Cloud Video Streaming Using Raspberry Pi

2013 3rd International Conference on Social Sciences and Society (ICSSS 2013)

Cloud Video Streaming Using Raspberry Pi

Mihai Bucicoiu a, Mircea- tefan Ghideu b, R zvan Rughini c,*

University POLITEHNICA of Bucharest, Splaiul Independentei 313, Bucharest 060042, Romania

a云视频流使用树莓派mihai.bucicoiu@cs.pub.ro, bmircea.ghideu@aut.pub.ro, crazvan.rughinis@cs.pub.ro

*Corresponding author

Keywords: Raspberry Pi, Video Streaming, Cloud

视频流

Abstract. We present a solution for cloud video streaming using a Raspberry Pi device, controlled from an Android application through a messaging service provided by Amazon Web Services. The proposed solution defines an architecture that simplifies video sharing from cloud storage by using a portable device capable of video output on any screen, regardless of type and display resolution, while increasing one's privacy and security in public places. This is achieved by using server generated smart tokens that are used by the Raspberry Pi device to authenticate and access an object file from Amazon's Simple Storage Service.

1. Introduction

The advantages of cloud computing services have led to major changes in application development and user's privacy and security. Developers can build third party applications without messing up with complicated server setups using cloud services and paying only for the used resources. Software development time is also reduced thanks to integrated cloud services like messaging, storage, notifications, database services or backup. Many applications are now relying on this technology; most notable being the web applications. Moreover, companies and individual developers are strongly taking in consideration multi-platform support for their software, which requires online synchronization of data and server-side functionality.

With today's rapid peace of the technology evolution most of the services have two or more

distinct solutions available. Smart TV's, for example, have different type of software platforms [1], specific for each manufacturer. This creates further market fragmentation, and developers of web services have to port their software to each platform in order to keep their customers. In this paper, we propose a solution to this problem: a cloud enabled device with video out support, small enough to be easily carried over and powerful enough to handle any task. Furthermore, the device will enable smart TV capabilities for legacy TVs and monitor screens and allows easy interactions through a smartphone.

Another problem of today's Smart TVs concerns video streaming applications that are embedded

right into the platforms. For home users it is usually sufficient to have access from the TV to their YouTube, Netflix or private storage account, but if one wants to connect with their personal accounts to one of these services using a public TV, they might not do it due to a possible compromised device. In our proposed solution, the TV application gets access to private content using unique credentials for accessing only one specific file at a time, within a limited amount of time. This is done through a secure messaging communication with the user’s smartphone. Moreover, the application is remotely controlled from a personal device that belongs to the user.

2. Technologies Used

The technologies used for implementing the solution proposed in this paper are relatively new and very popular. We used cloud computing services to leverage the power, flexibility, and development time reduction for implementation of RESTful [2] web applications. Therefore, our solution is ready for commercial use; hence, we do not face the service infrastructure problems that many startups are confronting with. The Raspberry Pi device brings new possibilities regarding the hardware component available in the proposed solution implementation: it is easy to install and use while the features that can be added allows it to compete with a media box. Moreover, Raspberry Pi hardware has an affordable price. We have use Android as the operating system to develop our application on, as it is currently ranked on the first place in the mobile market share [3].

2.1 Cloud Computing

Amazon Web Services [4] (AWS) is the cloud computing service provided by Amazon, targeting the infrastructure of web applications with the benefits of reliability, scalability and cost effectiveness. The infrastructure components don't require any expenses or effort involved in hardware management. Some of them, which provide integrated software solutions, are also keeping developer's involvement to minimum when it comes to implementation and deployment of common infrastructure services. They give back development time and resources to concentrate on actual functionality and application logic. For start-ups, cloud computing services reduces the initial investment of the physical platform on which the software will run, while giving confidence that the application will be able to grow, survive, and respond quickly to any usage spikes generated by users demand.

The solution proposed in this paper uses the following services from Amazon:

a) Identity and Access Management (IAM), enables developers to prevent unauthorized access to AWS services and resources. The context, in which IAM is used in our solution, is to manage federated identities and their permissions. A federated identity is represented by a set of credentials, generated based on a user ones, which will be used across components of a system to gain access to user resources. In our case, the Android device will request from an in-house developed Token Vending Machine (TVM) a set of restricted, temporary credentials which, afterwards, will be used by the Raspberry Pi device.

b) Simple Storage Service (S3) offers online storage space for different types of files, making them accessible, publicly or privately, to any application or individual. The service supports four distinct authentication systems: bucket policies, Access Control Lists (ACL), IAM policies and temporary query strings using http requests. Only two of them are used in our solution, IAM and ACL, respectively. The first one grant less permissions to the TVM user which will need to read and change the ACLs attached to buckets and objects from S3. ACLs, on the other hand, are individual policy files that define which AWS accounts or groups are granted access. In our case, the AWS accounts are temporary users created by the TVM which will be used on the Raspberry Pi device to read the file received in command.

c) Simple Queue Service (SQS) allows delivery of short messages between components of distributed software solutions. Messages can be sent in an unlimited number and each one can contain up to 256KB. In terms of cost efficiency, a single push with a 256KB payload will be counted as four requests of 64KB, since a bill can't be issued for a payload bigger than 64KB. Pushing and polling of messages can take place simultaneously, and while a message is being processed it becomes locked to keep other clients from processing it simultaneously. Access granting is managed by IAM service and gives the possibility of setting specific right to each user (i.e., reading, creation, deletion). It is used in our solution as means of communication between the Android device and Raspberry Pi device.

d) Simple Database Service (SDB) provides generic database support for applications with high availability and performance. It allows developers to focus on application content and functionality without messing up with database schemas and its problematic upgrades. We used SDB service in

development of TWM component for storing user and device information. There are two domains created, DEVICES and USERS, each of them designed to store specific data.

e) Elastic Beanstalk (EB) service allows running of server-based applications in isolated containers, leveraging the power of Elastic Cloud Computing (ECC), Elastic Load Balancing, Auto Scaling and other Amazon services like S3, SQS, IAM or SDB. The implementation proposed in this paper, is written in Java and packaged in a Java Web Application Archive file, WAR. Afterwards, it is uploaded and deployed on the EB, on one ECC instance which runs an Apache Tomcat Server. This work flow ensures reduction of tasks required to be done when deploying server-side code. With a few important settings, the performance and scalability of the server can be easily tuned and we have greatly benefited in developing the server component of our solution. We implemented service web APIs using HTTP and REST [2] principles. This makes our implementation usable from any device with Internet connectivity, as it does not require any special ports to be opened.

2.2 Android

Android is a Linux based operating system which runs applications developed in a customized version of Java. The Android Software Development Kit (Android SDK) provides the tools, i.e. compiler, device emulator, virtual machine and debugger, and libraries required to develop Android applications. These are modular and can be implemented in different components that are easily reusable by other applications. This concept exists under the name of task in Android. The main components of an Android application are defined as follows: activities, content providers, services and broadcast receivers.

The system uses multiple mechanisms to protect user data and privacy. Each application installed on a device will have assigned a newly created user and group ID by the Android operating system. This way, other applications take advantage of a Linux system user account control, meaning that any application will not have access to other application's files. As a result, each application is started in its own process, confirming the isolation from other running applications. If an application needs to share some data with other, it must be done in an explicit manner, i.e. via a content provider or service.

Each Android application respect a permission system, based on specifications set by its developer or by the Android system for certain tasks. A permission defined by an application is located in its AndroidManifest.xml configuration file. Each set of permissions have different levels and some of them can be automatically granted by Android until the point when they require user acceptance. We developed the Raspberry Pi control component as an Android application. Users will use it to login into their own account and create a playlist of files that will be streamed from S3 service to Raspberry Pi device.

2.3 Raspberry Pi

Raspberry Pi a low-budget educational single-board computer, supported by British based Raspberry Pi Foundation. It comes in two variants with hardware differences being in the available RAM memory, number of USB ports and the presence of Ethernet port. It features an 800MHz ARM CPU (ARMv6 architecture), 256MB and 512MB of RAM in case of Model A, Model B respectively, which are implemented in Broadcom system on a chip (SoC) [5]. The chip also offers a USB port and a GPU unit, clocked at 250MHz capable of HDMI output at 1080p resolution.

The operating system support is mainly Linux [6], with distributions like Debian, Arch Linux, Gentoo or Android, but the list can continue with operating systems that support the ARMv6 architecture (i.e. FreeBSD, Plan 9, Haiku). As programming language support Python [7] is mostly used, but there is support for other languages as well.

We used the Raspberry Pi device as a small media center, able to let itself controlled from an external device after an authentication mechanism was activated between those two. Our goal for the component containing the Raspberry Pi device is to have access to want content a user wants without

compromising privacy and security. The operating system we chose is Arch Linux because of its lightweight base system and low memory footprint.

Arch Linux [8] is a lightweight, simple, general purpose GNU/Linux distribution that aims to be very UNIX-like. Is independently developed and it primarily supports i686 and x86-64 computers but support exists for ARM devices too, i.e. ARMv5, ARMv6 and ARMv7. Arch is a distribution developed from a developer standpoint, focused on code simplicity, minimalism and correctness.

3. Architecture

The proposed solution architecture consists in using an Android device for controlling a Raspberry Pi device and a Token Vending Machine for user management, permission control and smart token generation. The web service infrastructure, upon which the solution is designed, is provided by Amazon Web Services.

The solution described in this paper has the following benefits:

Easy to use – the application should requires three steps to operate (plug in, connect and play) in order to start video streaming and only one user should be able to control the device at a specific time;

Portable – the device has small dimensions, enough to fit in a pocket;

Secure – the connection between the components are encrypted using AES and the permission level are set to minimal;

Generic – the applications has a clean and generic implementation which allows adding support for other type of files, e.g. pictures, PDFs.

Fig. 1 Data flow between solution components.

The architecture of our application is composed of four main components, highlighted in Fig. 1:

BerryCloudBox1 used to stream and display the activity on the TV;

TV screen on which is displayed a QR code if an Android application can connect, otherwise an error message;

SmartMovieSharing2 that has access to user's cloud objects list, make smart token requests to SmartTVM3 and send commands to BerryCloudBox trough SQS;

Amazon Web Services collection which provides the infrastructure for a successfully working first two components (see Fig.2).

The communication between SmartMovieSharing and BerryCloudBox is done via a named queue, created in SQS. The queue is created by the BerryCloudBox after it successfully initializes its 1

2 Project name of the application that runs on Raspberry Pi device Project name of the Android application

Project name of the Token Vending Machine 3

modules and connection to Amazon Web Services. The queue name is encoded in a QR code which will be embedded into a picture and displayed on the connected TV. Afterwards, the SmartMovieSharing scans it, decodes the queue name and connects to it. Each device has only one function implemented regarding queue message manipulation: reading, in case of BerryCloudBox,

and writing in case of SmartMovieSharing.

Fig. 2 Complete diagram which highlights the roles of each Amazon Web Service

Between SmartMovieSharing and SmartTVM, the communication is done via a secure channel. The QR code that is displayed by the TV also hides the public part of a Diffie-Helman key, and the public part of an RSA key. Using this, the SmartMovieSharing application, encrypts its personal public part of Diffie-Helman and sends it through the message channel created by AWS. In this way, both devices, Raspberry Pi and Android, can compute a one-time secret. This will be used for all further communication between them. Using this approach, the cloud provider cannot decipher the commands send by the phone, providing an additional layer of privacy to the user. Moreover, the communication between Android and TVM is also encrypted using HTTPS. The web service that runs as a TVM waits for requests on the port 443 and responds as needed.

The SmartTVM implements an authentication system for SmartMovieSharing and temporary tokens generation with limited permissions. It makes use of Amazon Web Services functionality for access restriction, ACL, which means that each AWS resource has assigned a list of users and groups who are allowed and the type of access. While SmartMovieSharing receives rights of listing the objects from users directory, for BerryCloudBox, the SmartTVM creates a new user (user creation is handled by AWS IAM service) each time the SmartMovieSharing requests the credentials for reading a single object. Each new user has assigned a policy with very restrictive ACLs, like opening a bucket and reading a single file from it. The restricted user and the respective secure smart token are passed from the SmartMovieSharing to BerryCloudBox, through a SQS queue. This flow ensures the security of the files that one has stored in bucket.

4. Conclusions

This paper proposes a solution for secure video streaming from cloud, using an Android application to control a Raspberry Pi device, which will display the streaming activity on a TV screen. The web infrastructure is built upon Amazon Web Services and a custom web service has been proposed to run as a Token Vending Machine. The TVM has a very important role and it handles user authentication and generation of smart tokens, which can be used for getting the authentication credentials on Android application or for restricting access on the Raspberry Pi device to streaming only one file. The advantage of this solution is that an attacker cannot gain access to one’s private files because the only credentials used are a set of locked-down, temporary smart tokens.

The hardware solution, the Raspberry Pi device, is small and portable, making transportation easy. It uses an HDMI output which can be connected any TV or monitor without making compromises on audio and image quality. Still, connecting in a DVI or VGA slot using an HDMI adaptor will drop the audio output - which can be fixed by using the audio output plug from the device.

Cloud computing services provide a fast and secure way of restricting access to private data stored on cloud.