0 A Novel Access Control Scheme for Multimedia Content with Modified Hash Chain

With the continuing growth in network technology, the exchange of digital images and audio as well as text has become very common regardless of whether the digital content is used for commercial purpose or not. Since such digital content is easily duplicated and re-distributed, protecting copyrights and privacy is an important issue. For the protection of digital content, access control based on naïve encryption (encrypting the whole content) (1) or media-aware encryption (2–6) has been studied widely.


Introduction
With the continuing growth in network technology, the exchange of digital images and audio as well as text has become very common regardless of whether the digital content is used for commercial purpose or not.Since such digital content is easily duplicated and re-distributed, protecting copyrights and privacy is an important issue.For the protection of digital content, access control based on naïve encryption (encrypting the whole content) (1) or media-aware encryption (2)(3)(4)(5)(6) has been studied widely.
A simple and straightforward way to realize versatile access control for multimedia content, consisting of several kinds of media to which several entities belong, is encrypting each entity individually.This approach, however, has to manage a large number of keys, given the large number of entities in multimedia content.
Scalable access control schemes have been proposed (2)(3)(4)(5)(6) for JPEG 2000 (7) coded images and/ or MPEG-4 fine granularity scalability (8) coded videos.These schemes control access to entities corresponding to hierarchical scalability assigned by coding technologies, so that the user can obtain an image or a video at the permitted quality from one common codestream.Hash chain (9; 10) has also been introduced to several schemes for reduction of managed keys and the keys delivered to each user (3)(4)(5)(6).
Although a hash chain-based access control scheme has been proposed for multimedia content (11), the number of managed keys and that of delivered keys increase, depending on the kinds of media in the content.
In this chapter, we introduce an efficient access control scheme for multimedia content.The scheme assumes that multimedia content consists of several media and there is a scalable hierarchy on the quality in each or one medium.By introducing modified hash chains (MHCs), the number of managed keys is reduced to one and the number of delivered keys is also less than the conventional scheme (11).When a scalable hierarchy is in only one medium, the delivered key is particularly reduced to one.The managed key is not delivered to any user, providing security against key leakage.This scheme is also resilient to collusion attacks, in which malicious users illegally access the multimedia content at higher quality than that allowed by their access rights.This chapter is organized as follows.Section 2 mentions the conventional access control scheme for multimedia content and summarizes the requirements for access control.The new scheme is described in Section 3 and Section 4, and is analyzed in Section 5. Finally, conclusions are drawn in Section 6.

Access control for multimedia content
This section briefly describes the conventional access control scheme for multimedia content (11), and summarizes the requirements for access control to clarify the aim of this work.

Conventional scheme (11)
The conventional scheme (11) assumes that multimedia content consists of M different media (image, video, audio, text, and so on), in each of which a scalable hierarchy (image/video resolution, frame rate, audio quality, etc) exists; In the text medium, the appearing order of paragraphs has its own meaning, and it is referred to as a semantic hierarchy.The scheme uses a symmetric encryption technique.
For a particular multimedia content consisting of M different media, this scheme manages M keys.Figure 1 shows an example of multimedia content where M = 2.For the m-th medium where m = 1, 2, . . ., M, all encryption keys are derived from managed key K 1 m .E n c r y p t i o n keys K d m m 's are derived through an ordinary hash chain (OHC) (9) as where H α (β) represents a cryptographic one-way hash function H(•) applied to β recursively α times, and D m represents the number of entities in the medium, i.e., the depth of the scalable hierarchy.The d m -th entity in the m-th medium is encrypted with its corresponding encryption key, K d m m .
Each user receives different set of M decryption keys due to which media/entities the user is allowed to access to, and also receives the common encrypted multimedia content.From the delivered keys, the user derives decryption keys K δ m m 's for accessible entities in accessible media through the same OHC as used in the encryption key derivation.That is, where K ∆ m m is the delivered key for the m-th medium.It is noted that decryption keys K δ m m 's are the same as encryption keys K d m m 's.By using ∆ m decryption keys, the user decrypts ∆ m entities from the first entity to the ∆ m -th entity.
AuserwhoreceivesK D m +1 m cannot access any entities in the m-th medium, because one-way property of H(•) prevents the user to derive any other valid keys for the m-th medium of the multimedia content.The conventional scheme introduced this unusable key concept in order to cope with medium-based access control.

Requirements
We describe three requirements for access control of multimedia content, i.e., • reduction of managed keys and delivered keys, • protection of managed key, • collusion attack resilience.
As mentioned in the previous section, the conventional scheme (11) encrypts entities in a medium independently of those in other media.This feature of the conventional scheme requires to manage and deliver the same number of keys as media in the multimedia content, i.e., M keys are managed and M keys are delivered to a user for the multimedia content consisting of M different media.This conventional scheme employs a simple OHC (9) rather than cross-way hash trees (10).
The conventional scheme (11) delivers the managed keys to users who are allowed to access at least one medium at the highest quality.The managed keys should not be delivered to any users and should be protected against key leakage.
A collusion attack is made by multiple users to obtain multimedia content with higher quality than that allowed by their access rights.For example, when a user who is allowed to display images and another user who is allowed to read text paragraphs share their keys, they can also obtain audio coupled with images and text paragraphs.Access control schemes must be resilient to collusion attacks.
In the next section, we introduce a new access control scheme for multimedia content.This scheme manages only one key for a particular multimedia content and delivers less key to each user than the conventional method (11), regardless of which media/entities in the content the user can access.The single managed key is not delivered to any user.It is also resistant to collusion attack.

87
A Novel Access Control Scheme for Multimedia Content with Modified Hash Chain

Access control for multimedia content with multiple hierarchies (12)
First, we assume that multimedia content C consists of M media and each medium has a hierarchical structure; where G 1 m represents the m-th medium itself, and D m is the depth of the scalable hierarchy in the m-th medium.The complementary sets represent entities in medium G 1  m as and 6) ThisschemederiveskeysfromsinglemanagedkeyK C and encrypts multimedia content C by encrypting E d m m 's using those corresponding keys.
Fig. 2 shows an example conceptual diagram of the assumed multimedia content, where multimedia content C consists of three media, G 1 1 , G 1 2 ,a n dG 1 3 , i.e., M = 3, and the depths of each scalable hierarchy in medium G 1 m are four, three, and two (D 1 = 4, D 2 = 3, and

88
Multimedia -A Multidisciplinary Approach to Complex Issues www.intechopen.com G 256 kbps 128 kbps 64 kbps Video Audio Text Fig. 3.A practical example of multimedia content with a scalable hierarchy in each medium (the number of media M = 3 and the depths of each scalable hierarchy D 1 = 4, D 2 = 3, and For easy understanding, more practical example of Fig. 2 is given in Fig. 3. Multimedia content C in Fig. 3 consists of video G 1 1 ,a u d i oG 1  2 ,a n dt e x tG 1 3 , i.e., M = 3, and each medium has a scalable hierarchy, whose depths are four, three, and two, i.e., D 1 = 4, D 2 = 3, and D 3 = 2, respectively.

Key derivation using a MHC
In the example based on Fig. 3, access control is provided based not only on media, but also on each scalable hierarchy in each medium.Keys for encryption are derived as shown in Fig. 4, and each key is used to encrypt and decrypt the corresponding entity.For example, K E 1 1 is a key for entity E 1  1 which represents video frames decoded only at 120 frames per second (fps). and are also keys for audio E d 2 2 and text where H(•) is a cryptographic one-way hash function.Similarly, keys K E dm m 's are derived by where keys K E 0 respectively, where f (•) is a function with two inputs and one output in which the length of inputs and output are identical.A bitwise exclusive or (XOR) operation is a simple example of function f (•).As shown in Eq. ( 12) which represents a MHC introduced in this scheme, keys given previously are repeatedly used to derive another hash chain that is different from the OHC.The MHC is shown with dashed arrows in Fig. 4.

Encryption and decryption
Each entity E d m m is encrypted using each corresponding key K E dm m , and then, multimedia content C is opened to public.

User allowed to access three media
A user allowed to access the whole multimedia content receives three keys as shown in Fig. 5 (a).The user derives all keys needed to decrypt all entities, through OHCs.Each user allowed to access three media at arbitrary quality also receives three keys ,a n dK E d 3

3
. A user allowed to access each medium at the lowest quality, i.e., video at 15 fps, audio at 64 kbps, and translation data, receives three keys as shown in Fig. 5 (b).The user cannot, however, derive any keys from his/her delivered keys.

Video key
Audio key (a) A user whose delivered keys are ,and Video key Audio key Delivered keys (b) A user whose delivered keys are ,and Delivered keys Keys which can be derived

Video key
Audio key (c) A user whose delivered keys are Text key 4 Keys which can be derived

Delivered key
Video key Audio key (d) A user whose delivered key is K E 2 1 .Fig. 5. Delivered keys and derived keys for each user.

User allowed to access two media
Fig. 5 (c) shows an example user allowed to access two of the three media.In this example, the user can access video at 30 fps and audio at 128 kbps.The user receives two keys K E for audio, respectively.

User allowed to access a single medium
If a user can access only movie at 60 fps, the user receives single key K E 2 1 and derives keys K E 3 1 and K E 4 1 dependently as shown in Fig. 5 (d).Each user who can access a single medium receives single key In this scheme, the number of keys which a user receives is equal to the number of media which he/she can decode.Each user uses only OHCs to derive keys from the delivered keys.
,andK E 0 3 are not delivered to any user.

91
A Novel Access Control Scheme for Multimedia Content with Modified Hash Chain www.intechopen.com

Features
Three main features of the access control scheme are briefly summarized here.They have satisfied with the requirements described in Section 2.2.This scheme, introducing a MHC, has reduced the number of managed keys to one.The number of delivered keys is less than the conventional scheme (11) which manages and delivers the same number of keys as media in the multimedia content.
Each key for each entity is derived from the single managed key.The managed key is not delivered to any user.
The scheme using a MHC can prevent malicious users to collude to decode multimedia content at higher quality than that allowed by their access rights.As shown in Fig. 5, although keys are derived from delivered keys through OHCs, the OHCs are isolated from each other.This structure provides collusion attack resilience.
It is noted that any arbitrary function and key combination can be used for a MHC.In addition, it is noted that any arbitrary key assignment can be used to properly control access to the multimedia content.

Access control for multimedia content with a single hierarchy (13)
In this section, we assume that multimedia content C consists of M media and only medium G 1  1 has a hierarchical structure which the depth is D 1 ,as T h i ss c h e m ed e r i v e sk e y sf r o ms i n g l em a n a g e dk e yK C and encrypts multimedia content C by encrypting entities E d m m 's using those corresponding keys K E dm m 's.In addition, each user receives only a single key regardless of his/her access right.Fig. 6 shows an example conceptual diagram of the assumed multimedia content, where multimedia content C consists of three media, G 1  1 , G 1 2 ,a n dG 1 3 , i.e., M = 3, and the depth of the scalable hierarchy in medium G 1  1 is four (D 1 = 4), i.e., 4  1 are entities in medium G 1 1 .More practical example is given in Fig. 7. Multimedia content C in Fig. 7 consists of video, audio, and text, i.e., M = 3, and video is four-tiered, i.e., D 1 = 4, in terms of frame rates.In this example, G 1  1 is video, and it is playable in several frame rates; 120, 60, 30, and 15 fps.

Key derivation using MHCs
For multimedia content C shown in Fig. 7, keys for encryption are derived as shown in Fig. 8, and each key is used to encrypt and decrypt the corresponding medium/entity.K E 1 1 is a key for entity E 1  1 which represents video frames decoded only at 120 fps.
1 G E Fig. 6.An example of multimedia content conceptual diagram with a scalable hierarchy in the first medium (the number of media M = 3 and the depth of the scalable hierarchy D 1 = 4).
1 2 Fig. 7.A practical example of multimedia content with a scalable hierarchy in the first medium (the number of media M = 3 and the depth of the scalable hierarchy D 1 = 4). and are also keys for audio E 1 2 and text E 1  3 , respectively.It is noted that key K C is the single managed key.Firstly, keys K E d 1 1 are derived from the managed key K C as where H(•) is a cryptographic one-way hash function.Eq. ( 16) represents an OHC (9), and the OHC is shown with solid arrows in Fig. 8.

93
A Novel Access Control Scheme for Multimedia Content with Modified Hash Chain www.intechopen.comFig. 8. Key derivation to control access to the multimedia content shown in Fig. 7.All users who are allowed to access video with any frame rates can access audio medium.Users who are allowed to access video with 120 or 60 fps can also view text paragraphs.Solid arrows represent an OHC and dashed arrows represent MHCs.
Meanwhile, keys K E 1 2 and K E 1 3 are derived by MHCs.In this example, these keys are given as respectively, where f (•) is a function with two inputs and one output in which the inputs are the same length of the output.A simple example of function f (•) is a bitwise exclusive or (XOR) operation.As shown in Eqs. ( 17) and (18), keys given by Eq. ( 16) are repeatedly used to derive other hash chains that are different from the OHCs.The MHCs are shown with dashed arrows in Fig. 8.

Encryption and decryption
Each medium/entity E d m m is encrypted using corresponding key K E dm m , and multimedia content C is opened to public.

User allowed to access video, audio, and text
A user permitted to decode video frames at 120 or 60 fps receives shown in Figs. 9 (a) and (b).Eq. ( 16) is the same as The user can obtain K E d 1 1 (d 1 = 2, 3, 4) using an OHC in Eq. ( 19).

94
Multimedia -A Multidisciplinary Approach to Complex Issues

www.intechopen.com
Text key Audio key Video key Keys which can be derived Delivered key (a) A user whose delivered key is K E 1 1 .
Text key Keys which can be derived

Audio key Video key
Delivered key (b) A user whose delivered key is K E 2 1 .
Text key Keys which can be derived

Video key
Audio key Delivered key (c) A user whose delivered key is K E 3 1 .
Text key be derived

Key which can
Video key Audio key Delivered key (d) A user whose delivered key is K E 4 1 .
Text key Audio key Video key Delivered key (e) A user whose delivered key is K E 1 2 .
Text key Video key Audio key Delivered key (f) A user whose delivered key is K E 1 3 .Fig. 9.A single delivered key and derived keys for each user.for audio E 1 2 by Eq. ( 17) and play audio as well as the video.

User allowed to access audio
A user allowed to access only audio E 1 2 receives K E 1 2 asshowninFig.9(e).K E 1 2 is a key derived by Eq. ( 17).Any keys cannot be derived from K E 1 2 .

User allowed to access text
A user allowed to access only text E 1  3 receives is a key derived by Eq. ( 18).K E 1 3 can derive no other key.

Features
The following three features of the access control scheme have satisfied the requirements described in Section 2.2.
By introducing MHCs, the number of managed keys and that of delivered keys are reduces to one, respectively.In contrast, the conventional scheme (11) manages and delivers the same number of keys as media.
The single managed key is the basis of each key for each entity/medium.Any user do not receive the managed key.This scheme also prevents collusion attacks.Even if any of the users shown in Fig. 9 collude to access multimedia content at higher quality than that allowed by their access rights, they cannot access the content beyond their rights.
It is noted that any arbitrary function and key combination can be used for a MHC.In addition, it is noted that any arbitrary key assignment can be used to properly control access to the multimedia content.

Evaluation
The MHC-based scheme is evaluated by comparing with the conventional scheme (11) which uses only OHCs.Evaluation is given in terms of the number of managed keys and that of delivered keys, protection of managed keys, and collusion attack resilience.
Table 1 shows the results of comparisons.The MHC-based scheme manages only a single key regardless of both the number of media and the depths of each scalable hierarchy in each medium, whilst the conventional scheme must manage M keys, which is the same number Table 1.Comparisons in terms of the number of managed keys and that of delivered keys, protection of managed keys, and collusion attack resilience.
of media in the multimedia content.The MHC-based scheme delivers the same number of keys as accessible media, while the conventional scheme should deliver M keys in any case.
Particularly, when only a single medium has a hierarchical structure, the MHC-based scheme constantly delivers a single key to each user.
The single managed key is not delivered to any user in the MHC-based scheme, whereas the managed keys are delivered to users allowed to access at least one medium at the highest quality in the conventional scheme.The MHC-based scheme is also resilient to collusion attacks as the conventional scheme.The table brings out the effectiveness of the MHC-based scheme.

Conclusion
This chapter has introduced a new access control scheme for multimedia content, in which MHCs are employed.The scheme manages only a single key regardless of both the number of media and the depths of each scalable hierarchy in each medium.Each user also receives less keys than the conventional method.Particularly, when a hierarchical structure exists in only one medium, any user receives a single key.The single managed key is not delivered to any user, providing security against key leakage.This scheme also prevents collusion attacks, in which malicious users illegally access the multimedia content at higher quality than that allowed by their access rights.

Fig. 1 .
Fig. 1.An example of multimedia content (the number of media M = 2, the number of entities in the first medium D 1 = 4, and the number of entities in the second medium D 2 = 3).

Fig. 2 .
Fig. 2.An example of multimedia content conceptual diagram with a scalable hierarchy in each medium (the number of media M = 3 and the depths of each scalable hierarchy D 1 = 4, D 2 = 3, and D 3 = 2).

2 and K E 0 3 are
given in the next paragraph.Eq.(11) represents OHCs(9), and the OHCs are shown with solid arrows in Fig.4.89 A Novel Access Control Scheme for Multimedia Content with Modified Hash Chain www.intechopen.com

Fig. 4 . 2 and K E 0 3 are
Fig. 4. Key derivation to control access to the multimedia content shown in Fig. 3. Solid arrows represent OHCs and dashed arrows represent a MHC.Meanwhile, keys K E 0 2 and K E 0 3 are derived by a MHC.In this example, these keys are given as

96
Multimedia -A Multidisciplinary Approach to Complex Issues www.intechopen.comMHC-based Conventional (11) (OHC-based) The number of managed keys 1 M The number of delivered keys between 1 and M M Protection of managed keys Yes No Collusion attack resilience Yes Yes

2.2 User allowed to access video and audio
4.