2014 IEEE International Conference on Consumer Electronics (ICCE)
Implementation of a Video Streaming Security System
for Smart Device
Yongsung Jeon, Youngsae Kim and Jeongnyeo Kim
Electronics and Telecommunications Research Institute, KOREA
ysjeon@etri.re.kr
Abstract This paper proposes an efficient hardware
architecture to embody a video surveillance camera for security.
The proposed smart camera will combine the Digital Media SoC
with the low-cost FPGA. Each can perform video processing and
security functions independently and the FPGA has a novel video
security module. This security module encrypts video stream raw
data by using an efficient encryption method; high 4 bits from
the MSB of video data are encrypted by an AES algorithm. And,
the proposed security module can encrypt raw video data with a
maximum operation frequency of 39 MHz which is possible on a
low-cost FPGA. This paper also asserts that the proposed
encryption method can obtain a similar video data security level
while using less hardware resources than when all of video data is
encrypted.1
I. INTRODUCTION
For several classes of applications, many different camera
designs have been developed. First, there are cameras
including an embedded ASIC, where fixed processing is
executed. Though, this design is quite limited since only a few
processing parameters can be configured according to
application constraints. Other cameras include an embedded
processing unit such as a DSP, however, the problem of such
solutions is that their processing capabilities usually remain
very limited [1].
Moreover, encryption imposes a considerable computing
load on the processing unit. In reality, D1 image resolution
which is 720 * 486 pixels (NTSC) needs approximately 200
Mbps of a transmission speed in the case of 30 fps with a 4:2:2
format. An embedded processor also has to run the operating
system and application software, which themselves also
represent a significant workload. Therefore, efficient design of
a hardware encryption module is important in achieving video
streaming security.
To reduce the computational burden of encrypting raw
video data, compressing video data should be considered.
Many papers have proposed encryption methods for
compressed video data [2]-[5]. Since most of video
compression techniques cause partial information loss, the use
of lossy video compression techniques is limited in
applications such as medical image processing, where a loss of
video quality may not be acceptable in transmission or storage
[6]. Thus, lossless compression needs to be employed for such
applications. But, the data reduction of lossless compression is
much lower than that of lossy one. Also, in applications where
the raw video streaming data may be accessed directly after
1
This work was supported by the IT R&D program of MSIP/KCA. [12-
912-06-001, Development of the Security Technology for MTM-based
Mobile Devices and next generation wireless LAN]
978-1-4799-1291-9/14/$31.00 2014 IEEE
being captured by an image sensor without being compressed,
compression seems not to be mandatory.
M. Podesser et al. [6] presented selective bitplane
encryption to reduce the computational overhead involved in
image processing applications, and proved that the PSNR
values are the same when encrypting the most significant bit
(MSB) only or encrypting all bitplanes. It is important to
encrypt the MSB first and continue with the bitplanes
corresponding to consecutive bits in the binary representation.
Therefore, encrypting two bitplanes from the MSB leaves no
useful information in the reconstruction. Even if a replacement
attack is mounted, encrypting 4 bits starting from the MSB
leads to perfectly satisfying results for image security.
In this paper, we propose an efficient smart camera
hardware design for video streaming security. The main
contributions of this paper are summarized as follows: 1) This
paper proposes an hardware architecture for smart camera
which combine a Digital Media SoC and a low-cost FPGA.
Each component can perform video processing and security
function independently. This hardware architecture is
acceptable for developing a consumer product for video
streaming security. 2) A novel video streaming security
module in a low-cost FPGA is proposed, which applies the
selective bitplane encryption method presented by M Podesser
et al. [6] to real-time encryption of raw video data stream. This
paper uses the encryption method of 4 bits from the MSB,
which has the same security strength as encryption of all 8 bits
of raw video data. Therefore, the proposed security module
uses less hardware resources.
This paper is organized as follows. Section II proposes an
efficient method to design the smart camera hardware
architecture for video streaming security. The results are
summarized in Section III. Finally, conclusions are discussed
in Section IV.
II. DESIGN OF SMART CAMERA HARDWARE
ARCHITECTURE FOR VIDEO STREAMING SECURITY
Fig. 1 shows a block diagram of the proposed smart camera
hardware platform combining a Digital Media processor with
a low-cost FPGA.
The operation of the smart camera that depicted in Fig. 1
can be described as follows. First, the optical images are
captured by a charge-coupled device (CCD) as the image
sensor. The image sensor produces an analog video signal of
the composite video baseband signal (CVBS). The analog-to-
digital converter (ADC) converts the CVBS into digital
component video of 4:2:2 YCbCr format which is defined in
ITU-R BT.656. The ADC also produces the data clock signal
97
(DATACLK) and the video timing signals such as HSYNC,
VSYNC. The DATACLK is used as reference clock signal of
security module which is implemented in the low-cost FPGA.
Fig. 1. Block diagram of the proposed smart camera hardware
The security module proposed in this paper encrypts the
component video data which are transmitted from the ADC.
This module employs an efficient encryption method, where
only half of the video data are encrypted by the AES algorithm.
In other words, high 4 bits from the MSB of a luminance byte
and a chroma byte are encrypted. As mentioned in the
introduction, encrypting only high 4 bits has the same security
strength as encrypting all 8 bits of one byte in video streaming
data. A detailed design of this security module is explained in
the subsequent section. Finally, the media processor transmits
the encrypted video streams to a DVR with an ethernet port or
DACs.
A. Efficient design of video streaming security module
The active image data of video stream are composed of a
luminance byte and a chroma byte alternately as seen in the
BT.656 data format. The typical method of video streaming
security uses two encryption modules to encrypt all of a
luminance byte and a chroma byte, respectively [7]. Another
method is to use a single AES encryption module to reduce the
hardware resources, which does not separately encrypt
luminance bytes and chroma bytes as shown in Fig. 2.
Fig. 2. Block diagram of the typical video streaming security module.
These methods use the 128-bit architecture for an AES
98
encryption module, where each round involves all 128 bits of
data. Therefore, a 128-bit register must be used to store the
result of round operation. This system needs 13 clock cycles in
order to complete the encryption of 16 bytes of video data
including 2 clock cycles for input and output to/from the
encryption module. Therefore, it is possible to encrypt 16
bytes video data during 16 clock cycles, which is the time to
store next video raw data of 16 bytes to the input block RAM.
The AES encryption module, using the 128-bit architecture,
can operate at the same speed of raw data input frequency of
27MHz. But, this architecture requires 16 S-boxes to compute
the SubBytes transformation [8]-[9]. S-boxes are the most
spacious parts of an AES hardware system, and their number
determines the overall size of the video streaming security
module. Therefore, reduction of S-boxes increases efficiency.
To reduce more hardware resources, K.H. Chang et al.[10]
presented a 32-bit architecture for AES that uses fewer
resources than a 128-bit architecture. Processing only 4 bytes
of data per round, the 32-bit architecture requires 4 S-boxes to
compute the SubBytes transformation. But the 32-bit
architecture needs four times more computing time than the
128-bit one. Since K.H. Chang et al. used the 32-bit
architecture in order to encrypt still image, the increased time
is not a prohibitive problem.
Meanwhile, in the video system, encryption speed of video
data has to meet the throughput of the video stream. Since the
speed of video streaming input is 27 MHz per byte, the
throughput of a video stream is 216 Mbps, as seen in (1). The
throughput of video data encryption can be expressed as (2).
In the case of the 128-bit architecture for AES, since the
iteration factor is 13, as indicated above, the maximum
operation frequency has to be 22 MHz to meet the throughput
of video stream. In the case of the 32-bit architecture for AES,
the iteration factor is 46 including the 2 clock cycles for input
and output to/from the encryption module. Therefore, the
maximum operation frequency has to reach 78 MHz according
to (2). However, there have been few papers on AES
implementation with a low-cost FPGA, with an archived
maximum operation frequency of over 78 MHz.
Throughput of video stream 27 MHz u 8bit (1)
128 u Max Frequency
Throughput of video encryption (2)
Iteration Factor
In this paper, a new method of encrypting real-time video
streaming data with minimal hardware resources usage with a
low-cost FPGA is proposed. The proposed method is to
encrypt half of video streaming data using a 32-bit architecture
for AES. By encrypting only half the data, the 32-bit
architecture for AES can encrypt video streaming data with a
maximum operation frequency of 39 MHz which is possible
on a low-cost FPGA. As pointed out in the introduction, M.
Podesser et al. [6] proved that encrypting only 4 bits starting
from the MSB is enough for image security. Therefore, this
method will be applied in this study.
 schedule module includes the additional block RAM to store
the round keys which are 176 bytes (11 16 bytes) including
the initial key.

Fig. 3. Block diagram of the proposed video streaming security module.

Fig. 3 shows the block diagram of the proposed video

streaming security module for real-time video streaming
encryption using minimal hardware resources. 4 bits from the
MSB of video data are piled into the Block RAM named
Input Block RAM for V in order to reach 128 bits for
encryption. These 128 bits are inputted into the encryption
module which has the 32-bit architecture for AES. After the
encryption process is completed, encrypted 128 bits are
transfer into another Block RAM named Output Block RAM Fig. 4. Block diagram of the AES encryption module for video streaming
security.
for V. The size of these Block RAMs is 32 bytes.
On the other hand, 4 bits from the LSB are piled into
III. IMPLEMENTATION RESULTS
another Block RAM named InOut Block RAM for V in
order to transfer into the output buffer without encryption. The Fig. 5 shows the evaluation board and assembly board of
size of this Block RAM is also 32 bytes, which is used to the proposed security smart camera. The camera system
queue the 64 four-bit LSB video data during piling and depicted in Fig. 5(b) is composed of five boards by piling up
encrypting the 32 four-bit MSB video data in the encryption the components of the evaluation board. The evaluation board
module. The other Block RAM is named InOut Block RAM and camera system have two 128 Mbyte DDR2 SDRAM, 64
for B which is used to buffer 64 bytes of horizontal blanking Mbyte NAND flash Memory for the media processor.
data during video data encryption. The target device for implementation of the video streaming
security module is a low-cost FPGA containing 2,268 Kbits of
B. AES encryption module Block RAM and 23,872 slices [12]. XST was used for logic
The AES is a symmetric block cipher [11]. Key lengths of synthesis, and Xilinx ISE10.1.03 for mapping, placement, and
128 bits, 192 bits, or 256 bits are defined. The proposed routing.
implementation uses a fixed size of 128 bits.
Fig. 4 shows the block diagram of the proposed AES
encryption module for video streaming security. This module
uses the 32-bit architecture which processes only four bytes of
data per clock cycle. Since the output of the ShiftRows
transformation module is 32 bits, this architecture uses 4 S-
boxes for the SubBytes transformation. The AES algorithm
requires a round key for each round, which can be generated
by the key schedule module as seen in Fig. 4. This paper uses
a precomputing method, where round keys are computed and
then stored in the block RAM. The round key generation uses
the same SubBytes transformation that is used in the
encryption unit. Since the round key generation does not run at
the same time as the encryption unit, the S-box for the
SubBytes transformation is time-shared with the key schedule. (a)
Therefore, the proposed 32-bit architecture uses only 4 S-
boxes for encryption and key scheduling. Also, the key

99
 from MSB of video data are encrypted with the proposed
method based on Fig. 3. It is impossible to find visible
information in this image. Therefore, the proposed method can
obtain a similar security level of video data while using less
hardware resources than when all of video data is encrypted.

IV. CONCLUSION
This paper presented the design of a smart camera for video
streaming security. The presented design used the low-cost
(b) (c)
Fig. 5. The proposed security smart camera: (a) evaluation board, (b)
FPGA device to implement the encryption module for video
assembly board, (c) smart camera streaming security. The proposed video streaming security
module can process real-time encryption of raw video data
TABLE I using minimal hardware resources of FPGA. To reduce
SUMMARY OF USED RESOURCES hardware resources, we proposed an efficient method that
Number of Slices 585
encrypts half of the video streaming data using a 32-bit
1,360 bytes
(1024 bytes for S-boxes, architecture for AES. By encrypting only half of data, the
Amount of Block RAM
176 bytes for round keys, proposed video streaming security module can encrypt raw
160 bytes for buffers of V & B) video data with a maximum operation frequency of 39 MHz
Maximum Operating Frequency 72 MHz
which is possible on a low-cost. Therefore, the presented
smart camera hardware architecture with the proposed video
As shown in Table I, 585 slices are about 2% of total slices streaming security module is acceptable for developing a
and 1,360 bytes (10,880 bit) are under 1% of total amount of consumer product for video surveillance.
Block RAM in the FPGA. In terms of performance,
implementation on the FPGA achieved a maximum operating REFERENCES
frequency of 72 MHz, which satisfies the frequency
[1] R. Mosqueron and J. Dubois, M. Mattavelli, Smart camera with
requirement of over 39 MHz as explained in Section II. embedded coprocessor : a postal sorting application, Proceedings of the
Therefore, the proposed hardware architecture for video Optical and Digital Image Conference (SPIE08), Strasbourg, France,
streaming security in Fig. 3 is quite desirable, concerning April 2008.
[2] Shiguo Lian, Jinsheng Sun, Guangjie Liu, and Zhiquan Wang, Efficient
resource saving. video encryption scheme based on advanced video coding, Multimedia
Tools and Application., vol. 38, pp. 75-89, May 2008.
[3] Shu-bo Liu, Zheng-quan Xu, Wei Li, Jin Liu, and Zhi-yong Yuan, A
novel format-compliant video encryption scheme for H.264/AVC stream
based on residual block scrambling, International Conference on
Intelligent Computing, vol. 5226, pp. 10871094, 2008.
[4] M. Abomhara, Omar Zakaria, and Othman O. Khalifa, An overview of
video encryption techniques, International Journal of Computer Theory
and Engineering, vol. 2, no. 1, pp. 103-110, February 2010.
[5] Yuanzhi Zou, Tiejun Huang, Wen Gao, and Longshe Huo, H.264 video
encryption scheme adaptive to DRM, IEEE Trans. Consumer Electron.,
(a) (b) vol. 52, no. 4, pp. 1289-1297, November 2006.
[6] M. Podessor, H. Schmidt, and A. Uhl, Selective bitplane encryption for
secure transmission of image data in mobile environments,
Proceedings of 5th IEEE Nordic Signal Processing Symposium (NORSIG
2002), Norway, October 2002.
[7] Y. S. Jeon, M.S. Kim, Y. S. Kim, and J. W. Han Design of smart
camera hardware architecture for video encryption, Proceedings of the
25th International Technical Conference on Circuits/System, Computers
and Communications (ITC-CSCC), pp. 121-123, July 2010.
[8] M. H. Rais, and S. M. Qasim, Efficient hardware realization of
advanced encryption standard algorithm using virtex-5 FPGA,
(c) (d) International Journal of computer Science and Network Security
Fig. 6. Captured images from video stream : (a) original image, (b)-(d) (IJCSNS), vol. 9, no. 9, pp. 59-65, September 2009.
images obtained by encryption of (b) only MSBs, (c) all 8 bits, (d) high 4 [9] H. S. Kim, T. H. Kim, D. G. Han, and S. H. Hong, Efficient masking
bits from MSB. methods appropriate for the block ciphers ARIA and AES, ETRI
Journal, vol. 32, no. 3, pp. 370-379, June 2010.
Fig. 6(b)-(d) show captured images resulting from various [10] K.H. Chang, Y.C. Chen, C.C. Hsieh, C.W. Huang, and C.J. Chang,
Embedded a low area 32-bit AES for image encryption/decryption
encryption operation methods including the proposed method. application, IEEE ISCAS 2009, pp 1922-1925, November 2009.
Fig. 6(b) shows image obtained by encryption of only MSBs [11] Encryption Standard (AES), FIPS PUB-197, 26 November 2001.
with the ECB mode. In the case of MSB encryption, structural [12] Spartan-3A DSP FPGA Family Data Sheet (DS610), Xilinx, 4 October
information is still visible. On the other hand, Fig. 6(c) shows 2010.
the image where all 8 bits of video data are encrypted with the
method based on Fig. 2. In this case, any visible information
does not exist. Fig. 6(d) shows the image where high 4 bits

100