基于SIP协议的IP加密视频传输系统的设计
|
摘要
随着宽带业务的普及,IP视频传输作为宽带业务的重要应用,受到了全世界的关注。然而,安全问题却成为视频传输技术不得不面对的最大障碍,这极大地限制了视频传输技术的广泛应用。
本文首先研究了视频传输系统整机方案的设计,基于视频传输的特性,采用了针对数字视频优化的Davinci系统,将SIP安全协议的实现放到了双核Davinci的ARM核中,同时针对实体视频流安全,采用了DSP加解密子系统;在整机软硬件实验环境搭建好后,探讨了现有的流行视频传输协议,从复杂性、可靠性、扩展性、支持的业务等多个角度比较SIP和H.323协议,论证了SIP协议视频传输的优势,并针对SIP的体系结构特点,详尽分析了SIP的协议格式、功能、及其在典型通信流程中存在的一些安全问题。通过研究、对比现有的SIP安全方案,分析其漏洞与不足,本文提出了一套基于PKI和逐跳加密的SIP安全解决方案,并对该方案的安全性进行了全面的分析。最后,在Davinci整机上实现了安全SIP协议的SIP服务器设计以及与加解密子系统间的SPI设备驱动的编码、调试。
With the popularity of the worldwide Internet service, IP Video transmission as one of the most important service on Internet has caught the whole world attention to broadly. However, the security problems become the biggest obstacle that the development of VoIP technology has to face,which seriously limit the extensive application of multimedia transfer.
Firstly, the design of the Digital Video Transmission system is studied in this paper. To the characteristic of the Video transmission, the Davinci technology that optimizes the digital multimedia transfer is used and the secure SIP protocol is implemented on the ARM926EJ-S of double kernel Davinci. To encrypt the RTP package, a DSP Encrypting subsystem is used. After the design, we discuss the characteristic of the SIP difference from H.323 protocol such as complexity, reliability, and expansibility. Then we introduce the advantages of SIP transfer in architecture, format, function and analyze the secure problem exist in the SIP protocol. By studying the mature SIP scheme and finding out its deficiency, we form a secure scheme based on the PKI and jump encryption in this article and make a comprehensive analysis to the scheme. Last, based on those study, we finish the module design of the secure SIP transmission system and the coding, debugging of SPI device driver that is used to communicate with DSP Encrypting subsystem.
本文首先研究了视频传输系统整机方案的设计,基于视频传输的特性,采用了针对数字视频优化的Davinci系统,将SIP安全协议的实现放到了双核Davinci的ARM核中,同时针对实体视频流安全,采用了DSP加解密子系统;在整机软硬件实验环境搭建好后,探讨了现有的流行视频传输协议,从复杂性、可靠性、扩展性、支持的业务等多个角度比较SIP和H.323协议,论证了SIP协议视频传输的优势,并针对SIP的体系结构特点,详尽分析了SIP的协议格式、功能、及其在典型通信流程中存在的一些安全问题。通过研究、对比现有的SIP安全方案,分析其漏洞与不足,本文提出了一套基于PKI和逐跳加密的SIP安全解决方案,并对该方案的安全性进行了全面的分析。最后,在Davinci整机上实现了安全SIP协议的SIP服务器设计以及与加解密子系统间的SPI设备驱动的编码、调试。
With the popularity of the worldwide Internet service, IP Video transmission as one of the most important service on Internet has caught the whole world attention to broadly. However, the security problems become the biggest obstacle that the development of VoIP technology has to face,which seriously limit the extensive application of multimedia transfer.
Firstly, the design of the Digital Video Transmission system is studied in this paper. To the characteristic of the Video transmission, the Davinci technology that optimizes the digital multimedia transfer is used and the secure SIP protocol is implemented on the ARM926EJ-S of double kernel Davinci. To encrypt the RTP package, a DSP Encrypting subsystem is used. After the design, we discuss the characteristic of the SIP difference from H.323 protocol such as complexity, reliability, and expansibility. Then we introduce the advantages of SIP transfer in architecture, format, function and analyze the secure problem exist in the SIP protocol. By studying the mature SIP scheme and finding out its deficiency, we form a secure scheme based on the PKI and jump encryption in this article and make a comprehensive analysis to the scheme. Last, based on those study, we finish the module design of the secure SIP transmission system and the coding, debugging of SPI device driver that is used to communicate with DSP Encrypting subsystem.
引文
[1]刘伟明,鲜继清,陈伟陵.VoIP安全基于SIP协议的深入剖析和解决策略[J].计算机应用,2006, 6(1):23-26
[2]周海华,边恩炯. SIP原理与应用.北京:机械工业出版社[M],2006:15-130
[3] Simson L. Garfinkel.VoIP Secure Communication Protocol satisfying BackwardCompatibility[C]. Second International Conference on Systems and Networks Communications,Aug.2007
[4]董崇波.基于ARM和DSP的VoIP网关的系统控制模块设计与实现[D].北京邮电大学硕士论文. 2005:36-45
[5]李长河,王永强.多媒体通信协议323及sip的分析研究[J].微机发展. 2003,13(7):106-109
[6]白建军,彭晖,田敏.SIP揭密[M].北京:人民邮电出版社,2003:73-92
[7]陈燕,龚建荣.SIP协议的内容及其基本网络结构.技术交流[J], 2005,4(2):69-71
[8] Daniel Collins,Voip技术与应用[M],人民邮电出版社,2003:14-170
[9]徐培文,谢水珍,杨从保.软交换与SIP实用技术[M].北京:机械工业出版社,2003: 23-150
[10]张文华,刘忠信等.基于SIP协议的3G网络安全认证机制[J].计算机工程与应用,2004,13(5):21-15
[11]戴节勇,顾健,陈克非.PKI技术在网格安全中的应用[J].计算机工程. 2005,31(5):159-161
[12]宋勇,李清宝,白燕.基于SIP协议的VoIP系统设计与实现.信息工程大学学报[J].2005,6(3):56-59
[13]李重武,倪惜珍.认证理论与技术[J].微计算机与应用, 2003,2(1):22-25
[14]刘华,王琨.基于PKI的SIP协议安全的研究[J].电子科技,2005,185:37-40
[15]严波,郭莉,潘强宗.基于USB KEY的身份鉴别技术研究与应用[J].高性能计算技术, 2005,174(6):56-58
[16]张玉清,公钥基础设施(PKI)实现和管理电子安全[M].北京:清华大学出版社,2002:41-125 [17 ]唐月,吕述望.基于公钥证书的HTTP认证机制[J].计算机工程,2006, 32(5):67-69
[18]Benanter,张千里译.互联网公钥基础设施概论[M].北京:人民邮电出版社,2003:89-132
[19] Monjur Alam, Sonai Ray. An Area Optimized Reconfigurable Encryptor for AES-Rijndael[C]. IEEE Council on Electronic Design Automation (CEDA),Apr.2007
[20]章永来,刘建辉,蒋丽影,姜立群.基于SIP的嵌入式网络可视电话的研究与实现[J].电脑与信息技术,2007,115(5):63-65
[21]盛惠兴,王海滨,沈剑丽,基于ARM9平台的嵌入式SIP服务器的设计[J].计算机工程, 2006,32(23):275-277
[22] Prateek Gupta, Vitaly Shmatikov. Security Analysis of Voice-over-IP Protocols[C].20th IEEEComputer Security Foundations Symposium,Jul.2007
[23]刘洋,侯红.基于SIP协议的IP电话技术[J].计算机技术与发展,2006,16(4):184-189
[24]万春新,唐慧明.SIP协议栈在TMS320DM642上的实现[J].江南大学学报,2006,5(1):50-53
[25]曹科,张海盛. Linux2.6内核设备驱动开发模型的研究[C]. 21世纪仿真技术研讨会,2007
[26]王彦堂,李贻斌,宋锐.基于ARM Linux平台的CAN设备驱动程序设计与实现[J].计算机工程与应用,2007,43(5):79-82
[27]张彦杰.嵌入式设备驱动程序和引导程序的研究[D].西安电子科技大学硕士论文. 2007:27-39
[28] Bill Weinberg. Porting RTOS device drivers to embedded Linux[M]. Specialized Systems Consultants. 2004 (126):7
[29] Fernando Matia. Kernel Corner Writing a Linux Driver[M] . Specialized Systems Consultants. 1998:22-24
[30]史晓龙,倪洪科,林江,林中.一种嵌入式系统设备驱动程序开发模型[J].计算机工程与应用,2004,5(4):111-114
[31]农强.基于嵌入式uCLinux设备驱动的分析与开发[J].电脑与信息技术,2007,15(3):20-22
[32]王丁.AT91RM9200的SPI设备驱动程序开发[J].多媒体技术及其应用,2006,10:177-178
[33] B.Thangaraju. Kernel korner: dynamic interrupt request allocation for device drivers[EB/OL]. http://www.linuxjournal.com/article/8064, 2005.
[2]周海华,边恩炯. SIP原理与应用.北京:机械工业出版社[M],2006:15-130
[3] Simson L. Garfinkel.VoIP Secure Communication Protocol satisfying BackwardCompatibility[C]. Second International Conference on Systems and Networks Communications,Aug.2007
[4]董崇波.基于ARM和DSP的VoIP网关的系统控制模块设计与实现[D].北京邮电大学硕士论文. 2005:36-45
[5]李长河,王永强.多媒体通信协议323及sip的分析研究[J].微机发展. 2003,13(7):106-109
[6]白建军,彭晖,田敏.SIP揭密[M].北京:人民邮电出版社,2003:73-92
[7]陈燕,龚建荣.SIP协议的内容及其基本网络结构.技术交流[J], 2005,4(2):69-71
[8] Daniel Collins,Voip技术与应用[M],人民邮电出版社,2003:14-170
[9]徐培文,谢水珍,杨从保.软交换与SIP实用技术[M].北京:机械工业出版社,2003: 23-150
[10]张文华,刘忠信等.基于SIP协议的3G网络安全认证机制[J].计算机工程与应用,2004,13(5):21-15
[11]戴节勇,顾健,陈克非.PKI技术在网格安全中的应用[J].计算机工程. 2005,31(5):159-161
[12]宋勇,李清宝,白燕.基于SIP协议的VoIP系统设计与实现.信息工程大学学报[J].2005,6(3):56-59
[13]李重武,倪惜珍.认证理论与技术[J].微计算机与应用, 2003,2(1):22-25
[14]刘华,王琨.基于PKI的SIP协议安全的研究[J].电子科技,2005,185:37-40
[15]严波,郭莉,潘强宗.基于USB KEY的身份鉴别技术研究与应用[J].高性能计算技术, 2005,174(6):56-58
[16]张玉清,公钥基础设施(PKI)实现和管理电子安全[M].北京:清华大学出版社,2002:41-125 [17 ]唐月,吕述望.基于公钥证书的HTTP认证机制[J].计算机工程,2006, 32(5):67-69
[18]Benanter,张千里译.互联网公钥基础设施概论[M].北京:人民邮电出版社,2003:89-132
[19] Monjur Alam, Sonai Ray. An Area Optimized Reconfigurable Encryptor for AES-Rijndael[C]. IEEE Council on Electronic Design Automation (CEDA),Apr.2007
[20]章永来,刘建辉,蒋丽影,姜立群.基于SIP的嵌入式网络可视电话的研究与实现[J].电脑与信息技术,2007,115(5):63-65
[21]盛惠兴,王海滨,沈剑丽,基于ARM9平台的嵌入式SIP服务器的设计[J].计算机工程, 2006,32(23):275-277
[22] Prateek Gupta, Vitaly Shmatikov. Security Analysis of Voice-over-IP Protocols[C].20th IEEEComputer Security Foundations Symposium,Jul.2007
[23]刘洋,侯红.基于SIP协议的IP电话技术[J].计算机技术与发展,2006,16(4):184-189
[24]万春新,唐慧明.SIP协议栈在TMS320DM642上的实现[J].江南大学学报,2006,5(1):50-53
[25]曹科,张海盛. Linux2.6内核设备驱动开发模型的研究[C]. 21世纪仿真技术研讨会,2007
[26]王彦堂,李贻斌,宋锐.基于ARM Linux平台的CAN设备驱动程序设计与实现[J].计算机工程与应用,2007,43(5):79-82
[27]张彦杰.嵌入式设备驱动程序和引导程序的研究[D].西安电子科技大学硕士论文. 2007:27-39
[28] Bill Weinberg. Porting RTOS device drivers to embedded Linux[M]. Specialized Systems Consultants. 2004 (126):7
[29] Fernando Matia. Kernel Corner Writing a Linux Driver[M] . Specialized Systems Consultants. 1998:22-24
[30]史晓龙,倪洪科,林江,林中.一种嵌入式系统设备驱动程序开发模型[J].计算机工程与应用,2004,5(4):111-114
[31]农强.基于嵌入式uCLinux设备驱动的分析与开发[J].电脑与信息技术,2007,15(3):20-22
[32]王丁.AT91RM9200的SPI设备驱动程序开发[J].多媒体技术及其应用,2006,10:177-178
[33] B.Thangaraju. Kernel korner: dynamic interrupt request allocation for device drivers[EB/OL]. http://www.linuxjournal.com/article/8064, 2005.