摘要
视频会议系统的安全问题是研究的热点,在H.323视频会议系统的框架下,提出并实现了一种安全解决方案。
系统由认证中心、多点控制单元MCU、网守、视频终端等部分组成,认证中心(CA)负责注册、签发、管理和发布网络系统中各种设备和用户的证书;MCU负责对视频、语音及数据信号进行切换;网守(GateKeeper)提供呼叫和管理功能,并对用户终端进行身份认证;视频终端完成视频音频数字信号的压缩编码和解码、视频信号的加密和解密等功能。
在基于H.323视频会议系统中引入认证中心,采用基于X.509的数字证书来对用户终端进行单向认证,用户向认证中心(CA)申请证书,认证中心根据证书管理协议(CMP)来实现证书的注册、签发、管理等功能;在召开视频会议前,需要由网守对申请的用户U进行合法性认证,根据认证结果授权用户U进行相应的操作。
使用所提出的二维混沌流密码系统有选择地对压缩后的视频数据进行加密来保证视频流的安全性。系统有选择地只对I帧中的离散余弦变换系数的符号位进行加密,由于压缩算法采用差分编码的方式,I宏块的解密错误势必导致P和B宏块解码错误,由这些宏块的数据很难正确地恢复视频信息。因此,在不降低安全性的前提之下,明显地减少了加解密的数据量,大大提高了加解密速度。
最后,对混沌视频流和加解密系统进行了测试,对混沌伪随机序列的测试表明密钥流服从均匀、独立分布,因而具有较高的安全性;对加解密系统的测试表明系统在保证实时性和容错性的同时,大大提高了视频会议系统的安全性。
The security of videoconferencing system is becoming the research focus and increasingly important. In this paper, a security solution based on H.323 videoconferencing system is presented.
The videoconferencing system includes Certificate Authority, MCU, Gatekeeper and Terminal. Certificate Authority is in charge of the registration and management of users’certificate; MCU switches video, audio and data signal; GateKeeper manages call procedure and teminal authentication; Video terminal makes compress and decompression process, it also in charge of encryption and decryption process.
The solution proposes a one-way authentication method based on X.509 Digital Certificate to solve the security problem of username-password authentication method. Certificate Authority implements registration and management according to the Certificate Management Protocol. Before the videoconferencing, Gatekeeper should authenticate users’validity and manage users’operation.
The solution advances a video steam encryption method using two-dimensional chaotic stream encrypting algorithm. It selectively encrypts signs of DCT coefficients.
In conclusion, this article tests the chaos streaming and encryption system. The test of chaos streaming shows that it is highly independent and identically distributed; The test of encryption system demonstratesthe the security, real-time performance and fault-tolerance of the solution.
引文
[1] 王宝智. 多媒体宽带网技术. 北京:国防工业出版社,2002
[2] 李克洪, 王大玲, 董晓梅. 实用密码学与计算机数据安全. 沈阳:东北大学出版社,1997
[3] Bruce Schneier. 应用密码学. 吴世忠,祝世雄,张文政等译. 北京:机械工业出版社,2000.
[4] 李继勇.身份认证技术现状和发展趋势.信息网络安全,2005,(03): 77-78
[5] Taekyoung Kwon , Young-Ho Park , Hee Jung Lee. Security analysis and improvement of the efficient password-based authentication protocol. Communications Letters IEEE, 2005, 9(1):93–95.
[6] Meyer J, Gadegast F. Security Mechanisms for Multimedia data With the Example MPEG-1-video. Project Description of SECMPEG, Tech. Univ. of Berlin,Germany, 1995.
[7] 毕厚杰. 多媒体信息的传输与处理. 北京:人民邮电出版社,1999
[8] Langelaar GC, Lagendijk R L. Optimal differential energy watermarking of DCT encoded images and video. IEEE Trans on Image Processing, 2001,(1):148-158.
[9] 吴国勇,邱学刚,万燕仔. 网络视频流媒体技术与应用. 北京:北京邮电大学出版社,2001
[10] 魏为民 . 基于彩色静止数字图像的信息隐藏技术研究 . 数据采集与处理,2002,17(3):84-891
[11] 冯 登 国 . 国内外信息安全研究现状及发展趋势 . 世界科技研究与发展,2000,22(2):2-81
[12] Recommendation H.323: Visual Telephone Systems and Equipment for Local Area Networks Which Provide a Non-Guaranteed Quality of Services, ITU-T.
[13] 马盈盈. 视频会议系统的网络安全. 科技情报开发与经济, 2005,15(9):256-257
[14] Hu Hanping, Chen Yongqiang. Image Watermarking Technique based on Two-dimensional Chaotic Stream Encryption.The First International workshop on Security in Ubiquitous Computing Systems. In: The 2005 IFIP InternationalConference on Embedded and Ubiquitous Computing. Nagasaki. 2005. LNCS 3823. Berlin:Springer, 2005 :817-824
[15] 曾 庆 好 , 钟 玉 琢 , 张 勇 等 . 视 频 会 议 系 统 中 的 密 码 学 应 用 . 计 算 机 应用.2001,21(8):121-122
[16] ITU Telecom. Standardization Sector of ITU, Confidentiality system for audiovisual services.ITU-T Recommendation H.233, November 2002
[17] ITU Telecom. Standardization Sector of ITU, Encryption key management and authentication system for audiovisual services. ITU-T Recommendation H.234, November 2002
[18] RFC 1334. PPP Authentication Protocols.
[19] RFC 1994. PPP Challenge Handshake Authentication Protocols(CHAP)
[20] RFC 2289. A One-time Password System
[21] C.Rigney,Livingston. Network Working Group Request for Comments 2866. RADIUS Accounting,2000
[22] RFC 1510 .The Kerberos Network Authentication Service(v5)
[23] Draft Recommendation X.509. The Directory Authentication Framework, Version 7 Glouccester, 1995.
[24] 廉 士 国 , 孙 金 生 , 王 执 铨 . 视 频 加 密 算 法 及 其 发 展 现 状 . 信 息 与 控制,2004,10:560-566
[25] 袁春,钟玉琢,贺玉文 . 基于混沌的视频流选择加密算法 . 计算机学报,2004,27(2):257-263
[26] Tang L. Methods for encrypting an decrypting mpeg video data efficiently. In: Proceedings of ACM Multimedia’96, Boston United States, 1996, 219-229
[27] Shi C,Bhargava B. An efficient MPEG video encryption algorithm. In: Proceedings of the 6th ACM International Multimedia Conference, Bristol, United Kingdom, 1998, 9:381-386
[28] Alattar A M, AlRegib G I. Improved selective encryption techniques for secure transmission of MPEG video bit-streams. In :Proceeding of ICIP, 1999, 4: 256-260
[29] Wu Xiao Ling, Moo Peter W. Joint image/video compression and encryption via high-order conditional entropy coding of wavelet coefficient[J]. In: Proceedings ofIEEE International Conference on Multimedia Computing and Systems, Florence, Italy, 1999, 2:908-912
[30] Romeo, Romolotti G, Mattavelli M, Mlynek D. Cryptosystem architectures for very high throughput multimedia encryption: The RPK solution[J]. In: Proceedings of the 6th IEEE International Conference on Electronics, Circuits and Systems, Pafos, Cyprus,1999, 261-264
[31] RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, IETF PKIX, 1999
[32] RFC2510: Internet X.509 Public Key Infrastructure Certificate Management Protocols, IETF PKIX, 1999
[33] B. Viola. Epson Introduces Revolutionary Image Authentication System for Epson Digital Cameras. Businee Wire. 1999, 4(5): 3~5
[34] A. Patrizio. Why the DVD Hack Was a Cinch. Wired. 1999, 11: 12~16
[35] R. J. Aderson, R. M. Needham and A. Shamir. The Steganographic file system. Proc of Information Hiding, 1998: 73~82
[36] N. F. Johnson and S. Jajodia. Exploring steganography: seeing the unseen. IEEE Computer, 1998, 31(2): 58~68
[37] 罗永, 成礼智, 徐志宏. 基于带参数整数小波变换可见数字水印. 软件学报, 2004, 15(2): 238~248
[38] 伯晓成, 沈林成, 常文森. 基于拉普拉斯分布模型的 DCT 域图像水印视觉可见性评估. 电子学报, 2003, 31(1): 33~26
[39] F. Huatung, M. Kutter. Multimedia watermarking techniques. Proc. of IEEE, 1999, 87(7): 1079~1107
[40] 胡军全, 黄继武, 张龙军. 结合数字签名和数字水印的多媒体认证系统. 软件学报, 2003, 14(6): 1157~1163
[41] J. H. Chang, L. W. Chang. A new image copyright protection algorithm using digital signature of trading message and bar code watermark. IEEE Computer, 2003, 11(6): 205~209
[42] Q. Sun, S. F. Chang. A new semi-fragile image authentication framework combining ECC and PKI infrastructures. IEEE Computer, 2002, 2(6): 440~443