Fraunhofer HHI required the integration of Digitally Signed Content (DSC) support into GStreamer to ensure content integrity and traceability across multimedia workflows. At the time, GStreamer did not provide standardized mechanisms for embedding and validating digitally signed metadata within encoded video streams, which created a gap for organizations seeking trusted and verifiable media pipelines.
Fluendo’s expertise was essential because of its 20-year history as a leader in the GStreamer community and its previous success with the SPIRIT OC1 project, which served as the baseline for this engagement. As multimedia experts with deep insight into the framework, the team was uniquely positioned to implement DSC SEI messages on top of H.266/VVC bitstreams. This project aimed to deliver a modular, maintainable solution that could be contributed upstream to the open-source community.
Standard Compliance
Ensured full alignment with JVET-AK0194 and ITU H.274 (VSEI) standards for video authentication.
Content Integrity
Enabled trustworthy signing and authentication of coded video data at the elementary stream level.
Modular Architecture
Developed encapsulated GStreamer elements for signing, inserting, parsing, and verifying metadata.
Standard Compliance
Ensured full alignment with JVET-AK0194 and ITU H.274 (VSEI) standards for video authentication.
Content Integrity
Enabled trustworthy signing and authentication of coded video data at the elementary stream level.
Modular Architecture
Developed encapsulated GStreamer elements for signing, inserting, parsing, and verifying metadata.
Proposed solutions
Implementing trustworthy media pipelines
Securing video bitstreams through standardized metadata integration
The diagnostic process identified that traditional authentication methods relied on container-level signatures, which were easily stripped or manipulated. To address this, the solution focused on embedding cryptographic signatures directly into the video bitstream at the Network Abstraction Layer (NAL) unit level. This ensured that authentication information traveled with the video data itself, making it significantly harder to tamper with.
The implemented solution involved extending the H.266 multimedia parsers to extract SEI messages carrying DSC metadata and expose them as GstMeta. New GStreamer elements were developed to handle DSC signing and verification, allowing for the generation of signing metadata in compliance with JVET standards and the validation of content using public keys. These elements emitted signals to notify the system of validation success or failure, providing a robust framework for real-time media authentication.
The engagement resulted in a modular implementation that was contributed upstream to the GStreamer community, ensuring long-term maintainability and industry adoption. Further technical details were shared in a related blog post.
Proposed solutions
Implementing trustworthy media pipelines
Securing video bitstreams through standardized metadata integration
The diagnostic process identified that traditional authentication methods relied on container-level signatures, which were easily stripped or manipulated. To address this, the solution focused on embedding cryptographic signatures directly into the video bitstream at the Network Abstraction Layer (NAL) unit level. This ensured that authentication information traveled with the video data itself, making it significantly harder to tamper with.
The implemented solution involved extending the H.266 multimedia parsers to extract SEI messages carrying DSC metadata and expose them as GstMeta. New GStreamer elements were developed to handle DSC signing and verification, allowing for the generation of signing metadata in compliance with JVET standards and the validation of content using public keys. These elements emitted signals to notify the system of validation success or failure, providing a robust framework for real-time media authentication.
The engagement resulted in a modular implementation that was contributed upstream to the GStreamer community, ensuring long-term maintainability and industry adoption. Further technical details were shared in a related blog post.