Simultaneous Distribution Control and Privacy Protection for Proxy based Media Distribution

1
Simultaneous Distribution Control and Privacy
Protection for Proxy based Media Distribution

• Songqing Chen (George Mason University)
• Shiping Chen (George Mason University)
• Huiping Guo (California State University)
• Bo Shen (Hewlett-Packard Labs)
• Sushil Jajodia (George Mason University)

2
Background

• Compared to Web content delivery, Internet media
  distribution is challenging
• Large object size
• Continuous demand of network, disk bandwidth
• Lots of proxy-based solutions
• Silo, partial sequence caching, layered caching,
  scabale proxy caching, QBIX, prefix, segment
  caching, video staging good performance

Any of these ideas is practically/widely deployed?
3
Lack Distribution Control
I cannot get pay for these accesses!
Server Proxy
Client
4
Existing Solutions for distribution control

• Common practice (Does not work with proxy
  caching)
• Pay-per-view/membership
• DRM (Digital Right Management)
• Proxy-based solutions
• Hardware-assisted encryption/decryption
• (special device requirement)
• RSA-based multi-key (vulnerable to client
  collusion)

5
Lack Sufficient Privacy Protection

• Current practice could endanger your private
  information
• WWW (when what where)
• Your preferences, payment methods
• e.g., what kinds of movies you are always
  interested in?
• May be used for uninvited ads or investigation

Little is considered in existing media
distribution solutions
6
Conflicting Interests

• Privacy Protection (end-users interests)
• Proxy has good potential for privacy protection
• Distribution control (content providers
  interests)
• Only legitimate users could be granted access
• Normally requires users identity

Conflicting
Can we simultaneously achieve both goals for two
parties while proxy caching can be leveraged?
7
Our Contributions

• Provide a framework to achieve simultaneous
  distribution control and privacy protection
• El Gamal based scheme for distribution control
• Shamir-Omura based scheme for privacy protection
• Propose and evaluate the algorithm in cooperative
  proxy environments
• Considering traffic amortization and proactive
  replacement

8
Outline

• Simultaneous Distribution Control and Privacy
  Protection
• Distribution Control Principle
• Privacy Protection Principle
• Algorithm Design and Evaluation
• Conclusions

9
Key Division Cipher

• M D(E(M, Ke) , Kd)
• Kd Kd1 Kd2
• M D(D(E(M, Ke), Kd1), Kd2)
• El Gamal is a key division cipher system on .

10
Distribution Control

• Client Proxy Server

XB lt q YB aXB mod q
Random k ltq K (YB)k (mod q) C1 ak (mod q) C2
KM (mod q)
XB XB1 XB2
K1 (C1)XB1 mod q M2 C2 / K1 mod q
K2 (C1)XB2 mod q M M2 / K2 mod q
11
Commutative Cipher

• For any two keys Ke1 and Ke2
• E(E(M, Ke1), Ke2) E(E(M, Ke2), Ke1)
• Shamir-Omura has commutative property.

12
Privacy Protection

• Client Proxy Server

(KE, KD) IDS E(ID, KE)
(Ke, Kd) IDC E(ID, Ke)
(IDS, Movie)
E(IDC , KE) E(E(ID, Ke), KE) (IDC)S
D((IDC)S, Kd) D(E(E(ID, Ke), KE), Kd) E(ID,
KE) IDS
13
Our Unified SchemeAssumptions

• k anonymity
• The server only knows a client is accessing one
  of k objects
• Objects are classified into n classes (e.g.,
  price), each with more than k objects
• Privacy protection (Shamir-Omura)
• Each object can only be identified via its
  encrypted ID on the proxy
• Encryption key KE for IDs is same for objects in
  the same class
• Distribution control (El Gamal)
• Each object is encrypted with a different key
• Encryption key is divided into two parts, e.g.,
  E(M, SCSi)
• SC is common for the class
• Si is different for each object
• Si is encrypted with KE
• ID and E(Si, KE) are available for client access

14

• client proxy server

(ID, E(Si,KE)) list
(E(ID, KE), E(M, SCSi))
Want to access some movie ID
E(ID, Ke) E(E(Si, KE), Ke)
1. Get payment 2. E(E(ID, Ke), KE) 3.
D(E(E(Si, KE), Ke), KD) E(Si, Ke) 4.SC SC1SC2
1. D(E(Si, Ke), Kd) Si 2. D(E(E(ID, Ke), KE),
Kd) E(ID, KE) IDS
Objects are pre-cached in the proxy!
D(E(M, SCSi), SC1)
D(D(E(M, SCSi), SC1), SC2Si)
15
Brief Analysis

• Proxy and clients do not collude enable
  distribution control
• Proxy and servers do not collude provide
  privacy protection
• For each access to the server, instead of
  fetching 1 object, (k-1) additional objects must
  be fetched for privacy protection additional
  traffic can we utilize?

16
Outline

• Simultaneous Distribution Control and Privacy
  Protection
• Algorithm Design and Evaluation
• Conclusions

17
Design Space

• Work independently or cooperatively?
• Cost-Amortized Request Admission
• Which (K-1) objects to fetch?
• Aggressive Object Selection
• Which objects to replace?
• Proactive Replacement

18
Cost-amortized Request Admission

• Requested object is not in local or peer cache
• Counting how many (r) requests from how many (p)
  proxies to access server at this time
• Each proxy fetches additional objects

19
Aggressive Object Selection

• After determining the number of additional
  objects to fetch
• In the first phase, select objects according to
  the object popularity
• In the second phase, select objects according to
  the object size

20
Proactive Replacement

• Always use popularity based replacement to make
  room for the requested object
• For additionally fetched objects
• In the first phase, using popularity based
  replacement to cache the additionally fetched
  objects
• In the second phase, the additionally fetched
  objects are discarded

21
Evaluation

• Trace driven simulation
• using a synthetic workload based on a server log
  through duplication
• Total unique objects 934
• Total unique object size 67 GB
• Total number of requests 64227
• Object size 288 KB to 638 MB
• Average traffic per request 222 MB
• Number of cooperative proxies 4
• Number of object classes 5
• Privacy level k 4

22
Evaluated Strategies
Privacy Protection Pro-active Replacement Amortizing Cost
base No No No
strategy1 Yes No No
strategy2 Yes Yes No
strategy3 Yes Yes Yes
23
Cache Size-- Additional Traffic
1 of the total client accessed traffic
24
Cache Size-- Local Hit Ratio Peer Hit Ratio
25
Cache Size-- Local Byte Hit Ratio Peer Byte
Hit Ratio
26
Outline

• Simultaneous Distribution Control and Privacy
  Protection
• Algorithm Design and Evaluation
• Conclusions

27
Conclusion

• Extended El Gamal for distribution control and
  Shamir-Omura for privacy protection
• Proposed a unified algorithm to achieve them
  simultaneously
• Proposed an algorithm and evaluated in a
  cooperative proxy environment

28
Thanks to anonymous reviewers, Bill Bynum
(William and Mary), Xiaodong Zhang (Ohio State
University).
Questions?