Sie sind auf Seite 1von 6


JJInternational Corerence on System Sience and Engineering

A Secured Video Streaming System
Shin-Ho Liu, Han-Yen Yu, Jia-Yen Wu Jiann-Jone Chen
Electrical Engineering Department
Jun-Lin Liu and De-Hui Shiue
Information & Communications Research Labs.
National Taiwan University of Science and Technology
Taipei, Taiwan 10673
Industrial Technology Research Institute
Hsinchu, Taiwan 31040
{junlin,ryan64} {M9607321 ,d9607309,M9507327 ,jjchen}
Abstract-The Internet Protocol Television (IPTV) service
provides rich multimedia services over IP networks and is
considered as a potential killer application over the Internet.
The intellectual property management protocol (IPMP) system
becomes important in developing this network media applica
tions. In this paper, security function, media streaming service
system and the user terminal that adopted IPMP are seamlessly
integrated to provide a secured live media streaming service.
In addition, the peer-to-peer (P2P) network connecting method
between user terminals is also developed to provide a stable
P2P IPTV system. For one incoming peer, the IPTV system
would select a parent peer with low-delay and with better uplink
capability than the incoming peer. It would help to maintain a
stable media streaming framework. When one peer want to leave
the system, it has to look for each children peer and designate
a new parent peer according to above rules before updating the
parent peer parameter of current one. In addition, the system can
adjust the streaming bandwidth of media server to absorb the
dynamic network conditions. For security control, the Advanced
Encryption Standard (AES) encryption is adopted in our system,
in which the certifcate is encrypted with the regular updated Dig
ital Video Broadcasting-Common Scrambling Algorithm (DVB
CSA) keys to prevent possible attacks. Experiments show that
average bit rate and transmission delay can be maintained in
good performances even when most peers are with low uplink
Index Ters-IPTV, Media Streaming, Digital Right Manage
ment, IPMP Terminal
With the advance of multimedia codec technologies and
the high-speed network deployment, the live streaming ser
vice is considered as a potential killer application for the
Interet. Related applications include IPTV, video conference
and distant leaing etc. Among these Interet multimedia
applications, IP multicast is probably the most effcient way
to broadcast video bitstream, which can be justifed with the
recent deployment of increased bandwidth [I] [2]. In terms of
video bitstream delivery mechanism, the simple client-server
unicast has been improved to peer-to-peer (P2P) multicast, in
which the later provides much more fexible control platform
compared to the former. However, due to different transmis
sion and computation capability among connected peers, it
would induce bandwidth allocation, information security and
quality of service (QoS) problems. We proposed to maintain
a stable transmission backbone and integrate different codec,
transmission and security functions for the system to solve
these problems.
In P2P networks, users share legal media contents with each
other but it then evoked another intellectual property man
agement issues: the system has to guarantee legal video con
sumption. The digital rights management (DRM) is adopted
for the P2P multicast system to provide secured multimedia
transmission and to manage user priority. The DRM is not just
another form of copy protection, which can be circumvented
without modifying the fle or device, such as license, serial
numbers or decipher keys. In addition to provide secured
content delivery, the DRM has to act as a key generator, e.g.,
common scrambling algorithm (CSA) [3]. It then transmits a
cipher key to the media server to provide real-time encrypted
streaming with acceptable delay. The system has to reach a
best operation point between security and encryption delay.
The CSA is used to encrypt streaming of live meta-data in the
digital video broadcasting (DVB) system. The control words
are used to generate CSA keys, which are provided by a
conditional access mechanism that utilize the DRM encrypted
control messages embedded in the transport packet. The CSA
can be seen as the layering of two cryptographic primitives: a
64-bit block cipher and a stream cipher. Both ciphers employ
a common key; the stream cipher uses an additional 64-bit. A
new common key is usually published every 60 seconds.
In terms of media streaming, the proposed system adopted
the video compression codec, H.264 [4], to provide scalable
media streams. As compared to previous codecs, the H.264
standard was proposed to provide good video quality at
substantially lower bit rates, which allows users to develop
applications under heterogeneous network environments. The
media server can adjust the H.264 streaming bandwidth ac
cording to network conditions. Besides, it can also provide
privilege control for user access.
The rest of this paper is organized as follows. The network
model are reviewed in Section II. Section III describes the
implementation details of the proposed P2P-IPTV system. Sec
tion IV is the experimental study and performance evaluations.
Section V concludes this paper.
The P2P networking is composed of participants that share
a fraction of their resources (such as processing power, disk
storage, and network bandwidth) directly to their peers without
intermediary network hosts or servers. Peers act as both
suppliers and consumers of resources. The networking can
be scaled and the resource utilization can be leveraged by
978-1-4244-6474-61101$26.00 C 2010 IEEE - 625 - ICSSE 2010
?J1JInterational Corerence on System Sience and Engineering
Fig. 1: Purely Decentralized Architectures.
adopting the P2P network model. The media server design can
be found by many applications, like PPLive [5], PPStream [6],
CoolStreaming [7].
In the centralized server-client video streaming, the server
suffers heavy computational load and network traffc problems,
On the contrary, the P2P framework distributes computing and
traffc loading to connected peers which demonstrates high
scalable streaming control while keeping low server workload.
Different peer connection methods were developed according
to different application requirements. These methods can be
roughly categorized according to their extend of system cen
tralization: (1) purely decentralized; (2) partial centralized; and
(3) hybrid decentralized architecture [8].
A. P2P Network Model
In the purely decentralized model, the P2P overlay networks
are supposed to be totally decentralized. However, in practical
applications, the P2P system can be operated with diferent
extend of centralization.
Purely Decentrlized Mode All nodes in the network per
form exactly the same tasks, acting both as servers and clients,
and there is no central coordination of their activities. Peer
nodes of such networks are often referred to as "servents"
(SERVers+clieENTS). As shown in Fig. 1, a peer sends to
others a search request, which comprises a search string and
the TTL (Time To Live) restriction of the responding host.
The peer that responds to the query with IP address/TCP port,
network bandwidth, the number of matching fles found and
their indexed result set.
Partially Centrlized Mode The basis is the same as that
in the purely decentralized system. However, some powerful
nodes would act as the local index centers for fles shared by
local peers and is termed "super-nodes". The way in which
these super-nodes are assigned their role by the network would
be different under different network conditions. This partially
centralized mode does not suffer single point failure for a P2P
network, in that super-nodes are dynamically assigned which
demonstrate fexible control capability. Once a super-node
failed, the network will automatically take action to replace
them with others, as shown in Fig. 2.
Fig. 2: Partially Centralized Architectures.
Fig. 3: Hybrid Decentralized Architectures.
Hybrid Decentrlized Mode For this peer connection mode,
there is a central server facilitating the interaction between
peers by maintaining a peer meta-data list, describing the
shared fles stored by the peer nodes. Although the end-to-end
interaction and fle exchanges may take place directly between
two peer nodes, the central servers facilitate this interaction by
performing the lookups and identifying the nodes storing the
fles, as shown in Fig. 3.
B. P2P Streaming
The P2P network operation acts as a load balanced system
which overthrows the static computing mode as in the client
server approach. Each peer works as both a server and a client
simultaneously over the network. To deal with peer connection
and transmission, the system still has to handle registration,
fle storage, connection coordination, node communications,
load balance, relaying information and so on, to make multi
cast streaming over P2P framework feasible. The role of one
peer in the P2P network would vary dynamically according
to network conditions and peer control capability. Some peer
control schemes let all peers share the whole workload, while
some let powerful peers take heavy operations.
In a P2P network, all fles are shared among connected
online nodes. Each peer node has to sustain basic traffc load.
For media server, the P2P streaming network needs to transmit
- 626- IeSSE 2010
?JJInterational Corerence on System Sience and Engineering
the media bitstream in real-time and the end users need not to
reserve a large disk space to store the whole media bitstream.
There are several related researches about the P2P streaming
network. The streaming delivery can be roughly classifed into
two approaches, according to content distribution: (1) Tree
based framework [9] ; (2) Mesh-based framework [10] ;
Tree-based frmework is also known as a hierarchical net
work, in which the central node (root) is connected by one
or more other nodes that are one level lower in the hierarchy.
Each of the second level nodes connected to the root will also
be connected by nodes that are one level lower in the hierarchy.
Each node in the network has a specifc number, referred to
as the branching factor of the hierarchical tree.
Mesh-basedfrmework is the networked peer system which
connect to each other without priority, which are also called
viral communicators. It is a highly distributed network model
which uses special routing technologies, which provide more
fexible control of peer connection but also suffer complex
C Securit
Security issues in a streaming delivery system include:
(1) content confdentiality; (2) content integrity; (3) content
availability; (4) user authentication and (5) DRM. Most key
distribution schemes are carried out by a media-independent
approach, i.e., the key generation is triggered by time or an
event, which is independent of the media content. However,
these control schemes cannot meet the secutiry requirement of
P2P streaming because: (1) users in the P2P network may view
different content/frames at the same time and; (2) the overhead
of updating keys is too high. To solve these problems, the
media-dependent approach is adopted, i.e., keys are bundled
with media content packets. Specifcally, we use two types of
keys, session keys and cluster keys. Generating session keys
is time-driven while generating cluster keys is event-driven.
Compared to the media-independent approach, the media
dependent one can signifcantly reduce the communication
overhead for key updating keys, and improve security by
imposing rules for embedding keys in media packets.
The proposed IPTV system is developed based on the Visual
Studio platform [11] and the VideoLAN framework [12].
The P2P-IPTV system comprises three main components:
(1) media server; (2) DRM server and; (3) IPMP Terminal.
The overall framework is demonstrated in Fig. 4. For the
P2P network model, we adopted the centralized P2P model
at current stage for easy control. The tasks operated by
DRM server comprise: user login and authentifcation, media
codec and license check, and supervising the P2P network
connections. The media server captures the real-time video
and then compresses the time-domain video into bitstreams.
The license provided by DRM is used to perform content
encryption and deliver the cipher-text to user. The IPMP
terminal provides a login interface. After identifying user by
DRM authentifcation, the DRM transfer the information of
Live Streaming Server
Media (
Distributon content laYbaCk
reqUiremenj '______ .. reqUirement
Encryption Encrypted
key bitstream
8Q ,

I Login
Fig. 4. The framework of proposed P2P IPTV.
certifcate, video codec, connection policy back to the IPMP
terminal, which then can begin to receive and decode the
media streams. When one peer joined the P2P network, it
would received media packets from its parent peer and also
provide these received packets for possible children peer.
A. Media Server
The media server framework is shown in Fig. 5. The video
signal source can be from live TV tuner, webcam or media
stream fles, which would be captured by the VideoLAN
development tool. The captured video signal is compressed
by H.264 coder, whose compressed bitstreams are encrypted
by the cipher key provided by DRM. The capture service unit
acquires images from the input video with RGB24 format.
The DRM control unit deals with the message transfer with
the DRM server. The handshake between DRM server and
streaming server can be described with the following steps:
(1) When the streaming server is invoked, it will register to
inform the DRM server for live streaming; (2) The DRM
server transfers back the deciphering key and requests the peer
connection information of the streaming server to enable the
P2P streaming; (3) When one new peer requests connection
from the streaming server, the DRM server will inform the
streaming server that the new peer is legal and the streaming
server can start to stream to the new peer.
B. DRM and IPMP Terinal
The DRM server plays a critical role in the P2P-IPTV
system. As shown in Fig. 6. The framework records the core
data elements of the DRM for user, digital media and digital
right. It will protect the media from illegal copy, transfer
or conversion to other format. All communication data are
encrypted by 128-bit AES.
The login service unit deals with the communication be
tween the streaming server and the client peer. When the
streaming server started, it has to inform the DRM server
to begin media streaming. After the DRM server transferred
the ciphering key for content encryption, it can start to build
the P2P-IPTV system by this media streaming server. The
- 627- IeSSE 2010
?J1JInterational Corerence on System Sience and Engineering
Content Provider Interface
@ 3
Fig. b. The framework of media streaming server.
Clients &
Media Server
Fig. b. The framework of DRM server.
accreditation unit generates and manages the ciphering key
for streaming encryption. It generates the cipher key for the
media server or the client peers according to the instruction of
login service unit. The peer management unit deals with the
inter-connection and maintains the peer list P = {pi}. When
a new peer fnished the login procedure and got its license,
the peer list would be updated to the latest status. The tool
management unit manages decoder tools. The default tools
for a client peer are basic codec and would be updated when
The framework of IPMP terminal is shown in Fig. 7. The
Display Thread deals with the bitstream deciphering, decoding
and display. The user interface handles user login/logout.
It also setups the upload bandwidth, decoding parameters,
and output image size for the client peer. The DRM control
unit manages the communication between DRM server and
the client peer. The media player decodes and plays media
according to the license contents, which comprise: decoding
parameters, image resolution and access level.
Fig. /. The framework of IPMP terminal.
Parent of Pi
Fig. b. The joining procedure of a new peer.
C P2P Peer Management
The P2P-IPTV system adopts the centralized P2P network
model for effcient control. The DRM server handles the
message exchange between peers. It also manages the peer
status and maintains a peer list. For peer connection control,
we proposed to provide the maximum average frame rate for
all system peers. To fnd a good parent peer for the new peer to
connect, peers are categorized into diferent levels according
to their estimated upload bandwidth. The peer list P is stored
in DRM server. When one new peer joined the system and
received the cipher key, it would report its information to the
peer management unit, which will assign the connection point
for the new one. The P will add this new peer to the list when
fnished connection. The DRM server explicitly controls the
peer connection legal under the centralized P2P framework.
The pros and cons of this approach are high peer connection
effciency and high system loading, respectively. In addition,
the system scalability is confned by DRM server under
centralized P2P-IPTV framework. The joining procedure of a
new peer is shown in Fig. 8. The new peer was frst registered
to the peer management unit and the peer management unit
fnd a parent peer from the system for this new one. It also
notifed the new peer to connect to the designated parent. After
fnishing the peer connection procedure, the peer management
updates the peer list for the system.
- 628- IeSSE 2010
?J1JInternational Corerence on System Sience and Engineering
Fig. J. The GUI of an IPMP terminal.
To verify the streaming effciency, a practical P2P-IPTV
system has been implemented to justify the operation efec
tiveness. Several computers are designed to act as the client
peer nodes to playback live TV streaming. Each computer is
assigned a public IP address. The DRM server is designed to
supervise the peer communications, maintain the P2P-IPTV
system and handle peer login. The media server captures
the live TV signal and then encodes it by H.264 coder
whose bitstream is then encrypted before transmission. The
bandwidth of video bitstream is set to 256 kbps with 640x480
image resolution and additional 32kbps is allocated for the
audio signal.
A. IPT Opertion
After identify the user, the DRM server transmits certifca
tion, license and connection port for the client peer, as shown
in Fig. 9. This client peer then connect to its parent node
according to the connection information provided by DRM
server. The GUI of media server is shown in Fig. 10. This
GUI allows users to change the frame size and the encoded bit
rate dynamically when streaming. The frame rate and quality
for the streaming video are displayed on the GUI. The DRM
interface is shown in Fig. 11. The right sub-window shows
the parameters such that the system operation status can be
known by the operator. The right sub-window demonstrates
that there are two on-line users at this moment.
B. Peiorance Evaluation
The most distinguished feature of the proposed system
framework is that it can maintain stable network transmis
sion for the multicast tree when the uploading bandwidth of
most active peers were insuffcient. For the practical ADSL
communication environment, the upload bandwidth is much
smaller than the download one. The administrator can adjust
the bit-rate dynamically according to the number of on-line
users or the network condition.
Live Sta SeNer


Video BIt-rate (kb/s)
AudloBlt-rate(kb/s) StStea |
Li rv Sta
\ideo Blt-fdte(kb/s)
Audio Blt-rate(kb/s)
CoTtm TnkerSerer ...
Resolution 1640) 480 v .
St Stea I
Fig. 10: The interface of the media server.
Login user
Tlk &rrRw
User number
System Message
free peer ,peer port:1234,peer ip:
Incoming peer, peer ip: number:l,peer port90
free peer ,peer portl234.peer ip:
Incoming peer, peer ip:140.11B.I07.224child numbe1 ,peer pert:123
Free Peer
free peer ,peer port1234,peer ip:140.11B.I07.224
Incoming peer, peer ip: number:I ,peer portl23
Free Peer
Client Connecte
Client Connected
Starting Track Serer
Fig. 11: The implementation of DRM server.
The image quality in PSNRs for diferent videos under
different bit rates are provided in Fig. 12. As shown, the
PSNRs become stable when the bit rates are larger than
64kbps. For medium and high motion videos, Foorball and
News, it demonstrated smooth visual quality for bit rate larger
than 64 kbps. For the low motion video, Akiyo, the required
bandwidth can be smaller to yield smooth visual quality.
Fig. 13 shows the received bitrate for client peers at level
4, 8, 12, and 20. As shown, the real-time video streaming
can maintain the stable bitrates at diferent levels. Because
the transmission tree is constructed to maximize the backbone
transmission rate, it can aford to accommodate overloading
The goal of this paper is to design a P2P-IPTV system that
can effectively adjust the streaming rates according to available
bandwidth, device computing capability and user priority to
provide universal media access platform. It integrated the
H.264 codec to provide spatial and quality scalable bitstreams.
The encryption function is also integrated to protect the
media content from illegal usage. Contributions of this paper
comprise: (1) Construct a UMA media server that provides
- 629- IeSSE 2010
?J1JInternational Corerence on System Sience and Engineering
Bit rate (Kbps) set at the encoder
Fig. 12: The image PSNRs for different videos at the
(a)n = 4
(c)n = 12
(b)n = 8
0 < .0 6 0 10 12
(d)n = 20
Fig. 13: The received bit rates of peers at different levels:
n = 4,8, 12,and20.
the function of encode once and decoded by many, which
effectively reduces heavy CPU loading and memory usage.
The most effcient H.264 video codec is adopted to provide
spatial, quality and temporal scalable control for multicast
streaming; (2) The encryption procedure is embedded into
the media server to provide real-time encrypted bitstreams,
on which different update strategy can be imposed for robust
security control; (3) A peer connection method is proposed for
the centralized P2P model to provide stable streaming quality
and low delay video perception. The DRM server is used to
manage the inter-peer connection control. The decipher key
and decoding parameters are stored in the license to provide
security and scalable control for media consumption. Future
researches comprise: multi-channel streaming, large scale P2P
streaming control.
This work is partially supported by National Science Coun
cil R.O.C. with grants: NSC 98-2221-E-011-134 and NSC 98-
2218-E-Oll-017 and by ICLIITRI under grant 9352BR2100.
[I] Live Streaming Continues Momentum With March Madness.
[2] The Numbers Are In, Live Video Online Is Blowing Up.
[3] R.-P. Weinmann, and K. W, "Analysis of the DVB Common Scram
bling Algorithm," in Proc. IFP sec2005 pp. 195-207, Boston: Springer.
[4] ITU-T Rec. H.264 I ISOIIEC 11496-10, "Advance video coding," Final
Committee Draft, Document JVT-G050, March 2003.
[5] S. Xie, B. Li, G. Y Keung, and X. Zhang, "Coo1streaming: design,
theory, and practice," IEEE Transactions on Multimedia, May 2007.
[6] w Liang, J. Bi,R. WU,Z. Li, and C. Li, "On characterizing PPSteam:
measurement and analysis of P2P IPV under large-scale broadcasting,"
Global Telecommunications Conference, 2009.
[7] X. Zhang, J. Liu, B. Li, and T. S. P. Yum, "CoolsteamingIDONet: a
data-driven overlay network for peer-to-peer live media steaming," in
Proc. IEEE INFO COM, Mar. 2005.
[8] B. Pourebrabimi, K. Bertels, and S. Vassiliadis, "A survey of peer-to
peer networks," in Proc. Annual Workhop on Circuits, 2005.
[9] S. Banerjee, B. Bhattachatee, and C. Kommareddy, "Scalable appli
cation layer multicast," in Procs. Con! Applications, Tech., Architect.,
Protocols for Computer Commun., pp. 205-217, 2002.
[10] Y H. Chu, S. G. Rao, and H. Zhang, "Case for end system multicast,"
in Proc. ACM SIGMETRICS Int. Con! Measurement & Modeling of
Computer Systems, pp. 1-12, 2000.
[II] Microsoft Visual Studio.
[12] VLC media player.
- 630- IeSSE 2010