Secure Internet Channeling Agent for Searching and Delivering Media Content

Secure Internet Channeling Agentfor Searching and Delivering Media ContentJohn J. Parkjpark@CONTENTS1.INTRODUCTION 41.1Motivation 41.2Problem Statement 45Statement1.3Thesis5REVIEW2.LITERATURE5DeliveryContent2.1MediaCachingProxy6Media2.1.1Distribution8Media2.1.2Content2.1.3 Peer-to-Peer Media File Sharing 10P2P 10Unstructured2.1.3.111P2P2.1.3.2Structured2.2Control and security Issues in Media Content Delivery 1214RESEARCH3.PROPOSED3.1Architecture of Secure Internet Channeling Agent (SIChA) 143.1.1Fundamental Concepts and techniques 14SIChAof163.1.2NetworkOverview3.1.3Sequential workflow under SIChA system 1821SIChA3.1.4Functionaloverviewof3.1.4.1Media searching and delivering control 223.1.4.2Network channel key control 23Evaluation23and3.2Implementation3.2.1Implementation 243.2.2Evaluation 283.3UniqueContributions 29 4.REFERENCES 311.INTRODUCTIONThis document proposes a research project in the area of searching and delivering media content over the Internet. The particular focus is on a third party trusted Internet agent service which would provide secure and controllable media content delivery. This proposal is organized as follows: section 1 presents the motivation for searching and delivering systems of media content. It presents a problem statement of media content delivery technologies, and provides a thesis statement for a secure Internet channeling agent. In section 2, I review the literature on media proxy caching, media content distribution, and peer-to-peer file sharing. In the first part of section 3, I explain the architecture for a Secure Internet Channeling Agent (SIChA). In the latter part of section 3, I propose an implementation and an evaluation of the proposed architecture. I conclude this proposal with a research schedule and an approximate dissertation outline in sections 4 and 5.1.1MotivationMore efficient media content delivery technology over the Internet has enabled Web media users around the world to transfer media content from a media server to browsers on various user devices. Today’s Internet is increasingly used to deliver media contents, namely, video, audio, and graphics.1.2Problem StatementDespite impressive efforts to implement media content delivery technology in all its aspects, there is still a lack of optimized network connections and trustworthy security formedia content. Since media content delivery technologies connect both unknown users and media providers, each having different systems and locations, it is difficult to build reliable and trusted connections.1.3 Thesis StatementA third party trusted Internet agent service, with specialized protocols to optimize and secure the network media connections, can support media content delivery in a way that is effective, efficient, reliable, secure, and trustworthy.2.LITERATURE REVIEWMedia content delivery strategies have been developed using several approaches. In this literature review, I will introduce a concept of media content delivery strategy and describe the existing research papers on three separate methods: media proxy caching, media content distribution and peer-to-peer media file sharing. Also, I will discuss some implementation problems with these approaches.2.1Media Content DeliveryDigital content data on the Web are scattered all over network servers, and can be accessed by users from around the world. Although users can easily retrieve digital content from the Internet, there are troubles with the access time and process. These troubles are mainly because of congested network links, queuing delays, network packet loss, network latency, and heavy server loads. In order to reduce the network problems,most content delivery architectures replicate the content in separate servers in the network, and direct user requests to a server that is determined to be optimal. This architecture allows content to be positioned in appropriate locations for the end users while minimizing network bandwidth, the original server load, and user latency.Recently, many researchers have shown interests in the field of delivery architecture for streaming video and audio. Streaming video and audio are classified as continuous media contents that transfer meaningful data only when presented in an appropriate period of time. Systems that deliver continuous media content through the Internet should provide sufficient quality of service, secure encoding, and efficient streaming video and audio across distributed computing networks from source servers to media users. Transmission of continuous media content typically increases bandwidth consumption, imposes heavy server load, and creates network latency. The current research for content delivery architectures addresses the field of streaming multimedia over the Internet and media content delivery. The media content delivery method consists of three primary technologies: media proxy caching, media content distribution network, and peer-to-peer media file sharing. The following sections address the particular issues and review major approaches and mechanisms.2.1.1 Media Proxy CachingThe first architecture, proxy cache, tries to locate media content close to the users. This has become a popular approach to reduce bandwidth consumption on the network links and the load on the servers [1], [3]. A cache retrieves files from the original server, storescopies locally and then passes them on to the users who request them. Whenever the cache has the files in the local storage, it forwards the local files directly to the users rather than going all the way to the original server. If the Web cache does not have the files, it receives the files from the original server and then provides them to the users. The web cache stores copies of the new files in its storage for the next time they are requested. Thereafter, the cache serves both the role of a server and of a client. The main benefits from web caching is the reducing of the response time for a user request, the decreasing traffic on a main server’s access link, and its rapid distribution of the content.In order to provide good quality of multimedia service thorough the Internet, an adequate network system for continuous media delivery is crucial [7]. This is because network support for the multimedia streaming can reduce the transport delay and the packet loss ratio. Cache sharing and cache hierarchies were designed to serve web requests for generic non-continuous media files [5], [22]. Recently, the fast growth of multimedia services and the limited capacity of the Internet have increased network congestion for Internet applications [14]. In order to avoid the high latency and loss rate of streaming media in the Internet with scalable and reliable operations, prefix caching allows the storage of a prefix, a partial dataset of frames from the beginning of the streaming media, on the proxy of the Internet close to users rather than storing the entire contents [4], [29], [34], [35]. The proxy immediately transmits the prefix while it simultaneously requests the suffix, the remainder of the stream, from the media server.Moreover, considering the heterogeneous network systems of continuous and non-continuous multiple media types, the proxy cache has been developed for different cache resource usages. The Resource-Based Caching (RBC) algorithm [32] characterizes and caches each data object by its resource requirement and usage. The Quality-of-Service (QoS)-Adaptive proxy-caching scheme [37] proposes a media characteristic-weighted replacement policy to improve the cache hit ratio of mixed media, and a resource-management mechanism to dynamically re-allocate cache resources. The dynamic proxy caching method [11] applies back-end caching approaches, so it provides both reverse proxy and forward proxy configuration to get fine-grained caching. Also, because of the un-cached segments from the proxy delay on the client side, there is proxy jitter in the multimedia streaming caching. Proxy jitter is proxy delay in fetching the uncached segments. The Hyper Proxy streaming system [6] minimizes proxy jitter by lowering delayed startup ratio and network traffic, and by managing network resources by giving a high priority to clients.2.1.2 Media Content DistributionContent Distribution Networks (CDNs) adapt a different network model than media proxy caching. In this model, a content provider uses an independent CDN to deliver its content to the requested users without a long delay. CDN companies, such as Akamai and Digital Island, install CDN servers which duplicate the content of a provider’s original files in the main server throughout the Internet [15]. Whenever the provider updates its content, the CDN duplicates and distributes the new content to the CDN servers. In this way, a media user can retrieve data from the nearest duplicate CDNserver which allows users to get the best network performance [19]. The users can be redirected to the optimal server with DNS redirection [16], [24].CDNs also extensively support the distribution of continuous audio and video data. The researchers of streaming media CDN architecture [10] has focused on the distributing, storage, and delivery of continuous audio and video content over IP networks. Streaming media traffic is usually much heavier than normal web file traffic in a network and causes a severe burden on regular caches. Therefore, the streaming media CDNs help prevent server overload, provide a shorter network path for media delivery, and are very effective in storing and playing live multimedia streaming content [36]. CDN servers often apply streaming control protocols such as RTSP [28], SCTP [21], and DCCP [18]. To solve the additional network problem of a CDN, the ASM-FastReplica algorithm [8] optimizes replication of large streaming media files by partitioning the files in sub-files. Each node starts a file transfer to the next node, right after receiving the first packet of the corresponding sub-file. Then, cross-nodes from the different multicast trees connect with each other to exchange their sub-files to receive an entire file.Network security is an important concern for media CDNs. A server owned by a media provider and a user node need mutual authentication and authorization mechanisms to support business transactions and network security. This will ensure that only media requests from authorized users can access to the media contents. The primary network security threat in media CDNs is a man-in-the-middle attack, which is caused by IP spoofing, eavesdropping, and Denial of Service (DoS).2.1.3 Peer-to-Peer Media File SharingThe third architecture is Peer-to-peer (P2P) file sharing systems such as Napster [20], Gnutella [12], and KaZaA [17]. The P2P file sharing systems have developed very popular ways to access huge volumes of media files. While a client-server network model relies on a centralized server, the P2P network model sets up symmetric communication between peers, which are computer units at the edge of the network [27]. For the P2P network, each node works as either the client or the server. This allows a P2P network system to be very scalable because peers can retrieve and transfer data content directly between the other participating peers without relying on third party servers. Generally, the researchers of the P2P network model has focused two main categories for locating content: unstructured P2P and structured P2P.2.1.3.1 Unstructured P2PUnstructured P2P does not have precise control over the network topology or its content placement. In unstructured P2P, random distribution of nodes and content may cause content to be hard to locate. Thus, the position of this content can only be found by flooding the request to the peer. Most of the popular networks such as Napster, Gnutella, and KaZaA are unstructured.Napster [20] is a centralized model among unstructured P2Ps because a central database maintains an index of all files that are shared by the peers currently logged in the P2P network. The database can be queried by all peers, and provides the IP addresses andports of all peers who share the requested file. Napster is categorized as an unstructured P2P network since its overlay network and content distribution is not managed by a network topology. The main disadvantage of a centralized unstructured P2P is poor scalability, and an inability to located file with a single point of failure.Gnutella [12] does not have a central database server since it is a decentralized and unstructured P2P. Each peer floods search queries to all other neighboring peers without any knowledge about the other peers. The main disadvantage of Gnutella is that peers of the overlay network generate a large amount of messages per query which cause heavy network load when the number of peers grows. Also, there is no guarantee that you will find requested files in the unstructured P2P network system.KaZaA [17] is a hierarchical and unstructured P2P, where super-nodes are placed among the ordinary peers to track the requested file effectively. Each super-node replicates an index of other’s child-nodes file content. When a peer asks to search a file, a super-node initially tracks the file in all its child-nodes. The super-node floods queries to other super-nodes when it cannot find the file in its child-nodes.2.1.3.2Structured P2PThe main focus of structured architecture is how to control and deliver data file directories. A structured architecture with a P2P network topology and with a set of connections between P2P nodes is tightly controlled. Data files are placed at specified locations in the structured system. The CoopNet model [23] has a centralized algorithmthat works with a source server, which has all the information about the nodes, to develop and manage a tree system. Chord [30], a distributed lookup algorithm, addresses each node with a key associated with a particular data item. It then stores a pair key and data item at the node, and adapts the answer query system when nodes join and leave the system. Pastry [26] develops application-level routing and data file location in an overlay network of participating nodes through the Internet. CAN [25] applies a hash table-like network to make the P2P system scalable and fault-tolerant. The CAN system also provides a self-organizing architecture. Other models of structured architecture are Narada, NICE, ZIGZAG, and virtual multicast. While the Narada model [9] applies a mesh to interconnect only small scale peers, NICE [2] and ZIGZAG [33] employ hierarchical clustering when fits in large scale peers. The P2P systems in the structured architecture are very dynamic, but its tree structure is complicated and hard to build and maintain. Virtual multicast introduced the subnet broadcast approach by using network-layer multicasting for the P2P system [31].2.2 Control and Security Issues in Media Content Delivery Improvements in media content delivery architectures have the potential to allow media users of an Internet media searching and delivery method to access, gather, and collect various media contents. On-line users can access various types of streaming media content such as audio and video by using an Internet media searching and delivery method. However, Internet media searching and delivery methods create the heavy transmission of increasingly various media data in networks and servers to a growingmedia user population. Also, the scalability issue of media searching and delivery methods has led to the development of multimedia content delivering architectures.The multimedia content delivering architecture review can be categorized by three application prototypes: a media hosting model, a media directory model, and a decentralized searching model. The media hosting model adopts a media proxy caching architecture and a media content distribution architecture. The media directory model applies a structured architecture of a P2P file sharing system. Finally, the decentralized searching model includes an unstructured architecture of P2P file sharing system. The current research of three application prototypes for the multimedia content delivery architectures focuses on efficient network solutions for bandwidth consumption, heavy server load, and network latency, while multimedia network control and trusted security aspects are not taken into consideration.The major issues of multimedia network control and trusted security in the multimedia content delivery are as follows. First, it is necessary that a third party trusted agent sets up and controls direct media channeling connection between a user and a media provider. In that way, the system of media content delivery is reliable and trustworthy. Second, the existing media content delivery architectures need authentication security methods to identify the media users. Using an authentication security method, media content providers could prove authenticity and adopt on-line payment methods to media users. Third, the existing media content deliveries are provided by media content based architecture so that the relationship between media users and content providers existtemporarily. Therefore, they need a media channel based control approach that allows users to reliably connect to media content providers through secure UDP channels. Fourth, there are some potential network security issues, including IP spoofing attacks, man-in-the-middle attacks, and DoS attacks. Without controll by a third party trusted agent, those security threats will allow attacks to the media delivery systems.3.PROPOSED RESEARCHI propose a new architecture called Secure Internet Channeling Agent (SIChA), which uses a third party trusted agent to obtain maximum network control and to fulfill security requirements for the media content delivery networks. For my proposed approach, I will initially explain the detailed architecture of SIChA, and then present an implementation and an evaluation method to validate the approach. I will also explain my research contribution for the area of media content delivery network.3.1Architecture of Secure Internet Channeling Agent (SIChA)The proposed research uses SIChA as a third party trusted agent to create a multimedia content connection control and a trusted secure media delivery method to enable reliable media content exchange on the Internet. In this section, I will explain fundamental concepts and techniques, the network overview, sequential workflow, and the architecture design of SIChA system.3.1.1Fundamental Concepts and techniquesThe primary goal of the SIChA architecture is to create a multimedia connection control and a trusted secure media delivery method to enable reliable exchange of media content. The SIChA, a third party trusted channeling agent, makes direct, secure, and fast Internet media connections between a user device and a media content server. The SIChA’s database reserves channeling socket information consisting of the user’s IP address and a UDP port for an initial stage. When the user requests media content, the SIChA does not return media searching information directly, but relays the user’s media request to the media content server as a channel. For fast media channeling, the SIChA relays the user’s media request with the user’s reserved channeling socket information to the media content server. At the same time, the SIChA generates and sends one-time symmetric channel keys to both the media content server and the user’s device. Since the media content server knows a user’s reserved channeling socket information from the SIChA, the media content server is able to start transmitting the media content stream encrypted by the channel key to the user through a virtually dedicated UDP channel. A user’s device starts to decrypt the encrypted UDP content stream by using the symmetric channel key received by the SIChA.Another functionality of SIChA is to provide the private Channel Name System (CNS) for a media community or a region on the basis of the public Domain Name System (DNS). Using the CNS protocol, a media provider can create multiple private channel names without disrupting its public domain name. While the existing public DNS has a limited domain name for the system, the private CNS allows the media providers toemploy as many media domain names as they want without conflicting with other domain names.With the SIChA, the user can directly access various Internet media providers containing diverse media content, since the system includes the media domain name translation service for media content groups and media content servers. The SIChA protects media content with two symmetric channel keys to encrypt and decrypt the content from a media provider to a user. Also the system establishes a virtually dedicated UDP channel with a reserved socket, including a user’s IP and a reserved UDP port, so the transmission time of media streams is shorter than the other models.3.1.2Network Overview of SIChAAs illustrated in figure 1, SIChA works with the user device and the media content server to transmit media content through the Internet. As an initial step, the user should have previously reserved an account in SIChA and installed the plug-in program, which the user’s device uses to request media content from the media content server using the channeling protocol. The media content could be several types such as TV, radio, video, music etc. As soon as the user requests the media content, SIChA directly relays the request to the media content server with the user’s reserved channeling socket information.tric mmeGenerally, the existing media directory system provides the IP address of the media content server to a user while the existing media content delivery system stores media content and relays the media content from the server to the user. However, the SIChA directly relays the media content request to the media content server, and lets the server provide the media content stream to the user device. The media content server transmits UDP media streams into the user’s device using the reserved socket. After setting up the link between the user and the server, the media stream is transmitted through a virtually dedicated UDP channel. In this process, the media content server uses UDP packets instead of TCP packets because the transmission speed of UDP is faster.The other function of the SIChA is generating one-time symmetric channel keys and encrypting/decrypting the media content stream. In figure 1, the SIChA, as the trusted third party authorized channeling agent, generates a pair of symmetric channel keys, anddistributes it to both the user and the media content server. The server uses it to encrypt the UDP media stream, and the user uses it to decrypt the transmitted media stream. Since the symmetric channel key is a one-time temporary secure code, it is disposed after the channel ends. The SIChA regenerates another pair of symmetric keys for a new channel to both user device and media content server. The media content server encrypts the UDP media stream with the channel key and transmits it to the user’s reserved channeling socket. The user waits for an encrypted media stream from the media content server after it receives and sets up the symmetric channel key in the plug-in program. When the encrypted UDP media stream arrives at the user’s UDP port, the user decrypts it with the symmetric channel key. Since the symmetric channel key is used to decrypt the media content stream, the media stream can be transmitted very securely through a virtually dedicated UDP channel between the user and the media content server.To terminate the channel, the user requests a channel-ending message from the SIChA. As soon as the SIChA receives the channel-ending request message, it relays the message to the media content server. The server ceases delivering the UDP media content stream through the reserved socket of the user device when the server receives the channel-ending message.3.1.3Sequential workflow under the SIChA systemFigure 2 is a sequence chart that depicts the work-flow of the SIChA. It works as a mediator to provide direct and secure Internet channeling between a user device and a media content server. The user device can be a desktop computer, a laptop computer, ahandheld device, or similar devices connected to the Internet. Media content may include pictures, audio, video, and other media data. As shown in figure 2, the SIChA performs many functions between a user device and a media content server.For the initial stage, the SIChA collects or receives reservation information of the sourceaddress or the group of media content of the media content server. The group of mediacontent includes TV, radio, movie and music files. Next, a user registers an account for his or her device in the SIChA’s database. When the SIChA receives the user’s registration, it requests the reserved socket information of the user’s device to the user. The user socket information consists of an IP address and a virtually dedicated UDP port number. When the user device sends a reserved socket information message to the SIChA, the SIChA accepts the reserved socket for transmitting media stream from a media content server to the user’s device. Using the reserved socket, a media content server can transmit the media stream through a virtually dedicated UDP channel. As soon as the SIChA receives the user’s channeling socket information, it stores theinformation in its database and transmits a secure channeling plug-in program for the user’s device to install. After the user installs the secure channeling plug-in program into the user’s device, the user can use the channeling protocol to access media content. At this point, the SIChA system ends the initial stage and is ready to start the “normal stage.”In the normal stage, the user’s device requests media content or a media content group from a media server to the SIChA through the secure channeling plug-in program. The SIChA, as a channeling request relay agent, relays the media content request to the media content server with the requested user’s reserved UDP socket information. For the secure media content protection method, the SIChA generates a pair of one-time symmetric channel keys, and provides each key to both the media content server and the user’s device. When the user’s device receives the secure UDP media stream, the user’s device decrypts the encrypted media content stream using the one-time symmetric channel key, which was sent by the SIChA.For the channel end stage, the requesting process is the same as the previous channeling request method. The user’s device requests a channel end from the SIChA, and the SIChA relays the channel-end message to the media content server. Then, the media content server stops transmitting the secure UDP media stream to the user’s device.3.1.4Functional Overview of SIChAFigure 3 describes a block diagram of a detailed functional overview of a SIChA including a database relational diagram when it communicates with either a user device or a media content server. In the SIChA, there are three main functional databases; a user account database, a media content server database, and a channel key control database. In this section, I will explain how the databases work in two function areas; media searching and delivering control, and network channel key control.er es RVirtually Dedicated UDP Media ChannelIn st al lin g a a ch M an ed ne ia lk Pl ey ug fo -In rd ec od in gng vit es qu re g ia in d ed m nco ’s er for e Us y ng ke rri nel e sf an h an Tr a c3.1.4.1 Media searching and delivering control First, the user account database manages users’ account information, users’ reserved channeling socket information, and a channeling plug-in program. The SIChA gives media content access rights to trusted customers only. In that way, the SIChA securelyn io at rm t fo en in nt et co ck ia so ed m r’s g se in U st ue eqR21。