A Dgtal Content Dstrbuton Usng a Group-Key and Mult-layered Structure Based on Web Yun-J Na and Il Seo Ko 2 Department of Internet Software, Honam Unversty 59-, Seobong-Dong, Gwangsan-Gu, Gwangju 506-74, South Korea yjna@honam.ac.r 2 School of Computer and Industral Engneerng, Yonse Unversty 34, Shnchon-Dong, Seodaemun-Gu, Seoul 20-749, South Korea so@ctech.ac.r Abstract. Regardng the desgn of a multmeda dgtal content dstrbuton system, the mportant ssues are to supply a large amount of multmeda dgtal content to users and to guarantee the securty of dgtal content. In ths study we proposed desgnng a securty technque for each group n a multlayered structure, and on a cachng technque, whch s based on ths securty technque, and to mprove the user's response speed. Usng these technques guarantees the securty of dgtal content dstrbuton. Keywords: web based system, multmeda dgtal content dstrbuton, multlayered structure. Introducton Web based servces have been actvated due to the ncrease n networ speed. Also, there s no excepton n the feld of dgtal content, n whch dstrbuton of dgtal content has rapdly ncreased [,2]. However, almost all Web servces throughout the Web have securty problems due to ther specfc meda characterstcs n the Web tself. Due to ths securty problem, studes on securty technques have been ncreasngly stressed. Studes on the securty technques based on the Web conssts of mplementng a type of basc securty technque tself [3,4], and of applcaton technques for the applcaton of Web servces [2,5,6]. Recent studes on the transmsson of dgtal content have been focused on the guarantee of safety and effectve dstrbuton. However, the mprovement of transmsson delay s also consdered wth ths safety guarantee n the transmsson of multmeda dgtal content. Thus, the major ssue n the desgn of a multmeda dgtal content through the Web can be defned as a guarantee of the securty of dgtal content, and fast supplement of a large amount of multmeda dgtal content to the user. A content acceleraton technque used n the Web s a type of user response tme (web browser response tme and networ traffc savng technque. In order to perform ths content acceleraton, a web cachng method s used [7,8,9]. A web cachng method ncreases the effcency of fast response and networ use by savng web objects, whch are requred by the user, who s geographcally located at a close poston to the Internet. Studes on the CDN (Content Delvery Networ have been ncreasngly T. Enodo et al. (Eds.: EUC Worshops 2005, LNCS 3823, pp. 265 272, 2005. IFIP Internatonal Federaton for Informaton Processng 2005
266 Y.-J. Na and I.S. Ko stressed to effectvely dstrbute dgtal content n the Web, n whch an applcaton of the cachng technque can ncrease the system effcency n a system desgn process. It s necessary to desgn a system, whch reflects the characterstcs of multmeda dgtal content, n order to ncrease the performance of content acceleraton usng a cachng technque n the transmsson of multmeda dgtal content. In ths study we proposed desgnng a securty technque for each group n a multlayered structure, and on a cachng technque, whch s based on ths securty technque, and to mprove the user's response speed. Usng these technques guarantees the securty of dgtal content dstrbuton. 2 System Desgn 2. System Structure Fg. presents a conceptual confguraton of the system. The DCP (Dgtal Content Provder s a suppler of DC (Dgtal Content. The DCUG (Dgtal Content User Group s a user group, whch s suppled by DC. Almost all users of multmeda are only nterested n a certan passve acton. However, a delcate encrypton algorthm and certfcaton requres a certan complcated process. Ths process s the cause of tme delay. Thus, t s necessary to consder the transmsson of DC from the vew ponts of safety and executon speed. Because the user of a DCUG, whch s a user group of DC, appled n the proposed system can be certfed n the DCUG, the user certfcaton becomes fast and easy. In addton, an effect of the Internet traffc of DC n the proposed system decreases, and the executon speed ncreases due to the fact that the system wll be drectly affected by the DCUG cache. Fg. 2 shows the confguraton of a DCUG. A DCUG s managed by groupng t n two dfferent groups. The frst group s an authorzed user group, whch has the authorty to use encrypted DC, and the second group s a user group, whch has no authorty to use encrypted DC. In addton, a DCUG uses a dgtal content accelerator to ncrease the user response speed. DCP DCP2 DCPn Internet DCUG DCUG2 DCUGn Fg.. System Structure
A Dgtal Content Dstrbuton Usng a Group-Key and Mult-layered Structure 267 DCUG Dgtal Content Accelerator Manager Accelerator Manager Cache Manager Cache Encrypted Contents General Data Authorzed user group Not authorzed user group Fg. 2. DCUG Structure A cache s managed by classfyng a cachng scope as an authorzed user and an unauthorzed user. Therefore, the structural securty can be managed n the level of system by separatng the DC as an authorzed DC and an unauthorzed DC. In the cachng scope of an authorzed user, the cachng scope can be managed by classfyng the DC as an encrypted DC and a generalzed DC. 2.2 Certfcaton When the authorzed user n the DCUG s unable to fnd the requred content n the cache lst, the DCUG should receve the content from the approprate DCP server. In ths case, the DCUG and DCP servers should ssue a certfcate by connectng the CA (Certfcate Authorty before transmttng and recevng encrypted data for each other. The ssung process of the certfcate s as follows. Connectng to the CA server, Requestng a certfcate for the CA server, The CA server transmts a certfcate requrement to the DCUG and DCP servers, The DCP and DCUG servers produce a ey par of themselves, Wrtng a certfcate requrement, The DCUG and DCP servers transmt ther publc eys and certfcate requrements to the CA server, ƒ The CA server ssues a certfcate ncludng a publc ey by verfyng the receved certfcate requrement, ƒ The CA server saves the nformaton of the certfcate requrement of the DCUG and DCP servers and certfcates to DB, ƒ The CA server transmts certfcates of the DCUG and DCP servers to the DCUG and DCP servers, ƒ The DCUG and DCP servers save certfcates receved from the CA server ncludng ther prvate eys. In the case of the use of the same ey for all the members of the DCUG, ths wll cause a weaness n the securty. Thus, a ey agreement between the members of the
268 Y.-J. Na and I.S. Ko DCUG s requred. The members of the DCUG calculate the ey by themselves. Table presents a ey agreement process between the members of the DCUG. Table. Key agreement process of the members of n the DCUG Y S = = u t v v + u v, g = p u v, g p ( x x R zq, y = p+ + ( + = + y, I = I x x z, y = p R q v w = ( y y = I, z, + w = g x, = ( y z v + z = h ( 2 : y, y,, I, w x v w = g, = ( y z = h ( 2 : y, y,, I, w z = h ( : y, y, I,, w z v+ w = ( y z = h ( : y, y, I,, w Where, the symbols noted n Table are as follows. u : members of the group communcaton conssted of the DCUG : pre-shared ey through the ey agreement process w : publc nformaton calculated by the nput value usng a sngle drecton functon for the pre-ey K : shared DCUG eys between the members for each DCUG XK g : shared eys produced by the calculaton process for each member and group manager t : number of members of the DCUG In addton, the ntal confguraton s as follows. p : 024 bts prme number q : 60 bts of a prme factor of p g : s an element of Z p The calculaton of the modular exponent for the generator of g s performed n the modulo p, n whch h s a hash functon, and satsfes { } { } q h : 0, 0,. In
A Dgtal Content Dstrbuton Usng a Group-Key and Mult-layered Structure 269 addton, the member of u, u + s a ey agreement process, and confgures a certfcate and pre-shared ey. The member of u generates a publc ey of p usng a prvate ey of v, and the member of u + also generates a publc ey of p + usng a prvate ey of v +. Each member calculates y, y usng ther opponent's publc eys. Ths can be used to calculate a pre-shared ey of xx = α. Fnally, the confrmaton for the pre-shared ey can be performed by transmttng the value of a sngle drecton functon, whch s produced by a pre-shared ey. Thus, the members not only share the pre-shared ey safely, but also form relance between members. Each member calculates the publc nformaton of w usng the two shared eys of, of the DCUG, n whch each member calculates ther eys usng ths publc nformaton. The calculaton process can be noted as follows. The member of u, u generates a pre-shared ey usng a ey agreement process. The member of u calculates the publc nformaton of w = h( h( usng a pre-shared ey. h ( : Ths apples n tmes of sngle drecton functons usng the nput value of a pre-shared ey. The member of u produces a small group ey of K for the members of a small group, whch s authorzed by applyng an nductve method as follows, usng the publc nformaton. u has the element of, equaton as follows.,, and the small group ey of s confgured by the K = h( t + h( + L + h( (where, l n u recognzes the value of (, h( + = h( h( + u recognzes the value of (, h( h h( Because h, the publc nformaton of u + can be calculated usng the equaton of w. Because h, the publc nformaton of u can be calculated usng the equaton of w. = ( 2 2.3 Transmsson and Executon of DC n the DCUG When an authorzed user n the DCUG requests DC, the DCUG manager transmts a partally encrypted DC n the cache scope to the user. Then, the user decrypts the receved DC n the user's personal browser, and executes the DC usng a player nstalled n the personal browser. Fg. 3 presents the procedure of the transmsson of content from the DCUG to the DC.
270 Y.-J. Na and I.S. Ko ª ««««ª «ª Fg. 3. Transmsson and executon of DC n the DCUG In order to execute DC n the DCUG, an exclusve browser, whch has the functon of openng the DC of the DCUG server, transmsson of the personal nformaton of the user, recevng DC, decrypton, and play-bac of DC, s requred. 3 Analyss Test results were compared to a frequently used exstng commercal system, such as SecuMAX and Dgcap, n order to verfy the effcency of the proposed system. The tem of PEnc5% and PEnc7% present the 5% and 7% of partal encrypton of DC, respectvely. In addton, the tem of Enc5%cache25 and PEnc5%cache40 present the processng speed tests of the 5% of partal encrypton of DC at the cache-ht-rato of 25% and 40%, respectvely. The tem of PEnc7%cache25 and PEnc7%cache40 present the processng speed tests of the 7% of partal encrypton of DC at the cacheht-rato of 25% and 40%, respectvely. Almost all commercal systems support a personal nterface to assst the system securty and user convenences. As noted n Table 2, the level of securty of DC was slghtly reduced to mprove the processng speed. Ths s due to the fact that the only applcaton of encrypton method and personal nterface can't ncrease both the processng tme of DC, and the level of securty. If web cachng s not reflected n the system, the two exstng systems present a more benefcal performance than that of the proposed system. However, the proposed system showed a hgh performance n the securty of DC, and also presented an excellent processng speed from the aspect of consderng a web cachng. Because the numercal value of the test can be changed accordng to the test envronment, t s not reasonable to conclude that the results present an absolute gudelne to verfy the system. However, the results revealed that the performance of the proposed system was mproved compared to that of the exstng commercal system.
A Dgtal Content Dstrbuton Usng a Group-Key and Mult-layered Structure 27 Table 2. Analyss of the proposed system Issue Factors Consderatons Processng Speed Transmsson speed of the networ User executon speed Networ traffcs Fle sze of the encrypton/decrypton Approach of the proposed system Management for each DCUG group/layered structure web cachng Layered structure system/partal encrypton Securty Securty of the transmsson Securty of the executon Safety Speed lowerng/ Reducng the executon process Publc ey method/management for each group Securty of the DCUG /Certfcaton for each DCUG group The factors, whch affect the processng speed of a dgtal content dstrbuton system, are the delay accordng to the networ traffc, and decrypton process n user nterfaces. The fle sze of the orgnal sentence of DC ncreased due to the encrypton. In addton, the encrypted transmsson of a large amount of multmeda dgtal content, such as MP3, sgnfcantly ncreases the networ traffc. The proposed system mproves the processng speed by reducng these delay factors. The encrypted content n the DC server usng a publc ey wll be transmtted to the DCUG. The receved DC can be decrypted usng a personal ey, and stored n a cache by applyng a partal encrypton. Fnally, the authorzed user of the DCUG wll be suppled by DC, whch s stored n a cache. Therefore, the traffc on the Internet for the user decreases, and the user wll be affected by DC of the DCUG. In addton, because the user nterface decrypts a partally encrypted content, the delay tme to execute the content decreased. The proposed system s secure, due to the fact that the DCUG, whch has a personal ey, can only decrypt the receved DC. Because the user n the DCUG should be certfed for each group, safety s guaranteed n the DCUG. In addton, the proposed system s secure enough to safely execute contents. The securty of the DCUG can be guaranteed by the system tself. The authorzed user of the DCUG, who s certfed through the user certfcaton, can only be allowed to access the cache lst. It s necessary to mae decrypton when a user nterface executes DC, and a certan addtonal securty s guaranteed due to the fact that a sngle user, who has a proper ey, can decrypt the DC. The test results showed that the processng speed at the cache-ht-rato of 25% was smlar to that of the commercal system, and the processng speed was mproved by 0%-8% at the cache-ht-rato of 40%. Almost all commercal web caches present over 40% of the cache-ht-rato. Thus, the test results revealed that the performance of the proposed system mproved compared to the exstng commercal system. In addton, t s possble to guarantee the securty of DC wthout any decrease n the processng tme.
272 Y.-J. Na and I.S. Ko 4 Conclusons Ths study desgned a dgtal content dstrbuton system, whch can ncrease the executon speed, whle guaranteeng the safety of DC. The proposed system ntroduced n ths study reduces the delay factor, whch s due to the networ traffc durng the executon of DC, usng a layered web cachng. In addton, ths system uses a layered encrypton/decrypton to mprove the level of securty of DC. The test appled n ths study compares the executon speed and level of securty of the proposed system wth the exstng commercal system. As a result, an mprovement n the level of securty and executon speed of the proposed system was verfed. References [] Spctral Lnes, "Talng About Dgtal Copyrght," IEEE Spectrum, vol.38 Issue;6, pp.9, June 200. [2] Thorwrth N. J., Horvatc P., Wes R., Jan zhap, Securty methods for MP3 musc delvery," Sgnals, Systems and Computers, 2000. Conference Record of the Thrty-Fourth Aslomar Conference on, vol.2, pp.83-835. 2000. [3] R. Rvest, A. Shamr and L. Adelman, "A Method for Obtanng Dgtal Sgnatures and Publc Key Cryptosystems," Communcatons of the ACM, vol.2, No.2, 978, pp.20-26 [4] Korea Informaton Securty Agency, A Development and Analyss Report on 2bts Bloc Encrypton Algorthm(SEED, 998. [5] Secumax: DRM Soluton,(http://www.secumax.com [6] M. Just, S. Vaudenay, "Authentcated Mult-Part Key Agreement", In Advances n Cryptology - ASIACRYPT'96 LNCS 63, pp.36-49, 996. [7] H. Bahn, S. Noh, S. L. Mn, and K. Koh, "Effcent Replacement of Nonunform Objects n Web Caches," IEEE Computer, Vol.35, No.6, pp.65-73, June 2002. [8] L. Rzzo, L. Vcsano, "Replacement Polces for a Proxy Cache," IEEE/ACM Trans. Networng, vol.8, no.2, pp.58-70, 2000. [9] C. Aggarwal, J. Wolf and P. Yu, "Cachng on the World Wde Web," IEEE Trans. Knowledge and Data Engneerng, vol., no., pp.94-07, 999.