Enabling Secure and Efficient Video Delivery Through Encrypted In-Network Caching

In-network content caching has been a natural trend in emerging network architectures to handle the exponential growth of video traffic. However, due to the potentially wide attacking surfaces, caching video content in the increasingly untrusted networked environment inevitably raises new concerns on user privacy exposure and unauthorized video access. Existing encrypted protocols like HTTPs either fall short of fully leveraging in-network caching or require decrypting the traffic in the middle without guaranteeing the end-to-end security. In this paper, we present a new networked system for efficient encrypted video delivery while preserving the benefits of in-network caching. As video chunks are encrypted before distribution, we first design a compact, efficient, yet encrypted video fingerprint index to empower the network with a fully controlled capability of locating the cached encrypted chunks for given encrypted requests. We then explain how to deploy the encrypted design in our proposed architecture and present a secure redundancy elimination protocol to enable fast video delivery via leveraging cached encrypted chunks. We further discuss the full support of cache management, adaptive video delivery, and video access control. Rigorous analysis and prototype evaluations demonstrate the security, efficiency, and effectiveness of the design.

[1]  Cong Wang,et al.  Enabling Encrypted Cloud Media Center with Secure Deduplication , 2015, AsiaCCS.

[2]  Christian Timmerer,et al.  Dynamic adaptive streaming over HTTP dataset , 2012, MMSys '12.

[3]  Diego Perino,et al.  ICN-RE: redundancy elimination for information-centric networking , 2012, ICN '12.

[4]  Satyajayant Misra,et al.  Secure content delivery in information-centric networks: design, implementation, and analyses , 2013, ICN '13.

[5]  Jörg Ott,et al.  On content-centric router design and implications , 2010, ReARCH '10.

[6]  David Wetherall,et al.  A protocol-independent technique for eliminating redundant network traffic , 2000, SIGCOMM.

[7]  Christopher Krügel,et al.  Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services , 2013, USENIX Security Symposium.

[8]  Robert H. Deng,et al.  Attribute-Based Access to Scalable Media in Cloud-Assisted Content Sharing Networks , 2013, IEEE Transactions on Multimedia.

[9]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[10]  Won So,et al.  Named data networking on a router: Fast and DoS-resistant forwarding with hash tables , 2013, Architectures for Networking and Communications Systems.

[11]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[12]  Jianping Wu,et al.  When HTTPS Meets CDN: A Case of Authentication in Delegated Service , 2014, 2014 IEEE Symposium on Security and Privacy.

[13]  Bengt Ahlgren,et al.  A survey of information-centric networking , 2012, IEEE Communications Magazine.

[14]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[15]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[16]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[17]  Bin Fan,et al.  Cuckoo Filter: Practically Better Than Bloom , 2014, CoNEXT.

[18]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[19]  Patrick Crowley,et al.  Named data networking , 2014, CCRV.

[20]  Ankit Singla,et al.  Information-centric networking: seeing the forest for the trees , 2011, HotNets-X.

[21]  Yi Sun,et al.  Trace-Driven Analysis of ICN Caching Algorithms on Video-on-Demand Workloads , 2014, CoNEXT.

[22]  Giovanni Pau,et al.  Drop Dead Data - What to expect Securing Data instead of Channels , 2015, 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC).

[23]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[24]  Sabato Manfredi,et al.  A Distributed Control Law for Load Balancing in Content Delivery Networks , 2013, IEEE/ACM Transactions on Networking.

[25]  Fang Hao,et al.  Unreeling netflix: Understanding and improving multi-CDN movie delivery , 2012, 2012 Proceedings IEEE INFOCOM.

[26]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[27]  Elaine Shi,et al.  A secure computation framework for SDNs , 2014, HotSDN.

[28]  Cédric Westphal,et al.  ContentFlow: Adding content primitives to software defined networks , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[29]  Cédric Westphal,et al.  ContentFlow: Mapping Content to Flows in Software Defined Networks , 2013, ArXiv.

[30]  George Pavlou,et al.  Probabilistic in-network caching for information-centric networks , 2012, ICN '12.