Skip to Main Content
We consider the problem of maintaining end-to-end security in the presence of intelligent proxies that may adaptively modify data being transmitted across a network. The video coding community considers this problem in the context of transcoding media streams, but their approaches either fail to address authentication or fail to provide meaningful security guarantees. We present two provably-secure schemes, LISSA and TRESSA, that allow an intelligent network intermediary to intercept a stream signed by a content provider, and adapt it dynamically, while preserving the ultimate receiver's ability to securely verify the content provider's signature (and, hence, authenticity and integrity of the data received). Our schemes allow the intermediary to selectively remove portions of the stream and, thus, permit common media transcoding techniques such as scalable compression and multiple file switching. Moreover, a content provider only has to encode and sign its entire data stream once, as opposed to nondynamically encoding and signing different versions for each anticipated combination of device, network configuration, and channel condition. Our implementation results demonstrate efficiency.