skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


This content will become publicly available on March 31, 2026

Title: Secure the Stream, Not the Hosts: Attribute-Based Encryption for DRM Enabled Video Streaming
This paper presents an alternate method for encrypting video streams using attribute-based encryption, focusing on securing the data rather than the connection between streaming endpoints. This shift allows video segments to be encrypted once at the source and cached anywhere, removing the need for per-client encryption and decryption at intermediate caches. Access can be restricted or revoked by disabling users’ private keys instead of re-encrypting the entire video stream. The approach also removes the need for decryption and re-encryption at caches, since encrypted content can be stored directly. The work introduces ABEVS, a framework that applies attribute-based encryption to DRM-enabled video streaming. ABE is integrated into a DASH-based streaming client, and video content is encrypted and distributed through intermediate caches. The system is evaluated on CloudLab. Results show that the approach reduces computational load on caches and has minimal impact on cache hit rate and video quality compared to HTTPS-based streaming.  more » « less
Award ID(s):
2430341 2126148 2019012 1901137 2106463
PAR ID:
10647723
Author(s) / Creator(s):
 ;  ;  
Publisher / Repository:
ACM
Date Published:
Page Range / eLocation ID:
190 to 200
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, ACM)
    This work aims to enable efficient digital rights management for volumetric video by introducing attribute-based selective coordinate encryption for point clouds. The method encrypts only a subset of coordinates to reduce computation and latency while maintaining security. Selective encryption makes point cloud frames distorted enough to block meaningful unauthorized viewing while still allowing basic visibility. The framework allows variation in the amount and type of encrypted coordinates (X, Y, Z, or combinations). Visual degradation is measured using standard point cloud quality metrics. Results show that encrypting only X coordinates reduces encryption time by 37% and decryption time by 46% compared to full encryption. Encrypting X and Y reduces these times by 20% and 36% while still degrading visual quality. Attribute-Based Encryption allows protected content to be cached and distributed without re-encryption, which reduces computation and latency. The current evaluation covers individual frames. Future work will cover full volumetric video streams and analyze caching gains during streaming with Attribute-Based Encryption. 
    more » « less
  2. ; ; ; (, EUROCRYPT 2023)
    Attribute-based encryption (ABE) generalizes public-key encryption and enables fine-grained control to encrypted data. However, ABE upends the traditional trust model of public-key encryption by requiring a single trusted authority to issue decryption keys. If an adversary compromises the central authority and exfiltrates its secret key, then the adversary can decrypt every ciphertext in the system. This work introduces registered ABE, a primitive that allows users to generate secret keys on their own and then register the associated public key with a “key curator” along with their attributes. The key curator aggregates the public keys from the different users into a single compact master public key. To decrypt, users occasionally need to obtain helper decryption keys from the key curator which they combine with their own secret keys. We require that the size of the aggregated public key, the helper decryption keys, the ciphertexts, as well as the encryption/decryption times to be polylogarithmic in the number of registered users. Moreover, the key curator is entirely transparent and maintains no secrets. Registered ABE generalizes the notion of registration-based encryption (RBE) introduced by Garg et al. (TCC 2018), who focused on the simpler setting of identity-based encryption. We construct a registered ABE scheme that supports an a priori bounded number of users and policies that can be described by a linear secret sharing scheme (e.g., monotone Boolean formulas) from assumptions on composite-order pairing groups. Our approach deviates sharply from previous techniques for constructing RBE and only makes black-box use of cryptography. All existing RBE constructions (a weaker notion than registered ABE) rely on heavy non-black-box techniques. The encryption and decryption costs of our construction are comparable to those of vanilla pairing-based ABE. Two limitations of our scheme are that it requires a structured reference string whose size scales quadratically with the number of users (and linearly with the size of the attribute universe) and the running time of registration scales linearly with the number of users. Finally, as a feasibility result, we construct a registered ABE scheme that supports general policies and an arbitrary number of users from indistinguishability obfuscation and somewhere statistically binding hash functions. 
    more » « less
  3. ; ; ; (, Advances in neural information processing systems)
    Homomorphic Encryption (HE) based secure Neural Networks(NNs) inference is one of the most promising security solutions to emerging Machine Learning as a Service (MLaaS). In the HE-based MLaaS setting, a client encrypts the sensitive data, and uploads the encrypted data to the server that directly processes the encrypted data without decryption, and returns the encrypted result to the client. The clients' data privacy is preserved since only the client has the private key. Existing HE-enabled Neural Networks (HENNs), however, suffer from heavy computational overheads. The state-of-the-art HENNs adopt ciphertext packing techniques to reduce homomorphic multiplications by packing multiple messages into one single ciphertext. Nevertheless, rotations are required in these HENNs to implement the sum of the elements within the same ciphertext. We observed that HENNs have to pay significant computing overhead on rotations, and each of rotations is ∼10× more expensive than homomorphic multiplications between ciphertext and plaintext. So the massive rotations have become a primary obstacle of efficient HENNs. In this paper, we propose a fast, frequency-domain deep neural network called Falcon, for fast inferences on encrypted data. Falcon includes a fast Homomorphic Discrete Fourier Transform (HDFT) using block-circulant matrices to homomorphically support spectral operations. We also propose several efficient methods to reduce inference latency, including Homomorphic Spectral Convolution and Homomorphic Spectral Fully Connected operations by combing the batched HE and block-circulant matrices. Our experimental results show Falcon achieves the state-of-the-art inference accuracy and reduces the inference latency by 45.45%∼85.34% over prior HENNs on MNIST and CIFAR-10. 
    more » « less
  4. ; ; (, IACR International Conference on Public-Key Cryptography – PKC 2023)
    Boldyreva, Alexandra; Kolesnikov, Vladimir (Ed.)
    Updatable Encryption (UE) and Proxy Re-encryption (PRE) allow re-encrypting a ciphertext from one key to another in the symmetric-key and public-key settings, respectively, without decryption. A longstanding open question has been the following: do unidirectional UE and PRE schemes (where ciphertext re-encryption is permitted in only one direction) necessarily require stronger/more structured assumptions as compared to their bidirectional counterparts? Known constructions of UE and PRE seem to exemplify this “gap” – while bidirectional schemes can be realized as relatively simple extensions of public-key encryption from standard assumptions such as DDH or LWE, unidirectional schemes typically rely on stronger assumptions such as FHE or indistinguishability obfuscation (iO), or highly structured cryptographic tools such as bilinear maps or lattice trapdoors. In this paper, we bridge this gap by showing the first feasibility results for realizing unidirectional UE and PRE from a new generic primitive that we call Key and Plaintext Homomorphic Encryption (KPHE) – a public-key encryption scheme that supports additive homomorphisms on its plaintext and key spaces simultaneously. We show that KPHE can be instantiated from DDH. This yields the first constructions of unidirectional UE and PRE from DDH. Our constructions achieve the strongest notions of post-compromise security in the standard model. Our UE schemes also achieve “backwards-leak directionality” of key updates (a notion we discuss is equivalent, from a security perspective, to that of unidirectionality with no-key updates). Our results establish (somewhat surprisingly) that unidirectional UE and PRE schemes satisfying such strong security notions do not, in fact, require stronger/more structured cryptographic assumptions as compared to bidirectional schemes. 
    more » « less
  5. ; ; (, International Journal of Semantic Computing)
    With live video streaming becoming accessible in various applications on all client platforms, it is imperative to create a seamless and efficient distribution system that is flexible enough to choose from multiple Internet architectures best suited for video streaming (live, on-demand, AR). In this paper, we highlight the benefits of such a hybrid system for live video streaming as well as present a detailed analysis with the goal to provide a high quality of experience (QoE) for the viewer. For our hybrid architecture, video streaming is supported simultaneously over TCP/IP and Named Data Networking (NDN)-based architecture via operating system and networking virtualization techniques to design a flexible system that utilizes the benefits of these varying Internet architectures. Also, to relieve users from the burden of installing a new protocol stack (in the case of NDN) on their devices, we developed a lightweight solution in the form of a container that includes the network stack as well as the streaming application. At the client, the required Internet architecture (TCP/IP versus NDN) can be selected in a transparent and adaptive manner. Based on a prototype, we have designed and implemented maintaining efficient use of network resources, we demonstrate that in the case of live streaming, NDN achieves better QoE per client than IP and can also utilize higher than allocated bandwidth through in-network caching. Even without caching, as opposed to IP-only, our hybrid setup achieves better average bitrate and better perceived visual quality (computed via VMAF metric) over live video streaming services. Furthermore, we present detailed analysis on ways adaptive video streaming with NDN can be further improved with respect to QoE. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email