measuring performance overhead of trans encrypting http
play

Measuring Performance Overhead of Trans-encrypting HTTP Adaptive - PowerPoint PPT Presentation

Nov 06, 2023 •207 likes •567 views

Measuring Performance Overhead of Trans-encrypting HTTP Adaptive Streaming Abe Wiersma BSc. July 4, 2017 University of Amsterdam TNO Media-lab Introduction Problem Major leaks of blockbuster titles. 1 Introduction Problem Major leaks of

  1. Measuring Performance Overhead of Trans-encrypting HTTP Adaptive Streaming Abe Wiersma BSc. July 4, 2017 University of Amsterdam TNO Media-lab

  2. Introduction Problem Major leaks of blockbuster titles. 1

  3. Introduction Problem Major leaks of blockbuster titles. 2

  4. Introduction Problem Major leaks of blockbuster titles. • Push to better secure DRM pipeline. 3

  5. Introduction Problem Major leaks of blockbuster titles. • Push to better secure DRM pipeline. Solution Testing trans-encryption as an alternate form of encryption for the DRM pipeline. 3

  6. Research question • What is the performance overhead of doing a trans-encryption step for HTTP Adaptive Streaming. • How can available hardware efficiently be used to trans-encrypt content. 4

  7. Background

  8. HTTP Adaptive streaming • Segment(ed/able) video. • Manifest • Four flavours: • Microsoft HTTP Smooth Streaming (HSS) • Adobe HTTP Dynamic Streaming (HDS) • Apple HTTP Live Streaming (HLS) • MPEG Dynamic Adaptive Streaming over HTTP (DASH) • Traditional HTTP client/server architecture. 5

  9. HTTP Adaptive streaming Server Diagram showing simplified content preparation for HTTP Adaptive Streaming. 6

  10. HTTP Adaptive streaming Client Available Bandwidth Network Congestion High bitrate Medium bitrate Low bitrate time Diagram showing simplified adaptive algorithm for HTTP Adaptive Streaming. 7

  11. Digital Rights Management Components 1. Common Encryption Scheme (CENC) • AES-128 Cipher Block Chaining (CBC) • AES-128 Counter (CTR) 8

  12. Digital Rights Management Components 1. Common Encryption Scheme (CENC) • AES-128 Cipher Block Chaining (CBC) • AES-128 Counter (CTR) 2. Browser 8

  13. Digital Rights Management Components 1. Common Encryption Scheme (CENC) • AES-128 Cipher Block Chaining (CBC) • AES-128 Counter (CTR) 2. Browser 3. DRM Systems & License Servers • Google Widevine • Microsoft Playready • Apple Fairplay • Adobe Primetime • Others (OSS also) 8

  14. Digital Rights Management Intermission 1. Common Encryption Scheme (CENC) • AES-128 Cipher Block Chaining (CBC) • AES-128 Counter (CTR) 2. Browser 3. DRM Systems & License Servers • Google Widevine • Microsoft Playready • Apple Fairplay • Adobe Primetime • Other (OSS also) 9

  15. Digital Rights Management Components 1. Common Encryption Scheme (CENC) • AES-128 Cipher Block Chaining (CBC) • AES-128 Counter (CTR) 2. Browser 3. DRM Systems & License Servers • Google Widevine • Microsoft Playready • Apple Fairplay • Adobe Primetime • Others 4. Encrypted Media Extensions (EME) 10

  16. Digital Rights Management Components 1. Common Encryption Scheme (CENC) • AES-128 Cipher Block Chaining (CBC) • AES-128 Counter (CTR) 2. Browser 3. DRM Systems & License Servers • Google Widevine • Microsoft Playready • Apple Fairplay • Adobe Primetime • Others 4. Encrypted Media Extensions (EME) 5. Content Decryption Module (CDM) 10

  17. Approach

  18. Split-key cryptosystem Theory 11

  19. Split-key cryptosystem Theory Trans-encryption 1 • RSA • One time path • LFSR stream cipher • ElGamal • Damgard-Jurik 1 As per patent: Secure distribution of content. 12

  20. Split-key cryptosystem Theory Trans-encryption 2 • RSA - Widely standardized. • One time path - Keysize increases with 100% keysize per trans-encryption. • LFSR stream cipher - A number of insecure applications.. • ElGamal - Similar performance, hangs on discrete log, less standardized. • Damgard-Jurik - No notable implementations. 2 As per patent: Secure distribution of content. 13

  21. Split-key cryptosystem RSA E ( X ) = X e (mod n ) D ( X ) = X d (mod n ) 14

  22. Split-key cryptosystem Implementation RSA • Generate Pair 1 (Public & Private) • Create Pair 2 (same mod) and Combined pair (Pair 1 × Pair 2) • Encrypt (Pair 1/Combined) • Trans-encrypt (Encryption/Decryption 1) • Client-decrypt (Decryption combined/Decryption 2) 15

  23. Split-key cryptosystem Implementation RSA-2048 • openssl genrsa • C rsa create combined • Python encrypt.py + C rsa encrypt • C rsa trans / rsa trans dec • C rsa client decrypt 16

  24. HTTP server Japronto? Requirements • Low overhead • Simple • Fast • Free? (Opensourced) Solution Japronto 17

  25. HTTP server Japronto! 18 A graph by the author squeaky-pl showing the performance of japronto.

  26. Experimental Set-up A diagram showing the experimental set-up. 19

  27. Results

  28. Results Throughput for HTTP Adaptive Segments 1000MB/s Passthrough MB/s AES re-encryption MB/s RSA trans-encryption (encryption) MB/s RSA trans-encryption (decryption) MB/s 1Gbit/s - Link Speed 100MB/s (111.47) (75.04) (log scale higher is better) Mean throughput MB/s (33.69) (27.76) (24.51) (21.73) (14.5) 10MB/s (8.83) Required throughput for H.264 1080p streams (1.04) 1MB/s (0.65) (0.35) (0.17) 20 0MB/s 1 10 100 1000 concurrent connections

  29. Conclusion

  30. Conclusion Conclusion Server-side trans-encryption with the public exponent is possible Drawback Client-side decryption will prove tough on the performance 21

  31. Future work

  32. Future work Future work Possibly implement a decrypting client. 22

  33. Questions? 22

  34. 23 A graph showing factorization efforts. 3

Recommend

File System Performance File System Performance Memory mapped files - Avoid system call overhead

File System Performance File System Performance Memory mapped files - Avoid system call overhead

CS510 Operating System Foundations Jonathan Walpole File System Performance File System Performance Memory mapped files - Avoid system call overhead Buffer cache - Avoid disk I/O overhead Careful data placement on disk - Avoid seek overhead

742 views • 61 slides
#23040 Sackum Overhead Bridge Replacement Ministry of Transportation & Infrastructure

#23040 Sackum Overhead Bridge Replacement Ministry of Transportation & Infrastructure

#23040 Sackum Overhead Bridge Replacement Ministry of Transportation & Infrastructure January 19, 2018 Sackum Overhead No. 01491 Originally built in 1958 Located along the Trans-Canada Hwy 1, 13 kms south of Spences Bridge, BC

182 views • 3 slides
Advanced OpenMP Lecture 8: Performance tuning Sources of overhead There are 6 main causes of

Advanced OpenMP Lecture 8: Performance tuning Sources of overhead There are 6 main causes of

Advanced OpenMP Lecture 8: Performance tuning Sources of overhead There are 6 main causes of poor performance in shared memory parallel programs: sequential code communication load imbalance synchronisation hardware

489 views • 25 slides
Introduction to OpenMP Lecture 9: Performance tuning Sources of overhead There are 6 main

Introduction to OpenMP Lecture 9: Performance tuning Sources of overhead There are 6 main

Introduction to OpenMP Lecture 9: Performance tuning Sources of overhead There are 6 main causes of poor performance in shared memory parallel programs: sequential code communication load imbalance synchronisation hardware

955 views • 26 slides
Introduction to OpenMP Lecture 9: Performance tuning Sources of overhead There are 6 main

Introduction to OpenMP Lecture 9: Performance tuning Sources of overhead There are 6 main

Introduction to OpenMP Lecture 9: Performance tuning Sources of overhead There are 6 main causes of poor performance in shared memory parallel programs: sequential code communication load imbalance synchronisation

642 views • 26 slides
NVMe-over-Fabrics Performance Characterization and the Path to Low-Overhead Flash Disaggregation

NVMe-over-Fabrics Performance Characterization and the Path to Low-Overhead Flash Disaggregation

NVMe-over-Fabrics Performance Characterization and the Path to Low-Overhead Flash Disaggregation Zvika Guz, Harry Li, Anahita Shayesteh, and Vijay Balakrishnan Memory Solution Lab Samsung Semiconductor Inc. 1 Synopsis Performance

224 views • 21 slides
Key Performance I ndicators in Measuring PAI s & PLO Performance For Electrical Engineering

Key Performance I ndicators in Measuring PAI s & PLO Performance For Electrical Engineering

Key Performance I ndicators in Measuring PAI s & PLO Performance For Electrical Engineering Department Curriculum of Malaysian Polytechnics (The he role o of KPIs Is to assess a and improve the he Ou Outcomes-based E Educati tion)

741 views • 47 slides
Roadmap for Section 8.3 Encrypting File System (EFS) Terminology EFS Operation Data Encryption

Roadmap for Section 8.3 Encrypting File System (EFS) Terminology EFS Operation Data Encryption

Unit OS8: File System 8.3. Encrypting File System Security in Windows Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 8.3 Encrypting File System (EFS) Terminology EFS

250 views • 12 slides
Measuring and Modeling Trans-Boarder Patent Rewards Overview Misplaced Emphasis on Developing

Measuring and Modeling Trans-Boarder Patent Rewards Overview Misplaced Emphasis on Developing

Measuring and Modeling Trans-Boarder Patent Rewards Overview Misplaced Emphasis on Developing Country Standards Weaknesses of Developing Country Patent Rewards Advantages of Looking to US and Other Strong Economies Analyses in this Study

611 views • 23 slides
OVERHEAD OF A DECENTRALIZED GOSSIP ALGORITHM ON THE PERFORMANCE OF HPC APPLICATIONS ELY

OVERHEAD OF A DECENTRALIZED GOSSIP ALGORITHM ON THE PERFORMANCE OF HPC APPLICATIONS ELY

The Hebrew University of Jerusalem Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group OVERHEAD OF A DECENTRALIZED GOSSIP ALGORITHM ON THE PERFORMANCE OF HPC APPLICATIONS ELY LEVY, AMNON BARAK, AMNON

202 views • 17 slides
Encrypting/Decrypting, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman,

Encrypting/Decrypting, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman,

Encrypting/Decrypting, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 14, 2013 Announcements / Goals For

459 views • 9 slides
Measuring and Evaluating Computer System Performance CSE 141, S2'06 Jeff Brown Performance

Measuring and Evaluating Computer System Performance CSE 141, S2'06 Jeff Brown Performance

Measuring and Evaluating Computer System Performance CSE 141, S2'06 Jeff Brown Performance Marches On ... But what is performance ? CSE 141, S2'06 Jeff Brown The bottom line: Performance Time to Throughput Car Speed Passengers Bay

274 views • 23 slides
Measuring Performance: Chapter 4! Or My computer is faster than your computer with thanks to

Measuring Performance: Chapter 4! Or My computer is faster than your computer with thanks to

Measuring Performance: Chapter 4! Or My computer is faster than your computer with thanks to Larry Carter, UCSD 1 Performance Marches On ... 1200 DEC Alpha 21264/600 1100 1000 900 800 700 Performance 600 500 DEC Alpha 5/500 400

728 views • 29 slides
CS533 benchmark v. trans. To subject (a system) to a series of tests Modeling and Performance In

CS533 benchmark v. trans. To subject (a system) to a series of tests Modeling and Performance In

Types of Workloads CS533 benchmark v. trans. To subject (a system) to a series of tests Modeling and Performance In order to obtain prearranged results not available on Competitive systems. S. Kelly-Bootle, The Devils DP Dictionary

308 views • 4 slides
How to Get Good Performance by Using OpenMP ! ! Loop optimizations ! ! Measuring OpenMP

How to Get Good Performance by Using OpenMP ! ! Loop optimizations ! ! Measuring OpenMP

Agenda ! How to Get Good Performance by Using OpenMP ! ! Loop optimizations ! ! Measuring OpenMP performance ! ! Best practices ! ! Task parallelism !! !" #" Memory access patterns ! Correctness versus performance ! It

166 views • 14 slides
Information Hiding in Email Services Based on Confused Document Encrypting Schemes Author

Information Hiding in Email Services Based on Confused Document Encrypting Schemes Author

Information Hiding in Email Services Based on Confused Document Encrypting Schemes Author Wei-Shyun Pan Po-Kang Chen Quincy Wu Outline Introduction Related works A Confused Document Encrypting Schemes and its

514 views • 33 slides
Performance measures Nicolas Papageorgiou AQF-2005 Measuring hedge fund performance What

Performance measures Nicolas Papageorgiou AQF-2005 Measuring hedge fund performance What

Performance measures Nicolas Papageorgiou AQF-2005 Measuring hedge fund performance What is the best method? Risk adjusted performance measures Multi-factor models Peer group factors Return based factor Asset based

416 views • 24 slides
Measuring and Understanding IPTV Networks Colin Perkins http://csperkins.org/ Martin Ellis

Measuring and Understanding IPTV Networks Colin Perkins http://csperkins.org/ Martin Ellis

Measuring and Understanding IPTV Networks Colin Perkins http://csperkins.org/ Martin Ellis http://www.dcs.gla.ac.uk/~ellis/ Talk Outline Research goals Measuring and monitoring IPTV systems Measurement architecture and initial data

520 views • 27 slides
Measuring Performance November 17, 2008 Measuring Performance Introduction CPU Peformance and

Measuring Performance November 17, 2008 Measuring Performance Introduction CPU Peformance and

Introduction CPU Peformance and Its Factors Evaluating Performance Measuring Performance November 17, 2008 Measuring Performance Introduction CPU Peformance and Its Factors Evaluating Performance Outline 1 Introduction 2 CPU Peformance and

988 views • 65 slides
Measuring Social Performance in LAC Micol Pistelli, Director of Social Performance, MIX December

Measuring Social Performance in LAC Micol Pistelli, Director of Social Performance, MIX December

Microfinance Information Exchange Measuring Social Performance in LAC Micol Pistelli, Director of Social Performance, MIX December 2012 The Premier Source for Microfinance Data and Analysis This presentation is the proprietary and/or

790 views • 6 slides
CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System

CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System

CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System Performance Memory mapped files - Avoid system call overhead Buffer cache - Avoid disk I/O overhead Careful data placement on disk - Avoid seek

998 views • 61 slides
Building The Trans-ASEAN Gas Pipeline (TAGP) project envisages the creation of a trans-national

Building The Trans-ASEAN Gas Pipeline (TAGP) project envisages the creation of a trans-national

Asia Pacific Review Trans-Asian pipe Building The Trans-ASEAN Gas Pipeline (TAGP) project envisages the creation of a trans-national pipeline network linking ASEANs major gas production and utilisation centres. Once realised the TAGP will

490 views • 5 slides
Normalized Cut Method for Image Segmentation J. Shi and J. Malik, IEEE Trans. Pattern Analysis

Normalized Cut Method for Image Segmentation J. Shi and J. Malik, IEEE Trans. Pattern Analysis

Normalized Cut Method for Image Segmentation J. Shi and J. Malik, IEEE Trans. Pattern Analysis and Machine Intelligence 22 (8), 1997 Divisive (aka splitting, partitioning) method Graph-theoretic criterion for measuring goodness of an

358 views • 12 slides
Cross-Coupling Reactions of Organoboranes: p g g An Easy Way for Carbon-Carbon Bonding y y g

Cross-Coupling Reactions of Organoboranes: p g g An Easy Way for Carbon-Carbon Bonding y y g

N-1 Nobel Lecture, December 8, 2010 Cross-Coupling Reactions of Organoboranes: p g g An Easy Way for Carbon-Carbon Bonding y y g Akira Suzuki S N-2 Conjugated Alkadienes R' R' R' R R R R R' R R trans trans trans-trans trans

727 views • 25 slides

More recommend