research hotspot because has a heavy influence on the success of the popularization of this new emerging service. This paper deals with the practical engineering issues facing the mobile video service nowadays, thus it has relatively quite high commercial and engineering values.