WO2008068640A2 - Secure jpeg - Google Patents

Secure jpeg Download PDF

Info

Publication number
WO2008068640A2
WO2008068640A2 PCT/IB2007/004411 IB2007004411W WO2008068640A2 WO 2008068640 A2 WO2008068640 A2 WO 2008068640A2 IB 2007004411 W IB2007004411 W IB 2007004411W WO 2008068640 A2 WO2008068640 A2 WO 2008068640A2
Authority
WO
WIPO (PCT)
Prior art keywords
jpeg
secure
security
jpsec
standard
Prior art date
Application number
PCT/IB2007/004411
Other languages
French (fr)
Other versions
WO2008068640A3 (en
Inventor
Frederic Albert Dufaux
Touradj Ebrahimi
Original Assignee
Emitall Surveillance S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Emitall Surveillance S.A. filed Critical Emitall Surveillance S.A.
Publication of WO2008068640A2 publication Critical patent/WO2008068640A2/en
Publication of WO2008068640A3 publication Critical patent/WO2008068640A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T1/00General purpose image data processing
    • G06T1/0021Image watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T2201/00General purpose image data processing
    • G06T2201/005Image watermarking
    • G06T2201/0051Embedding of the watermark in the spatial domain
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T2201/00General purpose image data processing
    • G06T2201/005Image watermarking
    • G06T2201/0052Embedding of the watermark in the frequency domain
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T2201/00General purpose image data processing
    • G06T2201/005Image watermarking
    • G06T2201/0061Embedding of the watermark in each block of the image, e.g. segmented watermarking

Definitions

  • the present invention relates to a digital imaging method and more particularly to a digital imaging method that takes advantage of the widespread use and popularity of systems configured for use with the JPEG digital imaging standard while providing security services essentially equivalent to the JPSEC standard.
  • Such digital imaging systems are known in the art. As used herein, such digital imaging systems are defined to include video conferencing, video telephony and Internet video chat systems which are capable of one and two way communication of live video content between two or more participants. Such digital imaging systems are also include video surveillance systems. [0003] Such digital imaging systems are known to be used in a myriad of applications. For example, chat rooms are very popular on the Internet. Besides its ease and convenience to communicate, part of its appeal resides in the anonymity it provides. Thanks to technological advances, many chat room applications, such as Yahoo Messenger and MSN Messenger, now offer the possibility of a video link in order to enhance the communication. The video provides a desirable sense of human contact. Other applications include video conferencing as described in detail in US Patent No. 5,867,494 and US Patent Application Publication No. US 2004/0008635 A1 , hereby incorporated by reference. US Patent No. 6,665,389 B1 discloses the use of video conferencing for an interactive dating service.
  • JPEG 2000 Image Compression Fundamentals, Standards and Practice", Kluwer Academic Publishers, 2002, hereby incorporated by reference.
  • JPEG 2000 is the latest standard for still image coding.
  • JPEG 2000 also offers new compelling functionalities required by multimedia applications, such as progressive transmission up to lossless coding, seamless scalability, region of interest coding, and error resilience. Even though JPEG 2000 outperforms JPEG in terms of compression, JPEG is still the most popular format for digital imaging.
  • JPEG Transactional Synchronization Extensions
  • JPSEC Joint Photographic Experts Group
  • the present invention relates to a digital imaging method, Secure JPEG, for providing security services for systems using the JPEG standard.
  • Secure JPEG is essentially equivalent to the JPSEC standard and is an open and flexible standardized framework to provide secure JPEG images. Its goal is to allow the efficient integration and use of security tools enabling a variety of security services, such as confidentiality, integrity verification, source authentication or conditional access.
  • security JPEG aims at accomplishing for JPEG what JPSEC enables for JPEG 2000.
  • Secure JPEG provides three specific examples of security services. The first security service addresses integrity verification using a hash function to compute local digital signatures. The second security service considers the use of encryption for confidentiality. Finally, the third security service describes a scrambling technique. As such, the present invention is able to provide security for the ever popular JPEG standard.
  • Fig. 1 is a generalized block diagram of the JPSEC framework.
  • Fig. 2 is an example block illustrating Macroblock-based integrity verification.
  • FIG. 3 is an example of integrity verification illustrating on the top left top left: the original image, top right: tampered image, and the bottom: macroblock- based digital signature verification..
  • FIG. 4 is a block diagram of a Transform-domain encryption: (a) encoder and (b) decoder.
  • Fig. 5 is an example of 8 x 8 block encryption
  • Fig. 6 is an example of AES transform domain encryption in which the left image is an example of the whole image encrypted and the right image is an example of the region of interest being encrypted.
  • Fig. 7 is a block diagram of transform domain scrambling, (a) encoder and (b) decoder [0018]
  • Fig. 8 illustrates 8 x 8 DCT block scrambling.
  • the present invention relates to a digital imaging method, Secure JPEG, for providing security for systems using the JPEG standard that is essentially equivalent to the JPSEC standard.
  • Secure JPEG is an open and flexible standardized framework to provide secure JPEG images. Its goal is to allow the efficient integration and use of security services enabling a variety of security services such as confidentiality, integrity verification, source authentication or conditional access.
  • security JPEG aims at accomplishing for JPEG what JPSEC enables for JPEG 2000.
  • Secure JPEG provides three specific examples of security services. The first security service addresses integrity verification using a hash function to compute local digital signatures.
  • the second security service considers the use of encryption for confidentiality.
  • the third security service describes a scrambling technique.
  • the present invention is able to provide security services for the ever popular JPEG standard.
  • the present invention takes into account the fact that JPEG is still very important and will continue to be widely used in the foreseeable future.
  • the present invention, Secure JPEG provides a framework to secure images in
  • JPEG JPEG.
  • the goal is to make possible for JPEG the same security services that
  • JPSEC enables for JPEG 2000.
  • JPSEC JPEG 2000
  • JPEG 2000 is the newest standard for still image coding as set forth in A. Skodras, C. Christopoulos and T. Ebrahimi, "The JPEG 2000 Still Image Compression Standard", IEEE Signal Processing Magazine , vol. 18, no. 5, pp. 36-58, Sept. 2001 and D. Taubman and M. Marcellin, "JPEG 2000: Image Compression Fundamentals, Standards and Practice", Kluwer Academic Publishers, 2002, hereby incorporated by reference. It is based on a Discrete Wavelet Transform (DWT) and arithmetic coding. In addition to very high coding efficiency, JPEG 2000 provides a number of highly desirable features, such as
  • JPSEC Secure JPEG 2000 or JPSEC is discussed.
  • JPSEC is formally referred to as part 8 of JPEG 2000.
  • JPSEC has become an International Standard (IS) in
  • the framework is open and flexible, hence ensuring a straight
  • JPSEC enables the use of various tools supporting a number of security services including:
  • Integrity verification detection of manipulations to the image data (and/or the associated metadata) to verify its integrity. The integrity verification may also identify locations in the image data where the integrity is in doubt. There are two classes of integrity verification: image data integrity verification and image content integrity verification. In the first case, a bit exact verification of the image data is performed. In the second case, some minor alteration of image data results in success of the integrity verification as long as the alteration does not change the perceptual meaning of the image content. Integrity verification includes cryptographic methods such as Message Authentication Codes (MAC), digital signatures, cryptographic checksums or keyed hash, and watermarking.
  • MAC Message Authentication Codes
  • digital signatures digital signatures
  • cryptographic checksums or keyed hash and watermarking.
  • Source authentication verification of the identity of a user/party which generated a JPSEC stream. This includes methods such as digital signatures or Message Authentication Code (MAC).
  • MAC Message Authentication Code
  • Conditional access mechanisms to grant or restrict access to image data or parts of it. This allows for instance to view a low resolution (preview) of an image without being able to visualize a higher resolution.
  • ® Secure scalable streaming and secure transcoding methods such that a node can perform streaming and transcoding of JPSEC stream without requiring decryption or unprotecting the content.
  • An example is the case where protected JPEG 2000 content is streamed to a mid-network node or proxy that in turn transcodes the protected JPEG 2000 content in a manner that preserves end-to-end security.
  • Registered content identification registration of a JPSEC stream with a Registration Authority. This includes the matching of a claimed image data to the registered image data. For example, this could involve reading a file identifier (License Plate) placed inside the image metadata, and checking the coherence between this License Plate and the information that has been uploaded when the registration process was done in order to verify that the file corresponds to the identifier.
  • JPSEC framework This could involve reading a file identifier (License Plate) placed inside the image metadata, and checking the coherence between this License Plate and the information that has been uploaded when the registration process was done in order to verify that the file corresponds to the identifier.
  • JPSEC defines an open and flexible framework for secure imaging as illustrated in Fig. 1.
  • a JPSEC protector application provides a number of security services (e.g. confidentiality, integrity verification, source authentication,).
  • JPSEC protection tools e.g. encryption, digital signature,
  • the resulting JPSEC code-stream is generated by inserting in the stream the corresponding JPSEC syntax, signaling the JPSEC tools which have been used and how they have been applied to the image.
  • a JPSEC unprotector application applies the corresponding JPSEC unprotection tools (e.g. decryption, digital signature verification,). To do so, it has to parse and interpret the JPSEC syntax in order to identify the security services associated with the image data and the corresponding JPSEC tools required to process it.
  • JPSEC unprotection tools e.g. decryption, digital signature verification
  • the JPSEC tools fall into three categories: template tools, registration authority tools and user-defined tools.
  • Template tools address well-known cryptographic methods. A number of templates are defined in order to specify method specific parameters.
  • the decryption template and authentication template are illustrated in Table 1 and 2, respectively.
  • the syntax contains all the required information relative to the protection tool and how it has been applied. It is therefore sufficient to enable a JPSEC application to unprotect the image data.
  • Registration authority tools are registered with the JPSEC Registration Authority (RA). Upon registration, a tool is assigned a unique identification number or ID. In this case, the syntax contains the ID along with private parameters.
  • a JPSEC application may have to query the JPSEC RA in order to get a description of the tool and be able to unprotect or authenticate the image data.
  • User-defined tools correspond to proprietary tools defined by users. These tools are signaled using reserved IDs, however uniqueness is not guaranteed and ID collision may therefore occur. Both registration authority and user- defined tools support the use of proprietary protection tools, and make provisions for future expansion.
  • JPSEC defines a normative code-stream syntax which specifies the information required for interpreting a secure image data.
  • the syntax signals which security services are associated with the image data, which JPSEC tools are required in order to fulfill the corresponding services, and which parts of the image data are protected.
  • JPSEC has introduced two new marker segments, SEC and INSEC.
  • SEC marker segment is present in the Main Header and is mandatory. It gives overall information about the security tools which have been applied to secure the image. More specifically, SEC indicates the JPSEC tools used to secure the image, along with some parameters referring to the technique used. Among other things, these parameters can indicate which parts of the code-stream have been secured.
  • the INSEC marker segment provides with an additional method to transmit parameters for one of the security tools declared in SEC, in order to complement the information in Main Header. It can be placed anywhere in the code-stream data and is optional.
  • JPSEC also defines a normative process for registering security tools with the JPSEC RA.
  • the specific tools to secure an image are out of the scope of JPSEC. Instead, JPSEC gives informative examples of security tools in typical use cases, along with guidelines on how to implement security services.
  • JPSEC JPSEC standard was developed as a secure digital imaging standard for JPEG 2000. Notwithstanding, JPEG is the most widely used standard for still image coding It is based on a Discrete Cosine Transform (DCT) and Huffman entropy coding.
  • DCT Discrete Cosine Transform
  • the present invention provides a framework to secure JPEG images offering similar services as those in JPSEC .
  • JPSEC is an open and flexible framework to enable the efficient integration and use of security tools supporting security services, such as content protection and data integrity verification.
  • Secure JPEG accomplishes for JPEG what JPSEC is enabling for JPEG 2000.
  • the framework is designed in such a way that it does not interfere with baseline JPEG decoders unaware of such an extension.
  • a new marker segment is used containing information similar to the JPSEC SEC marker segment. This marker segment is present in the Frame Header of the JPEG code-stream.
  • the syntax used can be either similar to that defined by JPSEC, or equivalent such as XML description of the same information.
  • Integrity verification is used to guarantee the truthfulness of the image data.
  • bit exact verification is considered.
  • the present invention is a technique applied in the transform-domain based on a hash function and digital signature. More specifically, the DCT coefficients are hashed using SHA-1 , as described in detail in FIPS PUB 180-1 , "Secure Hash Standard (SHS)", NIST, April 1995, generating a 160-bit hash value. The latter is then encrypted by a public-key encryption such as RSA , for example, as described in RJ_. Rivest, A. Shamir, and L.M. Adleman, "A method for obtaining digital signatures and public-key cryptosystems", Communications of the ACM, vol.
  • a single digital signature for the whole image allows for the verification of its integrity.
  • multiple digital signatures can be computed. For instance, a digital signature could be generated for each 8 x 8 DCT block. However, this may result in a very large number of digital signatures, and henceforth a large number of added bytes resulting in a non-negligible increase of the overall bit-rate.
  • a digital signature can be generated for each macroblock, where a macroblock is composed of several DCT blocks. An example is illustrated in Fig. 2. The shape of a macroblock can be either chosen by default, or signaled by appropriate syntax in the header of the image.
  • the hash value applied to a marcroblock can be performed on a subset of the elements and signaled at the header to the decoder. For example, to add some degree of robustness, only the most significant bits of the quantized coefficients or those of the lower frequency are selected to be hashed.
  • Fig. 3 shows an original image and a tampered version. Integrity verification is performed on macroblocks composed of 100 DCT blocks, corresponding to square shaped regions of 80 x 80 pixels. By comparing the hash values obtained from the original and tampered images, it is possible to identify the attack in the upper left 160 x 80 pixels.
  • AES encryption may be considered, for example, as described in detail in FIPS PUB 197, "Advanced Encryption Standard (AES)", NfST, November 2001 , hereby incorporated by reference.
  • the encryption can be applied on the whole image, or alternatively on Regions of Interest (ROI) by restricting the encryption to selected DCT blocks as shown in Fig. 5.
  • ROI Regions of Interest
  • the information about the shape of ROI is signaled to decoder by using an appropriate syntax, and by insertion of the information in the header of the JPEG image.
  • Fig. 6 shows two examples where an entire image or an ROI is encrypted.
  • the shape of the encrypted region is restricted to match the 8x8 DCT blocks boundaries, and signaled to the decoder by means of an XML description inserted in the header of the JPEG image
  • image and video data are characterized by a very high bit rates and a low commercial value.
  • conventional encryption techniques entail a significant complexity increase and are therefore not optimal.
  • Scrambling is an attractive alternative to protect image and video content while keeping complexity very low.
  • a scrambling technique for JPEG is considered. Scrambling can be effectively applied on the quantized DCT coefficients as illustrated in Fig. 7 (a).
  • authorized users perform unscrambling of the coefficients resulting from entropy decoding as depicted in Fig. 7(b). This allows for a fully reversible process for authorized users.
  • the scrambling consists in pseudo-randomly inverting the sign of quantized coefficients, as depicted in Fig. 8Error! Reference source not found.. The pseudo-random noise introduced in this way guarantee confidentiality.
  • the amount of scrambling can be adjusted by restricting the scrambling to fewer coefficients.
  • the scrambling can be applied on the whole image, or alternatively on ROI by restricting the scrambling to selected DCT blocks.
  • the technique requires negligible computational complexity.
  • the shape of ROI is inserted in the header of the JPEG image and signaled to the decoder.
  • Other extensions than flipping sign bits can be considered, such as flipping of least significant, or most significant bits of the quantized coefficients.
  • PRNG Pseudo Random Number Generator
  • the SHA1 PRNG algorithm is considered , for example, as described at http://java.sun.eom/j2se/1.5.0/docs/guide/security/CryptoSpec.html, Java Cryptography Architecture API - Specification and Reference, with a 64-bit seed.
  • multiple seeds can be used.
  • Fig. 9 shows an example when either the whole image or a ROI is scrambled.
  • all 64 coefficients (DC+AC) of a block are scrambled, whereas in the second case, only the 63 AC coefficients are scrambled.
  • the shape of the scrambled region is restricted to match the 8x8 DCT blocks boundaries.

Abstract

A digital imaging method, Secure JPEG, is disclosed for providing security for systems using the JPEG standard that is essentially equivalent to the JPSEC standard. Secure JPEG is an open and flexible standardized framework to secure JPEG images. Its goal is to allow the efficient integration and use of security tools enabling a variety of security services such as confidentiality, integrity verification, source authentication or conditional access. In other words, Secure JPEG aims at accomplishing for JPEG what JPSEC enables for JPEG 2000. Secure JPEG provides three specific examples of security services. The first security service addresses integrity verification using a hash function to compute local digital signatures. The second security service considers the use of encryption for confidentiality. Finally, the third security service describes a scrambling technique. As such, the present invention is able to provide security for the ever popular JPEG standard.

Description

Secure JPEG CROSS REFERENCE TO RELATED APPLICATIONS
The present application claims priority to and the benefit of US Provisional Patent Application No. 60/822,064, filed on Aug. 10, 2006, hereby incorporated by reference.
BACKGROUND OF THE INVENTION
1. Field of the Invention
[0001] The present invention relates to a digital imaging method and more particularly to a digital imaging method that takes advantage of the widespread use and popularity of systems configured for use with the JPEG digital imaging standard while providing security services essentially equivalent to the JPSEC standard.
2. Description of the Prior Art
[0002] Various digital imaging systems are known in the art. As used herein, such digital imaging systems are defined to include video conferencing, video telephony and Internet video chat systems which are capable of one and two way communication of live video content between two or more participants. Such digital imaging systems are also include video surveillance systems. [0003] Such digital imaging systems are known to be used in a myriad of applications. For example, chat rooms are very popular on the Internet. Besides its ease and convenience to communicate, part of its appeal resides in the anonymity it provides. Thanks to technological advances, many chat room applications, such as Yahoo Messenger and MSN Messenger, now offer the possibility of a video link in order to enhance the communication. The video provides a desirable sense of human contact. Other applications include video conferencing as described in detail in US Patent No. 5,867,494 and US Patent Application Publication No. US 2004/0008635 A1 , hereby incorporated by reference. US Patent No. 6,665,389 B1 discloses the use of video conferencing for an interactive dating service.
[0004] The success of digital imaging applications nowadays is in part due to the development of effective standards, such as JPEG, as set forth in G. K. Wallace, "The JPEG Still Picture Compression Standard", Communications of the ACM, vol. 34, no. 4, pp. 31-44, 1991 and W.B. Pennebaker and J. L. Mitchell, "JPEG: Still Image Data Compression Standard", Van Nostrand Reinhold, New York, 1993, hereby incorporated by reference and the JPEG 2000 standard, for example , as set forth in A. Skodras, C. Christopoulos and T. Ebrahimi "The JPEG 2000 Still Image Compression Standard", IEEE Signal Processing Magazine , vol. 18, no. 5, pp. 36-58, Sept. 2001 and D. Taubman and M. Marcellin, "JPEG 2000: Image Compression Fundamentals, Standards and Practice", Kluwer Academic Publishers, 2002, hereby incorporated by reference. [0005] As one of the very early standards, the JPEG standard enjoyed a huge success thanks to its good efficiency and low complexity. It is still pervasively used today in many applications. JPEG 2000 is the latest standard for still image coding. In addition to a very efficient image compression scheme, JPEG 2000 also offers new compelling functionalities required by multimedia applications, such as progressive transmission up to lossless coding, seamless scalability, region of interest coding, and error resilience. Even though JPEG 2000 outperforms JPEG in terms of compression, JPEG is still the most popular format for digital imaging.
[0006] Hand in hand with the universal spreading of digital imaging applications, the issue of secure imaging has arisen. Indeed, with the ease to manipulate digital images and to copy and distribute them at negligible cost, content protection, authentication and data integrity are becoming important concerns. [0007] Recognizing that security is a major issue in many imaging applications, JPEG initiated a new standard, known as Secure JPEG 2000 or JPSEC , as set forth in J. Apostolopoulos, S. Wee, F. Dufaux, T. Ebrahimi, Q. Sun, and Z. Zhang, "The Emerging JPEG 2000 Security (JPSEC) Standard", in IEEE Proc. Int. Symp. on Circuits and Systems (ISCAS), Island of Kos, Greece, May 2006 and "JPSEC Final Draft International Standard", ISO/IEC JTC1/SC29/WG1/N3820, Nov. 2005, hereby incorporated by reference, which became an International Standard in 2006. The purpose of JPSEC is to provide a framework for secure imaging using JPEG 2000.
[0008] Despite the fact that devices configured for the JPEG 2000 standard out perform similar devices using the JPEG standard, the JPEG standard is and continues to be favored and in widespread use. Unfortunately, the JPEG standard, heretofore did not offer any security services. With the ever increasing trend toward secure digital imaging and the popularity of the JPEG standard, there is a need for a JEPEG compatible video imaging system that can be used for secure digital imaging.
SUMMARY OF THE INVENTION
[0009] Briefly, the present invention relates to a digital imaging method, Secure JPEG, for providing security services for systems using the JPEG standard. Secure JPEG is essentially equivalent to the JPSEC standard and is an open and flexible standardized framework to provide secure JPEG images. Its goal is to allow the efficient integration and use of security tools enabling a variety of security services, such as confidentiality, integrity verification, source authentication or conditional access. In other words, Secure JPEG aims at accomplishing for JPEG what JPSEC enables for JPEG 2000. Secure JPEG provides three specific examples of security services. The first security service addresses integrity verification using a hash function to compute local digital signatures. The second security service considers the use of encryption for confidentiality. Finally, the third security service describes a scrambling technique. As such, the present invention is able to provide security for the ever popular JPEG standard.
■DESCRIPTION OF THE DRAWING
[0010] These and other advantages of the present invention will be readily understood with reference to the following specification and attached drawing wherein: [0011] Fig. 1 is a generalized block diagram of the JPSEC framework. [0012] Fig. 2 is an example block illustrating Macroblock-based integrity verification.
[0013] Fig. 3 is an example of integrity verification illustrating on the top left top left: the original image, top right: tampered image, and the bottom: macroblock- based digital signature verification..
[0014] Fig. 4 is a block diagram of a Transform-domain encryption: (a) encoder and (b) decoder.
[0015] Fig. 5 is an example of 8 x 8 block encryption
[0016] Fig. 6 is an example of AES transform domain encryption in which the left image is an example of the whole image encrypted and the right image is an example of the region of interest being encrypted.
[0017] Fig. 7 is a block diagram of transform domain scrambling, (a) encoder and (b) decoder [0018] Fig. 8 illustrates 8 x 8 DCT block scrambling.
DETAILED DESCRIPTION
[0019] The present invention relates to a digital imaging method, Secure JPEG, for providing security for systems using the JPEG standard that is essentially equivalent to the JPSEC standard. Secure JPEG is an open and flexible standardized framework to provide secure JPEG images. Its goal is to allow the efficient integration and use of security services enabling a variety of security services such as confidentiality, integrity verification, source authentication or conditional access. In other words, Secure JPEG aims at accomplishing for JPEG what JPSEC enables for JPEG 2000. Secure JPEG provides three specific examples of security services. The first security service addresses integrity verification using a hash function to compute local digital signatures.
The second security service considers the use of encryption for confidentiality.
Finally, the third security service describes a scrambling technique. As such, the present invention is able to provide security services for the ever popular JPEG standard.
[0020] The present invention takes into account the fact that JPEG is still very important and will continue to be widely used in the foreseeable future. The present invention, Secure JPEG, provides a framework to secure images in
JPEG. The goal is to make possible for JPEG the same security services that
JPSEC enables for JPEG 2000.
[0021] In order to fully appreciate the invention, the existing JPSEC standard is discussed first for comparison. Next, the Secure JPEG is discussed along with three specific use cases dealing with integrity verification, encryption and scrambling.
OVERVIEW OF SECURE JPEG 2000 (JPSEC)
[0022] JPEG 2000 is the newest standard for still image coding as set forth in A. Skodras, C. Christopoulos and T. Ebrahimi, "The JPEG 2000 Still Image Compression Standard", IEEE Signal Processing Magazine , vol. 18, no. 5, pp. 36-58, Sept. 2001 and D. Taubman and M. Marcellin, "JPEG 2000: Image Compression Fundamentals, Standards and Practice", Kluwer Academic Publishers, 2002, hereby incorporated by reference. It is based on a Discrete Wavelet Transform (DWT) and arithmetic coding. In addition to very high coding efficiency, JPEG 2000 provides a number of highly desirable features, such as
seamless progressive transmission by resolution or quality, lossy to lossless
compression, random code-stream access and processing, continuous-tone and
bi-level compression, and region of interest coding.
[0023] In order to more fully understand the invention, the current status of
Secure JPEG 2000 or JPSEC is discussed. JPSEC is formally referred to as part 8 of JPEG 2000. JPSEC has become an International Standard (IS) in
2006, and extends the baseline JPEG 2000 specifications to provide a standardized framework for secure imaging. This framework enables the
efficient integration and use of the tools needed to secure digital images, such
as content protection, data integrity check, authentication, and conditional access control. The framework is open and flexible, hence ensuring a straight
path for future extensions
Scope
[0024] JPSEC enables the use of various tools supporting a number of security services including:
• Confidentiality: transformation of the image data (and/or the associated metadata) into an encrypted/ciphered form that conceals its original content. This includes selective encryption meaning that only parts of the image data are encrypted.
• Integrity verification: detection of manipulations to the image data (and/or the associated metadata) to verify its integrity. The integrity verification may also identify locations in the image data where the integrity is in doubt. There are two classes of integrity verification: image data integrity verification and image content integrity verification. In the first case, a bit exact verification of the image data is performed. In the second case, some minor alteration of image data results in success of the integrity verification as long as the alteration does not change the perceptual meaning of the image content. Integrity verification includes cryptographic methods such as Message Authentication Codes (MAC), digital signatures, cryptographic checksums or keyed hash, and watermarking.
* Source authentication: verification of the identity of a user/party which generated a JPSEC stream. This includes methods such as digital signatures or Message Authentication Code (MAC).
• Conditional access: mechanisms to grant or restrict access to image data or parts of it. This allows for instance to view a low resolution (preview) of an image without being able to visualize a higher resolution.
® Secure scalable streaming and secure transcoding: methods such that a node can perform streaming and transcoding of JPSEC stream without requiring decryption or unprotecting the content. An example is the case where protected JPEG 2000 content is streamed to a mid-network node or proxy that in turn transcodes the protected JPEG 2000 content in a manner that preserves end-to-end security.
» Registered content identification: registration of a JPSEC stream with a Registration Authority. This includes the matching of a claimed image data to the registered image data. For example, this could involve reading a file identifier (License Plate) placed inside the image metadata, and checking the coherence between this License Plate and the information that has been uploaded when the registration process was done in order to verify that the file corresponds to the identifier. JPSEC framework
[0025] JPSEC defines an open and flexible framework for secure imaging as illustrated in Fig. 1. A JPSEC protector application provides a number of security services (e.g. confidentiality, integrity verification, source authentication,...). In order to secure an image, it applies one or more JPSEC protection tools (e.g. encryption, digital signature,...). The resulting JPSEC code-stream is generated by inserting in the stream the corresponding JPSEC syntax, signaling the JPSEC tools which have been used and how they have been applied to the image.
[0026] Conversely, in order to unprotect and consume a JPSEC code-stream, a JPSEC unprotector application applies the corresponding JPSEC unprotection tools (e.g. decryption, digital signature verification,...). To do so, it has to parse and interpret the JPSEC syntax in order to identify the security services associated with the image data and the corresponding JPSEC tools required to process it.
[0027] The JPSEC tools fall into three categories: template tools, registration authority tools and user-defined tools. Template tools address well-known cryptographic methods. A number of templates are defined in order to specify method specific parameters. The decryption template and authentication template are illustrated in Table 1 and 2, respectively. In this case, the syntax contains all the required information relative to the protection tool and how it has been applied. It is therefore sufficient to enable a JPSEC application to unprotect the image data. [0028] Registration authority tools are registered with the JPSEC Registration Authority (RA). Upon registration, a tool is assigned a unique identification number or ID. In this case, the syntax contains the ID along with private parameters. A JPSEC application may have to query the JPSEC RA in order to get a description of the tool and be able to unprotect or authenticate the image data. User-defined tools correspond to proprietary tools defined by users. These tools are signaled using reserved IDs, however uniqueness is not guaranteed and ID collision may therefore occur. Both registration authority and user- defined tools support the use of proprietary protection tools, and make provisions for future expansion.
Normative and informative parts
[0029] JPSEC defines a normative code-stream syntax which specifies the information required for interpreting a secure image data. The syntax signals which security services are associated with the image data, which JPSEC tools are required in order to fulfill the corresponding services, and which parts of the image data are protected.
[0030] More specifically, JPSEC has introduced two new marker segments, SEC and INSEC. The SEC marker segment is present in the Main Header and is mandatory. It gives overall information about the security tools which have been applied to secure the image. More specifically, SEC indicates the JPSEC tools used to secure the image, along with some parameters referring to the technique used. Among other things, these parameters can indicate which parts of the code-stream have been secured. [0031] The INSEC marker segment provides with an additional method to transmit parameters for one of the security tools declared in SEC, in order to complement the information in Main Header. It can be placed anywhere in the code-stream data and is optional. It uses the fact that the arithmetic decoder in JPEG 2000 stops reading bytes when it encounters a termination marker (i.e. two bytes with a value greater than OxFFδF). This interesting feature can be used to add extra bytes in the code-stream without affecting the syntax compliance.
Table 1 Decryption Template
Figure imgf000012_0001
Table 2 - Authentication Template
Figure imgf000013_0001
[0032] JPSEC also defines a normative process for registering security tools with the JPSEC RA. The specific tools to secure an image are out of the scope of JPSEC. Instead, JPSEC gives informative examples of security tools in typical use cases, along with guidelines on how to implement security services.
SECURE JPEG
[0033] The JPSEC standard was developed as a secure digital imaging standard for JPEG 2000. Notwithstanding, JPEG is the most widely used standard for still image coding It is based on a Discrete Cosine Transform (DCT) and Huffman entropy coding.
[0034] The present invention provides a framework to secure JPEG images offering similar services as those in JPSEC . JPSEC is an open and flexible framework to enable the efficient integration and use of security tools supporting security services, such as content protection and data integrity verification. As an extension of JPEG, Secure JPEG accomplishes for JPEG what JPSEC is enabling for JPEG 2000. The framework is designed in such a way that it does not interfere with baseline JPEG decoders unaware of such an extension. [0035] In order to signal overall information about the security tools used to protect the image, a new marker segment is used containing information similar to the JPSEC SEC marker segment. This marker segment is present in the Frame Header of the JPEG code-stream. The syntax used can be either similar to that defined by JPSEC, or equivalent such as XML description of the same information.
[0036] Three specific examples of security services for JPEG are described below addressing : integrity verification, encryption and scrambling, which exploit the elements of the framework proposed
Use case - Integrity Verification
[0037] Integrity verification is used to guarantee the truthfulness of the image data. In this use case, bit exact verification is considered. More specifically, the present invention is a technique applied in the transform-domain based on a hash function and digital signature. More specifically, the DCT coefficients are hashed using SHA-1 , as described in detail in FIPS PUB 180-1 , "Secure Hash Standard (SHS)", NIST, April 1995, generating a 160-bit hash value. The latter is then encrypted by a public-key encryption such as RSA , for example, as described in RJ_. Rivest, A. Shamir, and L.M. Adleman, "A method for obtaining digital signatures and public-key cryptosystems", Communications of the ACM, vol. 21 , no. 2, pp. 120-126, 1978, hereby incorporated by reference, to generate a digital signature. The digital signature is then inserted in the code-stream, in the image header. Obviously, other hash functions and encryption algorithms could be used as well. At the decoder side, new hash values are computed from the code-stream and compared with those decrypted from the code-stream. An attack is detected when the digital signature is missing or when a hash value is not equal to the decrypted one. This integrity verification is performed for each macroblock, enabling to locate a potential attack.
[0038] Computing a single digital signature for the whole image allows for the verification of its integrity. In order to be able to identify locations in the image data where the integrity is in doubt, multiple digital signatures can be computed. For instance, a digital signature could be generated for each 8 x 8 DCT block. However, this may result in a very large number of digital signatures, and henceforth a large number of added bytes resulting in a non-negligible increase of the overall bit-rate. As a compromise, a digital signature can be generated for each macroblock, where a macroblock is composed of several DCT blocks. An example is illustrated in Fig. 2. The shape of a macroblock can be either chosen by default, or signaled by appropriate syntax in the header of the image. Likewise, the hash value applied to a marcroblock can be performed on a subset of the elements and signaled at the header to the decoder. For example, to add some degree of robustness, only the most significant bits of the quantized coefficients or those of the lower frequency are selected to be hashed. [0039] Fig. 3 shows an original image and a tampered version. Integrity verification is performed on macroblocks composed of 100 DCT blocks, corresponding to square shaped regions of 80 x 80 pixels. By comparing the hash values obtained from the original and tampered images, it is possible to identify the attack in the upper left 160 x 80 pixels.
Use case - Encryption
[0040] The use of encryption for confidentiality is another example. One approach is to encrypt the compressed code-stream. However, the resulting encrypted code-stream will usually no longer conform to the syntax as defined by JPEG standard, hence crashing standard decoders. An alternative and preferred approach is to apply encryption in the transform-domain. Transform domain encoding is described in detail CLARKE, RJ.: 'Transform coding of images' (Academic Press, 1985), hereby incorporated by reference. More specifically, encryption is applied on the quantized DCT coefficients and before entropy coding, as illustrated in Fig. 4 . Authorized decoders are able to decrypt the code-stream and recover the original data. AES encryption may be considered, for example, as described in detail in FIPS PUB 197, "Advanced Encryption Standard (AES)", NfST, November 2001 , hereby incorporated by reference.
[0041] The encryption can be applied on the whole image, or alternatively on Regions of Interest (ROI) by restricting the encryption to selected DCT blocks as shown in Fig. 5. The information about the shape of ROI is signaled to decoder by using an appropriate syntax, and by insertion of the information in the header of the JPEG image.
[0042] Fig. 6 shows two examples where an entire image or an ROI is encrypted. The shape of the encrypted region is restricted to match the 8x8 DCT blocks boundaries, and signaled to the decoder by means of an XML description inserted in the header of the JPEG image
Use case - Scrambling
[0043] When compared to other types of information (e.g. banking data, confidential documents), image and video data are characterized by a very high bit rates and a low commercial value. In this case, conventional encryption techniques, entail a significant complexity increase and are therefore not optimal.
[0044] Scrambling is an attractive alternative to protect image and video content while keeping complexity very low. In this use case, a scrambling technique for JPEG is considered. Scrambling can be effectively applied on the quantized DCT coefficients as illustrated in Fig. 7 (a). At the decoder side, authorized users perform unscrambling of the coefficients resulting from entropy decoding as depicted in Fig. 7(b). This allows for a fully reversible process for authorized users.The scrambling consists in pseudo-randomly inverting the sign of quantized coefficients, as depicted in Fig. 8Error! Reference source not found.. The pseudo-random noise introduced in this way guarantee confidentiality. The amount of scrambling can be adjusted by restricting the scrambling to fewer coefficients. The scrambling can be applied on the whole image, or alternatively on ROI by restricting the scrambling to selected DCT blocks. As the scrambling is merely flipping signs of selected coefficients, the technique requires negligible computational complexity. As in the previous case, the shape of ROI is inserted in the header of the JPEG image and signaled to the decoder. Other extensions than flipping sign bits can be considered, such as flipping of least significant, or most significant bits of the quantized coefficients. A Pseudo Random Number Generator (PRNG) initialized by a seed value is used to drive the scrambling process. In this use case, the SHA1 PRNG algorithm is considered , for example, as described at http://java.sun.eom/j2se/1.5.0/docs/guide/security/CryptoSpec.html, Java Cryptography Architecture API - Specification and Reference, with a 64-bit seed. In order to improve the security of the system, multiple seeds can be used. To communicate the seed values to authorized users, they are encrypted using RSA and inserted in the code-stream.
[0045] Fig. 9 shows an example when either the whole image or a ROI is scrambled. In the first case, all 64 coefficients (DC+AC) of a block are scrambled, whereas in the second case, only the 63 AC coefficients are scrambled. The shape of the scrambled region is restricted to match the 8x8 DCT blocks boundaries.
[0046] Obviously, many modifications and variations of the present invention are possible in light of the above teachings. Thus, it is to be understood that, within the scope of the appended claims, the invention may be practiced otherwise than as specifically described above. [0047] What is claimed and desired to be secured by a Letters Patent of the
United States is:

Claims

CLAIMS We claim:
1. A method for providing secure digital imaging, the method comprising the steps:
(a) providing a digital imaging system based upon the JPEG standard; and
(b) adding security services to said JPEG digital imaging system to create a secure JPEG digital imaging system.
PCT/IB2007/004411 2006-08-10 2007-08-10 Secure jpeg WO2008068640A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US82206406P 2006-08-10 2006-08-10
US60/822,064 2006-08-10

Publications (2)

Publication Number Publication Date
WO2008068640A2 true WO2008068640A2 (en) 2008-06-12
WO2008068640A3 WO2008068640A3 (en) 2008-10-23

Family

ID=39492696

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/004411 WO2008068640A2 (en) 2006-08-10 2007-08-10 Secure jpeg

Country Status (1)

Country Link
WO (1) WO2008068640A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010044014A1 (en) * 2008-10-14 2010-04-22 Koninklijke Philips Electronics N.V. Content item identifier

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1282074A2 (en) * 2001-07-20 2003-02-05 Seiko Epson Corporation Standards compliant watermarking for access management

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1282074A2 (en) * 2001-07-20 2003-02-05 Seiko Epson Corporation Standards compliant watermarking for access management

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
FUJII H ET AL: "PARTIAL-SCRAMBLING OF INFORMATION" JAPAN TELECOMMUNICATION REVIEW, TELECOMMUNICATIONS ASSOCIATION. TOKYO, JP, vol. 11, no. 1, 1 January 1999 (1999-01-01), pages 116-123, XP000804414 ISSN: 0915-2334 *
SUN Q ET AL: "A robust and secure media signature scheme for JPEG images" JOURNAL OF VLSI SIGNAL PROCESSING SYSTEMS FOR SIGNAL, IMAGE, AND VIDEO TECHNOLOGY KLUWER ACADEMIC PUBLISHERS NETHERLANDS, vol. 41, no. 3, November 2005 (2005-11), pages 305-317, XP002489160 ISSN: 0922-5773 *
TAO CHEN ET AL: "Combined digital signature and digital watermark scheme for image authentication" 2001 INTERNATIONAL CONFERENCES ON INFO-TECH AND INFO-NET. PROCEEDINGS (CAT. NO.01EX479) IEEE PISCATAWAY, NJ, USA, vol. 5, 2001, pages 78-82 vol.5, XP002489161 ISBN: 0-7803-7010-4 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010044014A1 (en) * 2008-10-14 2010-04-22 Koninklijke Philips Electronics N.V. Content item identifier
CN102187366A (en) * 2008-10-14 2011-09-14 皇家飞利浦电子股份有限公司 Content item identifier
JP2012505486A (en) * 2008-10-14 2012-03-01 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Content item identifier
US8831272B2 (en) 2008-10-14 2014-09-09 Koninklijke Philips N.V. Content item identifier

Also Published As

Publication number Publication date
WO2008068640A3 (en) 2008-10-23

Similar Documents

Publication Publication Date Title
Dufaux et al. Toward a secure JPEG
Lian et al. Commutative encryption and watermarking in video compression
KR101321971B1 (en) Method, apparatus and system for secure distribution of content
Thanh et al. An image zero-watermarking algorithm based on the encryption of visual map feature with watermark information
US20050193206A1 (en) Digital watermarking system using a cryptographic key
Zhu et al. Encryption and authentication for scalable multimedia: Current state of the art and challenges
Dufaux et al. JPSEC for secure imaging in JPEG 2000
Sun et al. A secure and robust authentication scheme for video transcoding
Tew et al. Separable authentication in encrypted HEVC video
Lian Quasi-commutative watermarking and encryption for secure media content distribution
US11259057B2 (en) Methods, devices and system for generating a watermarked stream
Hong et al. The study of selective encryption of motion vector based on the S-Box for the security improvement in the process of video
US7577842B2 (en) Methods of scrambling and unscrambling a video signal, a system, an encoder, a decoder, a broadcast server, and a data medium for implementing the methods
Lin et al. An overview of security issues in streaming video
WO2008068640A2 (en) Secure jpeg
Babel et al. Preserving data integrity of encoded medical images: the LAR compression framework
Fonteneau et al. A hierarchical selective encryption technique in a scalable image codec
Emmanuel et al. Copyright protection for MPEG-2 compressed broadcast video
Watanabe et al. A scalable encryption method allowing backward compatibility with JPEG2000 images
Babu et al. A reversible crypto-watermarking system for secure medical image transmission
Hou et al. Integrating fingerprint with cryptosystem for internet‐based live pay‐TV system
Li Perceptual encryption of digital images and videos
Kaur et al. High Capacity Data Embedding System in DCT domain for Colored Images
Bodo et al. Video waterscrambling: Towards a video protection scheme based on the disturbance of motion vectors
Lian et al. Multimedia data encryption in block-based codecs

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: DE

NENP Non-entry into the national phase in:

Ref country code: RU

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC - EPO FORM 1205A OF 18.05.2009

122 Ep: pct application non-entry in european phase

Ref document number: 07870446

Country of ref document: EP

Kind code of ref document: A2