This document proposes a method for preserving privacy in video surveillance by scrambling regions of interest (ROIs) in video sequences. It discusses scrambling quantized DCT or DWT coefficients in compressed video to conceal information in ROIs while maintaining understanding of the overall scene. The scrambling is flexible and reversible with a private key, has low computational complexity, and introduces minimal impact on video coding performance. Previous approaches are also summarized.
2. Abstract
— Problem:
Preserving privacy in video surveillance
— Solution:
Scrambling regions of interest (ROI) in a video
sequence.
— Implementation:
efficient solution based on transform-domain
scrambling
3. Abstract
— Real life:
— MPEG-4
— Motion JPEG 2000
— Results:
— Conceal information in ROI in the scene while
providing with a good level of security
— Scrambling is flexible – distortion can be adjusted
— Small impact on coding performance and
negligible computational complexity increase.
4. Motivation
— Video surveillance systems are becoming ubiquitous.
— Strategic places
— Airports
— Banks
— Public transportation
— Busy city centers.
— Increase security but fear the loss of privacy
— à slowing down the deployment of video surveillance.
5. George Orwell
Big brother: “While tens of millions in government
funding have been spent on research improving video
surveillance, virtually none has been invested in
technologies to enhance privacy or effectively balance
privacy and security”
11. Blinkering Surveillance: Enabling
Video Privacy through Computer Vision. IBM Technical
— Approach
— OO representation of the scene
— Re-render frames based on ACL
— Technology
— Privacy console that manages different versions of the
video data based on ACL.
— Privacy Cam - smart camera produces a video stream
with the privacy-intrusive information already removed.
12. “The networked
sensor tapestry (NeST): a privacy enhanced software
architecture for interactive analysis of data in video-sensor
networks
— Networked Sensor Tapestry (NeST)
Test-bed under development
— Secure sharing
— Capture
— Distributing
— Archiving
— Architecture
— Centralized server
— Mobile hardware clients (TinyOS)
— Layered XML messaging schema
13. “The networked
sensor tapestry (NeST): a privacy enhanced software
architecture for interactive analysis of data in video-sensor
networks
— Main concepts:
— privacy buffer
— privacy filters
— privacy grammar
— The utility of the architecture
— variety of hardware/software clients
— remote sensor interface device
— software modules for sensor data
— data visualization, sensor control
— data archival applications
14. Preserving Privacy by De-identifying Facial Images
— Algorithm to protect the privacy by de-identifying
faces
— Old approaches
— Blacking out each face
— covering eyes
— randomly perturbing image pixels
à fail for robustness of face recognition methods
15. Preserving Privacy by De-identifying Facial Images
New approach - k-Same
limits the ability of face recognition software.
The algorithm
• determines similarity between faces
• creates new faces by averaging image components,
• varying k.
16. Privacy through Invertible Cryptographic Obscuration
— Scene distortion via cryptography
— Encryption techniques to improve the privacy aspects
Allowing full access
Allowing general
(i.e. violation of
surveillance to
privacy) only with use
continue
of a decryption key
17. Video surveillance using JPEG 2000
— JPEG 2000 compression
— Events detection and ROI identification
— Compressed video streams
are scrambled and signed
— Privacy
— Data Integrity
— Standards
— JPSEC
— JPWL
19. Previous approaches with JPEG
— The process
— Identify ROI (people, privacy-sensitive info)
— ROIs à Code-blocks
— Code-blocks scrambled by ACL
— Lowering quality layer of the codestream (bandwidth)
— Drawback
— Shape of the scrambled region is restricted to match
code-block boundaries.
20. How we’ll make it better?
— We want that
— Scene remains understandable
— The people are unidentifiable.
— Security
— private encryption key
— Control who can unlock and view the whole scene in
clear.
21. How we’ll make it better?
— Output: single protected code-stream to all clients
— No private key à distorted version of the content
— Private key à unscramble the code-stream.
— Can be used with
— DCT-based: Motion JPEG, MPEG-4 or AVC 2x HD !!
— DWT-based Motion JPEG 2000.
64 kBits
960 MBits
— Goodies
— Flexible Technique can be restricted to arbitrary-shape ROIs
— Level of distortion (fuzzy to completely noisy)
27. black with lot of
change in
frequency à
DCT random matrix
cosine function: horizontal, diagonal
and vertical frequencies
one color -->
matrix with 1st
large value &
zeros
28. DCT
cosine function: horizontal, diagonal
and vertical frequencies
Much of the signal
energy lies at Low
frequencies
High frequencies.
Often small to be
neglected with a
little distortion.
29. Human visual system
experiments
standard quantization
matrix
>50 less compress
* (100-quality)/50
<50 more compress
/ lower quality
* 50/quality
36. Huffman Coding
— The symbol with the highest probability is assigned
the shortest code and vice versa.
— Code words length is not fixed (VLC)
— A codeword cannot be a prefix for another codeword
(Self Synchronized Code)
39. Video Scrambling
Earlier works Our approach
— Traditional cryptographic — Bit scrambling
techniques
— Encrypt the compressed — Encrypt before compressing
video.
— Whole image completely — Whole scene remains
distorted à indecipherable comprehensible but some
objects cannot be identified
— Coding performance
— Complexity increase
— Arbitrary-shape ROI
— Flexible distortion
40. So when we scrambling?
Before After
Perform scrambling in the original Apply scrambling after encoding. (the
image prior to encoding. compressed codestream is directly
— Advantage: scrambled)
Very simple and independent — Disadvantage:
from the encoding scheme Very difficult to guarantee that the
subsequently used. scrambled codestream will not
— Disadvantage: crash a standard decoder.
Significantly altering the statistics of
the video signal, hence making the
ensuing compression less efficient.
Scrambling in the transform-domain.
Region-based transform domain
scrambling technique inverting the signs of
selected transform coefficients
41. Transform-domain Scrambling
— Frames transform using an energy compaction
transform: DCT, DWT
— The resulting coefficients are then entropy coded
using techniques such as Huffman or arithmetic
coding.
42.
43. MPEG-4 & Scrambling
— Effectively applied
on the quantized
DCT coefficients,
and outside of the
motion
compensation loop
44. The scrambling recipe
— What can be scrambled?
— In general, DC coefficients are strongly correlated and
are therefore unsuitable for scrambling.
— Their signs are not.
45. The scrambling recipe
— So what can be done?
— All DC coefficients of the blocks corresponding to the
ROIs are scrambled by pseudo-randomly flipping their
sign.
46. The scrambling recipe
— The shape of the scrambled region is restricted to
match the 8x8 DCT blocks boundaries.
— Level of scrambling = fewer AC coefficients.
47.
48. Drifts…
— Unauthorized decoder (not capable of unscrambling) will
use a different motion compensation loop than an
authorized decoder
— Result:
Unauthorized decoder may experience a drift, resulting in
— artifacts in the scrambled sequence
49. How to avoid it?
— Scrambled MB in the reference frame, are always
INTRA coded.
— Prevents the drift in motion compensation loop
Predicted frames
Intraframes
50.
51. Encryption
— PRNG initialized by a seed
— SHA1PRNG with 64bit seed
— Increase security à Multiple seed can be used
— Seeds value encrypted using RSA
— Inserted to the code-stream
— Shape of ROI’s
— Meta Data in MPEG-4 (private data / codestream)
— Separate Channel
55. De-Srambling
— The process is fully reversible. At the decoder,
authorized users have merely to perform the exact
inverse operation.
56. Looks familiar?
— Similar approach as proposed for MPEG-4
— Quantized wavelet coefficients are scrambled by
pseudo randomly flipping their sign
KM2
— Level of scrambling = fewer resolution levels.
57. Slide 56
???? KM2
bandwith
Kobi Magnezi, 10/06/2009
58. Goodies of JPEG2000
— The shape of the ROIs
— Embedded ROI mechanism of JPEG 2000.
— Leveraging standard JPEG security (JPSEC)
— The seeds (for PRNG) can be encrypted and
embedded in the codestream.
à Fully JPSEC compliant.
65. Security Strength
— Brute-force attack
— tries all combinations reversing the signs of all non-zero AC
coefficients.
— CIF frame (352x288)
— We consider the luminance component
— MPEG-4 and Motion JPEG 2000
— à 99’792 AC coefficients.
— ROI’s
— Suppose that the attacker knows the ROIs which cover 5% of the image
— à restricting the number of corresponding AC coefficients to 4’990.
— Non-Zero
— assuming that only 5 % of those are nonzero
— Need to try reversing the signs of 250 coefficients
à 2250 combinations for each frame.
— à good level of security.