Streaming media encryption (1)

Http://www.jiamisoft.com/blog/11238-liumeitijiamijishu.html

With the rapid development of Internet and the popularization of Internet Multimedia application, the protection of digital copyright and right of privacy has become a more and more concern, and the security of media resources has become a hot research topic, and encryption technology is one of the most important technical means to protect the security of media resources. Based on the traditional cryptography technology, this paper studies the encryption/decryption mechanism in combination with the characteristics of streaming media in order to combine the traditional cipher technology with the new streaming media technology to realize the real-time encryption protection of multimedia data.

A general analysis of the encryption of convection media with regular passwords

Modern cryptography according to the use of encryption keys, the cipher system is divided into two categories: symmetric cryptosystem and asymmetric cryptography system in the symmetric cipher system is the same as the encryption key, and the non-symmetric cipher system is not used to encrypt and decrypt the same key two cipher systems each have advantages and disadvantages, respectively, applicable to different applications.

During streaming, the server encrypts the data as it is sent, and the client decrypts and decrypts it before playback for streaming media streams, meaning that the plaintext to be encrypted is a packet or part of it, rather than the entire multimedia file streaming encryption Model 1.

So what are the factors that should be considered when using conventional cryptography to secure streaming media data? Through the analysis, we think that at least the following points should be considered.

One is the choice of the cipher system

First of all to consider the use of public key password or symmetric password streaming media transmission requires very strong real-time, the data is very large, and the public key cryptography algorithm is more complex and inefficient, which restricts the use of symmetric cryptosystem can only be used for the media data stream encryption symmetric cipher system has a block cipher and sequence cipher points, Both are available for streaming. Because the media data in the communication process is originally processed and transmitted in chunks, so a block cipher can be used, another benefit is that the transmission error in a ciphertext block does not affect the other blocks, that is, there is no error spread between blocks using a stream cipher because it is fast and easy to handle.

Second, the choice of encryption algorithm

Each cipher system has a variety of standard algorithms, the performance and security of each algorithm is also different so, should be based on the characteristics of the application and network conditions, in the privacy and implementation of the tradeoff between the cost, choose a suitable algorithm of course, you can also design the appropriate encryption algorithm, Many other factors, such as packet length and key length selection, can have a direct impact on encryption speed and security as long as there is sufficient security to be specific to an algorithm.

Three is the choice of working mode

Any computer encryption program is performed in a fixed way, so if plaintext and keys are the same at the time of encryption, the same result must be obtained, and the data privacy will be affected because in the computer system, because the data structure and data redundancy make many data information have some inherent pattern, For example, the standard multimedia files have a fixed structure, all the records in a database have the same structure and so on, after the role of the encryption program, these fixed format will be exposed in the ciphertext to avoid these problems, you can use data preprocessing technology and link technology, different technologies The different working modes of the block cipher are formed.

Common modes of operation are the electronic coding Model (ECB), the cipher Packet link mode (CBG), the cryptographic feedback mode (CFB), and the output feedback mode (OFB). The ECB uses the same key to encrypt each plaintext block separately from each other: in CBC mode, each plaintext block is "XOR" with the previous ciphertext block before encryption, which increases the complexity and the difficulty of cryptanalysis. The security of CBC mode is better than that of the ECB. Thus it is widely used to make the CFB and OFB similar to the CBC mode, but the amount of "XOR" is generated independently, and the different initialization vectors can be used to preprocess the data in the same working mode.

Streaming media data encryption is a packet of data, can also be seen as a small data file encryption, working mode can choose EBC or CBC mode However, in the non-compressed multimedia data (such as bitmap files, etc.) encryption, because of its high redundancy, It is best to use CBC mode if the ECB mode is simply chosen to obscure some of the original information.

Four is the need of data filling

The use of the Block cipher algorithm requires clear text according to the packet length to be divided into several blocks, the actual application of the plaintext message is usually more than the score leader, so the final grouping may be a small length of a short block how to deal with these short blocks? There are three main ways: fill
The method of filling, cipher and serial cipher encryption.

There are many other factors that need to be considered, such as synchronization needs, key management strategies, and so on.

Second, encrypt the media stream with serial cipher

such as bit the sub-byte algorithm in the packet length with a bit or a byte, that is, the plaintext space elements are bit-wise or byte-wise encryption, which is the sequence cipher (stream password) realization of the idea of the convection password, The key is a sequence encrypted with the same length as the plaintext, and the sequence of plaintext is encrypted by bitwise operation, and the key stream generated by the synchronization is the reverse transformation, as the basic Principle 2 shows.

Compared with the common block cipher and public key password, the sequence cipher is the fastest and the real-time is better. Therefore, the sequence cipher is suitable for streaming media encryption with large data volume and high real-time requirement, and it is also a mainstream cipher system applied in military and diplomatic field at present.

The strength of the sequence cipher depends entirely on the randomness and unpredictability of the key sequence. In addition, to keep the exact synchronization of the key stream at both ends of the transceiver is also a key technology for reliable decryption. So, the core problem of sequence cipher is the design of the key stream generator, which can use pseudorandom number generator, the key stream generator needs an encryption key as input parameter, if the same generator uses the same encryption key every time, Then it generates the key stream is always the same as the fellow so, in order to ensure security, cannot reuse the same key common generators have a sequence cipher based on linear and nonlinear shift registers, a sequence cipher based on chaos, etc. the following is a study of how to encrypt a stream medium with a sequence cipher.

Using serial cipher encryption, first of all, the plaintext information such as text, image, sound, etc. into a clear sequence, and then it and the key sequence byte-by-bit (bits) of "XOR" operation to generate a cipher sequence, the receiver with the same key sequence of ciphertext sequence for "XOR" operation to restore the plaintext.

When using serial cipher to encrypt the media stream, the size of the network packet can be set according to the needs of the network, which is different from the packet encryption, which needs to be considered only the network transmission demand.

The entire encryption process is: Once the playback process begins, the key stream generator will constantly generate a sequence of passwords, the server also periodically sends network packets in the process of data streaming, the sequence of random numbers and the plaintext sequence in the packet is bitwise (bytes) of the XOR operation, Then according to the network protocol to package the decryption end from the network received the packet, first unpack the ciphertext data stream, and then the key stream with the XOR operation to get the plaintext.

Comparison and analysis of MPEG-1 encryption methods

In view of the information contained in multimedia files or real-time multimedia data streams, most of the data is video information, so taking MPEG-1 as an example to analyze the encryption method of video data for other types of multimedia files, can also be referred to similar methods for analysis and processing.

MPEG series are about moving image and coding of the standard, each of the standards are divided into audio and video two parts, with the MPEG-1 standard as an example to illustrate its implementation of the encryption principle, the M PEG-1 system stream can be directly encrypted operation, Audio and video streams can also be individually encrypted because the data in the RTP packaging, audio and video data streams can be packaged separately to form two media streams for the network to send the following with its video stream encryption method for comparison and analysis.

At present, the method of the M PEG-1 video stream encryption can be divided into the following major categories:

The first category is the full encryption method of the algorithm to the video data and general text data equal treatment, completely regardless of the characteristics of the video itself it first to the image shoulder frequency of two-dimensional or three-dimensional structure into a one-dimensional data flow, and then use DES, AES and other standard algorithms directly to encrypt data bit, one of the advantages is high security, The second advantage is that encryption can eliminate the difference between the media data format, so that no matter in the MPEG format, ASF format or RM and other formats of media data can adopt a unified encryption method disadvantage is the cost is large.

The second kind is the selective encryption method in general, after analyzing the features of MPEG video structure, this kind of method can selectively encrypt some data, although only partial data is encrypted, the encrypted bit stream no longer has the standard MPEG structure feature. So to achieve the data security to decrypt the encrypted video data, the attackers face two major problems, one must find out which part of the data is encrypted, and the second is to find out how to decrypt selective encryption because only some sensitive data encryption, thereby reducing the overhead.

According to different application needs, different selective encryption schemes can be selected, and the following options are common.

(1) is to choose to encrypt all the I-frames in the video sequence because the P-frame only records the differential information compared to the previous J-Frame, B-frame only records the difference information compared with the P-frame, and the I-frame information once encrypted, B-frame and P-frames lose meaning, but because of the data Frame association, only the After the frame is still able to reveal some information, mainly from the B-frame and P-frames in the block I.

(2) in the video sequence all, the frame is encrypted, and then select the B-frame and P-frame, block encryption, to improve security, but this increases the search, block the cost: because, the frame occupies the entire video 30%~60%, plus the search, block, its cost is close to all encryption.

(3) Select the video sequence header encryption, because the sequence header contains some of the initialization parameters required for decoding, such as size, frame rate, bit rate and buffer size, etc., the header information encryption so that the standard decoder can not recognize the video stream, thus achieving the purpose of encryption to further increase security, You can encrypt the end of the video sequence at the same time.

The above choice of encryption method can be used alone or integrated, but also to develop other options.

The third category is Vea video encryption algorithm This method is based on the statistical characteristics of MPEG-1 video sequences, the algorithm is described as follows:

(1) The original video sequence is divided into two sequences a1,a3,...,a2n-1 and a2,a4,...,a2n by odd-even bits.

(2) for the above two sequences of bitwise XOR OR Operation A1,A3,...,A2N-1XORA2,A4,...,A2N, get a new sequence: C1,C2,...,CN.

(3) Select an encryption function e (originally used des) dual sequence a2,a4,...,a2n to encrypt to get E (a2,a4,...,a2n), and finally the sequence C1,c2,...,cm,e (A2,A4,...,A2N) combination as the result of the encryption.

This encryption mode is very good resistance to known plaintext attacks, because each frame encryption when the key changes to the ciphertext attack also have a strong immunity, because only ciphertext attack is obtained by frequency analysis, that is to find a pair (a, B) to the XOR B=c statistics show that the probability is up to 10-5, So the attack is extremely difficult.

The fourth class is the method of combining the compression and encryption process generally speaking, encryption should be done after compression, because the compression after encryption will reduce the compression performance due to the randomness of ciphertext data, but sometimes MPEG compression and selective encryption will contradict each other, There must be a trade-off between the two. Such studies are conducted for different video formats, such as a typical ZIG-ZAG substitution encryption algorithm that maps 8*8 blocks to 1*64 vectors in the MPEG-1 encoding process without using the original mapping order. Instead of using a random mapping table, this method has a minimal overhead on encryption and decryption, but it causes an increase in image size, which runs counter to the goal of data compression and is therefore inappropriate.

The fifth category is the flag bit (sign bit) encryption method, which is implemented by changing the flag bits of all DCT coefficients and motion vectors with the secret key as follows:

Suppose k= b1b2. –BM is a random key with a length of M, and the cryptographic function is selected as:

Ek (s) = ... (B1xor S1) ... (BMXORSM) (B1 XOR sm+1) ... (Bn XOR s2m) ...

Here s1s2,smsm+1,. S2n ... Is that all DC coefficients and the AC coefficients of the mark bits of the cryptographic function will be the DCT coefficients of the flag bit random change of the method is also known as VEA, and its security is not high enough there are two other ways to improve the Mvea and Rvea.

The sixth category is the combination of stream cipher and block cipher for efficient data encryption.

The above methods in any case to deal with video, mostly with the conventional encryption algorithm, such as the use of DES algorithm, VEA, selective encryption of the selected part of the encryption operation regardless of how to consider, the real-time streaming media transmission is an important parameter, and real-time and encryption speed has a great relationship.

Analysis of the effect of encryption speed on real-time performance

From the above analysis, there are a variety of encryption algorithms can be used to encrypt the streaming media data, but to determine whether an algorithm is practical, depends on whether it affects the real-time streaming media playback effect based on this idea to analyze in the MPEG-1 data stream encoding process, The frame header information of each data frame contains the decoding time of the frame relative to the system head, in the actual operation, through this decoding time we can determine whether a frame can decode on time, also can determine how much time can be used to decrypt.

Because the size of the data frame is different in a data stream, this can happen when the network is transmitted: smaller frames can be accommodated with a single packet, while larger frames may be packed in several packets. For these segmented frames, because each packet is to be decrypted separately, will bring a large delay, if they can achieve real-time encryption and decryption, the small frame is not a problem, so we can only consider the case of large data frame, assuming that in the M peg stream a frame relative to the system flow in the first frame of the decoding time is D, While the actual obtained first frame decoding time is D1, then the current frame of the specified decoding time should be: A=d1+d.

Comparing this specified decoding time date to the time B that the last packet of the frame arrives at the client, if B is later than a, it means that the frame has been late for some reason, and the decryption has inevitably affected the real-time playback if B is earlier than a, then the difference between the two is the time that can be used to decrypt the packet.

For any data frame, the client starts decoding playback after receiving all of its packets, we analyze the longest data frame, if it can be decrypted within a-B, the other frame decryption nature is not a problem therefore, if the last packet of the frame can be decrypted within a-B period, We think that the decryption algorithm used can meet the requirements of real-time playback.

Set this maximum frame contains n packets, each packet requires a decryption time of T, so, should have: T<a-b, that is: decryption speed > Kanenaga/(A-B).

The conclusion is as follows: for a MPEG-1 data stream, only the decryption speed > Data Kanenaga/(the frame's specified decoding time of the last packet time of the frame) encryption algorithm can meet the requirements of real-time encryption.

Small Knowledge Stream Media

Streaming media is a media format that is broadcast over the internet in a streaming way. Streaming media, also known as streaming media, refers to a business using a video delivery server to send programs as packets sent to the network. After the user extracts the data from the decompression device, the program will show up as before it is sent.

Streaming media encryption (1)