Professional Documents
Culture Documents
Invited Paper
This paper provides a tutorial and survey of digital fin- track of a particular copy of the fingerprinted signal. The
gerprinting and video scrambling algorithms based on partial marks, also called the fingerprint payload, are usually em-
encryption. Necessary design tradeoffs for algorithm development bedded through the process of robust digital watermarking.
are highlighted for multicast communication environments. We
also propose a novel architecture for joint fingerprinting and In digital watermarking, subtle changes are imposed on
decryption that holds promise for a better compromise between the host signal such that the perceptual content of the host
practicality and security for emerging digital rights management remains the same, but the resulting composite watermarked
applications. signal can be passed through a detection algorithm that
Keywords—Digital fingerprinting tutorial, digital video en- reliably extracts the embedded payload. In contrast, video
cryption survey, joint fingerprinting and decryption (JFD), video encryption has the goal of obscuring the perceptual quality
scrambling. of the host signal such that access to the content is denied.
In comparison to traditional cryptographic algorithms, those
I. INTRODUCTION for video may often be “lightweight” in order to accommo-
date computational complexity restrictions; the term “video
This paper investigates multimedia security algorithms scrambling” is often used to refer to such processes.
that enable digital rights management (DRM) in resource The main objective of fingerprinting and encryption in
constrained communication applications. Our focus is on a DRM context is to protect video content from a set of
the video-on-demand (VoD) business model, in which sub- attacks applied by one or more attackers. We define an
scribers to a content-providing service request and receive attacker as any individual who attempts to use a given piece
video information at scheduled intervals. We consider situ- of content beyond the terms, if any, negotiated with the
ations in which on the order of hundreds or even thousands content provider. Common attacks on video data include
of users may wish near-simultaneous access to the same illegal access and tampering. Our work focuses on the
video content. Thus, for superior scalability the network problem of piracy, the illegal duplication and redistribution
service provider must transmit the content by making use of of content; we call such an attacker a pirate.
a multicast distribution model. Overall, the objectives of this paper are twofold:
We focus on the problems of video fingerprinting and
encryption. Fingerprinting, which was first introduced by 1) to present a state-of-the-art review and tutorial of
Wagner [1] in 1983, is the process of embedding a distinct the emerging areas of video fingerprinting and en-
set of marks into a given host signal to produce a set of cryption highlighting design challenges for multicast
fingerprinted signals that each “appear” identical for use, but environments;
have a slightly different bit representation from one another. 2) to propose the approach of joint fingerprinting and de-
These differences can ideally be exploited in order to keep cryption (JFD) to establish a better compromise be-
tween practicality and security for DRM applications.
Section II introduces some general security architectures
Manuscript received September 14, 2003; revised December 15, 2003. for video applications. Sections III and IV introduce and
D. Kundur is with the Department of Electrical Engineering, Texas
A&M University, College Station, TX 77843-3128 USA (e-mail: survey the areas of video fingerprinting and encryption,
deepa@ee.tamu.edu). respectively, demonstrating the necessary compromises
K. Karthik is with the Edward S. Rogers Sr. Dept. of Electrical and Com- for algorithm and system design. Section V proposes a
puter Engineering, University of Toronto, Toronto, ON M5S 3G4, Canada
(e-mail: karthik@comm.utoronto.ca). novel joint fingerprinting and encryption framework that
Digital Object Identifier 10.1109/JPROC.2004.827356 overcomes many of the obstacles of previous architectures;
KUNDUR AND KARTHIK: VIDEO FINGERPRINTING AND ENCRYPTION PRINCIPLES FOR DIGITAL RIGHTS MANAGEMENT 919
Fig. 1. Security models. (a) Transmitter-side fingerprint embedding. (b) Receiver-side fingerprint
embedding (decryption and fingerprinting are decoupled). (c) Proposed JFD.
III. VIDEO FINGERPRINTING represents the th user and is the set of all users at a
specific time in the media distribution system. A fingerprint
A. General Formulation
associated with user is a binary sequence of length
We consider a video server that distributes fingerprinted . The set of all fingerprints associated for the users in
copies of media to users for where is denoted with cardinality
and codeword length bits. The fingerprint codewords therefore, address several challenges that we discuss in the
are modulated, which involves the use of signal processing next sections.
strategies to form a signal , that can be
added imperceptibly to the host media with the help of human B. Fingerprinting Requirements
perception models. Fig. 2 shows the process of fingerprint
embedding. The modulated version of the fingerprint is 1) Fundamental Compromises: There is a basic tradeoff
often called a watermark in the research literature, which between fingerprint embedding and source coding. Com-
has a distinct objective from the copyright watermark pression attempts to remove redundancy and irrelevancy
previously discussed. For simplicity from now on our use for the purpose of reducing storage requirements while
of the term “watermark” unless otherwise specified will maintaining the perceptual fidelity of the media. In contrast,
apply to the modulated fingerprint and not . fingerprinting shapes the irrelevancy within the media
In this context, a pirate is a user who illegally signal to transparently communicate security codes
redistributes his/her copy of the distributed media either in along with the media. Thus, as first observed by Anderson
modified or unmodified form; an illegally distributed media and Petitcolas, if perfect compression existed, it would
is termed a pirated copy. In order to make sure that a pirated annihilate the process of fingerprinting [9]. The restricted
copy cannot be traced back to the pirate , he/she will try structure of compression algorithms and limited accuracy of
to cover any tracks by attempting to erase the associated fin- perceptual coding models, however, allows some irrelevant
gerprint or frame another user. It is also possible that a signal bandwidth to be used for fingerprinting. In general,
subset of pirates may combine different copies of the lower the required bit rate after compression, the smaller
their fingerprinted media to achieve their goal. This powerful the length of the fingerprint that can be robustly embedded.
attack is called collusion. Collusion is also possible when a Another set of compromises exists between fingerprint
single user requests different copies from the server under capacity, defined as the total number of unique fingerprints
different aliases (but this does not change the formulation of that can be embedded and successfully distinguished at the
the problem). Fig. 3 summarizes where the general collusion receiver, and robustness, which reflects the inability for one
attacks takes place in an overall media distribution system. or more pirates to erase or forge the fingerprint without
The server is responsible for secure video distribution, affecting the commercial quality of the video. In general,
which is achieved through a combination of compression and the smaller the required fingerprint capacity, the easier it
security processing that includes fingerprinting. The server is through the effective use of redundancy to make the
needs to balance efficiency of transmission and robustness embedding robust. In general, the fingerprint capacity must
of security without hindering the viewing experience of the ensure that all possible users can be serviced in the life cycle
users. of the distribution system.
Once the server transmits the secured media over the dis- Similarly, there is a tradeoff between perceptual quality
tribution channel, it is received by all users consisting of two and robustness (or capacity). Transparency requires that the
disjoint groups: the lawful users and the pirates. Lawful users fingerprint be embedded in either perceptually irrelevant
consume the media in the manner that was agreed upon. Pi- components such as high spatial frequencies or perceptually
rates tamper with the decrypted media, potentially collude in significant components with severely limiting amplitude.
order to remove any fingerprints or frame other user(s), and This is contradictory to the goals of robustness that aim
insert the pirated copy into illegal distribution channels. If, to ideally embed high-energy fingerprint watermarks in
at a later time, such a pirated copy is discovered, then it is perceptually significant components so that they cannot be
sent to the source (or a party working with the source) and easily removed [10].
the associated fingerprint(s) are detected in order to trace Thus, one arrives at a set of compromises that must be
the pirate(s). A fingerprinting scheme that consists of fin- resolved to design an effective media fingerprinting scheme.
gerprint generation, embedding, and detection stages must, To summarize, these include the ability to work with existing
KUNDUR AND KARTHIK: VIDEO FINGERPRINTING AND ENCRYPTION PRINCIPLES FOR DIGITAL RIGHTS MANAGEMENT 921
Fig. 3. Overview of video security, distribution, and piracy process. Fingerprinting consists of three
stages: fingerprint generation, fingerprint embedding, and fingerprint detection as highlighted with
bold boxes. We do not include copyright watermarking in this figure, which may be added prior to
encryption, for reasons of simplicity. The compression process is placed prior to fingerprinting for
practicality, although it may occur at other stages.
compression standards, robustness to signal processing and The final consideration must be that the superposition of
collusion-based attacks, capacity to handle unique detection the DRM architecture must not affect the end-to-end QoS
of all possible users in the life cycle of the VoD system, and of the distribution network.
perceptual quality. From the perspective of the ISP, bandwidth efficiency is
2) Practical Constraints: Other pragmatic issues involve of primary concern. Therefore, fingerprinting schemes in
restrictions on complexity, latency, quality of service (QoS) which the associated watermark is embedded at the source,
and bandwidth. For example, the server may receive hundreds as discussed in Section II-A, do not scale well as the number
of video requests within a short span of time, requiring of users grow. In contrast, more efficient architectures,
real-time algorithm complexity. Related to this concept is presented in Sections II-B and II-C, are more suitable.
hardware complexity that refers to computational resources, Another issue of importance to the ISP is the level of DRM
power, and memory utilization that must be minimal to processing required from intermediate nodes or routers
reduce implementation costs. Bandwidth consumption is an in the network. Ideally, an ISP would prefer to avoid the
additional concern for the content distributor, as Internet need for audit trails by using intermediate network nodes as
service provider (ISP) utilization costs may be nonnegligible. discussed in Section II-D. Such strategies for DRM are not
KUNDUR AND KARTHIK: VIDEO FINGERPRINTING AND ENCRYPTION PRINCIPLES FOR DIGITAL RIGHTS MANAGEMENT 923
2) Collusion: Many popular signal processing attacks on 3) Collusion-Resistant Fingerprinting Techniques: In
watermarks have been modeled as random noise [18] or as this section, we discuss three contributions that fall under
fading [17].1 These operations on the watermarked signal at- the class of algorithm-specific fingerprinting schemes. One
tempt to remove the watermark while maintaining perceptual of the first papers addressing collusion-resistant fingerprint
fidelity. The location or some other random characteristic of design was by Dittmann et al. [20]. Their objective is
the watermark, often called the watermark key, is used for to trace the exact subset of colluders from a total of
watermark generation and embedding and is unknown to the users when the number of colluders is equal to or below
attacker. This strategy, although not equivalent in security to a prespecified threshold number . In the same spirit as
cryptography, can provide basic protection for the embedded [1], [3], and [11], the authors assume that collusion occurs
data. Security, however, may be significantly compromised when the colluders compare distinctly fingerprinted signals,
if two or more copies of distinctly watermarked signals are identify all the locations that differ for at least one pair of
available to the attacker. In such a case, it is possible that colluders, and then modify or remove the fingerprint from
some portions of the watermark key, previously assumed to those positions of the media. Given this model, the task
be unknown to the attacker, can be easily estimated. As the of collusion-resistant design becomes one of embedding
number of distinctly watermarked copies increases, it may fingerprints such that there are common elements among any
be possible that a growing degree of information about the or fewer subsets of users so if any of these groups collude
watermark key becomes known until the overall system is to form , the common elements of their fingerprint (that
trivially broken. still remain in the media by assumption) identifies them.
Such an attack is called collusion. In collusion attacks, a Dittmann et al. demonstrated how judiciously developed
group of users compare their distinctly fingerprinted copies watermarks could be employed to achieve this task. For
to form another composite signal that either contains no fin- instance, for and , the goal is to identify one or
gerprint or frames an innocent user. We first focus on a pop- two colluders from an overall set of three system users. This
ular subclass of collusion attacks, called linear collusion that can be achieved by having a common watermark locations
works as follows: between each possible pair (since ) of users
for and a unique location for
(1) each user for . To design the collusion-resistant
watermark and its locations for each user, the authors of
[20] make use of the concept of finite geometries and
where is the colluded (or composite) copy projective spaces. For the case of and , this in-
and is the fingerprinted copy of the video received by the volves finding three intersecting lines in a two-dimensional
th user. It is possible that the originally fingerprinted copy projective space (in this case, a plane). Every point in
at the source of user (which we denote ) has undergone the projective spaces pseudorandomly maps to a location
some small incidental distortions to produce which is not in the media. The intersecting points of any two lines in
exactly the same as . the projective space represents the common watermark
In (1) it is clear that has elements of all fingerprinted locations of a pair of users that identifies the colluding pair.
copies of the colluders. It is possible, depending on the fin- The method is extended for general values of and in
gerprint generation, embedding, and detection stages, that which higher dimensional projective spaces are used. The
one or more of the colluders can be identified from . In- main challenge with this approach is that a large number
tuitively, the fingerprinted copy of the user corresponding to of fingerprint marking locations are necessary for large .
the largest value of has the most influence on and, Thus, the scheme does not scale easily when involving short
hence, may be more easily identified from . In many for- host video clips with fewer possible embedding locations.
mulations of collusion, is employed as a condition Trappe et al. [5] investigate orthogonal and code division
of fairness among the colluders to equalize the probability multiple access (CDMA)-type modulation scenarios for
that any of them are caught. Research on linear collusion for fingerprinting in the presence of collusion. In orthogonal
spread spectrum watermarking approaches of fingerprinting modulation, each user is assigned a fingerprint that is
has been conducted and demonstrates how this attack is pow- orthogonal to all other fingerprints embedded in the signal;
erful when the correlation between watermarks is small and the fingerprint may be a pseudorandom noise (pn) sequence.
the number of colluders is large [18]. Detection ideally requires the correlation of the received
General collusion attacks can be more deceptive and in- signal with all possible fingerprints where the highest
corporate the various fingerprinted video in a nonlinear correlation result identifies the embedded fingerprint. Thus,
fashion by, for example, taking the minimum, maximum, or detection complexity scales linearly with the number of
median value of pixels in a given video stream location [19]. users in the system. Trappe et al. [5] show that the computa-
The only constraints on the pirate is that the be percep- tional cost can be reduced at some expense of performance
tually identical to the family of fingerprinted signals , and with coded modulation. Here, CDMA-type modulation
that the attack be computationally feasible. This means that is used in which every user has the same pn sequence
the cost of the attack to the pirate is lower than the value of that is modulated using a unique (for each user) binary
the video content. code that are generated to be collusion-resistant using the
1The reader should note that we are not including geometric or protocol theory of balanced incomplete block designs (BIBD) and
attacks among others in our discussion. the resulting fingerprints are termed anticollusion codes
KUNDUR AND KARTHIK: VIDEO FINGERPRINTING AND ENCRYPTION PRINCIPLES FOR DIGITAL RIGHTS MANAGEMENT 925
Fig. 5. Video encryption by coefficient and sign scrambling.
the bit rate of should ideally be much smaller approach to integrating transcoding with encryption requires
than the bit rate of the after the first stage of a complete decryption of the video content, then standard
compression. transcoding, and finally reencryption. Chang et al. [26]
2) The security in a video watermarking context is and Wee and Apostolopoulos [27] propose subdividing the
related, in part, to visual quality. Thus, the EF–NEF video content into multiple components, each independently
partitioning should guarantee that the “visual quality” encrypted such that the transcoder can judiciously drop
of the encrypted video is highly dissimilar to the some of the encrypted components without processing them
plaintext. That is, should contain most of the and yet not affecting the decryption of the remaining ones.
perceptually critical content of . In some applica- Finally, the influence of encryption on the video compres-
tions, only the commercial quality of the signal needs sion rate must be minimal. For overall efficiency, encryption
to be degraded by scrambling allowing some of the and compression are often integrated as discussed in Fig. 4
original content through. where compression is broken up into two stages. Attempts
3) It should not be possible for an attacker to estimate of compression at Stage II (after the encryption) are often in-
the EF from the NEF. Otherwise, it may be possible to effective because the scrambling increases entropy such that
obtain , an estimate of from and then further compression has diminishing returns. Thus, the com-
use and in a traditional cryptographic pression stages should be designed such that much informa-
known-plaintext attack. tion reduction occurs in Stage I while leaving the data in a
4) If the compression stages are based on a coding stan- form where and with encryption-friendly char-
dard, then the and components must be acteristics can be easily separated and processed accordingly.
easily accessible elements related to the compression
process, such as discrete cosine transform (DCT) co- C. Existing Partial Encryption Approaches
efficients in the case of MPEG-2. Many of the techniques for partial encryption are proposed
for efficient MPEG encryption. Therefore, intermediate
B. Practical Considerations for a Video Encryption Scheme signal elements related to the MPEG standards, such as the
In addition to the complexity and partial encryption DCT or discrete wavelet transform (DWT) coefficients, are
considerations of the previous sections, we highlight other convenient to use as and .
practical requirements in video encryption design. Com- 1) Coefficient Scrambling: The coefficient scrambling
munication latency, which refers to the time lag between class of methods encrypts some property of the video signal
the source of communication and its destination, must be such as the overall value, position or sign of its DCT or DWT
minimized. This is a more serious issue if the encrypted coefficients (depending on the codec used for compression).
transmission has to be done in real time for applications As Fig. 5 demonstrates, the scrambling occurs either imme-
such as video conferencing as opposed to VoD; however, diately before or after quantization. The advantages include
severe latency is a problem for, say, live Web broadcasts. low computational complexity and easy integration with
Friedman [25] demonstrates through simulations that using compression. The primary disadvantage is that this approach
the IP Sec protocol with encryption and authentication using is not necessarily secure if simple shuffling procedures are
3DES and SHA-1, respectively, for securing real-time voice used to obscure the coefficients.
communications introduced an end-to-end delay of 1.2 ms; In [28] Tang proposes a DCT shuffling scheme for
the associated delays for video would be unacceptable. compatibility with JPEG or MPEG-2, in which the DCT
In addition, transcodability must be possible if customers coefficients within each 8 8 block are permuted using a
in a VoD system have different QoS constraints. Transcoding secret key. Zigzag scanning has the same computation order
is the process of converting directly from one video format as shuffling, so no computational security overhead over
to another with often lower quality requirements to facilitate compression is incurred. The scheme, although simple to
content distribution to users with varying bandwidths. implement, changes the statistical (run length) property of
Practically, transcoders can be found at video gateways the DCT coefficients, making it less susceptible to entropy
that connect fast networks to slow ones. A straightforward coding and, therefore, increases the bit rate of the encrypted
KUNDUR AND KARTHIK: VIDEO FINGERPRINTING AND ENCRYPTION PRINCIPLES FOR DIGITAL RIGHTS MANAGEMENT 927
Fig. 6. Overview of the JFD architecture.
result is slightly different for each user. In their implementa- the secrecy comes primarily from the process of confusion
tion for raw audio streams, Anderson and Manifavas adapt [35]. We define the fingerprint payload capacity, which is the
a block cipher for encryption in output feedback mode to maximum length of the fingerprint that can be embedded in
operate on raw audio pulse code modulation bits and ensure a given media object, as
that the least significant bits of the plaintext audio alone
are changed when the content is decrypted with a user’s (2)
decryption key. This guarantees that the fingerprint does
not result in perceptual degradation. Some of the challenges where , , and are the entropy
involving chameleon ciphers include robustness of the of the encryption key, the mutual information between the
fingerprint due to its LSB nature, the large key size that is encryption and decryption keys, and the conditional entropy
inappropriate for multicast scenarios, the assumption that of the encryption key given the decryption key, respectively.
the media signal is in raw format rather than in compressed Since the fingerprint embedding is done within the decryp-
form, and its vulnerability to collusion. It is shown through tion framework, the perceptual quality of the fingerprinted
simulations that five or more users can produce a plaintext frame can be described as a function of the correlation be-
that cannot be traced by using a bit-wise majority voting to tween and . The mutual information is a
erase the watermark from the LSBs. function of the correlation between the keys, which in turn
More recently, a scheme by Parvianen and Parnes [34] has affects the perceptual quality of the decrypted/fingerprinted
been proposed in which the authors also adapt a stream ci- image given our encryption structure. Intuitively one can say
pher such that different users equipped with long and distinct that the higher the correlation, the smaller the perceptual
decryption keys receive fingerprinted copies of the plaintext. degradation. However, it is also clear that the larger the value
Their algorithm allows the use of more general fingerprinting of due to the increased correlation, the lower the
techniques because the process of embedding occurs sepa- fingerprint payload capacity . Thus, (2) illustrates the in-
rately from encryption at the source, but in such a way that the herent tradeoff between fingerprint payload capacity and per-
bandwidth usage is at most doubled over that of normal mul- ceptual quality as a byproduct of combining watermarking
ticast. Analysis is provided to demonstrate that if colluders and decryption.
represent small fractions of the overall users in the system,
C. Design Challenges
the detection likelihood of traitors is high.
Many interesting challenges arise in the JFD framework
B. JFD Architecture owing to the merging of the two seemingly orthogonal
processes of watermarking and encryption. Traditional
The source extracts the perceptually relevant features fingerprinting leaves a triangular tradeoff among robustness,
from the multimedia content and selectively encrypts imperceptibility, and capacity. However, the JFD framework
them with as shown in Fig. 6. Based on this model, has an additional fourth element of secrecy defined as the
the source multicasts the encrypted content to strength of an encryption. Our focus in this paper is on
users. Each receiver upon subscription receives a decryption issues related to fingerprint design within a JFD framework,
key from the source. The decryption key set denoted so we do not discuss security extensively in the remainder
is designed jointly with the of this section, which is the topic of another paper.
source key set so that an imperceptible and indelible 1) Imperceptibility Versus Secrecy: Imperceptibility of
fingerprint is embedded in the content after decryption. The the fingerprint after decryption with is necessary to
reader should note that although we require , we ensure that users with valid decryption keys are able to de-
do not employ asymmetric encryption. The key asymmetry, crypt the content properly without degrading the perceptual
as it will become clear, stems from the necessity of jointly quality. Given a key , which need not be in the key space
decryption and fingerprint embedding. (since may not be a legitimate decryption key, but
For user , the fingerprint information is essentially con- the result of collusion), two necessary conditions for the
tained in the asymmetric key pair out of which asymmetric fingerprinting scheme are
the th receiver has access only to the decryption key
and the encrypted content . The receivers do if then
not have knowledge of . The fingerprint is a function of for (3)
the correlation between the encryption and decryption keys.
else if then
We assume the encryption and decryption keys are correlated
random variables and an encryption and decryption structure for (4)
with limited diffusion capability is employed; the source of with high probability
KUNDUR AND KARTHIK: VIDEO FINGERPRINTING AND ENCRYPTION PRINCIPLES FOR DIGITAL RIGHTS MANAGEMENT 929
Fig. 7. Overview of fingerprint embedding through subset scrambling.
fingerprints can be embedded. But as the number of col- and an autocorrelation vector,
luders increases in an orthogonal fingerprinting scheme, the , . is the average number of
false positive and the false negative rates increase, mainly coefficients in each subset. If , then we declare that
because the distinguishing features between the fingerprints the subset is encrypted and the corresponding video frame
assume negligible amplitude when the copies are averaged. component is marked as “1”; otherwise, it is marked as “0.”
If we introduce some “common” elements among subsets The locations of the ones in the string constitute the finger-
of colluders, then these elements are likely to be preserved print, which is compared with the entries in the database to
with a higher probability. However, there is a sacrifice in identify potential colluders. The threshold is a function of the
resolution for reliable detection. This lays the foundation design parameters , , and can be adjusted experimen-
for a group-based fingerprinting scheme by introducing a tally to balance the false positive and false negative rates.
two-level hierarchical structure to fingerprinting. Thus, in For a 256 256 grayscale Lena image, we set the
the present scheme, the fingerprint has two components, the parameters to be , , . The corre-
group ID and the user ID. sponding PSNR values of the encrypted and fingerprinted
2) Fingerprint Detection and Simulation Results: Each images were found to be dB and dB,
fingerprint resulting from partial decryption has a unique respectively. We set these as the lower and upper bounds
sign bit signature. Fingerprint detection is carried out by for obscurity (or secrecy) and imperceptibility respectively
correlating the subsets in the retrieved copy with a list of ref- (better bounds can be obtained experimentally by averaging
erence signatures. Let be the sign the PSNR values over an ensemble of images with different
signatures of the subsets in the encrypted frame and textures). Fig. 8 shows the original, scrambled, and finger-
be the retrieved copy from which the colluders (if any) printed images. Our intent is only to obscure the commercial
have to be detected. In a similar fashion, we create a sign ma- quality of the video.
trix from , where . Table 1 illustrates the tradeoff between imperceptibility
We then form the correlation matrix PSNR , robustness, and payload ( ). A JPEG
KUNDUR AND KARTHIK: VIDEO FINGERPRINTING AND ENCRYPTION PRINCIPLES FOR DIGITAL RIGHTS MANAGEMENT 931
[25] A. Friedman, “Wireless and mobile communication: A real time se- Deepa Kundur (Senior Member, IEEE) was
curity solution over wireless IP,” Fortress Technol., White Paper, born in Toronto, ON, Canada. She received the
1999. B.A.Sc., M.A.Sc., and Ph.D. degrees in electrical
[26] Y. Chang, R. Han, C. Li, and J. Smith, “Secure transcoding of in- and computer engineering in 1993, 1995, and
ternet content,” in Proc. Int. Workshop Intelligent Multimedia Com- 1999, respectively, at the University of Toronto,
puting and Networking (IMMCN), 2002, pp. 940–943. Toronto.
[27] S. J. Wee and J. G. Apostolopoulos, “Secure scalable streaming en- From 1999 to 2002, she was an Assistant
abling transcoding without decryption,” in Proc. IEEE Int. Conf. Professor in the Edward S. Rogers Sr. Depart-
Image Processing, vol. 1, 2001, pp. 437–440. ment of Electrical and Computer Engineering,
[28] L.Lei Tang, “Methods for encrypting and decrypting MPEG video University of Toronto, where she held the title of
data efficiently,” in Proc. 4th ACM Int. Conf. Multimedia, 1996, pp. Bell Canada Junior Chair-holder in Multimedia.
219–229. In 2003, she joined the Electrical Engineering Department at Texas A&M
[29] C. Shi and B. Bhargava, “A fast MPEG video encryption algorithm,” University, College Station, where she is a member of the Wireless Com-
in Proc. 6th ACM Int. Multimedia Conf., 1998, pp. 81–88. munications Laboratory and holds the position of Assistant Professor. She
[30] I. Agi and L. Gong, “An empirical study of secure MPEG video is the author of over 60 papers. Her research interests include multimedia
transmissions,” in Proc. Internet Society Symp. Network and Dis- and network security, video cryptography, sensor network security, data
tributed System Security, 1996, pp. 137–144. hiding and steganography, covert communications, and nonlinear and
[31] L. Qiao and K. Nahrstedt, “Comparison of MPEG encryption algo- adaptive information processing algorithms.
rithms,” Comput. Graph., vol. 22, no. 4, pp. 437–448, 1998. Dr. Kundur is the recipient of several awards, including the 2002 Gordon
[32] J. M. Shapiro, “Embedded image coding using zerotrees of wavelet Slemon Teaching of Design Award. She has been on numerous technical
coefficients,” IEEE Trans. Acoust., Speech, Signal Processing, vol. program committees and has given over 30 talks in the area of digital rights
management, including tutorials at ICME 2003 and Globecom 2003.
41, pp. 3445–3462, Dec. 1993.
[33] R. Anderson and C. Manifavas, “Chameleon—A new kind of stream
cipher,” in Lecture Notes in Computer Science, Fast Software En-
cryption, E. Biham, Ed. Heidelberg, Germany: Springer-Verlag, Kannan Karthik (Student Member, IEEE)
1997, pp. 107–113. received the B.E degree in electrical engineering
[34] R. Parnes and R. Parviainen, “Large scale distributed watermarking from Bombay University in 1998 and the M.Eng
of multicast media through encryption,” in Proc. IFIP Int. Conf. degree in Power Electronics and Controls from
Communications and Multimedia Security Issues of the New Cen- Memorial University of Newfoundland, St.
tury, 2001, p. 17. John’s, Canada in 2001. He is currently working
[35] C. E. Shannon, “Communication theory of secrecy systems,” Bell toward the Ph.D degree in Multimedia Security
Syst. Tech. J., vol. 28, pp. 656–715, Oct. 1949. at the University of Toronto, ON, Canada.
His research interests include multimedia secu-
rity, video watermarking and cryptography, and
statistical signal processing.