Securing Video on Demand Content with SGX: A Decryption Performance Evaluation in Client-Side

Ricardo de S. Costa; Daniel F. Pigatto; Keiko V. O. Fonseca; Marcelo de O. Rosa

doi:10.5753/sbseg.2018.4248

Ricardo de S. Costa UTFPR
Daniel F. Pigatto UTFPR
Keiko V. O. Fonseca UTFPR
Marcelo de O. Rosa UTFPR

DOI: https://doi.org/10.5753/sbseg.2018.4248

Resumo

Video on Demand (VoD) is presently a bandwidth demanding application of IPTV networks but also a source of revenue for content providers, broadcasters and infrastructure providers. Customers can select TV content like movies and shows from a wide digital media library, and are no longer tied to a fixed schedule. The programming content is digitally compressed, stored and kept at VoD storage drives and flows from them to residential set-top boxes (STB) according to the user demand. However VoD service should set the streaming of a chosen content only to authorized clients, that is, the system should secure the data transfer and storage in order to prevent copyright infringements or unfair business competition with content illegally acquired. This paper proposes the adoption of SGX technology as a solution for a secure VoD service focusing in client-side (embedded devices) and evaluating its decryption performance. We show that video chunks normally transfered between media servers and real STBs can be decrypted in approximately 150μs, on average, which is enough for using this technology in STBs.

Referências

Akhyar, F., Nasution, S. M., and Purboyo, T. W. (2015). Rabbit algorithm for video on demand. IEEE Asia Pacific Conference on Wireless and Mobile, pages 208–213.

Anati, I., Gueron, S., Johnson, S., and Scarlata, V. (2013). Innovative technology for cpu based attestation and sealing. Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy.

Apple (2016). About http live streaming. Available at: [link].

ARM (2016). Arm trust zone: A system-wide approach to security. Available at: [link].

Butin, D., Wälde, J., and Buchmann, J. (2017). Post-quantum authentication in openssl with hash-based signatures. Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU).

Chakraborty, P., Dev, S., and Naganur, R. H. (2015). Dynamic http live streaming method for live feeds. IEEE International Conference on Computational Intelligence and Communication Networks, pages 1394–1398.

CISCO (2017). White paper: The zettabyte era: Trends and analysis. Available at: [link].

encoding.com (2016). Digital rights management - an overview. Available at: [link].

FCC (2016). Fcc16-18 notice of proposed rulemaking and memorandum opinion and order.

Gjerdrum, A. T., Pettersen, R., Johansen, H. D., and Johansen, D. (2017). Performance of trusted computing in cloud infrastructures with intel sgx. In Proc. of the 7th Intern. Conf. on Cloud Computing and Services Science. Porto, Portugal: SCITEPRESS, pages 696–703.

Harnik, D. (2017). Impressions of intel sgx performance.

Huang, S. (2008). H264 profiles. Available at: [link].

Hur, S., Cho, S., Kim, Y., and Sim, J. S. (2017). A power- and storage-efficient hls media server for multi-bitrate vod services. IEEE International Conference on Big Data and Smart Computing, 17:193–198.

IEEE (2011a). 802.11 standard. Available at: [link].

IEEE (2011b). 802.16e wi-max standard. Available at: [link].

Intel (2016a). Intel R© software guard extensions (intel R© sgx). Available at: [link].

Intel (2016b). Overview of an intel software guard extensions enclave life cycle. Available at: [link].

Intel (2017). Intel software guard extensions evaluation sdk for linux os. Available at: [link].

Irawan, I. (2013). Video on demand - application of technology. Available at: [link].

Jain, R. (1991). The art of computer systems performance analysis: techniques for experimental design, measurement, simulation, and modeling, page 720. Wiley professional computing, Wiley, USA, 1st edition.

Johnson, S., Zimmerman, D., and Derek, B. (2016). Intel sgx: Debug, production, pre-release what’s the difference? Available at: [link].

Knight, S. (2015). Intel to enable sgx technology on future skylake cpus. Available at: [link].

Lal, R. and Pappachan, P. M. (2013). An architecture methodology for secure video conferencing. 2013 IEEE International Conference on Technologies for Homeland Security (HST), I:460–466.

Lederer, S. (2015). Optimal adaptive streaming formats mpeg-dash and hls segment length. Available at: [link].

Liebeherr, J. (1995). Multimedia networks: Issues and challenges. Computer Magazine, 28.

Mena, I. (2017). Verbete draft: o que é ott. Available at: [link].

Microsoft (2017). Trusted platform module technology overview. Available at: [link].

Mohammad Hasanzadeh-Mofrad, A. L. and Gray, S. L. (2017). Leveraging intel sgx to create a nondisclosure cryptographic library. Available at: [link].

Mozaffari-Kermani, M. and Reihani-Masoleh, A. (2012). Efficient and high-performance parallel hardware architectures for the aes-cgm. IEEE Transactions on Computers, 61.

Müller, C., Lederer, S., and Timmer, C. (2012). An evaluation of dynamic adaptive streaming over http in vehicular environments. Proceedings of the 4th Workshop on Mobile Video, pages 37–42.

Peltoniemi, J. (1995). Video-on-demand overview. Technical report.

R. Mohan, J. S. and Li, C.-S. (1999). Adapting multimedia internet content for universal access. IEEE Trans. Multimedia, I:104–114.

SecureCloud (2016). Securecloud -secure big data processing in untrusted clouds (eu-br consortium). Available at: [link].

Stockhammer, T. (2011). Dynamic adaptive streaming over http - standards and design principles. Proceedings of the second annual ACM conference on Multimedia systems, pages 133–144.

TCG (2014). Trusted platform module library. part 1: Architecture. family 2.0. revision 01.16. Technical report.

W3C (2017). Web crypto api. Available at: [link].

Xiph.Org (2016). Xiph.org video test media [derf’s collection]. Available at: [link].