MPEG o We now turn our attention to the MPEG format, named after the Moving Picture Experts Group that defined it. To a first approximation, a moving picture (i.e., video) is simply a succession of still images also called frames or pictures displayed at some video rate. Each of these frames can be compressed using the same DCT (Discrete Cosine Transform)-based technique used in JPEG. o Stopping at this point would be a mistake, however, because it fails to remove the interframe redundancy present in a video sequence. For example, two successive frames of video will contain almost identical information if there is not much motion in the scene, so it would be unnecessary to send the same information twice. Even when there is motion, there may be plenty of redundancy since a moving object may not change from one frame to the next; in some cases, only its position changes. o MPEG takes this interframe redundancy into consideration. MPEG also defines a mechanism for encoding an audio signal with the video, but we consider only the video aspect of MPEG in this section. Frame Types o MPEG takes a sequence of video frames as input and compresses them into three types of frames, called: 1. I frames (intrapicture), 2. P frames (predicted picture), and 3. B frames (bidirectional predicted picture). o Each frame of input is compressed into one of these three frame types. I frames can be thought of as reference frames; they are self-contained, depending on neither earlier frames nor later frames. To a first approximation, an I frame is simply the JPEG compressed version of the corresponding frame in the video source. o P and B frames are not self-contained; they specify relative differences from some reference frame. More specifically, a P frame specifies the differences from the previous I frame, while a B frame gives an interpolation between the previous and subsequent I or P frames. o Figure (1) illustrates a sequence of seven video frames that, after being compressed by MPEG, result in a sequence of I, P, and B frames. The two I frames stand alone; each can be decompressed at the receiver independently of any other frames. The P frame depends on the preceding I frame; it can be decompressed at the receiver only if the preceding I frame also arrives. Each of the B frames depends on both the preceding I or P frame and the subsequent I or P frame. Both of these reference frames must arrive at the receiver before MPEG can decompress the B frame to reproduce the original video frame. 1
Fig (1) Sequence of I, P, and B frames generated by MPEG o Note that, because each B frame depends on a later frame in the sequence, the compressed frames are not transmitted in sequential order. Instead, the sequence I B B P B B I shown in Figure () is transmitted as I P B B I B B. o Also, MPEG does not define the ratio of I frames to P and B frames; this ratio may vary depending on the required compression and picture quality. For example, it is permissible to transmit only I frames. This would be similar to using JPEG to compress the video. o MPEG coding is so expensive that it is frequently done offline (i.e., not in real time). For example, in a video-on-demand system, the video would be encoded and stored on disk ahead of time. When a viewer wanted to watch the video, the MPEG stream would then be transmitted to the viewer s machine, which would decode and display the stream in real time. The Intrusive Internet: Snooping, Spamming, Spoofing, Phishing, Pharming, Cookies, & Spyware The internet is just too accessible, and it s too easy for people to make anything they want out of it. Here let us touch on a few of immediate concern that you should be aware of: snooping, spam, spoofing, phishing, pharming, cookies, and spyware. Snooping Snooping, in a security context, is unauthorized access to another person's or company's data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include casual observance of an e-mail that appears on another's computer screen or watching what someone else is typing. More sophisticated snooping uses software programs to remotely monitor activity on a computer or network device. 2
If you re really concerned about preserving your privacy, you can try certain technical solutions for instance, installing software that encodes and decodes messages. But the simplest solution is the easiest: Don t put any sensitive information in your email. Even deleted email removed from trash can still be traced on your hard disk. To guard against this, you can use software to completely eliminate deleted files. Spam: Electronic Junk Mail The term spam was picked up by the computer world to describe a kind of noise that interferes with communication. Now spam refers to unsolicited email, or junk mail, in the form of advertising or chain letters. But the problem of spam has metastasized well beyond the stage of annoyance. Spam plagues social networks, such as Facebook. It is even migrating from computers to cellphones, messages that the recipients have to pay for. Usually, of course, you don t recognize the spam sender on your list of incoming mail, and often the subject line will give no hint, stating something such as The status of your application. To better manage spam, some users get two email boxes. One is used for online shopping, business, research, and the like which will continue to attract spam. The other is used only for personal friends and family and will probably not receive much spam. Spoofing, Phishing, & Pharming: Phony Email Senders & Websites Spoofing, Using Fake Email Sender Names: Spoofing is the forgery of an email sender name so that the message appears to have originated from someone or somewhere other than the actual source. Spoofing is one of the main tactics used by spammers (and virus writers) to induce or trick recipients into opening and perhaps responding to their solicitations. DNS Spoofing Let us start with something very basic: Alice wants to visit Bob's Web site. She types Bob's URL into her browser and a few seconds later, a Web page appears. But is it Bob's web site? May be yes and may be no. Trudy might be up to her old tricks again. For example, she might be intercepting all of Alice's outgoing packets and examining them. When she captures an HTTP GET request headed to Bob's Web site, she could go to Bob's Web site herself to get the page, modify it as she wishes, and return the fake page to Alice. Alice would be none the wiser. Worse yet, Trudy could slash the prices at Bob's e-store to make his goods look very attractive, thereby tricking Alice into sending her credit card number to ''Bob'' to buy some merchandise. One disadvantage to this classic man-in-the-middle attack is that Trudy has to be in a position to intercept Alice's outgoing traffic and forge her incoming traffic. In practice, she has to tap either Alice's phone line or Bob's, since tapping the fiber backbone is fairly difficult. While active wiretapping is certainly possible, it is a certain amount of 3
work, and while Trudy is clever, she is also lazy. Besides, there are easier ways to trick Alice. Fig (2) A hierarchy of DNS servers contains the resource records that match names with addresses For example, suppose Trudy is able to crack the DNS system, maybe just the DNS cache at Alice's ISP, and replaces Bob's IP address (say, 36.1.2.3) with her (Trudy's) IP address (say, 42.9.9.9). That leads to the following attack. The way it is supposed to work is illustrated in Fig (3) (a). Here (1) Alice asks DNS for Bob's IP address, (2) gets it, (3) asks Bob for his home page, and (4) gets that, too. After Trudy has modified Bob's DNS record to contain her own IP address instead of Bob's, we get the situation of Fig (3) (b). Here, when Alice looks up Bob's IP address, she gets Trudy's, so all her traffic intended for Bob goes to Trudy. Trudy can now mount a man-in-the-middle attack without having to go to the trouble of tapping any phone lines. Instead, she has to break into a DNS server and change one record, a much easier proposition. 4
Fig (3) (a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record. How might Trudy fool DNS? It turns out to be relatively easy. Briefly summarized, Trudy can trick the DNS server at Alice's ISP into sending out a query to look up Bob's address. Unfortunately, since DNS uses UDP, the DNS server has no real way of checking who supplied the answer. Trudy can exploit this property by forging the expected reply and thus injecting a false IP address into the DNS server's cache. For simplicity, we will assume that Alice's ISP does not initially have an entry for Bob's Web site, bob.com. If it does, Trudy can wait until it times out and try later (or use other tricks). Trudy starts the attack by sending a lookup request to Alice's ISP asking for the IP address of bob.com. Since there is no entry for this DNS name, the cache server queries the top-level server for the com domain to get one. However, Trudy beats the com server and sends back a false reply saying: ''bob.com is 42.9.9.9,'' where that IP address is hers. If her false reply gets back to Alice's ISP first, that one will be cached and the real reply will be rejected as an unsolicited reply to a query no longer outstanding. Tricking a DNS server into installing a false IP address is called DNS spoofing. A cache that holds an intentionally false IP address like this is called a poisoned cache. References: 1. Computer Networks, 4 th edition, Andrew S. Tanenbaum. 2. Data Communications and Networking, 4 th edition, Behrouz A. Forouzan. 3. Using Information Technology, 9 th edition, Brian K. Williams and Stacey C. Sawyer. 5