DESC:FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION
(See Section 10 and Rule 13)

Title of invention:
METHOD AND SYSTEM FOR ENABLING SECURITY AND PRIVACY FOR REAL TIME VIDEO STREAMING

Applicant:
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India

The following specification particularly describes embodiments and the manner in which it is to be performed.
FIELD OF THE INVENTION
[001] The present application generally relates to data security and privacy. Particularly, the application relates to real time video applications with security and privacy. More particularly, the application provides a method and system for enabling security and privacy for real time video streaming where multiple publishers and subscribers are involved.

BACKGROUND OF THE INVENTION
[002] In the present era of digitization, there are many situations that demand real time streaming of video data to a remote location for data analysis or monitoring. The streamed video would be accessed in real time by multiple end users who would looking for information which interests them. However, the captured video stream may contain information which may be considered as private to individuals and may poses a threat to privacy of data which is being shared in real time. This information needs to be protected.

[003] A majority of existing solutions have never explored the scenario wherein the real time sharing of video from multiple sources to multiple end users through a secure data sharing server. Prior art literature is also silent on providing multiple levels of data access control to end users based on their user profile so that they will be able to see only those videos for which they have access. Generally video distribution to large numbers is envisaged through a Publish-Subscribe (Pub-Sub) paradigm, wherein the existing Pub-Sub technologies are devoid of privacy and security features for both publishers and subscribers. None of the prior art literature discloses a secure user profile based data privacy using Hierarchical Inner Product Encryption (HIPE) and a broker with Anonymous Publish-Subscribe Architecture (pub-sub) for ensuring security and user privacy.

[004] A majority of existing implementations does not support secrecy to the published topic pertaining to shared content, hence the broker is able to understand who is publishing what topic and who is subscribing it. None of the prior art literature discloses encrypting the published topic using HIPE. Due to above mention prior art limitations, these Pub-Sub schemes are vulnerable to several attacks.

[005] Prior art literature have illustrated various security and privacy measures for real time video streaming, however, enabling security and privacy for real time video streaming by using an Anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE) is still considered as one of the biggest challenges of the technical domain.

OBJECTIVES OF THE INVENTION
[006] In accordance with the present invention, the primary objective is to provide a method and system for enabling security and privacy for real time video streaming.

[007] Another objective of the invention is to provide a method and system for enabling security and privacy for real time video streaming by using an Anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE).

[008] Another objective of the invention is to provide a method and system for providing multiple levels of data access control to end users.

[009] Another objective of the invention is to provide a method and system for enabling security and privacy for video streaming accommodates plurality of publishes and subscribers.

[0010] Another objective of the invention is to provide an offline method and system for enabling security and privacy for video streaming characterized by utilizing the anonymous Publish-Subscribe (pub-sub) Architecture based on the Hierarchical Inner Product Encryption (HIPE), wherein the data being published is stored in a database according to the encrypted labels and is fetched accordingly instead of searching the complete database for faster execution of the request.

[0011] Other objects and advantages of the present invention will be more apparent from the following description when read in conjunction with the accompanying figures, which are not intended to limit the scope of the present disclosure.

SUMMARY OF THE INVENTION
[0012] Before the present methods, systems, and hardware enablement are described, it is to be understood that this invention is not limited to the particular systems, and methodologies described, as there can be multiple possible embodiments of the present invention which are not expressly illustrated in the present disclosure. It is also to be understood that the terminology used in the description is for the purpose of describing the particular versions or embodiments only, and is not intended to limit the scope of the present invention which will be limited only by the appended claims.

[0013] The present application provides a method and system for enabling security and privacy for real time video streaming.

[0014] The present application provides a method and system for enabling security and privacy for real time video streaming by using an Anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE).

[0015] The present application provides a computer implemented method for enabling security and privacy for real time video streaming characterized by utilizing an anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE); said method comprising processor implemented steps of capturing a video of surroundings; identifying the privacy regions called region of interest (ROI) and annotate said ROI with corresponding labels; splitting the captured images pertaining to captured video into different ROI’s and each ROI is then encrypted using a block cipher, wherein the block cipher is an Advanced Encryption Standard (AES); and encrypting the AES keys along with the corresponding labels using HIPE and amalgamate the information as a packet and sent across; match the encrypted label to check for subscription to encrypted label by running the HIPE for decryption and subscribes to the label; and subscribing to the HIPE encrypted label.

[0016] The present application provides a system (200) for enabling security and privacy for real time video streaming characterized by utilizing an anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE); said system (200) comprising a processor; a data bus coupled to said processor; and a computer-usable medium embodying computer code, said computer-usable medium being coupled to said data bus, said computer program code comprising instructions executable by said processor and configured for operating a publisher (202) adapted for capturing a video of surroundings; identifying the privacy regions called region of interest (ROI) and annotate said ROI with corresponding labels; split the captured images pertaining to captured video into different ROI’s and each ROI is then encrypted using a block cipher, wherein the block cipher is an Advanced Encryption Standard (AES); encrypt the AES keys along with the corresponding labels using HIPE and amalgamate the information as a packet, wherein the AES key and the corresponding label are encrypted using different predicate. The AES key is encrypted with a user predicate and the corresponding label is encrypted using a keyword predicate; a broker (204) adapted for matching the encrypted label to check for subscription to encrypted label by running the HIPE for decryption and subscribes to the label; a subscriber (206) adapted for subscribing to the HIPE encrypted label; and a Private Key Generator (PKG) (208) adapted for establishing initial setup required for HIPE; key generation and delegation.

BRIEF DESCRIPTION OF THE DRAWINGS
[0017] The foregoing summary, as well as the following detailed description of preferred embodiments, are better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, there is shown in the drawings exemplary constructions of the invention; however, the invention is not limited to the specific methods and system disclosed. In the drawings:

[0018] Figure 1: shows a flow chart illustrating a method for enabling security and privacy for real time video streaming;

[0019] Figure 2: shows a block diagram illustrating system architecture for enabling security and privacy for real time video streaming;

[0020] Figure 3: shows a flow chart illustrating an offline method for enabling security and privacy for information retrieval of specific ROI in an archived video;

[0021] Figure 4: shows a graphical representation of encryption time (s) for different depths of IPE tree;

[0022] Figure 5: shows a graphical representation of encryption time (s) for different key sizes;

[0023] Figure 6: shows a graphical representation of decryption time (s) for different depths of IPE tree;

[0024] Figure 7: shows a graphical representation of decryption time (s) for different key sizes; and

[0025] Figure 8: shows a graphical representation of cumulative waiting period in seconds.

DETAILED DESCRIPTION OF THE INVENTION
[0026] Some embodiments of this invention, illustrating all its features, will now be discussed in detail.

[0027] The words "comprising," "having," "containing," and "including," and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items.

[0028] It must also be noted that as used herein and in the appended claims, the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise. Although any systems and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present invention, the preferred, systems and methods are now described.

[0029] The disclosed embodiments are merely exemplary of the invention, which may be embodied in various forms.

[0030] The elements illustrated in the Figures inter-operate as explained in more detail below. Before setting forth the detailed explanation, however, it is noted that all of the discussion below, regardless of the particular implementation being described, is exemplary in nature, rather than limiting. For example, although selected aspects, features, or components of the implementations are depicted as being stored in memories, all or part of the systems and methods consistent with the attrition warning system and method may be stored on, distributed across, or read from other machine-readable media.

[0031] The techniques described above may be implemented in one or more computer programs executing on (or executable by) a programmable computer including any combination of any number of the following: a processor, a storage medium readable and/or writable by the processor (including, for example, volatile and non-volatile memory and/or storage elements), plurality of input units, and plurality of output devices. Program code may be applied to input entered using any of the plurality of input units to perform the functions described and to generate an output displayed upon any of the plurality of output devices.

[0032] Each computer program within the scope of the claims below may be implemented in any programming language, such as assembly language, machine language, a high-level procedural programming language, or an object-oriented programming language. The programming language may, for example, be a compiled or interpreted programming language. Each such computer program may be implemented in a computer program product tangibly embodied in a machine-readable storage device for execution by a computer processor.

[0033] Method steps of the invention may be performed by one or more computer processors executing a program tangibly embodied on a computer-readable medium to perform functions of the invention by operating on input and generating output. Suitable processors include, by way of example, both general and special purpose microprocessors. Generally, the processor receives (reads) instructions and data from a memory (such as a read-only memory and/or a random access memory) and writes (stores) instructions and data to the memory. Storage devices suitable for tangibly embodying computer program instructions and data include, for example, all forms of non-volatile memory, such as semiconductor memory devices, including EPROM, EEPROM, and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROMs. Any of the foregoing may be supplemented by, or incorporated in, specially-designed ASICs (application-specific integrated circuits) or FPGAs (Field-Programmable Gate Arrays). A computer can generally also receive (read) programs and data from, and write (store) programs and data to, a non-transitory computer-readable storage medium such as an internal disk (not shown) or a removable disk.

[0034] Any data disclosed herein may be implemented, for example, in one or more data structures tangibly stored on a non-transitory computer-readable medium. Embodiments of the invention may store such data in such data structure(s) and read such data from such data structure(s).

[0035] The present application provides a computer implemented method and system for enabling security and privacy for real time video streaming. The present application provides a method and system for enabling security and privacy for real time video streaming by using an Anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE).

[0036] Referring to Figure 1 is a flow chart illustrating a method for enabling security and privacy for real time video streaming.

[0037] The process starts at step 102, a video of surroundings is captured. At the step 104, a privacy regions called region of interest (ROI) is identified and annotate said ROI with corresponding labels. At the step 106, captured images pertaining to captured video are split into different ROI’s and each ROI is then encrypted using a block cipher, wherein the block cipher is an Advanced Encryption Standard (AES). At the step 108, the AES keys are encrypted along with the corresponding labels using HIPE and amalgamate the information as a packet and sent across, wherein the AES key and the corresponding label are encrypted using different predicate. The AES key is encrypted with a user predicate and the corresponding label is encrypted using a keyword predicate. At the step 110, the encrypted label are matched to check for subscription to encrypted label by running the HIPE algorithm for decryption with a delegation key and subscribes to the label by a broker. At the step 112, the HIPE encrypted label are subscribed by a subscriber. At the step 114, AES keys are decrypted using HIPE with the user predicate and the corresponding label is decrypted using the keyword predicate. Further, ROIs are recovered by decrypting the ROIs using the decrypted AES keys. The process ends at the step 116, the captured images pertaining to the captured video are reconstructed and displayed after decryption of ROIs.

[0038] Referring to Figure 2 is a block diagram illustrating system architecture for enabling security and privacy for real time video streaming.

[0039] In an embodiment of the present invention, a system (200) is provided for enabling security and privacy for real time video streaming.

[0040] The system (200) for enabling security and privacy for real time video streaming characterized by utilizing an anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE); said system (200) comprising a processor; a data bus coupled to said processor; and a computer-usable medium embodying computer code, said computer-usable medium being coupled to said data bus, said computer program code comprising instructions executable by said processor and configured for operating a publisher (202) adapted for capturing a video of surroundings; identifying the privacy regions called region of interest (ROI) and annotate said ROI with corresponding labels; split the captured images pertaining to captured video into different ROI’s and each ROI is then encrypted using a block cipher, wherein the block cipher is an Advanced Encryption Standard (AES); encrypt the AES keys along with the corresponding labels using HIPE and amalgamate the information as a packet, wherein the AES key and the corresponding label are encrypted using different predicate. The AES key is encrypted with the user predicate and the corresponding label is encrypted using the keyword predicate; a broker (204) adapted for matching the encrypted label to check for subscription to encrypted label by running the HIPE for decryption and subscribes to the label; a subscriber (206) adapted for subscribing to the HIPE encrypted label; and a Private Key Generator (PKG) (208) adapted for establishing initial setup required for HIPE; key generation and delegation.

[0041] In another embodiment of the present invention, the publisher (202) is adapted for capturing a video of surroundings. The publisher (202) is selected from a group comprising but not limited to a video capturing device or an individual, wherein the video capturing device or an individual may be used in plurality for capturing the video of surroundings. Further, the method for enabling security and privacy for video streaming may accommodates plurality of publishes and subscribers. Further, the publisher (202) is adapted for publishing encrypted label and publishing message.

[0042] In another embodiment of the present invention, the identification of the privacy regions called region of interest (ROI) is selected from a group comprising automatic and manual selection.

[0043] In another embodiment of the present invention, the publisher (202) identify the privacy regions called region of interest (ROI) and annotate them with corresponding labels. The terms “label” and “topic” are referring to the same meaning, however both the terms have been used interchangeably throughout the specification.

[0044] In another embodiment of the present invention, the captured images pertaining to captured video are then split into different ROI’s and each ROI is then encrypted using Advanced Encryption Standard (AES).

[0045] In another embodiment of the present invention, the AES keys along with the corresponding labels are encrypted using HIPE. The AES key and the corresponding label are encrypted using different predicate. The AES key is encrypted with the user predicate and the corresponding label is encrypted using the keyword predicate. This information is amalgamated as a packet and sent across to the broker (204). The broker (204) is used as an intermediary between the publisher (202) and the subscriber (206). The broker (204) then decrypts the label by running the HIPE algorithm for decryption and subscribes to the topic. Further, the broker (204) handles the data queues created according to the encrypted labels. When a publisher (202) publishes a topic to the broker (204), the broker (204) checks for the existence of a queue matching the label of the incoming request. If the label exists, the data gets added to the corresponding queue. Else, a new queue is created according to the new label. Likewise, when a subscriber (206) subscribes to a label, the broker (204) again checks for existence of the label. In case the label is present, it fetches the data from the corresponding queue. Else, it creates a new queue which will get updated once the publisher (202) publishes data with the corresponding label.

[0046] In another embodiment of the present invention, the subscriber (206) too subscribes to the HIPE encrypted topic thereby keeping the broker (204) in the dark about the topic of subscription. The subscriber (206) subscribes to the HIPE encrypted label thereby keeping the broker (204) unaware about the label of publication and subscription, and message also. Subscribing to the HIPE encrypted label by the subscriber (206) further comprises of dynamically adding a plurality of subscriber specifying access for enabling security and privacy for real time video streaming.

[0047] In another embodiment of the present invention, the Private Key Generator (PKG) (208) is responsible for establishing initial setup required for HIPE and also responsible for key generation and delegation.

[0048] Referring to the Figure 3 is a flow chart illustrating an offline method for enabling security and privacy for information retrieval of specific ROI in an archived video.

[0049] In another embodiment of the present invention, the method for enabling security and privacy for information retrieval of specific ROI in an archived video, characterized by utilizing the anonymous Publish-Subscribe (pub-sub) Architecture based on the Hierarchical Inner Product Encryption (HIPE) may be performed offline also. The process starts at step 302, data being published is stored in a database according to the encrypted labels. At the step 304, the ROI is stored in the database according to the encrypted label, if the captured image contains “face” as a label. At the step 306, request for a particular label in its encrypted form by the subscriber (206) out of the plurality of subscribers. The process ends at the step 308, fetch the corresponding data accordingly from the database instead of searching the complete database which results in faster execution of the request.

[0050] In another embodiment of the present invention, a searchable encryption is provided. The searchable encryption is a protocol that searches for a keyword in encrypted text and communicate back whether there is a match for the keyword among the encrypted text. Essentially, searchable encryption may facilitate the search on the data in encrypted domain. The searchable encryption involves following phases: setup, keygen, encryption delegation, decryption and search. During the Setup phase, the public and private keys are generated. In the Keygen phase, the secret key called as Predicate secret key for a given conditions called as encryption predicate is generated. During the Encryption phase the predicate and public key is used for encrypting the data. During the decryption phase the Predicate secret key is used for decryption. For searching, a random number is encrypted using the search predicate and searched with a delegation key. Using the Delegation key the decryption is performed and if the keyword in the search predicate match with the keyword in the encryption predicate then the same random number is received that was encrypted. Hence the search is successful else the search is failed. Essentially, the search predicate contains the keyword we are searching. During searching phase, decryption is done using a Delegation key generated from the delegation phase.

[0051] In another embodiment of the present invention, the anonymous Publish-Subscribe (pub-sub) Architecture is based on the Hierarchical Inner Product Encryption (HIPE).

[0052] To envisage anonymous pub-sub architecture, fully attribute hiding Hierarchical Inner Product Encryption (HIPE) is used based on elliptic curve cryptography (ECC). In nutshell, HIPE is a public key cryptosystem with private keys are associated with predicate vector and attributes are associated with ciphertext. HIPE is an extension of IPE, realized using dual pairing vector space (DPVS). Here user’s access control is based on roles or attributes along with an access predicate. Typically hierarchy is realized as a tree. A unique role identities ¬ are assigned, where n is the dimension of the vector space.

[0053] Input to the HIPE system is where k is the security parameter. Upon receiving this, a trusted Private Key Generator (PKG) (208) generates keys for the given predicate . Message is encrypted using predicate and a user with his roles can decrypt a message provided his predicate (constructed based on his roles) satisfies condition that inner product is zero. Note that and are vectors of dimension n and . For instance, a tree of depth 3 with various roles (hierarchical) is described. Here there are different roles starting from R0, R01; R02; R011; R012 to R022. Note that to allow only an user who has a role R011 to successfully search a keyword say are constructed as and . Here is zero. The mathematical aspects of HIPE is described briefly. Let g be the generator of Fp. In HIPE, pairing of two vectors is expressed as:

Here e is a bilinear paring operator with a property e(ag; bg) = e(g; g)ab. Note that from Equation -1, whenever is zero, then . This is the fundamental philosophy of predicate encryption. Further HIPE is realized in five phases.

[0054] Setup: Based on input parameter set , PKG (208) generates dual bases and which belongs to vector space of dimension n with each component of vector belongs to Galios field Fp, where p is a prime number.

[0055] Note that and are generated using canonical base and a random invertible matrix [3].

[0056] Public key set and private key set .

[0057] Keygen: In a role based access control, predicate vector for level is represented . PKG (208) upon receiving key request, generates secret key vector using random number and random vector using SK.

[0058] Here

[0059] Encrypt: Given a role based access control vector for a given hierarchy
with level is represented as

. Using public key PK, two components of ciphertext are computed by generating random vector from through random numbers , and along with ¬.

[0060] Decryption: Upon receiving ciphertext C, user with his role based key decrypts plain text using

[0061] Note that if and only if is zero.

[0062] Delegate: In a hierarchical system, an user having higher role at level with his secret key can delegate his key to its subordinate at level through a delegation. In general secret key of the user at level is obtained recursively from secret keys of their superiors

K and at level and respectively.

[0063] In another embodiment of the present invention, the proposed secure anonymous pub-sub architecture is based on HIPE which involves secure publisher (202) and subscriber (206), broker (204) and a trusted Private Key Generator (PKG) (208).

[0064] In another embodiment of the present invention, the Private Key Generator (PKG) (208) is responsible for establishing initial setup required for HIPE and also responsible for key generation and delegation.

[0065] In another embodiment of the present invention, the publisher (202) performs two operations; publishing encrypted label and encrypted message.

[0066] Topic Publish: the publisher (202) who wants to publish a topic Ti forms an access policy in the form of a predicate vector based on hierarchy. Then publisher generates a new predicate

[0067] Where HID () is a random hash function defined by PKG (208). Subsequently the publisher (202) obtains a ciphertext CTi encrypts a message (HID(Ti)) using HIPE. Finally the publisher (202) requests the broker (204) to publish a topic with topic id as EncTi = {CTi ;(HID(Ti))}.

[0068] Message Publish: the publisher (202) starts publishing message m in an encrypted form (using any standard encryption technique) along with encrypted decryption key which is required by intended subscriber to decrypt the message based on HIPE using predicate vector

[0069] Where tokeni is an unique attribute for a given Ti.

[0070] In another embodiment of the present invention, the broker (204) is unaware of what topic is published and subscribed. Actual topic is encrypted using HIPE and hence anonymity of the topic is achieved. Further anonymity of both the publisher (202) and the subscriber (206) is also possible through various anonymity techniques such as onion routing, mix, mix networks etc. Further, the broker (204) is responsible for following activities.

[0071] Publishing topic Request: Upon receiving request from publisher (202) to publish a given topic EncTi, broker publishes accordingly.

[0072] Subscription Request: When the broker (204) receives subscription request with , the broker (204) performs the encryption search and algorithm returns true, if there exist a topic with requested one and successfully maps it to the given topic queue. In case of unavailability of the topic, the broker (204) maintains a unmatched topic list and as soon as new publish request comes to the broker and checks with the unmatched topic list and finds successfully the index of the unmatched request and maps the subscriber (206) to the new topic and removes entry from the unmatched subscription list.

[0073] In another embodiment of the present invention, the Subscriber (206) performs topic subscription and message reception.

[0074] Topic Subscription: Subscriber at a level with an attribute ¬ receives its secret key vector . When a subscriber wants subscription to a topic Ti, it requests PKG (208) to construct augmented key for a topic Ti and PKG (208) generates effective secret key vector and returns it to subscriber (206). Then subscriber (206) requests broker (204) to subscribe (206) it to the topic by sending . Depending on the availability of the topic, subscriber (206) successfully subscribes to the topic.

[0075] Message Decryption: Upon receiving encrypted message and key from a publisher (202) on a given topic Ti, subscriber (206) requests PKG (208) to construct augmented key for and token tokeni and PKG (208) generates effective key and send it to the subscriber (206). Subsequently, subscriber (206) decrypts encryption key using based on HIPE. Eventually using decrypted key, it decrypts the encrypted message.

[0076] In another embodiment of the present invention, a real time video streaming using proposed pub-sub architecture is proposed. This system has multiple video sources that are publishers (202) that stream videos to multiple end users ie subscribers (206) in real time through the broker (204) that manages the communication between publisher (202) and subscriber (206). The multiple publishers stream video from field to multiple remote users via the broker (204) ( is the number of video sources and is the number of end users). Note that . Publishers are publishing various topics T1, T2, T3, T4 based on different ROIs face, license plate, object1 and object2 are associated respectively. As discussed earlier, publishers (202) publishes the content securely under anonymous topic using HIPE. The publisher (202) publishes with a constraint that only a subscriber (206) having particular role can subscribe to it. A hierarchical role based tree (210) for subscribers (206) may be used to determine who can access to which topic. For instance, Surveillance camera publishes two topics T1, T2 and only a subscriber having roles R011 and R012 respectively can subscribe to those topics. In order to provide secure communication, the data and topics are encrypted and sent through the broker (204).

[0077] In another embodiment of the present invention, the publisher (202) in the context of the current system can be a surveillance camera installed around various points in the city or the hand-held device of an individual who wants to report an activity of interest. Different phases of operations involve in this module are described below.

[0078] Key Management: Each publisher (202) requires three kinds of keys. Key required to (i). encrypt the message topic (label) (ii). encrypt the message and (iii) encrypt the decryption key (which is required to decrypt the message). The publisher (202) obtains first and third keys from PKG (208) and second key (required for message encryption using AES) is generated randomly by itself. Based on number of ROIs in the video, number of keys required by publisher (202) also vary.

[0079] ROI detection: The function of the publisher (202) is to capture the scene of interest and stream it across to the broker who will then forward it to the subscribers. However, the captured scene may contain sensitive information breaching the privacy of an individual. The proposed publisher (202) hence, has to safeguard this information based on the category of its classification. The classification of the information may be a manual or an automated process; or both. For automating the process, objects of interests are predefined and an object recognition algorithm is run on the captured images to recognize the presence of these objects. In case of manual intervention, the user has to identify the objects in each frame which makes it a very tedious procedure to perform while capturing the video. In the current implementation, we focus on the case where we use a combination of both to achieve data privacy. The objects of interests considered are face, which is automatically detected by the system and an object chosen by the user. The face recognition is achieved by using the famous Viola-Jones face detection algorithm. Once the object of interest is selected by the user, the publisher (202) also starts tracking the object. This is required since the movement of the capturing device or the object may lead to the user needing to select the object every time. Metaio SDK is used in our implementation to track the object. The identified objects of interest in each frame are termed as ROI’s.

[0080] Labelling: In this module, all identified ROIs are tagged with a label for classifying image data. Each image frame may have either one or multiple ROIs. There can be a case of no ROI at all. Labelling of ROI’s is important as it gives the subscribers (206) an option to subscribe to a particular label of interest to them rather than scanning through all images looking for the presence of their object of interest. For example, all the detected face ROIs are tagged with a label “face”, car ROIs are labeled as “vehicle” and so on.
[0081] Data Encryption: The encryption of the information in the proposed system can be divided into two parts viz. encryption of the image using AES and encryption of the labels and AES keys using HIPE, wherein the AES key and the corresponding label are encrypted using different predicate. The AES key is encrypted with the user predicate and the corresponding label is encrypted using the keyword predicate. The image is compressed using JPEG as the compression standard and encrypted using AES. This provides security to data without adding any overhead to bandwidth of channel. Let us consider the case of a captured image containing ROI’s represented as and they are encrypted using number of random AES keys respectively. Note that these AES keys are encrypted using HIPE based on various predicate vectors (pv). Further these ROIs are published as labels (topics). Note that as discussed, these topics are published as encrypted topics using HIPE. To envisage this, there can be several different access controls are required which is expressed as different predicates.

[0082] Data encapsulation: This module encapsulates data in a single message payload and transmits over the network in real time. Message payload includes device details, frame number, encrypted ROIs, and encrypted labels for those ROIs, encrypted AES keys and coordinates of ROIs. The data transmission module splits message payload to packets and sends it over network using UDP connection. The first part of the packet indicates the device. The next part is the frame number for keeping the image sequence. It is followed by encrypted ROIs, keys and labels. The last part of the packet is ROI coordinates which is required for reconstruction of the image after decryption at end user side. Each part of the packets are separated with delimiters.

[0083] In another embodiment of the present invention, the anonymous pub-sub architecture is implemented at the broker (204) for communication between the publishers (202) and subscribers (206). It receives messages from multiple publishers (202) and forwards to multiple subscribers (206) in real time. The information transmitted to the subscribers (206) depends on the topics to which they have subscribed. In this architecture, publisher (202) and subscriber (206) use encrypted topic for data exchange. Since topics are encrypted, broker (204) needs an encryption search algorithm for matching subscriber requests with published topics. This is achieved by using HIPE.

[0084] In another embodiment of the present invention, the subscribers (206) receive the data to which they have subscribed. The received data is already encrypted with AES key and key is again encrypted with HIPE, wherein the AES key and the corresponding label are encrypted using different predicate. The AES key is encrypted with the user predicate and the corresponding label is encrypted using the keyword predicate. In order to access data, user has to check whether their attributes are matching with the encrypted policy. Moreover, data can be decrypted only if their AES keys can be successfully decrypted. The different steps involved in this modules are as follows.

[0085] Data decryption: Decryption of the received data is done in two parts. AES keys are first decrypted using HIPE, wherein the AES key and the corresponding label are decrypted using different predicate. The AES key is decrypted with the user predicate and the corresponding label is decrypted using the keyword predicate. The decrypted AES keys are then used to decrypt the ROI’s. Decryption of the AES keys is only possible for subscribers who holds a valid predicate as defined by the hierarchical role based tree (210). This ensures that any subscriber, even though subscribed to the topic will only be able to decrypt in presence of a valid AES key. The ROI’s are then recovered using by decrypting (AES decryption) them using these AES keys.

[0086] Image reconstruction: Images are reconstructed and displayed to the user after decryption of ROIs. The decrypted ROIs are restored at the base image frame with the help of ROIs coordinate information. In case the decryption of the ROI fails due to non availability of AES key, those ROIs with fog texture are replaced to avoid the unpleasantness in viewing the image.

[0087] In an exemplary embodiment of the present invention, the implementation of the method and system for enabling security and privacy for real time video streaming by using an Anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE) is described. This involves an android smart phone as the publisher (202), an Ubuntu based desktop machine as the broker (204) and two Ubuntu based desktop machines as subscribers (206). The specifications of the hand-held device and desktop machines are tabulated in Table I and II respectively. In this experiment, a single hand held device is used for scene capture and video streaming. This can be extended to any number of devices in future.

TABLE I: Hand-held device Specifications

TABLE II: System Specifications of Desktop

[0088] ROI identification and encryption: In this prototype, scene was captured and transmitted by the publisher (202) by means of a native Android application. The captured image is analyzed for the presence of objects of interest i.e. the ROI’s. The implementation uses a combination of automatic as well as manual object selection by the publisher (202) to detect the ROI’s. In this prototype, face was taken as an object of interest and was identified automatically using the Viola-Jones face detection algorithm. The detection of the object of interest automatically by the publisher (202) can be extended to other objects like vehicle registration number plate, template matching to name a few, by extracting suitable features. OpenCV library was used to implement the face detection algorithm on the hand-held device. The second part involves the user to manually select a region of interest. The owner of the hand-held device is allowed to mark a region on the screen displaying the video being captured. This region is then continuously tracked in the subsequent frames. Metaio SDK was used to implement the object tracking algorithm.

[0089] Identified ROIs were extracted from image and encrypted using AES key. Each ROIs were tagged with a label. All the ROIs with same label were encrypted with same AES key. Bouncy castle API’s were used for AES encryption. A key size of 128 bits is used for AES encryption, which were generated randomly. AES keys were then encrypted using HIPE with the experiments carried out for different key sizes and different tree depths. The AES key and the corresponding label are encrypted using different predicate. The AES key is encrypted with the user predicate and the corresponding label is encrypted using the keyword predicate.

[0090] Video compression and transmission: The whole system was implemented and tested over WiFi. Real time video transmission is constrained with limited channel bandwidth. It can be handled with video compression. JPEG compression standard was used in this framework for compressing ROIs. The encrypted data was then transmitted over WiFi network using an User Datagram Packet (UDP) based socket communication. Since video communication can handle a few packet drops (persistence of vision) and real time communication has strict packet deadlines, UDP was chosen as the communication protocol.

[0091] Anonymous pub-sub architecture: The implementation uses an MQTT broker “Mosquitto” to provide the link between the publisher (202) and the subscriber (206). The requirement of the broker (204) to process the encrypted topics is implemented by using two entities namely “Dummy Publisher” and a “Dummy Subscriber”. The Dummy Publisher receives the encrypted topic and scans through the list of the topics to see if it can publish to an already existing topic or create a new topic queue. The Dummy Subscriber on the other end runs an HIPE to determine the topic to which it has to subscribe. The result of the HIPE is checked for existing topics. If the decryption fails, the subscriber doesn’t subscribe to any topic. Note that HIPE is implemented in JAVA.

[0092] Image reconstruction: Images are reconstructed and displayed to the user after decryption of ROIs. The decrypted ROIs are restored at the base image frame with the help of ROIs coordinate information. In case the decryption of the ROI fails due to non availability of AES key, those ROIs with fog texture are replaced to avoid the unpleasantness in viewing the image.

[0093] In another embodiment of the present invention, performance analysis of the method and system for enabling security and privacy for real time video streaming characterized by utilizing the anonymous Publish-Subscribe (pub-sub) Architecture based on the Hierarchical Inner Product Encryption (HIPE) is described.

[0094] Referring to the Figure 4; Figure 5; Figure 6; Figure 7; and Figure 8 illustrating performance analysis of the method and system for enabling security and privacy for real time video streaming characterized by utilizing the anonymous Publish-Subscribe (pub-sub) Architecture based on the Hierarchical Inner Product Encryption (HIPE) is described.

[0095] The system (200) has been analyzed by considering the encryption time, decryption time and the key generation time as the metrics. The results can be discussed in two parts. The first one by keeping the HIPE tree depth constant and varying the key sizes; the second by varying the HIPE tree depth while keeping the key size constant at 512 bits. Table III presents the key generation time for different depths of the constructed HIPE tree.

TABLE III: Key generation times

[0096] The key generation is one time activity and may be computed offline before being fed to the system (200). It is observed that the key generation time increase as the depth of the tree increases. The key generation time is also computed while keeping the tree depth at 3 but varying the key sizes as tabulated in Table III. It is observed the expected phenomenon of the generation time increasing with the key size.

[0097] Referring to the Figure 4 is a graphical representation of encryption time (s) for different depths of IPE tree; and Figure 6 is a graphical representation of decryption time (s) for different depths of IPE tree, wherein the encryption and decryption times are computed for the topic of length 2 bytes. Figure 4 refers to the average encryption time obtained by using HIPE tree of different depths. The tree depths of 2, 3, 4 and 5 have been considered for the evaluation. Similarly, Figure 6 represents the decryption times for different depths.

[0098] Referring to the Figure 5 is a graphical representation of encryption time (s) for different key sizes. The encryption times are calculated on the hand-held device as well as a Desktop machine and the same are compared. The decryption times for different key sizes are represented in Figure 7.

[0099] From these experimentations, it is observed that as depth of tree increases, length of the predicate vector also increases and as a result complexity of key generation, encryption and decryption increases. This is due to the fact that while decryption, more number of ECC pairing operations needs to be performed. It is found both theoretically and practically that complexity of ECC algorithm is due to pairing. Complexity of pairing depends on security parameter (here p and torsion group order). Thus prime number p of the order of 512 bits and torsion group of the order of 160 bits are sufficient to support required security. Further, optimization is possible during decryption, if certain parameters are precomputed without affecting security.

[00100] Referring to the Figure 8 is a graphical representation of cumulative waiting period in seconds. The Figure 8 depicts the cumulated time taken by the subscribers to decrypt the received images. The experiment was carried out with the publisher (202) publishing 30 topics with key size equal to 512 bits. The first bar in the graph indicates the time taken by the subscriber (206) to decrypt the data and display the images when the subscriber (206) subscribes to all the topics or when the subscriber (206) subscribes to the topics but does not have the necessary key to decrypt the images. This bar also indicates the time taken by the subscriber (206) to decrypt the data when not using our proposed scheme i.e. the decryption time in these cases is given by the first bar irrespective of the number of topics they are subscribed to since the subscriber (206) needs to decrypt the data before he knows whether he is authorized to view it or not. The other bars indicate the time taken by the subscriber (206) to decrypt 20, 10 and 5 topics to which it has subscribed. This shows that the proposed scheme achieves the necessary decryption in a time much lesser to the schemes which do not use HIPE based encryption.

[00101] In another embodiment of the present invention, the method and system for enabling security and privacy for real time video streaming characterized by utilizing the anonymous Publish-Subscribe (pub-sub) Architecture based on the Hierarchical Inner Product Encryption (HIPE) is analyzed in two phases viz the accurate working of a prototype implementation when using two ROI’s and the theoretical analysis of the time taken by the system (200) for different values of key sizes and tree depths. The achieved results illustrates a lot of promise in using the proposed method and system for the scenario where multiple publishers and multiple subscribers need to share data securely. The anonymous pub-sub architecture based on HIPE assures that the topics or labels are encrypted even from the broker (204) and the use of AES guarantees no extra bandwidth required to transmit the information.
,CLAIMS:1. A method for enabling security and privacy for real time video streaming characterized by utilizing an anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE); said method comprising processor implemented steps of:

a. capturing a video of surroundings; identifying the privacy regions called region of interest (ROI) and annotate said ROI with corresponding labels; splitting the captured images pertaining to captured video into different ROI’s and each ROI is then encrypted using a block cipher, wherein the block cipher is an Advanced Encryption Standard (AES); and encrypting the AES keys along with the corresponding labels using HIPE and amalgamate the information as a packet and sent across using a publisher (202);
b. match the encrypted label to check for subscription to encrypted label by running the HIPE for decryption and subscribes to the label by a broker (204); and
c. subscribing to the HIPE encrypted label by a subscriber (206).

2. The method as claimed in claim 1, wherein identification of the privacy regions called region of interest (ROI) is selected from a group comprising automatic and manual selection.

3. The method as claimed in claim 1, wherein the publisher (202) is selected from a group comprising of a video capturing device or an individual.

4. The method as claimed in claim 1, further comprises of publishing encrypted label and encrypted message by the publisher (202).

5. The method as claimed in claim 1, wherein the AES key is encrypted with a user predicate and the corresponding label is encrypted using a keyword predicate.

6. The method as claimed in claim 1, wherein the AES key is decrypted with the user predicate and the corresponding label is decrypted using the keyword predicate.

7. The method as claimed in claim 1, wherein the subscriber (206) subscribes to the HIPE encrypted label thereby keeping the broker (204) unaware about the label of publication and subscription, and message.

8. The method as claimed in claim 1, further comprising establishing initial setup required for HIPE; key generation and delegation using a Private Key Generator (PKG) (208).

9. The method as claimed in claim 1, wherein subscribing to the HIPE encrypted label by the subscriber (206) further comprises of dynamically adding a plurality of subscriber specifying access for enabling security and privacy for real time video streaming.

10. The method as claimed in claim 1, further comprising the offline method for enabling security and privacy for information retrieval of specific ROI in an archived video characterized by utilizing the anonymous Publish-Subscribe (pub-sub) Architecture based on the Hierarchical Inner Product Encryption (HIPE), wherein the offline method for enabling security and privacy for information retrieval of specific ROI in an archived video further comprises of storing said ROI in a database according to the encrypted labels; requesting by the subscriber (206) out of a plurality of subscribers for a particular encrypted label; and fetching of requested encrypted label from the database.

11. The method as claimed in claim 1, wherein the method for enabling security and privacy for video streaming accommodates plurality of publishes and subscribers.

12. A system (200) for enabling security and privacy for real time video streaming characterized by utilizing an anonymous Publish-Subscribe (pub-sub) Architecture based on a Hierarchical Inner Product Encryption (HIPE); said system (200) comprising:

a. a processor;
b. a data bus coupled to said processor; and
c. a computer-usable medium embodying computer code, said computer-usable medium being coupled to said data bus, said computer program code comprising instructions executable by said processor and configured for operating:

a publisher (202) adapted for capturing a video of surroundings; identifying the privacy regions called region of interest (ROI) and annotate said ROI with corresponding labels; split the captured images pertaining to captured video into different ROI’s and each ROI is then encrypted using a block cipher, wherein the block cipher is an Advanced Encryption Standard (AES); encrypt the AES keys along with the corresponding labels using HIPE and amalgamate the information as a packet;
a broker (204) adapted for matching the encrypted label to check for subscription to encrypted label by running the HIPE for decryption and subscribes to the label;
a subscriber (206) adapted for subscribing to the HIPE encrypted label; and
a Private Key Generator (PKG) (208) adapted for establishing initial setup required for HIPE; key generation and delegation.

13. The system as claimed in claim 12, wherein the publisher (202) is selected from a group comprising of a video capturing device or an individual.

14. The system as claimed in claim 12, wherein the publisher (202) is adapted for publishing encrypted label and encrypted message.

15. The system as claimed in claim 12, wherein the AES key is encrypted with a user predicate and the corresponding label is encrypted using a keyword predicate.

16. The system as claimed in claim 12, wherein the AES key is decrypted with the user predicate and the corresponding label is decrypted using the keyword predicate.

17. The system as claimed in claim 12, further comprises of enabling security and privacy for information retrieval of specific ROI in an archived video in an offline mode, characterized by utilizing the anonymous Publish-Subscribe (pub-sub) Architecture based on the Hierarchical Inner Product Encryption (HIPE), wherein the offline mode for enabling security and privacy for information retrieval of specific ROI in an archived video further comprises of storing said ROI in a database according to the encrypted labels; requesting by the subscriber (206) out of a plurality of subscribers for a particular encrypted label; and fetching of requested encrypted label from the database.