会议电视中MPEG-Ⅱ视频流加密系统的设计与实现
摘要
Internet的迅猛发展普及为会议电视的应用提供了广阔的市场前景。由于会议电视经常会涉及商业或政府部门的一些敏感、关键性数据,因此会议电视不同于普通的视频应用,需要达到较高的加密强度。在研究生实习期间,本人参与了上海交大慧谷信息股份有限公司的WITNET-Video~(TM)网智通视产品的研发,负责MPEG-Ⅱ视频流在网上的安全传输。本人设计并实现了针对会议电视的MPEG-Ⅱ视频流加密系统,其加密强度达到商密级别的标准。本加密系统充分利用MPEG-Ⅱ视频流的结构特性,结合会议电视安全性能的要求,对运算量和加密强度这一矛盾进行合理的折衷,提出了MPEG-Ⅱ视频流的选择性加密方案。该方案采用对称算法3DES和非对称算法RSA相结合的混合方式密码体制,并以密钥管理为研究核心。用私钥算法中的3DES对视频流的有关帧进行加密;而用公钥算法中的RSA对3DES密钥进行加密。密钥管理模块实现了密钥安全可靠的产生、分配、存贮和销毁,采用数字签名技术,并用证件方式来实现密钥管理。引入X.509证书机制,用以解决RSA的公钥分发,公钥/私钥对与用户真实身份的绑定问题。将密钥管理系统的体系结构分为两级,从而保证了有限长的凭证路径,缩短了证件的检验过程并且较易实现。
With the rapid development of Internet, the market prospect of the application in videoconference is growing widely. As videoconference is often related to sensitive, pivotal data about enterprise or government organization, it needs high encryption intensity. During the practice of
gradutate student, I participated in the development of WITNET-Video?in
the Jiaoda Withub Information Co., Ltd. I am responsible for secure transmission of
MPEG- II video stream in the network. I designed and realized the encryption system
of MPEG-II video stream in videoconference, whose ercryption intensity achieves the
level of market secret. The encrytion system makes full use of structure characteristic
of MPEG-II, combined with secure performance demanded in videoconference. A selective
encryption scheme of video stream is proposed making compromise of computation quantity
and encryption intensity, which makes main emphasis on the study of the key management
and uses cipher mechanism mixed by 3DES symmetrical algorithm and RSA unsymmetrical
algorithm. Some frames in video stream are encrypted by 3DES private-key algorithm.
And keys of 3DES are encrypted by RSA public-key algorithm.
Key management provides a set of procedures generation, distribution, storage and
deletion, implemented by the technology of certificate and digital signature.
The certificate mechanism of X. 509 is introduced to resolve the problems of the RSA
public-key distribution and combination of users' authorized identity with the pair
of public-key and private-key. The two level structure of this key management
system leads to a definite certificate authentication path, which makes the verifying
procedure shorter and makes the system easier to be realized.
With the rapid development of Internet, the market prospect of the application in videoconference is growing widely. As videoconference is often related to sensitive, pivotal data about enterprise or government organization, it needs high encryption intensity. During the practice of
gradutate student, I participated in the development of WITNET-Video?in
the Jiaoda Withub Information Co., Ltd. I am responsible for secure transmission of
MPEG- II video stream in the network. I designed and realized the encryption system
of MPEG-II video stream in videoconference, whose ercryption intensity achieves the
level of market secret. The encrytion system makes full use of structure characteristic
of MPEG-II, combined with secure performance demanded in videoconference. A selective
encryption scheme of video stream is proposed making compromise of computation quantity
and encryption intensity, which makes main emphasis on the study of the key management
and uses cipher mechanism mixed by 3DES symmetrical algorithm and RSA unsymmetrical
algorithm. Some frames in video stream are encrypted by 3DES private-key algorithm.
And keys of 3DES are encrypted by RSA public-key algorithm.
Key management provides a set of procedures generation, distribution, storage and
deletion, implemented by the technology of certificate and digital signature.
The certificate mechanism of X. 509 is introduced to resolve the problems of the RSA
public-key distribution and combination of users' authorized identity with the pair
of public-key and private-key. The two level structure of this key management
system leads to a definite certificate authentication path, which makes the verifying
procedure shorter and makes the system easier to be realized.
引文
[1] 杨清荣,黄明祥,MPEG资讯安全技术探讨,资讯安全通讯,1999年第4期.
[2] 吴光照,数字压缩技术及其应用,人民邮电出版社,1989.
[3] [日]一松信主编、史科译,数据保护和加密研究—计算机网络安全性,科学出版社,1991.
[4] 葛陵元、胡湘陵、郑若忠,计算机密码学,西南交通大学出版社,1993.
[5] 卢铁城,信息加密技术,四川科学出版社,1989.
[6] 金传升,密钥管理专家系统,《密码与信息》1994年第3期.
[7] 于增贵,数字签名标准的现状,《密码与信息》1994年第2期.
[8] 沈兰淼,卓力,田栋,汪孔桥,视频编码与低速率传输,电子工业出版社,2001.
[9] 毋力芳,沈兰淼,MPEG2及其应用,电子工业出版社,2002.
[10] [美]Bruce Schneier著,吴世忠、祝世雄、张文政等译,应用密码学,机械工业出版社,2000.
[11] 钟玉琢,运动图象及其伴音通用编码MPEG-2国际标准,清华大学出版社,1997.
[12] 胡国荣,数字视频压缩及其标准,北京广播学院出版社,1999.
[13] [美]D.E.R.Denning,密码学与数据安全,电子工业出版社,1990.
[14] 徐建华,图像处理与分析,科学出版社,1992.
[15] [美]Adams C,Lloyd S著,冯登国译,公开密钥基础设施,人民邮电出版社,2001.
[16] ISO/IEC 13818-1: Generic Coding of Moving Pictures and Associated Audio: MPEG-2 Systems, 1995.
[17] ISO/IEC JTC1/SC29/WG11 N1714, MPEG Requirements Group, Call for Proposals for the Identification and Protection of Content in MPEG-2, Bristol MPEG meeting, 1997.
[18] ISO/IEC JCT1/SC29 CD13818-2 MPEG2, Coding of Moving Pictures and
Associated Audio, 1993.
[19] CCITT Recommendation X. 411(1988),Message Handling Systems:Message Transfer System: Abstract Service Definition and Procedures.
[20] CCITT Recommendation X. 509(1988),The Directory Authentication Frame Work.
[21] Stenve Kent, John Linn, Request for Comments:1113-1115, Privacy Enhancement for Internet Electronic Mail, Network Working Group, August 1995.
[22] Marshall T. Rose、David J. Farber、Stephen T. Walker, Design of the TTI Prototype Trusted Mail Agent Proceeding, Second International Symposium on Computer Message Systems, 1995.
[23] C.M. Adams, Simple and Effictive Key Scheduling for Symmetric Ciphers, 1994.
[24] TH Tsai, LG Chen, YC Liu, A Novel MPEG-2 Audio Decoder with Efficient Data Arrangement and Memory Configuration, IEEE Trans. Consumer Electronics, 1993.
[25] David Copper, A more Efficient Use of Delta-CRLs, Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 2000.
[26] D. Le Gall, MPEG: A video compression standard for multimedia applications, Communications of the ACM, 1991.
[27] J. Meyer and F. Gadegast, Security Mechanisms for Multimedia-Data with the Example MPEG-Ⅱ-Video, Project description of SECMPEG, Technical University of Berlin Germany, 1995.
[28] Data Encryption Standard, (U.S.) National Bureau of Standards, Federal Information Processing Standards Publication, 1977.
[29] DeCleene B., Pancha P., El Zarki M., and Sorensen H., Comparison of Priority Partition Methods for VBR MPEG, In INFOCOM' 94, 1994.
[30] Qiao L. and Nahrstedt K., A New Algorithm for MPEG Video Encryption, In CISST' 97, 1997,
[31] Maples T. B. and Spanos G.A., Performance Study of A Selective Encryption Scheme for The Security of Networke, Realtime Video, In ICCC' 95, 1995.
[32] I. Agi and L. Gong., An Empirical Study of Mpeg Video Transmissions, In Proceedings of the Internet Society Symposium on Network and Distributed System Security, pages 137-144, San Diego, February 1996.
[33] X. Lai, J. L. Massey, and S. Murphy, Markov Ciphers and Differential Cryptanalysis, In Advances in Cryptology, EUROCRYPT'91, pages 17-38, Springer Verlag, 1992.
[34] G. Simmons, Contemporary Cryptology The Science of Information Integrity, IEEE Press, 1992.
[35] Nursdy, Data Encryption Standard, FIPS Publication 46-2, 1993.
[36] M. Blaze, Key management in An Encryption File System, In Proceedings of 1994 Summer USENIX, pages 27-35, Boston, MA, 1994.
[37] N. B. of Standards, Data encryption standard, In Federal Information Processing Standards Publication 46, Government Printing Office, Washington D.C., 1977.
[38] L. Rowe, K. Patel, B.Smith, and K. Lin. MPEG Video in Software: Representation, Transmission, and Playback, In Proceedings of High Speed Networking and MultimediaComputing, IS&T/SPIE Symp. on Elec. Imaging Sci.& Tech., San Jose, CA, 1994.
[39] T. Wom, R. Bindignavle, S. Su, and S. Lam., An Interface for Secure NetworkPprogramming, In Proceedings of 1994 Summer USENIX, pages 45-58, Boston, MA, 1994.
[2] 吴光照,数字压缩技术及其应用,人民邮电出版社,1989.
[3] [日]一松信主编、史科译,数据保护和加密研究—计算机网络安全性,科学出版社,1991.
[4] 葛陵元、胡湘陵、郑若忠,计算机密码学,西南交通大学出版社,1993.
[5] 卢铁城,信息加密技术,四川科学出版社,1989.
[6] 金传升,密钥管理专家系统,《密码与信息》1994年第3期.
[7] 于增贵,数字签名标准的现状,《密码与信息》1994年第2期.
[8] 沈兰淼,卓力,田栋,汪孔桥,视频编码与低速率传输,电子工业出版社,2001.
[9] 毋力芳,沈兰淼,MPEG2及其应用,电子工业出版社,2002.
[10] [美]Bruce Schneier著,吴世忠、祝世雄、张文政等译,应用密码学,机械工业出版社,2000.
[11] 钟玉琢,运动图象及其伴音通用编码MPEG-2国际标准,清华大学出版社,1997.
[12] 胡国荣,数字视频压缩及其标准,北京广播学院出版社,1999.
[13] [美]D.E.R.Denning,密码学与数据安全,电子工业出版社,1990.
[14] 徐建华,图像处理与分析,科学出版社,1992.
[15] [美]Adams C,Lloyd S著,冯登国译,公开密钥基础设施,人民邮电出版社,2001.
[16] ISO/IEC 13818-1: Generic Coding of Moving Pictures and Associated Audio: MPEG-2 Systems, 1995.
[17] ISO/IEC JTC1/SC29/WG11 N1714, MPEG Requirements Group, Call for Proposals for the Identification and Protection of Content in MPEG-2, Bristol MPEG meeting, 1997.
[18] ISO/IEC JCT1/SC29 CD13818-2 MPEG2, Coding of Moving Pictures and
Associated Audio, 1993.
[19] CCITT Recommendation X. 411(1988),Message Handling Systems:Message Transfer System: Abstract Service Definition and Procedures.
[20] CCITT Recommendation X. 509(1988),The Directory Authentication Frame Work.
[21] Stenve Kent, John Linn, Request for Comments:1113-1115, Privacy Enhancement for Internet Electronic Mail, Network Working Group, August 1995.
[22] Marshall T. Rose、David J. Farber、Stephen T. Walker, Design of the TTI Prototype Trusted Mail Agent Proceeding, Second International Symposium on Computer Message Systems, 1995.
[23] C.M. Adams, Simple and Effictive Key Scheduling for Symmetric Ciphers, 1994.
[24] TH Tsai, LG Chen, YC Liu, A Novel MPEG-2 Audio Decoder with Efficient Data Arrangement and Memory Configuration, IEEE Trans. Consumer Electronics, 1993.
[25] David Copper, A more Efficient Use of Delta-CRLs, Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 2000.
[26] D. Le Gall, MPEG: A video compression standard for multimedia applications, Communications of the ACM, 1991.
[27] J. Meyer and F. Gadegast, Security Mechanisms for Multimedia-Data with the Example MPEG-Ⅱ-Video, Project description of SECMPEG, Technical University of Berlin Germany, 1995.
[28] Data Encryption Standard, (U.S.) National Bureau of Standards, Federal Information Processing Standards Publication, 1977.
[29] DeCleene B., Pancha P., El Zarki M., and Sorensen H., Comparison of Priority Partition Methods for VBR MPEG, In INFOCOM' 94, 1994.
[30] Qiao L. and Nahrstedt K., A New Algorithm for MPEG Video Encryption, In CISST' 97, 1997,
[31] Maples T. B. and Spanos G.A., Performance Study of A Selective Encryption Scheme for The Security of Networke, Realtime Video, In ICCC' 95, 1995.
[32] I. Agi and L. Gong., An Empirical Study of Mpeg Video Transmissions, In Proceedings of the Internet Society Symposium on Network and Distributed System Security, pages 137-144, San Diego, February 1996.
[33] X. Lai, J. L. Massey, and S. Murphy, Markov Ciphers and Differential Cryptanalysis, In Advances in Cryptology, EUROCRYPT'91, pages 17-38, Springer Verlag, 1992.
[34] G. Simmons, Contemporary Cryptology The Science of Information Integrity, IEEE Press, 1992.
[35] Nursdy, Data Encryption Standard, FIPS Publication 46-2, 1993.
[36] M. Blaze, Key management in An Encryption File System, In Proceedings of 1994 Summer USENIX, pages 27-35, Boston, MA, 1994.
[37] N. B. of Standards, Data encryption standard, In Federal Information Processing Standards Publication 46, Government Printing Office, Washington D.C., 1977.
[38] L. Rowe, K. Patel, B.Smith, and K. Lin. MPEG Video in Software: Representation, Transmission, and Playback, In Proceedings of High Speed Networking and MultimediaComputing, IS&T/SPIE Symp. on Elec. Imaging Sci.& Tech., San Jose, CA, 1994.
[39] T. Wom, R. Bindignavle, S. Su, and S. Lam., An Interface for Secure NetworkPprogramming, In Proceedings of 1994 Summer USENIX, pages 45-58, Boston, MA, 1994.