SECURE VIDEO TRANSCODING IN MOBILE CLOUD COMPUTING

Video Transcoding is one of the recent services available online nowadays provided by the clouds to enable a user to convert a video format from one into another in a very convenient way. To transcode a video, all of the video contents need to be uploaded to the cloud storage. However, outsourcing video contents that may contain sensitive information do not guarantee the video security and privacy as the clouds have the ability to access them. Thus, in this paper, an enhanced homomorphic encryption scheme is proposed to allow massive amount of frames to be transcoded by the cloud server in a secure manner. This scheme encrypts integers rather than individual bits so as to improve the scheme’s efficiency. With the aid of a proposed process for multiple parties to communicate securely, the efficiency of the scheme is thoroughly evaluated and compared with related works. The result shows that our scheme offers much better efficiency, which makes it more suitable for operating the video transcoding in cloud environment.


INTRODUCTION
Cloud computing technology has emerged and attracted many private and public sectors including entertainment companies to transfer their in-house production to cloud servers [1].The main reason for such movement is that more services such as video transcoding and 3D rendering are offered as pay as is used basis by the cloud providers [2,3].Video transcoding is a conversion process of a video format from one into another, along with a variety of solutions [2].Video transcoding allows video content providers to offer different video formats to customers using various encoding techniques and resolutions.However, such a process requires huge processing resources and storage spaces to transcode and store the video data in multiple formats.Thus, by leveraging cloud facilities such as powerful computing resources and massive storage spaces, such a process could be executed efficiently without the need for spending more on upfront cost for the video transcoding facilities and storage servers.
Transcoding is essential to allow the video data to be stored and transmitted in a compressed format so that storage space and communication bandwidth can be reduced.To leverage the cloud facilities for video transcoding services, video content providers need to transfer the video content to the cloud servers.Many transcoding solution vendors such as Amazon Web Services (AWS), Zencoder and Panda provide real-time video transcoding services based on cloud computing.Their approaches seem to be reasonable, as video transcoding for a large number of clients needs a great amount of resources such as computing power, memory, and storage space [2,4,5].
Before transcoding takes place in the clouds, video data needs to be uploaded for storage.However, the confidentiality of the uploaded data becomes one of the primary concerns mainly if the data contains private information or video for commercial uses.Furthermore, revealing such video data to the untrusted third party like clouds may rise security concerns as the clients have very limited control over their data [6][7][8].Moreover, improper managing such precious data may lead to a disaster to the data owner as a result of data misuse, data leakage, or data stolen by other parties that use the same services [9,10].Based on the cloud nature together with the aforementioned reasons, addressing security and privacy issues in such an environment is a very challenging problem [11].Thus, an encryption approach should be implemented to protect the outsourced data and to preserve the privacy of data owner in the clouds environment.
Existing encryption techniques such as AES encryption are good to protect the outsourced and stored data in the cloud storage [7].Such an encryption could protect the confidentiality of the data without disclosing its content to the unauthorised users.Nevertheless, such a technique prevents the data from being processed by the cloud processor.As a result, it is almost impossible to adapt them to special video application paradigms which pose special requirements that are never encountered when encrypting text data [12].Thus, a new encryption scheme needs to be proposed to allow encrypted data to be processed without decryption.
An encryption scheme that allows data to be processed in an encrypted form has been introduced in [13] and is known as a Fully Homomorphic Encryption (FHE) scheme.Since then, a lot of FHE schemes have been proposed and improved upon due to the scheme's efficiency issue for their implementation [14,15].Such a limitation requires an improved FHE scheme to be proposed.To address the above problem, in this paper, we propose a new lightweight homomorphic encryption scheme suitable for transcoding video contents in a secure manner.This scheme encrypts integer and produces encrypted result in the integer form.Such a setting improves the transcoding process as encryption on an integer is faster than encryption on every single bit of the integer [16].Moreover, encryption over the integer increases input and output message spaces so as to consume less storage space and requires less bandwidth for data transmission.
To the best of our knowledge, we are the first to apply a fully homomorphic encryption scheme to allow video transcoding to be processed in the cloud environment.Thus, the main goal of this paper is to propose a new lightweight fully homomorphic encryption scheme for mobile cloud-based video transcoding.This goal can be achieved by utilising a symmetric encryption scheme that uses a secret key to achieve the balance of efficiency and security [17].Such a balance of efficiency can be demonstrated by investigating the delay of the whole process of video transcoding on encrypted frames while the scheme's security can be illustrated by providing the security analysis on the proposed scheme.Investigation on the delay of such a process can be executed by using a network simulation software such as OPNET.Furthermore, this scheme is designed to enable the MPEG compression technique to be processed with the encrypted Discrete Cosine Transform coefficients.Such a technique is widely used in multimedia data for entertainment as well as business purposes [5].
The rest of this paper is briefly described as follows.Section 2 explains the background of the related works.Section 3 gives the details about MPEG compression technique to compress a video into MPEG format.Section 4 describes the details of the proposed cryptosystem.Section 5 explains the security analysis of the proposed cryptosystem.Section 6 explains the details of video transcoding in the cloud environment.In Section 7, the application settings and experimental results of our scheme are given in detail, and discussions on the scheme performance are presented.Finally, the conclusion is given in section 8.

SECURITY OF MULTIMEDIA DATA AND CLOUD COMPUTING
B. Saeed, and N. Majid, have proposed the use of simple and lightweight stream cipher algorithm to secure the multimedia data after taking into consideration the fact that such data contains excess volume of information and needs real-time uses [5].To secure the data by means of encryption, additional computation is needed.Thus, the security and the necessity have to be balanced.This encryption was proved to be secured by C. E. Shannon in 1949, but the key stream must be generated completely at random with at least the same length as the plaintext and cannot be used more than once.Such requirement makes the scheme very trivial to be implemented in practice, and as a result, the schemes have not been widely used except for the most critical applications [18].
Furthermore, according to the survey made by L. Fuwen, and K. Hartmut, many encryption algorithms proposed operating after compression.Only two of them operated before the compression schemes, which were the Pazarci-Dipcin scheme and the correlation-preserving video encryption scheme.However, both of them were proven unsecure enough due to the former was not secure against brute force attacks, and the known or chosenplaintext attacks, while the latter was not secure against known-plaintext attacks.Moreover, the latter scheme has great limitation as it is merely applied to video codecs that use only intra-frame technology, such as M-JPEG.It cannot be deployed for the widely used video codecs that apply the hybrid coding technologies, such as MPEG-2 and H.264 [12].
In other research works, several approaches have been proposed to avoid decryption of protected multimedia content at mid-network nodes.Mou et al., have designed a secure media streaming mechanism by making use of the existing highly studied cryptographic techniques.A secure media streaming mechanism has been proposed, which combines encryption, authentication, and transcoding to address content protection, sender authentication, and media adaptation, respectively, and coherently.However, their scheme cannot be implemented in a cloud computing environment as they assumed mid-network proxies are trusted devices, so decryption can also be done on midnetwork proxies for the purpose of transcoding.This contradicts with our assumption as the cloud service provider is an untrusted party.The cloud providers are only responsible for transcoding job and they are supposed not to see the content of the video they are processing [19].

FULLY HOMOMORPHIC ENCRYPTION SCHEME AND ITS EFFICIENCY
Most of the existing FHE schemes are suffering from an efficiency issue as their choice of plaintext for encryption and the generated ciphertext is in the form of bits [13,20,21].The advantage of such individual bit based encryption is easier to achieve due to fully homomorphic properties.Nevertheless, these encryption schemes significantly reduce the storage and communication efficiency that leads to an increase in the computational time.Furthermore, the schemes require applications to convert computation tasks into binary addition and multiplication operations, which makes the computation more complex [16].Furthermore, several schemes have been proposed so that the plaintext for encryption is in the form of integers, while the output remains in the form of bits [22][23][24].Those schemes support arbitrary functions in an encrypted form with better efficiency as they are designed on the basis of integers.Nevertheless, such schemes are also hardly to be implemented by resource-constraint devices due to still high computational complexity and communication costs [16].In addition, those schemes require a large public key size for encryption [20,25], which rapidly reduces the battery lifetime of mobile devices during data encryption.
In the recent work of H. Zhou and G. Wornell [16], a new homomorphic encryption scheme has been developed.The scheme operates directly on integer vectors that support three operations, which are more specifically implemented in signal processing applications.The operations supported by this scheme are addition, linear transformation and weighted inner products.However, such a scheme has a limitation on the degree of a polynomial to be computed efficiently.Furthermore, the scheme suffers from an efficiency issue due to the adopted large public key size [16].In addition, in the work [25] a scheme with both plaintext and ciphertext in the form of integers has been proposed.This approach improves the scheme's efficiency as it has been discussed earlier.In our view, this is the only scheme that considers both plaintext and the generated ciphertext in the integer form.It allows arbitrary functions to be executed on encrypted data.Nevertheless, the scheme is designed for devices with higher performance power due to both plaintext and ciphertext data being represented as matrices.Processing and transmitting data in a matrix form requires more computing resources and bandwidths as well as more storage.

MPEG VIDEO COMPRESSION TECHNIQUE
Raw video contains a large amount of data.On the other hand, communication and storage capabilities are limited and thus expensive.For example, a given HD video signal might have 720 * 1280 / , and a playback speed of 40 frames/sec and this produces an information flow of: For a channel with bandwidth 50 / , it requires the video to be compressed by a factor of about 18.The way this is achieved is through video compression.Video compression is done through reduction of redundancy and irrelevancy.

THE OVERVIEW
The MPEG bit-stream structure can be showed in an abstract way as in Fig. 1

THE DCT AND IDCT
The Discrete Cosine Transformation (DCT) Formula is a technique to compress MPEG Video format.The DCT is one of the most popular transforms used in multimedia compression.According to Equation 2 in two-dimensional condition, the DCT operates on by block of pixels ( , ), and its output is blocks with by block of pixels where From Equation 2, ( , ) is the brightness of the pixel at position [ , ]. ( , ) is a set of by coefficients representing the data in the transformed matrix value at position [ , ].A set of waveforms is defined for each possible value of (usually = 8, thus, there exists 64 waveforms).Each coefficient can be seen as the weight of each of these basis patterns or waveforms.By summing all the waveforms scaled by the corresponding weight, the original data can be recovered [18].
The Inverse Discrete Cosine Transform IDCT formula is given below: where ( , ) is a transform matrix value at position [ , ] and ( , ) is the original pixel of the video content as described above.The IDCT is used by the decoder to reconstruct the pixel values of the compressed video.

THE PROPOSED SCHEME
The proposed scheme employs its key generation algorithm for Data User (DU) to receive a unique symmetric secret key from Video Contributor (VC).The data encryption algorithm of the scheme allows VC to encrypt its contributed video with the key and outsources the encrypted video to CS for transcoding process.This enables all the VC to contribute their video to CS in an encrypted form, which CS is unable to decrypt.The video transcoding and recovery algorithm of the scheme allows CS to transcode the received video without decryption based on a desired format requested by DU and transmit the result to DU. DU then decrypts the received result to recover its plaintext video.The details of these three algorithms are given below.

KEY GENERATION
The proposed scheme employs a secret key for data encryption by VC.The secret key is shared only between its associated DU and VC, and used for symmetric data encryption.
To produce this key, the parameter delineations for the verifiable encryption of RSA signatures are adopted [26].That is, DU defines as the product of two safe primes and , i.e., = where = 2 + 1 and = 2 + 1 with and being primes.will be used as a public number, needs to be discarded without disclosing it to anyone, and should be kept securely.Additionally, DU selects a prime (< ) and stores both and as its secret master keys.
To generate a key for VC, DU picks up random numbers < and > to produce the following symmetric secret key: and is only given to VC as its secret key.The n secret keys need to meet the following conditions: 1.For summation, 2 < and 1 + 2 < .2. For multiplication, 2 < and 2 + 2 < .Here, , ̃ and are the maximal bit lengths of data item , a random number ̃ chosen by VC for its data encryption, and random number in key for any i, respectively.The detailed reasons for the above conditions will be discussed later when the proposed data encryption and decryption are presented.In brief, the first part of both conditions says that the sum or the product of encrypted data items is less than for the purposes of ensuring the recovery of the sum or product result.The second part of both conditions means that the calculation on the first part of each 's secret key together with the other items results in a number less than .This condition allows the summation or product result to be recovered.

DATA ENCRYPTION
In this sub-section, an algorithm is presented to allow VC to generate its encrypted data for submission to CS.To do so, VC first performs the following calculation: Here, is the encrypted form of video pixel data item , and ̃ is a random number picked up by VC for each data item .After the completion of the above calculation, VC sends to CS for storing and computing purposes.Upon the receipt of completed from VC, CS starts its computation on the ciphertexts received to generate a specific video format requested by DU.

VIDEO TRANSCODING AND RECOVERY
In this sub-section, algorithms are specified for CS to compute the received video data using the required operations without decryption.Once the transcoding process is completed, the compressed video will be sent to DU for decryption.The following are the steps for adding and multiplying of ciphertext data.In addition, how the algorithms support homomorphism under both addition and multiplication is also explained.Homomorphism under these operations is defined below: Definition 4.1: Let * and * be arbitrary operations in groups and , respectively.A function : → from group to group is a (group) homomorphism if the group operation is preserved in the sense that: For all , ∈ , let be the identity in and the identity in .A group homomorphism maps to : ( ) = ( ).Note that must preserve the inverse map due to: the summation of all the data items for 1 ≤ ≤ .For summing ciphertext in MCC, CS computes the received ciphertext data for each frame as follows: Then, this result will be sent to DU for recovering the sum.To obtain the sum, DU applies its master keys and to calculate: ii. Product Let and be the ciphertexts of plaintexts and , respectively.The product of and can be recovered from the product of and as follows: Based on the FHE concept given in Definition 4.1, it is clear that our scheme (or its algorithms) is homomorphic under both addition and multiplication operations.

SECURITY ANALYSIS
In this section, the security of the scheme proposed in the previous sub-section is analysed.We analyse the scheme security based on a brute force attack on Video Contributor's (VC) secret keys.
The proposed scheme is said to be secured against a brute force attack on a VC's secret key due to the following reason: given and , an attacker with some knowledge about the plaintext related to is unable to retrieve any useful information for successfully inferring the encryption key.Such a claim can be achieved by adding a random parameter ̃ in ciphertext .Such a parameter can improve the security of the encrypted data by avoiding any information about the encryption key being disclosed to unauthorised users.
Such an attack can be elaborated as follows.Suppose that the encryption algorithm for plaintext with secret key is: Such an encryption algorithm is vulnerable against a brute-force attack on key .The reason is that, when the size of is small compared to key used for the encryption, the high-end part of the ciphertext generated is likely to be identical to that of the key.This means that for different encryptions with the same key, the differences among them are just the bits at the lower end of the ciphertexts, while the rest (the higher end of the key) remains the same.In case the attacker is able to obtain several ciphertexts, it can compare them to spot their identical part so as to gain that part of the key.If the remaining part of the key is short, then the attacker can guess it by a brute force attack.
Thus, to prevent such an attack, a unique random parameter ̃ is added in Equation 2 for our encryption.By adding this parameter, attempting to spot any identical part of the key will be intractable as it will be hidden by ̃ , which is known only by VC.

COMPUTATION ON ENCRYPTED FLOATING POINT NUMBER
Most of the existing cryptosystems are incompatible with floating point numbers mainly when the cryptosystem uses modulo operation on the integer.This is due to the fact that modulo operation on the integer will always return the output as an integer form.In our proposed cryptosystem, we offer a cryptosystem that can compute floating point numbers by using an appropriate approach as described below.

Multiplication of a floating point number by encrypted data
Suppose an integer is encrypted using the proposed scheme, ( ).To multiply the ciphertext ( ) by a fraction , the steps below need to be followed:  Determine the precision, .For instance, let us consider the precision, is two.
by 10 to change it into integer form = ∈ ℤ.  Multiply the ciphertext by the integer = , ( ( ) × ).All operations are done in modulo for security reason. Decrypt the result using the scheme decryption algorithm, ( ) × .
 Multiply the result in the plaintext form by 10 :

Multiplication of two ciphertexts which both of the original data are floating point numbers
Let , and be two fractions and ( ), and ( ) be the ciphertexts of , and respectively.These two numbers can be multiplied in an encrypted form accordingly to the following steps. Determine the precision of , and .Let us consider that the precision of both plaintext is 2. Then both plaintexts are multiplied by 10 to change them into the integer form , and . Encrypt , and and represent them as vectors ( , 10 ), (  Multiply homomorphically these two vectors as follows: , 10 × , 10 = × , 10 .
 Decrypt the encrypted result using the decryption algorithm:  Compute the result of × by multiplying × with 10 :

Combination of multiplication and addition on ciphertexts which all the original data are floating point numbers
Let , and be three fractions and ( ), ( ) and ( ) be the ciphertexts of , and respectively.To multiply two ciphertexts and add another ciphertext, the steps below need to be followed:  Determine the precision of those plaintexts, .
Let us consider that the precision of the plaintexts is 2. Then for multiplication purposes, the first two plaintexts need to be converted into integers , and by multiplying both of them by 10 . Encrypt the plaintexts and represent them as vectors , 10 , ,  Multiply homomorphically the first two vectors as follows: , 10 × , 10 = × , 10 .
 Add the multiplication result to , 10 .Prior addition can take place, the tenth of both vectors must be the same.Thus, , 10 have to be multiplied by 10 .× ,  Add these vectors homomorphically as follows:  Decrypt the result using the scheme decryption algorithm:  Compute ( × ) + by multiplying × + × 10 with 10 :

SECURE MPEG VIDEO COMPRESSION TECHNIQUE
Such approaches that have been described in section 6.1 allow the MPEG video compression technique to be processed by the clouds securely without revealing any content of the video to the cloud providers.To illustrate how the process is done in the ciphertext form, let us consider the following computation on a block of frame of the size of 8 × 8 pixels that has widely used in MPEG compression technique.In this case, let us consider the following 8 × 8 bar diagram and black-white frame as shown in Fig. 2: The bar diagram and black-white frame as shown in Fig. 3 are normally used to represent the brightness of each pixel in 8 × 8 block.Both of the diagrams can be represented as a matrix block .In order to compress the matrix block, the DCT formula will be implemented.To calculate the first element in the compressed block, we implement the formula as shown in equation 2. Since our = 8, and to find the first value of the compressed data at = 0, = 0, equation ( 2) can be expressed as As the formula involved a fraction , we have to restructure the equation using our approach as described above by converting the fraction into integer as follows: , where = 2.
In order to compress the block securely, each element ( , ) needs to be encrypted , ( , ) .All the encrypted data will be partially computed as follows: The result of this computation (0,0) needs to be decrypted before it is divided by 100: ( , ) (0,0) = (0,0) × 100.(14) In order to get the first element in plaintext form, we have to divide the result by 100: For other coefficient in the block, the similar way is applied to compress it using our proposed cryptosystem.

PERFORMANCE EVALUATION
The performance of our proposed scheme is evaluated in this section based on our experimental results and analysis.Application or experimental settings required by two distinct simulation software packages Matlab version 15a and OPNET version 14.5.A will be described first.The purpose of Matlab is for data computation, while OPNET is for simulating data transmission.Then, our experimental results and their analysis are presented, which provide meaningful evidence to support the conclusions provided at the end of this section.

APPLICATION SETTINGS
Cloud computing allows data to be outsourced to reduce the burden of data processing internally.Nevertheless, the security and privacy of the outsourced data cannot be scarified and need to be protected [27][28][29][30][31]. Furthermore, the efficiency of the implemented encryption scheme needs to be considered as transcoding process requiring excessive computation on the video data before the outsourcing demanding a huge processing resources of video contributor [32].Thus, to have a balance scheme in term of security and computation complexity, this sub-section describes the application settings for implementing the proposed scheme.
To process video data in its ciphertext form, the workflow of MCC is illustrated in Fig. 3.

PERFORMANCE EVALUATION
For performance evaluation, we have selected a scheme as in [23] to be compared with the proposed scheme.This scheme that we named as a Fully Homomorphic Encryption over Matrix (FHEM) form has better efficiency for its implementation as this scheme encrypts integer.The details of the FHEM scheme can be found in [25].The comparison results demonstrate the merit of our lightweight scheme in terms of its efficiency.

EXPERIMENTAL SETUP
In this sub-section, the delay of one round video transcoding process is measured and compared.The two schemes with various numbers of frames have been implemented.The parameter settings of the schemes are given in the next sub-section, while the results and discussions of the conducted experiments are given in Sub-section 7.2.3.

PARAMETERS SETTINGS
In our experiments, we use the parameter settings shown in Table 1.

RESULTS AND DISCUSSION
For experimental purposes, the results of the tests with respect to the various numbers of frames to be transcoded are illustrated in Table 2. Fig. 4 demonstrates the delay of one round video transcoding process on encrypted frames by the two schemes.The difference from the two lines shows that the delay introduced by our scheme gradually increases as the number of transcoded frames increases.However, for FHEM, its delay is over 50 times higher than our scheme and goes higher as the number of frames gets larger.For example, when the number of frames is 50000, the delay of the transcoding process by using our proposed scheme is below 0.1 hour, whereas the delay by FHEM is nearly 50 hours.Furthermore, when the number of frames increases to 400000, the delay caused by our scheme is still lower, which is around 4 hours, whereas FHEM takes longer than 400 hours.The main reason for the above differences is that FHEM involves the matrix multiplication of keys and data [25].Such computation incurs cubic complexity on each encrypted frame prior to frames processing and hence extra delays.

CONCLUSION
In this paper, we have proposed a new lightweight homomorphic encryption scheme to allow video transcoding to be leveraged securely and efficiently in the cloud environment.The security analysis has confirmed the security strength of the scheme.Further analysis of the proposed scheme has shown that it does not only secure the transcoding process in the cloud environment, but it has also improved the performance of the process as our scheme operates much faster than the most relevant existing works, thanks to its lower complexity in terms of computations.In addition, to allow the video data to be processed in an encrypted form without having any difficulties, we have proposed an approach for our scheme to deal with floating point numbers.This is essential as DCT formula consists of computation on floating point numbers.To the best of our knowledge, we are the first to offer an encryption scheme that enables encryption of floating point numbers, computation on encrypted floating point numbers and return the answer in the floating point numbers.Moreover, the scheme achieves good simplicity and high efficiency as it is designed on the basis of integers.These merits allow transcoding services provided by CSPs can be executed in a more efficient and secure manner.

ACKNOWLEDGEMENT
. The Figure shows the bit-stream structure that results from video compression algorithms.The 8x8 block values are coded by means of discrete cosine transform.

Figure 1 -
Figure 1 -MPEG Codecs video in a hierarchy of layers

Figure 2 -
Figure 2 -Bar diagram and Black-white frame

Figure 3 -
Figure 3 -The Proposed MCC Workflow As set out in Section 3, there are VC, DU and CS managed by its CSP with their responsibilities elaborated below: 1. VC: It is a Video Contributor company, which provides a video that requires to be transcoded in multiple formats as requested by its clients.With low computing resources and storage spaces, such a company needs to leverage the transcoding facilities provided by the cloud.

Figure 4 -
Figure 4 -Total execution time for one round of video data processing in the ciphertext form