Information and Media Technologies 2(2): 675-683 (2007)

reprinted from: IPSJ Digital Courier 3: 55-63 (2007)

© Information Processing Society of Japan

Regular Paper

NAL Level Stream Authentication for H.264/AVC

Shintaro Ueda,† Hiroshi Shigeno†† and Ken-ichi Okada††

The new video coding standard H.264/AVC offers major improvements in the coding effi-
ciency and flexible mapping to transport layers. It consists of a video coding layer (VCL) and
a network abstraction layer (NAL). The VCL carries out the coding, and the NAL encapsu-
lates data from the VCL in a manner where transmission over a broad variety of transport
layers is readily enabled. Since no security features are offered, an authentication scheme to
authenticate the sender and data integrity is needed. In this paper we propose SANAL, a
stream authentication scheme for H.264/AVC. Unlike existing schemes that carry out au-
thentication procedures at the packet level, authentication procedures in SANAL are carried
out at the NAL level. This makes it possible to set priorities to H.264/AVC-specific data
without interfering with the H.264/AVC features. We implemented a SANAL prototype and
carried out comparative evaluations on playout rate, communication overhead, and process
load. The evaluation results show that the playout rate is improved by 40% compared to
existing schemes.

A number of error-resilience tools to tolerate

1. Introduction
error have been included in H.264/AVC 8),9) .
Multicast streaming applications, as well as However, none have been included that consider
the need for security guarantees for such ap- security while streaming media over networks.
plications are increasing by the day. Data in- Ensuring data integrity and sender authentica-
tegrity and sender authentication must be en- tion for H.264/AVC streams is still an open is-
sured as countermeasures to data tampering, sue.
spoofing, and repudiation for cases such as mul- In addition, H.264/AVC includes not only
ticast streaming of video news and financial coded video data but also important parame-
stock quotes. ter data that applies to many other data. The
In stream authentication each packet must be importance of data differs, and some data is
authenticated. Consecutive authentication be- dependent on other data. The parameter data
comes challenging in cases of packet loss. This have high priority since if these data are lost, all
is especially true when streaming using real- coded video data that apply to them cannot be
time transmission protocols 1) on top of connec- decoded even if received correctly. High priority
tion less best effort services such as User Data- data must therefore have strong robustness to
gram Protocol, since packet loss is frequently error. However, in existing stream authentica-
seen 2),3) . It is easy to solve the packet loss is- tion schemes, only authentication at the packet
sue by signing each packet with the sender’s level is enabled, and it is thus not able to handle
digital signature but this approach is inefficient the data features of H.264/AVC since all data
in terms of its high computation cost. are assumed to have the same priority.
Video coding standards have been developed In this paper we propose a stream authenti-
to efficiently code video to reduce the data cation scheme that takes the characteristics of
size. Well-known video coding standards in- H.264/AVC into account by making high pri-
clude MPEG-2 4) used for digital TV and DVD ority data robust to data loss while maintain-
and MPEG-4 5) used for streaming. A new ing the flexibility to facilitate mapping to var-
video coding standard called H.264/AVC 6),7) ious transport layers. The authentication pro-
has been developed by the ITU-T Video Cod- cedure is carried out at the NAL level, which
ing Experts Group and the ISO/IEC Moving is between the video coding process and the
Picture Experts Group to improve the coding mapping-to-transport-layer process. The goal
efficiency well beyond that of MPEG-4. of our scheme is to enable efficient and versatile
stream authentication for H.264/AVC streams.
† Graduate School of Science and Technology, Keio
The rest of the paper is organized as follows.
University Section 2 gives an overview of H.264/AVC. Ex-
†† Faculty of Science and Technology, Keio University isting stream authentication schemes are dis-

675
Information and Media Technologies 2(2): 675-683 (2007)
reprinted from: IPSJ Digital Courier 3: 55-63 (2007)
© Information Processing Society of Japan

cussed in Section 3. Our stream authentication indicate the type of the NAL unit. Details on
scheme for H.264/AVC is proposed in Section nal unit type are given in the next section.
4. Evaluation results are presented in Section 5. The payload trailing bits are used to adjust
Finally concluding remarks are given in Section the payload to become a multiple of bytes. The
6. trailing bits start with a “1” and are followed
by multiple “0s”. The end of the payload data
2. Overview of H.264/AVC
is indicated by this “1”, the start of the trailing
A brief description of the H.264/AVC stan- bits.
dard is given in this section. 2.2 NAL Unit Types
The ITU-T Recommendation H.264 video The types of NAL units are listed in
coding and the ISO/IEC International Stan- Table 1. nal unit type 1-12 are currently de-
dard 14496-10 Advanced Video Coding to- fined. nal unit type 1-5, and 12 are coded
gether developed H.264/AVC, a new video cod- video data called VCL NAL units. The rest
ing standard. H.264/AVC is a generic coding of the nal unit types are called non-VCL NAL
standard designed for broadcast, storage and units and contain information such as parame-
transmission of a wide range of multimedia ap- ter sets and supplemental enhancement infor-
plications. A particular focus was improving mation. Of these NAL units, IDR Pictures,
the coding efficiency, and the new standard SPS, and PPS are important, and additional
therefore enables the bit rate of MPEG-4 to be descriptions are given below.
halved with the same level of fidelity. However, An instantaneous decoding refresh (IDR) pic-
the methods implemented in H.264/AVC to im- ture is a picture placed at the beginning of a
prove the coding efficiency are not important to coded video sequence. When the decoder re-
our proposal in the terms of stream authentica- ceives an IDR picture, all information is re-
tion. freshed, which indicates a new coded video se-
2.1 NAL quence. Therefore, pictures prior to this IDR
One characteristic feature of H.264/AVC is picture are not needed for this new sequence.
that it is separated into a video coding layer A sequence parameter set (SPS) contains im-
(VCL) and a network abstraction layer (NAL). portant header information that applies to all
The VCL carries out the encoding tasks. The NAL units in the coded video sequence. A pic-
NAL encapsulates the data from the VCL to ture parameter set (PPS) contains header infor-
enable transmission over packet networks or mation that applies to the decoding of one or
multiplex environments. Data such as picture more pictures within the coded video sequence.
slices and parameter sets are sent from the H.264/AVC enables handling of multiple se-
VCL to the NAL and encapsulated into units quences in one bitstream, and a sequence con-
called NAL units. These NAL units are used tains multiple pictures. Therefore, SPS and
in transport layer mapping. This structure of PPS are numerated to identify each sequence
H.264/AVC allows flexibility for operation over and picture. Each PPS contains an identifier
a variety of network environments. of which SPS to refer to, and each VCL NAL
The format of a NAL unit is shown in Fig. 1.
A NAL unit consists of a 1-byte NAL header Table 1 NAL unit types.
and a variable byte length raw byte sequence Type Name
payload (RBSP). Data such as picture slices 0 [Unspecified]
(coded video data) and parameter sets are 1 Coded Slice
2 Data Partition A
stored in the RBSP. The NAL header consists 3 Data Partition B
of one forbidden bit, two bits (nal ref idc) in- 4 Data Partition C
dicating wether or not the NAL unit is used 5 IDR (Instantaneous Decoding Refresh) Picture
for prediction, and five bits (nal unit type) to 6 SEI (Supplemental Enhancement Information)
7 SPS (Sequence Parameter Set)
8 PPS (Picture Parameter Set)
9 Access Unit Delimiter
10 EoS (End of Sequence)
11 EoS (End of Stream)
12 Filler Data
13-23 [Extended]
24-31 [Undefined]
Fig. 1 NAL unit format.

676
Information and Media Technologies 2(2): 675-683 (2007)
reprinted from: IPSJ Digital Courier 3: 55-63 (2007)
© Information Processing Society of Japan

the group hash and the signature is generated

using the IDA encoding process. Then the FEC
data is distributed to each packet in the group.
Fig. 2 Relationship between parameter sets and By using IDA, this scheme raises the robustness
slices. to packet loss.
The common characteristic of these existing
unit contains an identifier of which PPS to refer stream authentication schemes is that authen-
to. For example, each coded slice data (coded tication is carried out at the packet level. How-
video data) has a slice header, which includes ever carrying out authentication procedures for
the PPS identifier. Therefore, by checking the H.264/AVC data at the packet level will disable
PPS and SPS it is possible to identify which the flexible mapping to transport layers. Also,
picture and sequence a coded slice data refers in packet level authentication, the type of data
to. encapsulated in the packets are not veiled, and
The transmission order of parameter sets and an authentication procedure according to pri-
slices is restricted; that is, a parameter set must ority is not possible. In H.264/AVC, there are
be sent to the decoder before the slice data that dependencies between parameter sets and slices
refer to that parameter set arrives at the de- and the importance of NAL units differs from
coder. The relationships of the parameter sets one another. Carrying out authentication pro-
and slices are shown in Fig. 2. cedures at the NAL level makes it possible to
set a priority for each NAL unit, and this will
3. Related Works: Existing Stream
enable a new and efficient stream authentica-
Authentication Schemes
tion scheme.
Several approaches to stream authentication
4. SANAL: Stream Authentication at
have been proposed in order to address the se-
the NAL Level
curity issues of streaming media 10)∼12) .
Gennaro, et al. proposed a scheme that re- In this section we propose SANAL, a stream
duces the overhead of the authentication infor- authentication scheme for H.264/AVC.
mation by amortizing a single digital signature 4.1 Overview of Signature Method of
over multiple packets 13) . A stream is divided SANAL
into blocks of multiple packets. Each packet In our stream authentication scheme, sign-
contains the hash value of the next packet, and ing and verification procedures are carried out
only the first packet in the block is signed. The at the NAL unit level. As mentioned in Sec-
hash values appended to each packet acts as a tion 3, this is to maintain the flexibility offered
chain between the packets. This scheme is very by H.264/AVC when mapping to the transport
efficient in terms of overhead, but is not robust layer and to specify priorities of different data
to packet loss since a loss in a packet will break types in order to improve efficiency.
the chain. Our scheme focuses on the following four
Wong, et al. proposed a scheme where NAL unit types: coded slice, IDR, SPS,
streams are signed using Merkle’s signature and PPS, since video sequences are composed
trees 14)∼16) . In order to tolerate packet loss, mainly of these types. The other NAL unit
each packet is made individually verifiable. The types can be readily addressed by extending our
signature of the root node and all hash values of scheme.
the leaf nodes necessary to compute the root are An example of a bitstream and the relation-
appended to each packet. However, since each ship between these four NAL unit types are
packet carries the signature of the root node the shown in Fig. 3. In Figs. 3–9, S, P , I and C
overhead becomes large. denote SPS, PPS, IDR picture and coded slice
Park, et al. proposed a scheme called NAL units, respectively. The arrows show the
SAIDA 17) (Signature Amortization using IDA), relationships between the parameter sets and
which uses IDA (information dispersal algo- slices as mentioned in Section 2.2. It is readily
rithm) 18) . First, the hash values of each packet seen that the NAL units referred to have higher
are concatenated. Then, the hash of this con- priority.
catenated value is computed. This value is Next, an overview of our scheme is given
called the group hash. In SAIDA, only the below. Our scheme uses a combination of
group hash is signed. Next, the FEC data of hashes and digital signatures, as do the exist-

677
Information and Media Technologies 2(2): 675-683 (2007)
reprinted from: IPSJ Digital Courier 3: 55-63 (2007)
© Information Processing Society of Japan

Fig. 5 NAL unit group permutations.

Fig. 3 Relationship between SPS, PPS, IDR, and

coded slices in a bitstream.

Fig. 6 Signing procedure of Permutation S.

There are three possible permutations of how

NAL unit groups can be formed in a stream,
and these are shown in Fig. 5. For purposes of
simplicity, we explain our scheme when Nmax
is set to 5.
Fig. 4 Procedure flow. ( 1 ) Permutation S: Beginning of a sequence
( 2 ) Permutation P: Only the PPS is updated
ing schemes. Our scheme also uses a forward ( 3 ) Permutation C: Contains only coded
error correction (FEC) technique to make high slices
priority NAL units robust to data loss. The Permutation S always appears at the begin-
nal unit types that we use FEC with are SPS, ning of a new sequence. An SPS, PPS, and
PPS, and IDR. These NAL units are consid- IDR are followed by coded slices. Permutation
ered high priority, since if they are lost, all NAL P appears when the PPS is updated. A PPS
units until the next parameter sets and IDR is followed by coded slices. Permutation C is
are affected. We use FEC techniques with the a permutation with only coded slices, and this
following (n, n − m) characteristics: when n permutation appears the most frequently.
FEC data packets are generated from the origi- Each permutation has a different priority, and
nal data, the original data can be reconstructed thus, the signing procedures are carried out ac-
if m FEC data packets are received. Therefore, cordingly to each permutation. The procedures
n − m packet loss can be tolerated. are explained according to these permutations.
Currently, there are several undefined First, the flow of Permutation S is shown in
nal unit types for further use. We define three Fig. 6 and explained as follows.
new nal unit types for authentication, which The hash value of each C is computed and
are used as follows: nal unit type 29 indicates concatenated with each other and expressed as
the concatenated value of the hash value of each Hc . This Hc is stored in a NAL unit with
coded slice, nal unit type 30 indicates a digital nal unit type 29.
signature, and nal unit type 31 indicates FEC Hc = Hash(C1 )  Hash(C2 ) (1)
data. The flow from the encoding layer to the
This Hc is concatenated with SPS, PPS, and
transport layer including our scheme (inside the
IDR. Then the digital signature Sig as shown
dotted-line box) is shown in Fig. 4. Our scheme
in the following equation is generated.
does not take away the flexibility offered by
H.264/AVC since the addition is only made in Sig = Enc(KEYs , Hash(S  P  I  Hc ))
the NAL level. (2)
4.2 Signing Procedure
Here, KEYs is the private key used in public-
In this section the signing procedures on the
key cryptography. The digital signature is
sender side are explained. In our authentica-
stored in a NAL unit with nal unit type 30.
tion scheme a stream is divided into groups of
Then the FEC data of the concatenation of
N NAL units called NAL unit groups. Authen-
Sig, S, P , I and Hc is generated. Here, n, the
tication is carried out in these unit groups. The
number of NAL units with the FEC data, is set
maximum size of a NAL unit group is defined
to N , the size of the NAL unit group. The FEC
as Nmax .

678
Information and Media Technologies 2(2): 675-683 (2007)
reprinted from: IPSJ Digital Courier 3: 55-63 (2007)
© Information Processing Society of Japan

Fig. 7 Signing procedure of Permutation P.

Fig. 9 Example of the signing procedures.

groups are divided at the appearance of SPS,

PPS and IDR NAL units, respectively.
4.3 Verification Procedures
The verification procedures carried out on the
receiver side are explained in this section. We
focus our explanation on two cases: i) verifica-
Fig. 8 Signing procedure of Permutation C. tion when there is no data loss in the high pri-
ority NAL units, and ii) verification when data
data is stored in NAL units with nal unit type loss occurs in the high priority NAL units. As
31. Then the FEC data is aligned equally into mentioned above SPS, PPS, and IDR are high
the NAL unit group. When n > N , in the case priority NAL units. The explanation is carried
of data loss, the maximum buffer delay on the out for Permutation S (Fig. 6).
receiver side increases; therefore, n is set to N . When there is no data loss, general verifica-
In Fig. 6, F denotes the FEC data. tion using digital signature is carried out. Af-
Next, the flow of Permutation P is shown in ter receiving S, P , I, and Hc , the receiver veri-
Fig. 7 and explained as follows. fies these NAL units using the digital signature.
As in the case of Permutation S, the hash Using KEYp , the public key of the public-key
value of each C is computed and concatenated cryptography, Sig is decrypted, and the hash
with each other and expressed as Hc . This Hc value of the concatenation of S, P , I, and Hc is
is concatenated with P . Then the digital signa- computed. The decrypted value and the com-
ture Sig of the concatenated value is generated. puted hash value are compared, and if the two
The FEC data of the concatenation of Sig, P , are equal, the received S, P , I, and Hc are ver-
and Hc is generated. The n of the FEC data ified.
is set to the size of the NAL unit group. The When data loss of high priority NAL units oc-
FEC data is aligned equally into the NAL unit curs, our scheme uses the FEC data to recon-
group. struct the lost NAL units. Reconstruction of
Finally, the flow of Permutation C is shown the lost data is possible if m out of n FEC data
in Fig. 8 and explained as follows. is received on the receiver side. After the data
The hash value of each C is computed and is reconstructed, general verification is carried
concatenated with each other and expressed as out, and consecutive authentication is enabled.
Hc . Digital signature Sig is generated. Then In existing schemes all data are handled at
Sig and Hc are placed at the beginning of the the same priority level, and thus, all data have
NAL unit group. In Permutation C, there are equal robustness to data loss. This becomes a
no high priority data. Therefore, no FEC data problem at the receiver side in terms of play-
is generated to make data robust to loss. out. This is because when high priority NAL
Figure 9 shows an example of how our sign- units are lost, all NAL units referring to it
ing procedure is applied to a stream of NAL are unplayable. In our scheme, however NAL
units. The figure is divided into steps that units with high priority are made robust to loss;
show the original stream, our authentication therefore, more NAL units are authenticated
procedures, and the final NAL units transmit- and played at the receiver side.
ted from the sender side. In this example, Nmax
5. Evaluation
is set to 5. However it can be seen in the fig-
ure, that not all NAL unit groups are groups of To evaluate SANAL, we implemented a
five NAL units. This is because the NAL unit SANAL prototype and modified the H.264/

679
Information and Media Technologies 2(2): 675-683 (2007)
reprinted from: IPSJ Digital Courier 3: 55-63 (2007)
© Information Processing Society of Japan

Table 2 Performance measurement parameters.

Parameter Value
maximum size of a NAL unit group: Nmax 5,. . . ,15
Reconstruction threshold: M 3,. . . ,Nmax
Packet loss rate (%): p 0,. . . ,40
Expected burst loss length: β 8
Number of frames generated at the encoder: Fn 900
Frame rate (number of frames/sec): Fr 30
SPS insertion interval (msec): Si 2000,. . . ,5000
PPS insertion interval (msec): Pi 1000,. . . ,2000
Sequence format CIF

MPEG-4 AVC Reference Software 19) to sup- The number of frames generated at the en-
port authentication. Since the packet loss prob- coder, Fn , was set to 900 frames, and the frame
ability changes over time, it is difficult to eval- rate, Fr , was set to 30 frames/sec. The value
uate our scheme over real networks. We there- Fn /Fr is the length of the encoded video se-
fore used the two-state Markov chain loss model quence measured for evaluation. The SPS in-
to express burst packet losses and ran mea- sertion interval Si was set to a random number
surements over virtual networks. We used the between 2000,. . . ,5000 msec since it is stated
two-state Markov chain loss model since it is that an IDR is inserted every 2 to 5 seconds 24) .
often used to evaluate stream authentication The PPS insertion interval is set to a random
schemes. number between 1000,. . . ,2000 msec. This is to
5.1 Implementation Environment measure values of Permutation P.
Performance measurements were carried out 5.1.2 Evaluation Criteria
on a Pentium 4 3.4-GHz CPU, 2.0-GB RAM We evaluated playout rate, communication
processor. The implementation of SANAL is overhead, and process load. The playout rate is
written in C/C++. We embedded SANAL to the number of authenticated and playable NAL
the H.264/MPEG-4 AVC Reference Software units on the receiver side divided by the to-
JM9.6. Also, 160-bit SHA-1 hash functions and tal number of NAL units transmitted by the
1024-bit RSA for digital signatures from the sender side. In previously proposed schemes,
OpenSSL library were used, although our au- evaluation of the robustness to packet loss is
thentication scheme is not dependent on any often carried out as authentication rate, that
particular type of hash function or digital sig- is the total number of authenticated received
nature. IDA from Crypto++ library was used packets divided by the total number of pack-
as the FEC technique to reconstruct data lost ets transmitted by the sender side. However,
in packet loss. Due to the features of JM9.6, there are cases where authenticated data are
each NAL unit was encapsulated into one RTP unplayable when there are dependencies be-
packet. tween data. So the authentication rate is not
5.1.1 Measurement Parameters necessarily equal to the playout rate. There-
The parameters of the performance measure- fore, the playout rate is a more valuable evalu-
ments are shown in Table 2. ation criteria when dealing with data that carry
The maximum size of a NAL unit group, dependencies. The communication overhead
Nmax was set to 5,. . . ,15. The reconstruction is the amount of the authentication informa-
threshold, M was set to 3,. . . ,Nmax . The re- tion of SANAL divided by the total amount of
construction threshold is the number of FEC H.264/AVC encoder-generated NAL data. Here
data needed to reconstruct the original data in the authentication information refers to data
case of packet loss. The maximum value of such as Hc , Sig, and F EC, the data added
the packet loss rate, p was set to 40%. Re- by applying SANAL to the original H.264/AVC
sults from several studies that measured packet encoder. The H.264/AVC encoder-generated
loss over the Internet show that packet loss NAL data are the data such as coded slice, IDR,
probability via the Internet is much less than SPS and PPS, the data generated by the orig-
40% 20)∼23) . The expected burst loss length inal H.264/AVC encoder. The process load is
was set to eight packets since the average burst the encoder and decoder process time due to
packet loss length over the Internet is less than SANAL divided by the process time of the orig-
eight packets. inal H.264/AVC encoder. The encoder process

680
Information and Media Technologies 2(2): 675-683 (2007)
reprinted from: IPSJ Digital Courier 3: 55-63 (2007)
© Information Processing Society of Japan

time is the total time for hash calculation, sig- half of the NAL unit group may become unveri-
nature generation, and IDA encoding. The de- fiable due to loss of data in a different sequence.
coder process time is the total time for hash Thus, it is inefficient in terms of authentication.
calculation, signature verification, and IDA de- Furthermore, the succeeding data that are de-
coding. pendent on these unverifiable parameter data
We will compare SANAL with SAIDA, since are unplayable and thus inefficient in terms of
SAIDA uses FEC techniques. playout. In SANAL, the parameter data are
5.2 Results placed at the start of the NAL unit group, and
5.2.1 Playout Rate no data from a different sequence are included.
Figure 10 shows the relationship of the Thus, cases where data are unverifiable and un-
packet loss rate and the playout rate when playable due to lost data in NAL units of a dif-
Nmax = 9 and M = 5 and 9. ferent sequence do not occur.
The playout rate of SANAL is higher than 5.2.2 Communication Overhead
that of SAIDA for both M = 5 and M = 9. For Figure 11 shows the relationship of the com-
example, when the packet loss rate is 20% and munication overhead and the playout rate.
M =5, the playout rate of SANAL and SAIDA SANAL has a higher playout rate than
are 0.65 and 0.47 respectively. This shows that SAIDA, as explained in the previous section.
SANAL has a 38% better playout rate than However, the overhead of SANAL is also up to
SAIDA. When packets are lost, the high prior- 10 times higher than SAIDA. In SANAL, FEC
ity parameter data are reconstructed in SANAL is carried out for IDR slices, which are NAL
but not in SAIDA. In SAIDA, only the authen- units that include some of the largest coded
tication information is made robust to packet video data. On the other hand, in SAIDA, FEC
loss. Therefore, when the parameter data are is only carried out for the hashes of packets
lost, all data referring to the lost parameter and digital signatures, and thus the overhead
data are unplayable even if authenticated. This is small. Although the overhead of SANAL is
is the main reason for the difference in playout higher compared to SAIDA, it is still less than
rate between the two schemes. 10% of the total H.264/AVC encoder-generated
In addition, in SANAL, the NAL unit groups bitstream. Also, the FEC data generated for
are formed according to the appearance of the Permutation P are similar in size to the FEC
coded video sequences generated by the en- data generated by SAIDA, so the increase in
coder, such as permutations S, P and C. In the overhead is mainly due to the FEC data of
contranst, in SAIDA, a NAL unit group is Permutation S.
formed for every Nmax packets. For example, 5.2.3 Process load
say a NAL unit group formed by SAIDA is Figure 12 shows the relationship between
‘C, C, C, C, S, P, I’. This NAL unit group con- the reconstruction threshold and the encoder
tains data from two different sequences, since S and decoder process load. p is 20 for the de-
indicates a new sequence. For cases when the coder process load.
coded slices in the first half of the NAL unit Encoder Process Load
group are lost, the parameter data in the last Figure 12 shows that the encoder process

Fig. 10 Relationship between packet loss rate and Fig. 11 Relationship between overhead and playout
playout rate. rate.

681
Information and Media Technologies 2(2): 675-683 (2007)
reprinted from: IPSJ Digital Courier 3: 55-63 (2007)
© Information Processing Society of Japan

6. Conclusion
We have proposed SANAL, a stream au-
thentication scheme for H.264/AVC. To take
account of the features of H.264/AVC, au-
thentication procedures are carried out at the
NAL level. We implemented a SANAL proto-
type, and through our measurement results, we
showed the effectiveness of SANAL. The play-
out rate is improved by 40% compared to exist-
ing schemes while the process load is kept below
3.5%.
Fig. 12 Relationship between reconstruction Acknowledgments This work is sup-
threshold and process load. ported in part by JSPS Research Fellowships
for Young Scientists.
load is kept below 0.5% and also that the en-
References
coder process load has an approximately con-
stant value and is not affected by the value of 1) Schulzrinne, H., Casner, S., Frederick, R. and
M or Nmax . This is due to the fact that the Jacobson, V.: RTP: A transport protocol for
encoding process time of the H.264/AVC en- real-time applications, RFC 3550 (2003).
coder is much larger than the time needed by 2) Argyriou, A. and Madisetti, V.: Streaming
SANAL to generate hashes, digital signatures H.264/AVC Video over the Internet, IEEE
and FEC data. Also, in SANAL, the number Consumer Comm. and Networking Conference,
pp.169–174 (Jan. 2004).
of times procedures such as generation of dig-
3) Shahbazian, J. and Christensen, K.J.: TSGen:
ital signatures and FEC data which requires a a tool for modeling of frame loss in streaming
comparatively longer time are kept to a small video, International Journal of Network Man-
value. agement, pp.315–327 (2004).
Decoder Process Load 4) ISO/IEC 13818-2: 2000, Information
Figure 12 shows that the decoder process load technology-Generic coding of moving pictures
is kept below 3.5%. The maximum decoder and associated audio information (2000).
process load is not at the minimum or maxi- 5) ISO/IEC 14496-2: 2001, Coding of audio-
mum possible value of M . This is due to the visual objects — Part2: Visual (2001).
following reasons. When M is a small value, 6) ITU-T Recommendation H.264. Advanced
less number of FEC data are needed to recon- Video Coding for generic audiovisual services
struct the lost NAL units. The IDA decoding (2003).
procedures are inverse matrix calculations, and 7) ISO/IEC International Standard 14496-10
has characteristics where the larger the num- (2003).
ber of data becomes the larger the dimension 8) Wiegand, T., Sullivan, G., Bjontegaard, G.
and Lutra, A.: Overview of the H.264/AVC
of matrix becomes, which results in a longer
Video Coding Standard, IEEE Trans. on
procedure time. In other words, the smaller the Circuits and Systems for Video Technology,
number of FEC data, the shorter the procedure Vol.13, No.7, pp.560–576 (July 2003).
time. Also, when the value of M becomes large, 9) Wenger, S.: H.264/AVC Over IP, IEEE Trans.
reconstruction of the lost NAL units becomes on Circuits and Systems for Video Technology,
difficult since more FEC data are needed, and Vol.13, No.7, pp.645–656 (July 2003).
therefore the IDA decoding procedures are not 10) Ueda, S., Eto, S., Kawaguchi, N., Uda, R.,
carried out for the lost NAL units. Shigeno, H. and Okada, K.: Real-time Stream
Unlike the encoder process load, the bigger Authentication Scheme for IP Telephony, IPSJ
the value of Nmax , the bigger the decoder pro- Journal, Vol.45, No.2, pp.605–613 (Feb. 2004).
cess load is. Also, the value of M where the 11) Ueda, S., Kaneko, S., Kawaguchi, N. Shigeno,
decoder process load peaks is a higher value. A H. and Okada, K.: A Real-Time Stream Au-
higher value of M results in a larger number thentication Scheme for Video Streams, IPSJ
of FEC data for reconstruction and therefore, a Journal, Vol.47, No.2, pp.415–425 (Feb. 2006).
longer process time. 12) Challal, Y., Bettahar, H. and Bouabdallah,
A.: A Taxonomy of Multicast Data Origin

682
Information and Media Technologies 2(2): 675-683 (2007)
reprinted from: IPSJ Digital Courier 3: 55-63 (2007)
© Information Processing Society of Japan

Authentications: Issues and Solutions, IEEE Shintaro Ueda received a

Comm. Surveys and Tutorials, Vol.6, No.3, B.S. degree in information and
pp.34–57 (2004). computer science from Keio Uni-
13) Gennaro, R. and Rohatgi, P.: How to Sign versity, Japan in 2002, and an
Digital Streams, CRYPTO 1997, LNCS1294, M.S. degree in open and envi-
pp.180–197 (1997). ronment systems from Keio Uni-
14) Merkle, R.: A Certified Digital Signature, versity in 2005. He is currently
Proc. Conference on Advances in Cryptology, working toward a Ph.D. degree in open and en-
pp.218–238 (1989).
vironment systems at Keio University. His re-
15) Merkle, R.: A Digital Signature Based on a
Conventional Encryption Function., Proc. Con-
search interests includes network security.
ference on Advances in Cryptology, pp.369–378
(1987). Hiroshi Shigeno received
16) Wong, C. and Lam, S.: Digital Signature for B.S., M.E. and Ph.D. degrees
Flows and Multicasts, IEEE/ACM Trans. on in instrumentation engineering
Networking, Vol.7, No.4, pp.502–513 (1999). from Keio University, Japan in
17) Park, J., Chong, E. and Siegel, H.: Efficient 1990, 1992, and 1997. Since then
Multicast Stream Authentication Using Era- he has been with the Depart-
sure Codes, ACM Trans. Inf. Syst. Security, ment of Information and Com-
pp.258–285 (May 2003). puter Science at Keio University, where he is
18) Rabin, M.: Efficient Dispersal of Information currently an assistant professor. His current
for Security, Load balancing, and Fault Toler- research interests include computer networking
ance, J. ACM, Vol.2, pp.335–348 (1989). architecture and protocols, mobile and ubiqui-
19) http://iphome.hhi.de/suehring/tml/ (Nov. tous computing, and agent computing and com-
2005). munications. He is a member of IPSJ.
20) Loguinov, D. and Radha, H.: Measurement
Study of Low-bitrate Internet Video Stream-
Ken-ichi Okada received
ing, Proc. 1st ACM SIGCOMM Workshop on
Internet Measurement, pp.281–293 (2001).
B.S., M.E. and Ph.D. degrees
21) Yajnik, M., Moon, S., Kurose, J. and Towsley, in instrumentation engineering
D.: Measurement and modeling of the Tem- from Keio University, in 1973,
poral Dependence in Packet Loss, Proc. IEEE 1975, and 1982. He is currently
Conference on Computer Comm., pp.345–352 a professor in the Department of
(1999). Information and Computer Sci-
22) Paxson, V.: End-to-End Internet Packet Dy- ence at Keio University. His research interests
namics, IEEE/ACM Trans. Networking, Vol.7, include CSCW, groupware, human computer
No.3, pp.277–292 (June 1999). interaction and mobile computing. He has been
23) Boyce, J. and Gaglianello, R.: Packet Loss Ef- a chair of SIGGW, a chief editor of IPSJ Jour-
fects on MPEG Video Sent Over the Public In- nal, and an editor of IEICE Transactions. Dr.
ternet, Proc. 6th ACM international conference Okada received the IPSJ Best Paper Award in
on Multimedia, pp.181–190 (1998). 1995 and 2001 and the IPSJ 40th Anniversary
24) Sakaida, S., Iguchi, K., and Gohshi, S.: Paper Award in 2000.
AVC/H.264 Video Encoder for Mobile Digital
Terrestrial Broadcasting, NHK R&D, Vol.93,
pp.26–31 (2005).

(Received May 12, 2006)

(Accepted September 14, 2006)
(Released February 7, 2007)

683