A Secure and Stable Multicast Overlay Network with Load Balancing for Scalable IPTV Services

The emerging multimedia Internet application IPTV over P2P network preserves significant advantages in scalability. IPTV media content delivered in P2P networks over public Internet still preserves the issues of privacy and intellectual property rights. In this paper, we use SIP protocol to construct a secure application-layer multicast overlay network for IPTV, called SIPTVMON. SIPTVMON can secure all the IPTV media delivery paths against eavesdroppers via elliptic-curve Diffie-Hellman (ECDH) key exchange on SIP signaling and AES encryption. Its load-balancing overlay tree is also optimized from peer heterogeneity and churn of peer joining and leaving to minimize both service degradation and latency. The performance results from large-scale simulations and experiments on different optimization criteria demonstrate SIPTVMON’s cost effectiveness in quality of privacy protection, stability from user churn, and good perceptual quality of objective PSNR values for scalable IPTV services over Internet.


Introduction
Due to the prevalent broadband Internet access and advanced video compression techniques, the Internet Protocol Television (IPTV) has been emerging as one of the most popular Internet applications.IPTV can further benefit Internet users by entertainment, social, and business values, but IPTV faces more challenges of scalability, privacy, and service quality over the public Internet due to the conventional client-server architecture applied.
The success of well-known P2P video-streaming systems such as PPStream [1], PPLive [2], Sopcast [3], and TVants [4] has proven that P2P paradigm is a feasible solution to deliver bandwidth-hunger IPTV media content in large scale over the pervasive Internet.However, the above-mentioned proprietary P2P video-streaming systems still suffer the issues of long startup delays, significant video-switching delays, large peer playback lags, and security due to the peer heterogeneity and churn [5][6][7].
Therefore, the P2P overlay networks for future multimedia Internet should overcome the previous shortcomings to further promise quality of service, security, and experience to the IPTV end users.Moreover, the P2P overlay architecture for promising IPTV services should be not only easily convergent in heterogeneous networks, but also feasibly integrated with other Internet applications.
In this paper, we apply SIP protocol [8] to construct an application-layer multicast (ALM) overlay network, which is called SIPTVMON, with privacy protection, load balancing, and stability for IPTV to overcome the disadvantages previously mentioned in P2P video-streaming systems.Our contributions in proposed SIPTVMON for IPTV service are summarized as follows.
(i) Stability for Peer Heterogeneity and Churn.Since the peers (i.e., users) with ever-changing Internet access bandwidth may join and leave the IPTV service anytime as they wish, we continue to optimize SIPTVMON overlay tree with minimum SIP signaling overhead to achieve stable IPTV service by the product of average link bandwidth and service life time in peers.
International Journal of Digital Multimedia Broadcasting (ii) Security Provision.Most of the IPTV content preserves intellectual property rights, so the content delivery paths in SIPTVMON tree are secured against Internet eavesdroppers via elliptic-curve Diffie-Hellman (ECDH) [9] key exchange algorithm and AES [10] encryption.
(iii) Shorter Service Delays.Users may enjoy rapidly switching different IPTV channels over P2P networks and suffer the significant video-switching delay and larger playback lag, so our proposed SIPTVMON provides not only the peer's graceful leaving procedures realized by SIP protocols, but also the above-mentioned stability optimization for peers' joining and leaving to minimize average service delay from the user churn.
(iv) Interoperability with Other Internet Applications.The applied SIP protocol in SIPTVMON has been widely and successfully deployed in Voice over IP (VoIP) applications.Moreover, the core of IP Multimedia Subsystem (IMS) [11] in 3G telecommunication is also constructed by SIP protocol.We believe that the proposed SIPTVMON framework not only can cooperate with SIP-enabled Internet applications like prevalent VoIP applications, but also is feasible to help IMS in 3G mobile networks to achieve scalable IPTV service provision in more cost-effective way.
The remainder of this paper is organized as follows.In Section 2, we describe the related works of ALM overlay network, privacy protection for IPTV media streaming, and SIP-signaling protocol.The details of proposed SIPTVMON architecture with security, load balancing, and stability are presented in Section 3. Section 4 describes simulation experiments for SIPTVMON and their performance results for P2P IPTV.Finally, we conclude the paper and future work.

Related Work
As shown in Figure 1, the logical topology applied in current P2P video-streaming technologies is roughly classified into tree, mesh (i.e., multiple trees), and hybrid of tree and mesh [12].Though tree-based P2P structure preserves simplicity, it is vulnerable to peers' dynamics of heterogeneity and churn.Mesh-based P2P structure improves the resilience to the dynamics from peers, but it preserves more complex peer partnership relations.In this paper, we adopt treebased, rather than mesh-based, P2P architecture in proposed SIPTVMON to cost-effectively achieve low service latency, security provision, and stability for IPTV users churn over Internet.
We briefly review the related works in proposed solutions to construct an application-layer multicast overlay network with privacy protection, load sharing, and stability for scalable IPTV service.

Application Layer Multicast (ALM).
ALM is an application-level traversal method for IP multicast packets without the help from routers through unicast tunneling.ALM is also known as a cost-effective tool to construct overlay networks for large-scale Internet multimedia applications.ALM has the advantages of less overhead of maintenance than routers, provision of much larger multicast groups than IP multicast, less compatibility issues than IP multicast and, easier extension to new features like security, error control, stability, and so forth.
Because routers usually disable forwarding IP multicast packets to prevent the flooding of multicast data, selforganization algorithms for effective transmissions in logical topology of multicast overlay network become the essential of ALM mechanism.
As shown in Figure 1(a), a single-tree ALM aims to provide best-effort single-source data streaming with the optimization of reduced latency and loss rates.For example in [13,14], to join an ALM tree for streaming data, a new member (i.e., multicast agent, MA, USA) must first connect to a directory server, a rendezvous point to which every member MA must connect at the first time.Then, it will be able to obtain a member list to find the lowest round trip time (RTT), loss rate, or bandwidth among existing members for the better quality of multimedia-streaming service from source ALM.
The mesh topology illustrated in Figure 1(b) is applied to provide bandwidth-consuming peer-to-peer video streaming with the advantages of avoiding replicating group management across multiple (per-source) trees, and resilience of member failure [15].ALM mesh can be regarded as the superposed overlay of multiple spanning trees.Compared with the single-tree approach, the multiple-tree approach is more complicated.
In [16], a low-delay high-bandwidth mesh called Fast-Mesh for peer-to-peer live streaming is proposed.In this work, the authors propose a centralized heuristic with complete mesh knowledge to minimize the maximum delay of all peers in the mesh.They demonstrate via simulations that their solution can reach a small average delay of 50 ms to 100 ms for hundreds peers in the mesh with a source data rate of 10 kbps.In their experimental test bed over the Internet across several countries, the implemented Fast-Mesh still shows low delay, ranging from tens to 500 ms with a small data source rate of 30 kbps.
In our proposed SIPTVMON, a single-source ALM tree scheme is applied for its simplicity in not only the applied privacy protection, but also the tree adjustment in optimization of both scalability and stability for IPTV services.Moreover, the tree-based SIPTVMON can also lessen average service delays for large-scale peers and reduce the flow of control messages.

Privacy Protection for IPTV. The privacy protection
for Internet video streaming is usually done by symmetric encryption for less time consuming.There are two kinds of symmetric encryption mechanisms.One is the full encryption approach; the other is selective encryption.Generally speaking, the main disadvantages of selective encryption are insufficient security and video content dependent.On the contrary, full encryption is often criticized for the longer calculation delay which is not suitable for real-time video For the cost-effective privacy protection of real-time video streaming in IPTV, advanced encryption standard (AES), which is a symmetric-key encryption standard adopted by the US government, is most applicable to protect voice data from eavesdropper over Internet.The standard comprises three block ciphers, AES-128, AES-192, and AES-256, adopted from a larger collection originally published as Rijndael.Each of these ciphers has a 128-bit block size, with encryption key sizes of 128, 192, and 256 bits, respectively.
Since AES is a symmetric crypto system, it needs a key management infrastructure to issue a common secrete key (i.e., session key) for later video encryption/decryption between sender and receiver in IPTV.
As summarized in [18], three different methods of the session key distribution are preshared key, public-key encryption, and the Diffie-Hellman (DH) key exchange [19].There is only a very small amount of data that has to be exchanged in the preshared key method.But, it will incur the scalability issue in large group of communication peers.The public-key encryption can be used to create a scalable privacy-protection IPTV system and usually requires public key infrastructure (PKI) to distribute public key.Its disadvantage is consuming much more resource than the preshared key.
Generally, the third method of DH also has the scalability to protect large-scale IPTV services without the need of PKI.To prevent DH from man-in-the-middle (MITM) attack, authentication [20] between sender and receiver is needed further.Thus, applying DH session key negotiation to protect IPTV services will consume more resource of bandwidth and computation than the previous ones but without the need of centralized PKI.
In SIPTVMON, we use the popular modified DH called elliptic curve DH (i.e., ECDH [9]) key exchange via SIPsignaling protocol, since ECDH preserves much less computation overhead to construct the secure multicast overlay tree for IPTV's privacy protection.

SIP Signaling for P2P IPTV.
As illustrated in Figure 2, SIP [8] is the currently widely used signaling standards for VoIP call setup and management (e.g., registration, resource administration, status, and capability exchange).Session description protocol (SDP) [21] is SIP's companion protocol to explicitly present parameters of functions applied in call setup and session management, such as the key exchange information for negotiating secret key for DH signaling.real-time transport protocol (RTP) [22] is the well-known application-layer protocol for delivering real-time media data like IPTV video packets.
As shown in Figure 3, the option k in SDP within SIP can carry the public keys for DH signaling to negotiate a common secrete key for encrypting the IPTV video in RTP payload from source MA (sMA) to destination MA (dMA).Then, dMA can use this common secrete key to decrypt the encrypted RTP payload.
Since SIP with companion SDP not only can handle the setup, modification, and teardown of multimedia session, but also supports many extensions, enhancements, resource management, and interworking with other heterogeneous systems, such as privacy protection mentioned above, transferring information during ongoing session, instant messaging, and so forth, SIP is the best signaling protocol over Internet for the control messages applied to furnish the proposed solutions of security, load balancing, and stability in SIPTVMON for scalable IPTV services.

SIPTVMON: Secure ALM Overlay with Load-Balance and Stability for IPTV Using SIP
SIPTVMON is an overlay network composed of a super agent (SA, i.e., rendezvous) and different MAs on different multicast islands over Internet to effectively provide IPTV service for a dedicated media source from content server.SIPTVMON's MAs are dedicated computer systems or software applications to receive content data from sMA, then multicast it to their local subscribers, or unicast it again to one or more other dMAs over different multicast islands as illustrated in Figure 4. Besides, SA [23] will not only take the responsibilities to keep locations of MA and the detailed topology information of SIPTVMON but also help to forward the video from one source MA to destination MA, which is located in a private multicast island to furnish the ubiquitous IPTV service over the pervasive Internet.However, the topology of SIPTVMON will change from time to time because the Internet users can subscribe or unsubscribe the IPTV service at any time, and the corresponding MA may join or leave the SIPTVMON while either its local users subscribe or no user subscribes the IPTV service.Meanwhile, every dMA in its multicast island may preserve different capabilities of system resources and outbound network bandwidth to forward the media content, so we propose a load-sharing scheme for SIPTVMON to prevent overloading sMA from jeopardizing perceptual quality of IPTV service for end users.

MA Joins/Leaves SIPTVMON with Security Provision.
According to the long tail theory of customer demographic [24], usually most of the customers, like newly joined MAs of SIPTVMON, will not stay with SIPTVMON for a long period.To further reduce the processing overhead of reconnecting disjoint trees in SIPTVMON while a nonleaf node of MA occasionally leaves SIPTVMON, the new dMA should be joined to the leaf node of MA in SIPTVMON.
The procedures of a new MA-joining SIPTVMON are illustrated in Figure 5   (J8) Then, MA new will send to MA leaf a SIP "ACK" message via SA to confirm the completion of ECDH key exchange and the successful member join in SIPTVMON.Meanwhile, SA can also update its SIPTVMON tree topology information of new member join accordingly.
While a nonleaf MA needs to leave SIPTVMON after its local users in multicast island sequentially unsubscribe the IPTV service and it has no obligation to forward video for other MAs (i.e., child nodes of the leaving MA), the child nodes must reconnect to other MAs in SIPTVMON to continue the IPTV service.As shown in the example of Figure 6, procedures of a nonleaf node MA l leaving SIPTVMON without breaking IPTV service of its child nodes are illustrated, and the details are described as follows.
(L1) The MA l will first send leaving requests of SIP "BYE" with SDP body of the video content identifier and its registration identifier to acknowledge not only its parent node to cease forwarding video later, but also its child nodes (i.e., MA c1 and MA c2 ) to seek other new parent nodes of MA to replace their old parent MA l for continuing IPTV video streaming.
(L2) The acknowledged child nodes (i.e., MA c1 and MA c2 ) will send reregistration requests of SIP "REGISTER" with SDP body of the same video content identifier, their registration identifiers, and the reason of reregistration to the oracle SA to ask for the connection information of new parent nodes, respectively.
(L3) SA will send back response messages of SIP "OK" with SDP body of the connection information of new parents (i.e., MA s1 and MA s2 ) to the leavingacknowledged child nodes (i.e., MA c1 and MA c2 ).Such gracefully leaving procedures for a nonleaf MA l leaving SIPTVMON can minimize the IPTV service disruption from subsequent video packets loss for the descendant nodes below the leaving node MA l to maintain the overall quality of IPTV services for users.
Since all the SIP messages including request and response in the previous procedures in new MA's join and old MA's leaving will be forwarded via the so-called SIP proxy (i.e., oracle SA), these messages can easily help SA updating its SIPTVMON topology information to cost-effectively provide correct information upon later requests from SIPTV-MON members.

Optimizations for SIPTVMON of Load Sharing and
Stability.IPTV is a near real-time application service, and the delay constraint is not as strict as video conferencing and voice over IP.Therefore, IPTV service stability is more important than service latency.As the SIPTVMON's member MAs, which preserve different capabilities of system resources and network bandwidth, may join, leave, or fail in the overlay network of SIPTVMON during IPTV service session, the avoidance of IPTV service disruption must be considered in proposed SIPTVMON architecture.
The larger outbound link bandwidth of MAs in SIPTV-MON not only supports higher bit rate of IPTV video, but also more connections to remote dMA with good quality of IPTV service.In previous researches [25,26], the ALM tree's node with more outdegree (i.e., higher bandwidth) should be moved to the top of the tree to perform the optimization of load sharing in overlay network to pursue better quality of service.
Furthermore, another important factor of optimization, which will affect stability of SIPTVMON, is user lifetime, because Internet users may join and leave IPTV services in different timing.In the paper [27], authors presented that Internet user's lifetime in video-streaming systems will follow the long-tailed distribution [24].It means that just a few users will stay in the system for a long time and most users will stay in the system for a short period of time.
To apply both factors mentioned above, which may affect stability of overlay network, [26] uses the product of bandwidth and life time (i.e., Bandwidth and life-Time Product, BTP) for load-sharing optimization of overlay network.The BTP value function, as shown in (1), is used as a criterion to optimize the overlay network service with low service latency and disruption.However, this BTP function is too sensitive to the variation of bandwidth on Internet to frequently reconstruct the overlay network.We have BTP = bandwidth × lifetime.
(1) Therefore, we further propose an improved criterion called averaging bandwidth life-time product (ABTP) to effectively minimize service disruption during optimization for SIPTVMON.The improved value function of ABTP is defined as follows: As shown in ( 2), ABTP is evaluated as a criterion of load-sharing optimization for SIPTVMON by averaging the latest n measured bandwidth values of a node (i.e., MA) and then multiplying by the value of this node's life-time in SIPTVMON.According to the ABTP value of each node in SIPTVMON, we can reconstruct the SIPTVMON as the examples illustrated in Figure 7.At the left hand side of Figure 7, node M 2 preserves higher ABTP value than node M 1 , and node M 2 should be moved to higher level than node M 1 .But, node M 1 preserves one less degree than node M 2 , and then two child nodes of M 2 with less ABTP values will link to the child nodes of M 1 for leaving them in the same level.Meanwhile, the original child node of M 2 with largest ABTP value will be moved with node M 2 to upper layer.Then, this optimization can keep the degrees of nodes M 1 and M 2 unchanged.The example of optimized SIPTVMON tree is illustrated at the right hand side of Figure 7.
Because the oracle SA also plays the role of SIP proxy, not only the running topology of SIPTVMON tree, but also both of MAs' bandwidth and life-time can be recorded by all the forwarded SIP messages in SA.Consequently, optimization score like ABTP can be calculated by SA.Then, SA can recommend the optimization procedures via SIP "UPDATE" request messages to corresponding SIPTVMON's MAs participated in the ongoing IPTV session to initiate the optimization.In SIP protocol, the request message "UPDATE" is designed to enable the modification of session information.
The SIP message flow shown in Figure 8 illustrates to the optimization of the example from Figure 7, and the procedures are described in details as follows.
(O1) While oracle SA detects that the optimization score of M 2 at lower level is larger than the M 1 at higher level in SIPTVMON tree, SA sends M 2 the SIP "UPDATE" with the SDP body of M 2 's video content identifier, registration identifier (for authentication), and the recommended new parent M 0 's connection information.
(O2) After M 2 receives the recommendation of new parent from SA, it will first start the similar leaving procedures mentioned above but without acknowledging its children to rejoin other parents, and then M 2 and its children start the join procedure with ECDH scheme mentioned above to connect to new parent M 0 .When the join procedure is completed, M 2 sends the SIP "OK" response message to SA.
(O3) SA then sends M 1 , which preserves low optimization score, by the SIP "UPDATE" message with the SDP body of authentication identifiers and the recommended new parent M 2 's connection information.
(O4) After M 1 receives the recommendation of new parent from SA, it will first start the similar leaving procedures mentioned above but without acknowledging its current children to rejoin other parents, and then M 1 with its current children starts the join procedure with ECDH scheme mentioned above to connect to new parent M 2 .When the join procedure is completed, M 2 sends the SIP "OK" response message to SA.
(O5) Because M 1 's child M 3 has been moved to lower level of SIPTVMON than M 2 's children M 4 , M 5 , and M 6 , M 3 with higher optimization score must first exchange position with M 2 's child M 5 with the lowest score.Therefore, SA sends M 5 the SIP "UPDATE" message with similar SDP body to ask M 5 to reconnect to new parent M 1 .
(O6) After M 5 rejoins M 1 like previous steps, M 5 sends the SIP "OK" response message to SA.
(O7) Then M 1 's child M 3 has to move to the same level as M 2 's children.SA sends M 3 the SIP "UPDATE" message with similar SDP body to ask M 3 to reconnect to new parent M 2 .(O8) After M 3 rejoins M 2 like previous steps, M 3 sends the SIP "OK" response message to SA. (O9) Since current out degree of M 2 is higher than before, the child M 4 with lowest score should move to the lower level of M 1 with one available degree.Therefore, SA sends M 4 the SIP "UPDATE" message with similar SDP body to ask M 4 to reconnect to new parent M 1 .(O10) After M 4 rejoins M 1 like previous steps, M 4 sends the SIP "OK" response message to SA to finish the procedures of optimization.
The adjustment of SIPTVMON tree for optimization of load-sharing and stability may incur the service disruption, but ABTP can smooth the variation of bandwidth on Internet to avoid unnecessary adjustment of SIPTVMON and then further effectively reduce the service disruption.ABTP optimization has two major advantages to the loadsharing and stability for proposed SIPTVMON.
(i) ABTP optimization follows the long-tailed distribution: The one who stays longer in the system can have larger ABTP value easily.Even if a node has large bandwidth, it may not have larger ABTP value because his lifetime is short.As time goes by, a node in SIPTVMON with large bandwidth can have an extremely large ABTP value, and ABTP optimization will move this node to a very high level of the SIPTVMON tree to achieve stable SIPTVMON.(ii) ABTP value can avoid the unnecessary optimizations: Since the Internet bandwidth varies from In following section, we will present the simulations and performance results of the optimization for load-sharing and stability via ABTP criterion for the proposed SIPTVMON.

Experiments and Performance of SIPTVMON
To demonstrate our proposed optimization scheme via ABTP criteria for SIPTVMON, we use the well-known simulation tool OMNeT++4.0[28] to construct a vital SIPTVMON with new MAs joining, old MAs leaving and timely SIPTVMON adjustment for optimization at loadsharing and stability (i.e., criteria of bandwidth only, life time only, BTP [26], averaging bandwidth only, and ABTP).
The optimization criterion of averaging bandwidth only is abbreviated as ABO, and it considers only the averaging bandwidth part of ABTP.The video source's average bit rate is 280 Kbps from the popular MPEG-4-coding data.
The detailed simulation parameters and corresponding test values are listed in Table 1.
During the simulation for SIPTVMON, we recorded the count of control messages and service disruptions, tree depths, service latency, average packet loss rate, count of MA with packet loss, and average perceptual PSNR values for different optimization criteria.We will perform each test case five times to find out the mean and standard deviation of these simulation results.
As shown in Figure 9, ABTP criterion outperforms other four optimization criteria in less overhead of control messages.Those criteria (i.e., B and ABO) without considering life time preserve more control messages.It is because the possibility of high-level nodes leaving from SIPTVMON tree will be higher.It also indicated that more control messages are needed to repair the SIPTVMON for continuing IPTV service if MA's life time is not considered in optimization for load sharing.
While an old MA leaving SIPTVMON or SIPTVMON's adjustment for load sharing, service disruption may occur to degrade the quality of IPTV video-streaming service for those dMAs under detached parent in SIPTVMON.According to the results from Figure 10, ABTP also preserves less average count of service disruption to help SIPTVMON to achieve better quality of service.As shown in Figure 11, ABTP optimization criterion keeps lower depths of SIPTVMON tree than other criteria, except the test case of small MA quantity of 2000 nodes.Those optimization criteria considering both bandwidth and life time usually keep less depth than others in most test cases.
While the depth of SIPTVMON tree getting larger, the IPTV service latency of bottom dMAs is also getting longer.However, as shown in Figure 12 for the test case of MA quantity 6000, the value of service latency will keep growing after simulation starts.It is because the tree is growing and the increasing depth indicates increasing service latency.While the member of MA in SIPTVMON tree reaches 6000 and some of these MA may start to leave SIPTVMON tree, the service latency will stop increasing due to the adjustment of SIPTVMON tree through different optimization criteria.The optimization criterion T preserves much more service latency during simulation time than other criteria since the International Journal of Digital Multimedia Broadcasting bandwidth criterion was not considered to effectively reduce both the depth of SIPTVMON tree and corresponding service latency.ABO considers same criteria of bandwidth only with criterion B, but ABO preserves larger service latency than criterion B. This is because the averaging bandwidth from ABO will not decrease the tree depth of SIPTVMON in the same large scale as B.
As shown in Figure 12, the reason why optimization criterion ABTP cannot achieve best results in service latency is because it considers both of the averaging bandwidth and life time.It is not very possible for criterion ABTP to outperform less service latency than criterion B.
Due to the possible service disruption from the SIPTV-MON's optimization procedures, we count the packet loss for every MA during the service disruptions within simulation to calculate the average packet loss rate for the whole SIPTVMON tree.The calculation of average packet loss rate l avg is shown in (3).In (3), l i indicates the packet loss rate of MA i on the SIPTVMON, and it is derived from the ratio of the count packet loss in MA i to the total packets of original video source.Then, n is the MA quantity in Table 1.One has As shown in Figure 13, proposed ABTP optimization criterion for SIPTVMON outperforms other criteria in less average packet loss rates.While we count the number of SIPTVMON's MA preserving packet loss, as illustrated in Figure 14, the ABTP optimization criterion further demonstrates much more scalability for SIPTVMON than other criteria applied.
Moreover, the packet loss may jeopardize the playback quality of the IPTV video, so we derive the average perceptual PSNR values from the packet loss rates previously recorded International Journal of Digital Multimedia Broadcasting for all MAs on SIPTVMON.The calculation of average perceptual PSNR value p avg is shown in (4).As the same definition in (3), l i indicates the packet loss rate of MA i on the SIPTVMON and n is the MA quantity.Then, the PSNR function in (4) provides an estimated PSNR value for the input loss rate of l i .One has As shown in Figure 15, similar with most of previous experimental results, the proposed ABTP optimization criterion applied in SIPTVMON outperforms much better perceptual quality for end users than other criteria applied.In our simulation results, the average perceptual PSNR value still reaches the best even at the largest scale of MA quantity to 10000 in SIPTVMON for IPTV service.

Conclusion and Future Work
In this paper, we propose a secure overlay network-called SIPTVMON using application-layer multicast with loadsharing and stability schemes to cost-effectively provide scalable IPTV services for users churn such as frequent joining and leaving.The proposed SIPTVMON constructed by SIP signaling can provide Internet users with scalable and stable IPTV video streaming with privacy protection, and the simulations and results demonstrate that our SIPTVMON's proposed optimization criterion (i.e., ABTP) considering the product of averaging bandwidth and life time in peers not only has the better performance in overhead of control message, service disruption, and service latency from tree depth than other optimization criteria but also preserves very acceptable perceptual quality in objective PSNR values with privacy provision.
In near future, we plan to deploy SIPTVMON over the global Internet test-bed (e.g., PlanetLab [29]) for further demonstration.We also like to investigate SIPTVMON's reliability features of open-loop and close-loop error controls such as peer's packet cache for retransmission and adaptive forward error correction (FEC) to further improve P2P IPTV's quality of service over Internet.

Figure 1 :
Figure 1: P2P IPTV structure of tree and mesh.

Figure 2 :
Figure 2: Basic operations of VoIP session via SIP signaling.

Figure 7 :
Figure 7: Example of ABTP optimization for a SIPTVMON tree.

Figure 8 :
Figure 8: SIP message flow for SIPTVMON optimization in Figure 7.

Figure 9 :Figure 10 :
Figure 9: Average number of control messages on different MA quantity and optimization criteria.

Figure 11 :Figure 12 :
Figure 11: Average tree depth on different MA quantity and optimization criteria.

Figure 13 :Figure 14 :
Figure 13: Average packet loss rates on different MA quantity and optimization criteria.

Figure 15 :
Figure 15: Average perceptual PSNR values on different MA quantity and optimization criteria.
and described as follows.(J1) New MA denoted as MA new sends a SIP "REGISTER" request with specified content identifier and registration identifier to SA to ask SA for the connection address of a leaf MA, to which the MA new can be connected and join the SIPTVMON tree. to remote MA leaf via SA proxy.The SDP body in the SIP message includes the ECDH public data of Eq 1 , G 1 , and P new .(J5) While MA leaf receives the MA new 's "INVITE" message and MA new is authorized to join the SIPTVMON, it will randomly generate a private key k new and then calculate a public key P leaf according to k new and receive Eq 1 and G 1 .Besides, the common private key K c for encrypting video content can be computed by k leaf , received P new , Eq 1 and G 1 .
(J2) SA plays a role of SIP proxy and oracle of SIPTVMON topology information to send back the SIP "OK" response with SDP body of corresponding connection address of a leaf node MA leaf , in which the new MA new can be connected to SIPTVMON.Therefore, the SA must maintain all up-to-date SIPTVMON topology information to effectively and correctly reply the access request with a capable leaf node of handling the forwarding requested video to the new subscriber MA new .That is the reason why SA is called the super agent.(J3) After successful registration, MA new needs to prepare the public parameters and key for the peer by ECDH key exchange algorithm.Elliptic curve [9] function's parameter Eq 1 (a 1 , b 1 ), base point G 1 = (x 1 , y 1 ), and a random private key k new are generated by MA new .Then, a public key P new can be calculated by k new , Eq 1 and G 1 .(J4) MA new sends a SIP "INVITE" request message (J6) Then MA leaf responses a SIP "OK" message with SDP body including the public key P leaf back to MA new .(J7) While MA new receives the public key P leaf from MA leaf 's SIP "OK" message, MA new can use P leaf , private key k new , Eq 1 and G 1 to compute the common private key K c for later decrypting the encrypted video.