1、 International Telecommunication Union ITU-T X.1192TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2011) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services IPTV security Functional requirements and mechanisms for the secure transcoding of IPTV Recom
2、mendation ITU-T X.1192 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYST
3、EM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SEC
4、URE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199CYBERSPACE SECURITY
5、Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/stat
6、e exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. Re
7、c. ITU-T X.1192 (05/2011) i Recommendation ITU-T X.1192 Functional requirements and mechanisms for the secure transcoding of IPTV Summary Recommendation ITU-T X.1192 deals with the functional requirements, architecture, and mechanisms that pertain to the security of transcoding protected IPTV conten
8、t. Generic security of IPTV content is not discussed in this Recommendation. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1192 2011-05-29 17 Keywords Secure transcoding. ii Rec. ITU-T X.1192 (05/2011) FOREWORD The International Telecommunication Union (ITU) is the United Nations s
9、pecialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on th
10、em with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-
11、T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used
12、 for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the
13、Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of a
14、ny party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Prop
15、erty Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implem
16、enters are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written
17、 permission of ITU. Rec. ITU-T X.1192 (05/2011) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation . 3 4 Abbreviations and acronyms 4 5 Conventions 4 6 Overview 5 6.1 Transcoding 5 6.2 General transcoding archit
18、ecture with protection . 6 7 Security threats . 7 7.1 General security threats 7 7.2 Security threats in transcoding . 8 8 Security requirements for the secure transcoding of protected content 9 8.1 General security requirements 9 8.2 Security requirements for secure transcoding 10 9 Secure transcod
19、able mechanism . 11 9.1 Overview of the secure transcodable mechanism 11 9.2 Security components of the secure transcodable mechanism . 11 Appendix I Reference points for secure transcoding in IPTV 22 I.1 Transcoding reference points . 22 I.2 Types of transcoders . 23 I.3 Security requirements for t
20、he transcoding reference points . 23 Rec. ITU-T X.1192 (05/2011) 1 Recommendation ITU-T X.1192 Functional requirements and mechanisms for the secure transcoding of IPTV 1 Scope This Recommendation deals with the functional requirements, architecture, and mechanisms that pertain to the security of tr
21、anscoding protected IPTV content. Generic security of IPTV content is not discussed in this Recommendation. In particular, since unprotected IPTV content can be open to any user, the security of transcoding unprotected IPTV content is not discussed in this Recommendation. 2 References The following
22、ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommenda
23、tion are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give
24、it, as a stand-alone document, the status of a Recommendation. ITU-T H.234 Recommendation ITU-T H.234 (2002), Encryption key management and authentication system for audiovisual services. ITU-T H.235.6 Recommendation ITU-T H.235.6 (2005), H.323 security: Voice encryption profile with native H.235/H.
25、245 key management. ITU-T H.264 Recommendation ITU-T H.264 (2007), Advanced video coding for generic audiovisual services. ITU-T X.800 Recommendation ITU-T X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ITU-T T.807 Recommendation ITU-T T.807 (2006) | ISO
26、/IEC 15444-8:2007, Information technology JPEG 2000 image coding system: Secure JPEG 2000. ITU-T X.1191 Recommendation ITU-T X.1191 (2009), Functional requirements and architecture for IPTV security aspects. ITU-T Y.1910 Recommendation ITU-T X.1910 (2008), IPTV functional architecture. ISO/IEC 14496
27、-2 ISO/IEC 14496-2:2004, Information technology Coding of audiovisual objects Part 2: Visual. 2 Rec. ITU-T X.1192 (05/2011) 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 base layer ITU-T H.264: A bitstream subset that contains all the
28、 NAL units with the nal_unit_type syntax element equal to 1 and 5 of the bitstream and does not contain any NAL unit with the nal_unit_type syntax element equal to 14, 15, or 20 and conforms to one or more of the profiles specified in Annex A of ITU-T H.264. 3.1.2 bitstream ITU-T H.264: A sequence o
29、f bits that forms the representation of coded pictures and associated data forming one or more coded video sequences. Bitstream is a collective term used to refer either to a NAL unit stream or a byte stream. 3.1.3 content protection ITU-T X.1191: Ensuring that an end user can only use the content h
30、e/she already acquired in accordance with the rights granted to him/her by the rights holder; content protection involves protecting contents from illegal copying and distribution, interception, tampering, unauthorized use, etc. 3.1.4 decoder ITU-T H.264: An embodiment of a decoding process. 3.1.5 e
31、ncoder ITU-T H.264: An embodiment of an encoding process. 3.1.6 instantaneous decoding refresh (IDR) picture: A coded picture in which all slices are I or SI slices that causes the decoding process to mark all reference pictures as “unused for reference“ immediately after decoding the IDR picture. A
32、fter the decoding of an IDR picture all following coded pictures in decoding order can be decoded without inter prediction from any picture decoded prior to the IDR picture. The first picture of each coded video sequence is an IDR picture. 3.1.7 intra prediction ITU-T H.264: A prediction derived fro
33、m the decoded samples of the same decoded slice. 3.1.8 layer ITU-T H.264: One of a set of syntactical structures in a non-branching hierarchical relationship. Higher layers contain lower layers. The coding layers are the coded video sequence, picture, slice, and macroblock layers. 3.1.9 motion vecto
34、r ITU-T H.264: A two-dimensional vector used for inter prediction that provides an offset from the coordinates in the decoded picture to the coordinates in a reference picture. 3.1.10 NAL unit ITU-T H.264: A syntax structure containing an indication of the type of data to follow and bytes containing
35、 that data in the form of an RBSP interspersed as necessary with emulation prevention bytes. 3.1.11 picture parameter set ITU-T H.264: A syntax structure containing syntax elements that apply to zero or more entire coded pictures as determined by the pic_parameter_set_id syntax element found in each
36、 slice header. 3.1.12 residual ITU-T H.264: The decoded difference between a prediction of a sample or data element and its decoded value. 3.1.13 secure transcodable scheme ITU-T X.1191: A kind of a security scheme enabling the intermediate network node to perform the transcoding without decryption
37、while preserving an end-to-end security; this scheme can be executed by combining scalable coding, progressive encryption, and packetizing. The secure transcodable scheme can provide both the confidentiality and message integrity/authentication. Rec. ITU-T X.1192 (05/2011) 3 3.1.14 sequence paramete
38、r set ITU-T H.264: A syntax structure containing syntax elements that apply to zero or more entire coded video sequences as determined by the content of a seq_parameter_set_id syntax element found in the picture parameter set referred to by the pic_parameter_set_id syntax element found in each slice
39、 header. 3.1.15 service protection ITU-T X.1191: Ensuring that an end user can only acquire a service and the content hosted therein by extension as what he/she is entitled to receive; service protection includes protecting service from unauthorized access as IPTV contents traverse through the IPTV
40、service connections. 3.1.16 service and content protection ITU-T X.1191: A combination of service protection and content protection or the system or implementation thereof. 3.1.17 transcoding ITU-T X.1191: Process of transforming multimedia content such as images, text, audio, and video from the ori
41、ginal format to a different format or quality. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 entropy coding: Lossless data compression scheme that is independent of the specific characteristics of the medium. One of the main types of entropy coding c
42、reates and assigns a unique prefix code to each unique symbol that occurs in the input. The entropy encoders then compress data by replacing each fixed-length input symbol with the corresponding variable-length prefix codeword. 3.2.2 entropy decoding: Inverse process of entropy coding. 3.2.3 hybrid-
43、type selective encryption: Combination of post-compression and in-compression selective encryption. In this approach, selective encryption is carried out at two points, during and after encoding, for better content security. 3.2.4 in-compression selective encryption: Selective encryption performed d
44、uring the encoding process. 3.2.5 intra-prediction mode: Direction mode of intra-prediction. 3.2.6 inverse quantization: Inverse process of quantization. 3.2.7 inverse transformation: Inverse process of transformation. 3.2.8 motion vector difference (MVD): Difference between a previous motion vector
45、 and a current motion vector. 3.2.9 perceptual security: Security technique for measuring the visual degradation of a ciphered image (or video) with respect to its plain image (or video). It assumes that the ciphered image (or video) can be decoded without decryption. 3.2.10 post-compression selecti
46、ve encryption: Selective encryption performed after encoding. 3.2.11 prediction: Use of a predictor to provide an estimate of the sample value or data element currently being encoded. 3.2.12 predictor: Combination of specified values or previously encoded sample values or data elements used in the e
47、ncoding process of subsequent sample values or data elements. 3.2.13 quantization: Loose compression technique applied by compressing a range of values to a single quantum value. When the number of discrete symbols in a given stream is reduced, the stream becomes more compressible. 3.2.14 texture si
48、gn: Sign of residual data generated by the intra-prediction process. 4 Rec. ITU-T X.1192 (05/2011) 3.2.15 transformation: Scalar quantity considered to be in a frequency domain associated with a particular one-dimensional or two-dimensional frequency index in a transform part of the encoding process
49、. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: AAA Authentication, Authorization, and Accounting FGS Fine Granularity Scalability HSE Hybrid-type Selective Encryption IDR Instantaneous Decoding Refresh IPM Intra-Prediction Mode ISF In-compression Selective Encryption LAN Local Area Network MPEG Moving Picture Experts Group MVD Motion Vector Difference NAL Network Abstract Layer P2P Peer-to-Peer PPS Picture Parameter Set PSE Post-compr
