中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 综合信息系统技术国家级重点实验室  > 学位论文
Subject: 计算机应用
Title:
支持安全转码的图像加密与认证方法研究
Author: 易小伟
Issued Date: 2014-05-22
Supervisor: 郑昌文
Major: 计算机应用
Degree Grantor: 中国科学院大学
Place of Degree Grantor: 北京
Degree Level: 博士
Keyword: 安全转码 ; 图像加密 ; 图像认证 ; 联合信源信道编码 ; 率失真优化
Abstract:

随着多媒体处理技术和计算机网络的迅速发展,多媒体通信应用日益普及。数字图像作为一种重要的多媒体数据,在经济、军事及日常生活中得到广泛应用。支持安全转码的图像加密及认证是信息安全的重要研究领域,也是实现图像安全传输的一项关键技术,具有重要的理论研究意义及实际应用价值。

本论文在深入分析本领域国内外研究与发展现状的基础上,针对支持安全转码的图像加密与认证方法展开研究,主要创新性贡献如下:

1)针对图像数据的安全转码传输问题,提出了一种支持透明转码的加密方法。该方法实现了对密文图像码流的码率转换,保证了图像数据的端到端安全传输。在分析码流结构特征的基础上,设计了支持安全转码的图像数据安全传输分发框架。在安全传输框架中,利用编码流的语法结构等信息,实现了保持码流结构的层次化组包策略和安全数据包格式,并且引入了安全透明转码机制以支持对密文域码流进行码率转换。基于安全传输框架,针对CCSDS IDC码流和JPEG 2000码流分别实现了支持透明转码的加密算法。

2)针对图像数据安全转码中的认证问题,提出了支持可伸缩验证的认证方法,该方法在支持透明转码条件下同时实现了对图像码流的端到端可伸缩验证。为了无缝地兼容支持透明转码的图像加密方案,设计了支持可伸缩验证的图像传输框架。在该传输框架下,完善了安全数据包格式定义。结合CCSDS IDC码流的编码特征信息,实现了适用于CCSDS IDC码流的可伸缩认证算法。该算法通过联合哈希链和哈希树技术,在保证支持安全透明转码前提下达到了对整体码流一次签名,可伸缩验证的目的。

3)针对流级认证方法的丢包鲁棒性问题,提出了面向质量优化的可伸缩认证方法,该方法在降低认证代价条件下获得等同无认证时的端到端可信质量。以图像质量和认证代价为优化目标,设计了面向质量优化的图像传输框架。在分析传统认证优化模型不足的基础上,给出了达到最优的端到端率失真性能的两个基本条件。在此基础上,建立了一般化的基于率失真的认证优化模型,通过结合基于图认证和基于FEC码认证的思想,保证了认证相关性与编码相关性的一致。利用码流的编解码相关性等信息,证明了认证优化模型获得最优解的等价条件,进而给出构建最优认证图的两个基本操作。基于该优化模型,分别实现了适用于CCSDS IDC码流JPEG 2000码流的认证优化算法。

4)针对图像数据安全传输中的端到端率失真优化问题,提出了基于联合信源信道编码的图像加密与认证优化方法,该方法能够达到最优的端到端率失真性能。利用信源重要信息和信道状态信息,设计了基于联合编码的图像安全传输框架,实现了对图像数据的不平等认证保护及非均衡差错保护。实现了一种完整的安全数据包格式,并结合安全传输框架中各模块分析了加密、认证及信道编码的实施对象。根据不平等认证保护和非均衡差错保护的基本原理,建立了一个跨层优化资源分配模型。在不同信道误码条件下,该模型实现了对跨层的信源-认证-信道码率资源的最优分配,进而获得最优的端到端率失真性能。

English Abstract:

With much rapid development of the multimedia processing technology and computer networks, multimedia communication applications are becoming increasingly popularity. The digital image as a very important multimedia data is pervasively used in the fields of economy, military, and daily routines. The image encryption and authentication with supporting secure transcoding is an important research field in information security and is also a key technology for secure image delivery. It is significant to the theoretical research and the practical value.

In this academic dissertation, we study image encryption and authentication methods with supporting secure transcoding according to the deeply analyze on the development and problems of national and international research work. The contributions of our work are as follows:

Firstly, to solve the security transcoding problem in image data transmission, encryption schemes with supporting transparent transcoding are proposed to perform secure transparent transcoding on the encrypted image codestreams and to ensure end-to-end secure delivery. By analyzing the structural features of the image codestreams, a security framework of image data delivery is designed for supporting secure transcoding. Under this framework, a structure-maintained hierarchical packetization strategy and a secure packet format are proposed by using the syntactic structures of codestreams. And then, a secure transparent transcoding mechanism is achieved for transcoding on encrypted streaming. Based on the security framework, encryption schemes of supporting transparent transcoding are realized for the CCSDS image data compression (CCSDS IDC) coder and the JPEG 2000 coder.

Secondly, to solve the authentication problem in secure transcoding of the image data, authentication schemes with supporting scalable verification are proposed to ensure end-to-end secure authentication of image streams under the transparent transcoding. An image transmission framework of scalable verification is designed to seamlessly support or compatible with the image secure transmission schemes supporting secure transparent transcoding. Under this framework, secure packet format is updated and improved. An authentication scheme with scalable verification is realized for CCSDS IDC streaming via using codestream features. With supporting secure transparent transcoding, the proposed scheme achieves the goal that “once signature, scalable verification” by utilizing joint hash chain and hash tree techniques.

Thirdly, to improve the packet-loss robustness for stream-level authentication methods, quality-optimized scalable authentication schemes are proposed to obtain the same end-to-end authentic quality without authentication at cost of a low authentication overhead. A quality-optimized image delivery framework is designed to optimize the image quality and the authentication overhead. According to the analysis of conventional authentication optimization models, we give two basic conditions that authentication schemes are required to be satisfied for realizing the optimal end-to-end rate-distortion (R-D) performance. And then, a general R-D based authentication optimization model (AOM) is constructed by integrating graph-based and forward error correction (FEC) based authentication methods to guarantee that the authentication dependency is accordance with the coding dependency. The condition of equivalence for solving the AOM is proved by using the codec dependencies of the codestreams. After that, we give two basic operations to construct the optimal authentication graph (OAG). According to the proposed AOM, optimizing authentication schemes are respectively realized for the CCSDS IDC streaming and the JPEG 2000 streaming.

Finally, to solve the end-to-end R-D performance optimization problem for secure image data delivery, security optimization schemes are proposed based on the JSCC to realize optimal end-to-end R-D performance. A secure image delivery framework based on the JSCC is designed to perform unequal authentication protection (UAP) and unequal error protection (UEP) on the image streams by using source significance information (SSI) and channel state information (CSI). After that, a complete secure packet format is designed and the encrypted, authenticated, and channel coded objects are analyzed by combining the corresponding modules in the proposed secure delivery framework. And then, a cross-layer optimization resource allocation (CLORA) model is devised via using the principles of the UAP and the UEP. Under the CLORA model, cross-layer source-authentication-channel bit-rate resources are optimally allocated to achieve the optimum end-to-end R-D performance in varied channel conditions.

Language: 中文
Content Type: 学位论文
URI: http://ir.iscas.ac.cn/handle/311060/16387
Appears in Collections:综合信息系统技术国家级重点实验室 _学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
中国科学院大学博士学位论文_支持安全转码的图像加密与认证方法研究_易小伟.docx(12310KB)----限制开放 联系获取全文

Recommended Citation:
易小伟. 支持安全转码的图像加密与认证方法研究[D]. 北京. 中国科学院大学. 2014-05-22.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[易小伟]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[易小伟]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace