1

Cryptanalysis of Some Multimedia Encryption

Schemes
ofthemultimediadata.Withouttheknowledgeofthe
G. Jakimoski and K. P. Subbalakshmi
encrypteddata,theadversarywillnotbeabletorecover
theoriginaldata(e.g., imageorvideo). Sincetraditional
schemescanbeusedforencryption,theissuesrelatedtose-

lectiveencryptionaremoresignalprocessingthancryptog-
Abstract | Encryption is one of the fundamental technolo- vide faster encryption by encrypting only a small portion
whoseencryptionwillguaranteethattheadversarycan-
gies that is used in digital rights management. Unlike ordi-

notrecoverusefulinformationabouttheoriginalimageor
nary computer applications, multimedia applications gener- video.

ate large amounts of data that has to be processed in real

Inthesecondapproach,entropycodingthatprovidesen-
cryption, theentropycoderhastwofunctionalities: com-
time. So, a number of encryption schemes for multimedia
pression and encryption. The goal is to improve the ef-
applications have been proposed in recent years.

We analyze the following proposed methods for multime-

thedatainaxedandpublicmanner,theentropycoders
dia encryption: key-based multiple Human tables (MHT),
thatprovideencryptionusesecretkeystoencodethedata.
arithmetic coding with key-based interval splitting (KSAC)
Theadversaryshouldnotbeabletodecodethedatawith-
and randomized arithmetic coding (RAC). Our analysis information that will be encrypted, i.e., the information
We analyzeshows
the security and the eciency of MHT
that MHT and KSAC are vulnerable to low complex-
(MultipleHumanTables),KSAC(ArithmeticCoding
ity known- and/or chosen-plaintext attacks. Although we
withKey-basedintervalSplitting)andRAC(Randomized
do not provide any attacks on RAC, we point out some dis-
ArithmeticCoding).Theseencryptionschemesfollowthe
advantages of RAC over the classical compress-then-encrypt

secondapproach.Thatis,thecompressionandencryption
approach.

ofthedataisdoneinasinglestep.TheencryptioninMHT
Keywords | multimedia encryption, cryptanalysis, multi-
[30]isachievedbyusingdierentHumantablesfordier-
ple Human tables, arithmetic coding, key-based interval
entinputsymbols.Thetablesaswellastheorderinwhich
splitting, randomized arithmetic coding
theyareappliedarekeptsecret.KSAC[31]isdesignedto

ciency by doing both compression and encryption in a

I. Introduction single step. While the traditional entropy coders encode

In the last decades, we have witnessed a rapid growth of

networking technologies that provide larger bandwidth and

computer technologies that provide greater computational

plaintextattacksonMHTarepresentedinSectionIII.The

power to the end users. The ease of processing, distribut-

securityandeciencyofKSACandRACarediscussedin

ing and storing data on the Internet gave rise to many

digital multimedia applications and services. However, the

existing wired and wireless IP networks are open networks,

and the data transmitted over these networks can be eas-

ily copied or modied. So, we have also witnessed the

emergence of digital rights management as an important

research area for multimedia applications [1]. The goals of

the digital rights management technologies include protec-

tion of copyrighted multimedia data, authentication, con-

ditional access, etc.

Encryption is one of the major digital rights management

enabling technologies. Usually, to provide condentiality,

the data is encrypted using a stream cipher or a block ci-

pher (e.g., DES [2] or AES [3]) in some mode of operation

for encryption [4] (e.g., cipher block chaining, output feed-

back, cipher feedback, output feedback, etc.). However,

unlike the ordinary computer applications, multimedia ap-

plications generate large amounts of data that has to be Our analysis shows that both MHT and KSAC are vul-

processed in real time. Hence, a number of techniques for nerable to known plaintext attacks. We do not provide any

real-time encryption of multimedia data have been pro- attacks on RAC. However, we point out that the scheme

posed in the past years. Two common approaches to real- is expected to be less ecient than the standard approach

time multimedia data encryption are selective encryption since a generation of one pseudorandom bit per input bi-

[5{19] and entropy coding that provides encryption [20{28]. nary symbol is required.

The design philosophy of selective encryption is to pro-

The paper is organized as follows. Section II provides an

The authors are with the Department of Electrical and Computer overview of the schemes that are analyzed here. Known-

Engineering, Stevens Institute of Technology, Hoboken, NJ 07030,

USA, e-mail:gjakimos@stevens.edu, ksubbala@stevens.edu.

This work was supported in part by the National Science Founda-

tion under the grant NSF 0627688. Section IV. The paper ends with concluding remarks.
 2

II. Preliminaries

In this section, we give a brief description of the multi-

media encryption schemes analyzed in this paper.

A. Overview of MHT 0 n 1

MHT [30] (Multiple Human Tables) is0 na 1 scheme that

performs both compression and encryption by using mul-

0 021
1 2 3tiple
4 5statistical models (i.e.,
3 Human coding tables) in the
i
6 4
Fig.1.Thefourbasictrees:(A)theoriginalHumancodingtree
7 5
Aentropy8encoder. The B secret key which is used for encryp-
forJPEGDCcoecientcoding;(B),(C),(D)Humantreestrained
Choosemdierent Human coding tables numbered 7
10 8
tion and decryption consists ofmdistinct Human coding
11 err 9 TABLEI
0 n 1 i
tables and ann-tuple (k
Totalnumberofdifferentcodewordlengthsforeach ; : : :11
; kerr ). Them Human ta-

bles are selected 0randomly

symbolwhenthefourHuffmantreesofFig.1areused from some public pool of Hu- together.
01
24 3tables, and the 14
man adversary
imodn does not know which tables
The public pool of Human coding 2tables 5 is generated
6 6
haveD been
C 7 selected. Then-tuple
7 (k ;:::;k ) species
8 8
which table will be used to encode a particular symbol.
10 10
11 err 11 err
Namely, the input stream is divided into blocks ofn sym-

bols, and thei-th (0i < n) symbol of each block is

14 12
encoded using the Human table specied byk . A high

level description of the algorithm is given by the following

three steps: 6 from three image sets

1. 9

from 0 tom1. The authors suggestm= 8.

2. Generate a random vector ( 10k ; : : : ; k ), where eachk

is an integer inf0;1; : : : ; m1g. The suggested value for

n is 128.

3. Encode thei-th symbol of the data stream using the

table specied byk . Symbol

TreeATreeBTreeC TreeD lengths
5 3
0
22 212
from four basic Human tables (see Fig. 1) by using Hu-
1
man tree mutation (a method introduced in [30]). The rst 32 232

tree is the original Human coding tree used to encode 9 9

the DC coecients in JPEG. The other trees are obtained

by using dierent training image sets. The Human tree

mutation process derives a new tree from an old one by

The trial version only convert first two pages.

If the program works for you, please click "Buy Now" to register it.

http://www.axpdf.comswapping the labels of any two branches that stem from a

common node. By applying this process, a pool of 2 (2

per basic tree) distinct trees is constructed. In the pro-

posed encoding scheme, themdistinct Human tables are

randomly and secretly selected from this pool. The code-

word lengths for each symbol encoded with the four basic

Human trees are given in Table I. Clearly, the Human

trees mutated from a basic tree will have equal codeword

lengths as the basic tree. However, a given symbol can be

encoded into codewords with dierent lengths when coding

trees mutated from dierent basic trees are used. This fact

is used as a basis for the security of the scheme against

known-plaintext attacks. That is, the authors make the

following assumption: for an attacker who does not know

the order in which these trees are applied, synchronizing

between the symbol stream and the encoded bit stream

would be extremely dicult".

B. KSAC and RAC

Arithmetic coding [32] encodes a sequence of symbols

with a number (position) in the range [0;1). It is usually

implemented using a recursive procedure. We demonstrate

this by the following example that will be used through-

out the paper. A subinterval of [0;1) is associated with

3
 3