A technical thread that I’ve been working on for a number of years is media security for scalable media. As part of this I have been developing a media security standard for JPEG-2000 images called JPSEC. This is an international team effort as JPSEC was developed by technologists from around the world.
This week I’ve been attending the JPEG/MPEG international standardization meeting in San Jose, California. It’s been a long process, and at this meeting we just received the notice of publication for JPSEC!!! This means that the standard is finalized and you will soon be able to get the JPSEC specification from the ISO the same way that you get the JPEG and MPEG coding specifications.
In this post, I provide an introduction to JPSEC with some background and motivation. I’ll dive into more details in future posts.
JPSEC security tools
JPSEC is Part 8 of the JPEG 2000 family of standards. JPSEC specifies ways of applying security to JPEG-2000 coded images. The three types of security tools specified included in the normative part of the standard are: confidentiality, authentication, and integrity. While these are very standard security tools that are commonly used in many applications, the thing that is different in JPSEC is how these tools are applied to media. Specifically, JPSEC applies security tools to JPEG-2000 images in a media-aware way.
The traditional way to apply security to media would be treat the media data like any other data file and secure the entire file in a media-unaware way. If a security tool such as encryption is applied in a media-unaware way, then any structure in the media data would be lost.
However, some structure in the media data can be quite useful. For example, scalable coding methods code images into a bitstream that has a structure that makes it easy to access to a low-resolution version of the image, without requiring one to decode or transcode the entire bitstream. If this image data is encrypted for confidentiality in a media-unaware way, then the ability to extract the low-resolution version would be lost, or it would require you to decrypt and then extract the low-resolution data. However, once the image is decrypted, it is no longer secure.
On the other hand, if media-aware security tools are used, then security can be applied in a way that preserves the useful structure in the media. JPSEC recognizes the fact that media data actually has some useful structure to it, so it specifies how to apply security tools to JPEG-2000 images in a media-aware way.
Scalable coding of media: The structure of JPEG-2000 image data
JPEG-2000 has a particularly useful structure because it was designed to be “scalable”. While people often talk about the compression performance of JPEG-2000 vs. JPEG and other image coding methods. I think one of the biggest advantages of JPEG-2000 is its built-in scalability.
Scalable coding methods code media (images, video, or audio) in a manner that makes it easy to extract and decode different versions of it. For example, a scalably coded image can easily be decoded in high or low resolution. Decoding the image in high resolution involves decoding the entire bitstream. Decoding the image in low resolution simply involves extracting and decoding the low-resolution segments of the coded media data.
JPEG-2000 is a scalable image coding method. JPEG-2000 was designed in a way that makes it very easy to extract and decode a resolution, a tile, a color component, or a quality layer of the coded image. This can be done by simply scanning the bitstream, identifying and extracting the desired segments of the bitstream, and decoding those segments. This ability of transcoding to a lower resolution or quality level by simply grabbing portions of the image can be very useful for many applications.
Example application for scalable images
Let’s say a server stores a very large, high-resolution image and a client with a smaller display would like to look at and virtually navigate around this image. Because the client’s display resolution is much smaller than the original image resolution and because the bandwidth between the client and server may be limited, the options are to serve the client a small portion of the image in full resolution or the entire image in low resolution. In order to do this, the server would have to extract a portion of the image or extract a low resolution version of the image.
This can be achieved in different ways. If regular image coding is used, then the server would have to decode, process (select an area or downsample the image), and encode the image or transcode it accordingly. On the other hand, if scalable image coding is used, then it is very easy to extract portions of the image in different resolutions. Transcoding to lower resolutions or smaller tiles simply involves extracting the appropriate set of coded data. This requires very little computation, so it allows the server to support simultaneous image streaming sessions for many clients.
Adding security to media
A question that arises is what happens if end-to-end security is required for the application? For example, what if the application requires the image to be encrypted at the source and decrypted only by people who are allowed access? If this is required, then when the media data is transported between the sender and receiver, it must remain encrypted at all times, including when it is stored on the server.
When the media data is encrypted, what happens to the nice property of being able to adaptively stream portions of the high-resolution original image to lower-resolution clients? If the media is encrypted in a media-unaware way, then this property is lost, or the only way to do adaptively stream is by decrypting the image, but this breaks the end-to-end security of the system.
On the other hand, if media-aware security is used, then the security tools can be applied to the media data in a media-aware way in order to preserve the structure of the protected media and allow the server to adaptively stream portions of the protected media data.
JPSEC media-aware security tools
JPSEC was designed to provide media-aware security tools for JPEG-2000 images. It recognizes the structure of the JPEG-2000 image data, and it secures the media data within that structure. Specifically, it recognizes where the media data is located and which parts of the data correspond to which image components (tile, resolution, quality layer, color component, or image subband). It then allows security tools to be applied to subsets of the image data, and specifies the signaling data that must be included in the protected bitstream to allow the protected subsets of data to be extracted. In other words, JPSEC simultaneously allows mid-network transcoding and end-to-end security!
I hope this provides an introduction to JPSEC along with some background and motivation. I’ll dive into more details in future posts! I’ll be evolving this into a publication, so please let me know if you have any comments on the description or the text.
What do you think about JPSEC?
Any questions or comments?
Tags: JPSEC, JPEG 2000, scalable coding, security, image security, media security, media-aware security, media-unaware security, end-to-end security, transcoding, media adaptation, secure transcoding, HP
Please feel free to include a URL in your comments.