CN109788347B - Video chaotic secret communication device and method - Google Patents
Video chaotic secret communication device and method Download PDFInfo
- Publication number
- CN109788347B CN109788347B CN201910053773.9A CN201910053773A CN109788347B CN 109788347 B CN109788347 B CN 109788347B CN 201910053773 A CN201910053773 A CN 201910053773A CN 109788347 B CN109788347 B CN 109788347B
- Authority
- CN
- China
- Prior art keywords
- data
- tdata
- module
- chaotic
- video
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000000739 chaotic effect Effects 0.000 title claims abstract description 182
- 238000004891 communication Methods 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 title claims abstract description 45
- 239000000872 buffer Substances 0.000 claims abstract description 77
- 230000005540 biological transmission Effects 0.000 claims abstract description 34
- 238000005516 engineering process Methods 0.000 claims abstract description 17
- 230000014509 gene expression Effects 0.000 claims description 18
- 230000001360 synchronised effect Effects 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 11
- 238000002360 preparation method Methods 0.000 claims description 7
- 239000003086 colorant Substances 0.000 claims description 3
- 150000001875 compounds Chemical class 0.000 claims 4
- 238000013461 design Methods 0.000 abstract description 23
- 230000002349 favourable effect Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 12
- 238000003860 storage Methods 0.000 description 12
- 238000006243 chemical reaction Methods 0.000 description 9
- 230000000630 rising effect Effects 0.000 description 8
- 230000001960 triggered effect Effects 0.000 description 8
- 238000011161 development Methods 0.000 description 4
- 230000009191 jumping Effects 0.000 description 3
- 238000013075 data extraction Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a video chaotic secret communication device and a method, wherein the device comprises a video sending end and a video receiving end, the video sending end comprises a first FPGA chip, an original video data buffer area, a data sending device, a camera and a first display, and the video receiving end comprises a second FPGA chip, a decrypted video data buffer area, a data receiving device and a second display; the first FPGA chip comprises a video acquisition module, a first HDMI controller, a first VDMA, a second VDMA, a chaotic encryption module and a network transmission module; the second FPGA chip comprises a second HDMI controller, a third VDMA, a chaotic decryption module and a network receiving module; the technical scheme provided by the invention realizes the purpose of carrying out chaotic secret communication on the video data on a hardware platform based on a high-end FPGA platform technology, has the advantages of higher safety, better real-time property, low design difficulty and the like, is favorable for accelerating the daily application and commercial popularization of the video chaotic secret communication technology, and has great commercial application value.
Description
Technical Field
The embodiment of the invention relates to the technical field of secret communication, in particular to a video chaotic secret communication device and a video chaotic secret communication method.
Background
In recent years, a plurality of reports have been reported on the adoption of a middle-low-end FPGA technology platform to realize real-time video chaotic secure communication, and the middle-low-end FPGA technology platform is greatly limited in hardware realization and application of the video chaotic secure communication due to insufficient hardware resources, insufficient data processing capacity and the like. The adoption of a high-end FPGA technical platform to realize multimedia chaotic secret communication with higher safety and better real-time performance is a hot topic which people pay attention to in recent years. As is well known, the adoption of the FPGA technology to realize the video chaotic secure communication requires comprehensive consideration from various aspects such as security, real-time performance, design difficulty and the like. For example, in terms of security, it is necessary to design a set of chaotic encryption algorithms with high security performance and easy hardware implementation. In terms of real-time performance, a series of technical problems such as strict timing relation among signals, conversion and processing of video data formats and the like need to be solved. In terms of design difficulty, the ethernet transmission based on the TCP/IP protocol is difficult to design and the stability is relatively difficult to handle.
Disclosure of Invention
The invention provides a video chaotic secret communication device and a method, which aim to overcome the defects of the prior art.
In order to achieve the above purpose, the present invention provides the following technical solutions:
in a first aspect, the invention provides a video chaotic secret communication device, which comprises a video sending end and a video receiving end, wherein the video sending end comprises a first FPGA chip, an original video data buffer area, a data sending device, a camera and a first display, and the video receiving end comprises a second FPGA chip, a decrypted video data buffer area, a data receiving device and a second display;
the first FPGA chip comprises a video acquisition module, a first HDMI controller, a first VDMA, a second VDMA, a chaotic encryption module and a network transmission module;
the video acquisition module is used for controlling the camera to acquire video data and storing the video data to the original video data buffer area through the first VDMA;
the first HDMI controller is configured to obtain, through the first VDMA, original video data stored in the original video data buffer, and display the original video data through the first display;
the chaotic encryption module is used for acquiring the original video data stored in the original video data buffer area through the second VDMA, and encrypting the original video data based on a preset chaotic encryption algorithm to obtain encrypted data; the network sending module is used for sending the encrypted data to the data sending device and forwarding the encrypted data to the data receiving device by the data sending device;
the second FPGA chip comprises a second HDMI controller, a third VDMA, a chaotic decryption module and a network receiving module;
the network receiving module is used for acquiring the encrypted data transmitted from the data receiving device and sending the encrypted data to the chaotic decryption module;
the chaotic decryption module is used for decrypting the encrypted data based on a preset chaotic decryption algorithm to obtain corresponding decrypted data, and storing the decrypted data in the decrypted video data buffer area through the third VDMA;
and the second HDMI controller is used for acquiring the decrypted data stored in the decrypted video data buffer through the third VDMA and displaying the decrypted data through the second display.
Further, in the video chaotic secret communication device, the data sending device and the data receiving device both comprise a network daughter board and a router.
Furthermore, in the video chaotic secret communication device, both the chaotic encryption module and the chaotic decryption module adopt an AXIS protocol as an interface protocol.
Further, in the video chaotic secret communication device, the signals related to the AXIS protocol include tvalid, tready, tdata [31:0], tuser, and tlast;
wherein tvalid and tdata [31:0] are handshake signals between modules, tuser is a data effective handshake signal output by a previous-stage module to a next-stage module, tlast is a handshake signal output by the next-stage module to the previous-stage module for data preparation, tdata [31:0] is a video data signal, tuser is a frame start signal, and tlast is a line end signal.
Furthermore, in the video chaotic secret communication device, signal channels in the chaotic encryption module and the chaotic decryption module are parallel channels;
parallel channels in the chaotic encryption module and the chaotic decryption module respectively process tdata [31:0], tuser, tlast and data _ en;
each signal channel in the chaotic encryption module and the chaotic decryption module is provided with a multi-stage pipeline structure, each stage of pipeline adopts a D trigger to buffer data, and the strict time sequence relation between the channels is kept through the multi-stage pipeline technology.
In a second aspect, the invention provides a video chaotic secure communication method, which is implemented by using the video chaotic secure communication device provided by any embodiment of the invention, wherein the video chaotic secure communication device comprises a video sending end and a video receiving end, the video sending end comprises a first FPGA chip, an original video data buffer area, a data sending device, a camera and a first display, and the video receiving end comprises a second FPGA chip, a decrypted video data buffer area, a data receiving device and a second display; the first FPGA chip comprises a video acquisition module, a first HDMI controller, a first VDMA, a second VDMA, a chaotic encryption module and a network transmission module; the second FPGA chip comprises a second HDMI controller, a third VDMA, a chaotic decryption module and a network receiving module; the method comprises the following steps:
the video acquisition module controls the camera to acquire video data and stores the video data to the original video data buffer area through the first VDMA;
the first HDMI controller acquires original video data stored in the original video data buffer area through the first VDMA and displays the original video data through the first display;
the chaotic encryption module acquires the original video data stored in the original video data buffer area through the second VDMA, and encrypts the original video data based on a preset chaotic encryption algorithm to obtain encrypted data; the encrypted data are sent to the data sending device through the network sending module and forwarded to the data receiving device by the data sending device;
the network receiving module acquires the encrypted data transmitted from the data receiving device and sends the encrypted data to the chaotic decryption module;
the chaotic decryption module decrypts the encrypted data based on a preset chaotic decryption algorithm to obtain corresponding decrypted data, and stores the decrypted data in the decrypted video data buffer area through the third VDMA;
the second HDMI controller obtains the decrypted data stored in the decrypted video data buffer through the third VDMA, and displays the decrypted data on the second display.
Further, in the video chaotic secret communication method, the data sending device and the data receiving device both comprise a network daughter board and a router.
Furthermore, in the video chaotic secret communication method, the chaotic encryption module and the chaotic decryption module both adopt an AXIS protocol as an interface protocol.
Further, in the video chaotic secret communication method, the signals related to the AXIS protocol include tvalid, tready, tdata [31:0], tuser and tlast;
wherein tvalid and tdata [31:0] are handshake signals between modules, tuser is a data effective handshake signal output by a previous-stage module to a next-stage module, tlast is a handshake signal output by the next-stage module to the previous-stage module for data preparation, tdata [31:0] is a video data signal, tuser is a frame start signal, and tlast is a line end signal.
Furthermore, in the video chaotic secret communication method, signal channels in the chaotic encryption module and the chaotic decryption module are parallel channels;
parallel channels in the chaotic encryption module and the chaotic decryption module respectively process tdata [31:0], tuser, tlast and data _ en;
each signal channel in the chaotic encryption module and the chaotic decryption module is provided with a multi-stage pipeline structure, each stage of pipeline adopts a D trigger to buffer data, and the strict time sequence relation between the channels is kept through the multi-stage pipeline technology.
Specifically, the content provided by the invention comprises three aspects of a chaotic encryption module and a chaotic decryption module design and implementation method, a network sending module and network receiving module design and implementation method, and an FPGA system-on-chip architecture design and implementation method, which are all designed and implemented by adopting an IP core integration method.
(1) Chaotic encryption and decryption module design and implementation
The chaotic encryption and decryption module is designed and realized by an AXIS interface protocol, synchronous FIFO (First in First out) data processing, parallel multi-channel, multi-stage pipeline, state machine control and Q format fixed point operation. The specific design and implementation method is as follows:
(a) the input end and the output end have an AXIS interface protocol, data transmission is triggered when the handshaking signals tvalid and tready are in high level, and data transmission is suspended when the handshaking signals tvalid and tready are in low level. Wherein tvalid is a data valid handshake signal output by the previous-stage module to the next-stage module, and tready is a handshake signal output by the next-stage module to the previous-stage module for data preparation completion. The functions of video encryption, decryption and storage are realized through the communication between the encryption module and the decryption module and the VDMA.
(b) The working clock frequency of the chaotic encryption and decryption module is 100MHZ, the working clock frequency is provided by a Virtex-7 platform, and as the internal part and the external part of the module have the same clock source, the synchronous FIFO is adopted to buffer the video data.
(c) The chaotic encryption and decryption module has a parallel multi-channel and pipeline structure. Parallel channels process 4 signals tdata [31:0] respectively]Tuser, tlast, data _ en, where tdata [31:0]Is a 4-byte video data signal, and is expressed by ARGB format, wherein
Is the full 0 extension data of 1 byte,
is 1 byte of red primary color data,
is 1 byte of the green primary color data,
is 1 byte of blue primary color data, so
The three primary color data is 3 bytes, tuser is a frame start signal, tlast is a line end signal, and data _ en is a data validity enable signal. Note that each channel has a multi-stage pipeline structure, the pipeline uses a D flip-flop to buffer data, and is triggered by a system clock to operate, and in the operation process of the pipeline, strict timing relationships are maintained between the channels.
(d) A state machine control unit is embedded in the assembly line structure, the chaotic encryption algorithm is operated according to state conversion, and the global time sequence control capability is improved.
(e) The key parameters and the state variables of the encryption and decryption equations are expressed by adopting a fixed-point format with 64-bit symbols Q32, and the fixed-point operation is realized by adopting special operation resources of a multiplier and an adder, so that the operation speed is improved.
(2) Design and realization of network sending module and network receiving module
The network sending module and the network receiving module comprise an AXIS interface protocol, asynchronous FIFO data processing, parallel multi-channel and multi-stage pipelines. The specific design and implementation method is as follows:
the input terminal and the output terminal have an AXIS interface protocol, and data transmission is triggered when tvalid and tready are high level and is suspended when tvalid and tready are low level. The functions of video encryption, network transmission, network reception, video decryption and video storage are realized through the communication between the chaotic encryption module, the network transmission module, the network reception module and the chaotic decryption module and the VDMA.
The external working clock of the network sending module and the network receiving module is 100MHZ, the frequency of the working clock is provided by a Virtex-7 platform, the internal working clock frequency of the network sending module and the network receiving module is 125MHZ, the working clock frequency is provided by a TOE network daughter board, and as the clock source inside the module is different from that outside the module, the asynchronous clock is adopted to synchronously process the video data so as to solve the problem of asynchronous data reading and writing caused by the asynchronous clock.
(c) The network sending module and the network receiving module have a parallel multi-channel and pipeline structure. The parallel channels process tdata [23:0], tuser, tlast and other control signals, respectively. Each channel is provided with a multi-stage pipeline structure, and the pipeline adopts a D trigger to buffer data and is triggered by a system clock to work. During the operation of the pipeline, strict time sequence relation is kept among the channels.
(d) The network sending module and the network receiving module have a serial/parallel conversion structure, so that the problem that the data bus tdata [23:0] input and output by the modules is inconsistent with the width of the internal data bus is solved. The parallel/serial conversion converts parallel data of 3 bytes width into serial data of 1 byte width, and after network transmission and network reception are completed, the output of 3 bytes width is recovered by the serial/parallel conversion function. The parallel/serial conversion function is realized by adopting a selector and a counter, and the serial/parallel conversion function is realized by adopting a shift register.
(3) FPGA on-chip architecture design and implementation
The FPGA on-chip architecture design and implementation can solve the communication problem between the Virtex-7 platform and a DDR (double Data rate) memory and the Data transmission and processing problem between the Virtex-7 platform and a TOE network sub-board. The VDMA is responsible for data transmission between the Virtex-7 platform and the DDR memory, and performs read-write operation on data of the DDR memory to realize storage and processing of video data. The network sending module and the network receiving module are responsible for data transmission and processing between the Virtex-7 platform and the TOE network daughter board. The Virtex-7 platform, the VDMA, the TOE network daughter board, the network sending and receiving control module and the DDR memory jointly participate in the control of video frame synchronization and read-write synchronization, and a strict time sequence relation is kept. Due to the reasonable design of the FPGA on-chip architecture, the video stream can be transmitted and processed correctly and efficiently.
The video chaotic secret communication device and method provided by the invention realize the purpose of real-time chaotic secret communication of video data on a hardware platform based on a high-end FPGA platform technology, have the advantages of higher safety, better real-time performance, low design difficulty and the like, are beneficial to accelerating daily application and commercial popularization of the video chaotic secret communication technology, and have great commercial application value.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a general block diagram of a hardware implementation of a video chaotic secure communication device according to an embodiment;
FIG. 2 is a block diagram of a chaotic encryption module according to a first embodiment;
FIG. 3 is a block diagram illustrating a structure of a chaotic decryption module according to a first embodiment;
FIG. 4 is a schematic diagram of a 4-stage pipeline circuit of tlast, tuser, data _ en;
fig. 5 is a block diagram of a chaotic encryption equation operation submodule controlled based on a state machine in the first embodiment;
fig. 6 is a block diagram of a chaos decryption equation operation submodule controlled based on a state machine in the first embodiment;
fig. 7 is a block diagram illustrating a structure of an AXIS interface protocol sub-module at an input end of a chaotic encryption/decryption module according to a first embodiment;
fig. 8 is a block diagram illustrating a structure of an AXIS interface protocol sub-module at an output end of the chaotic encryption/decryption module according to the first embodiment;
FIG. 9 is a block diagram illustrating a network routing module according to an embodiment;
FIG. 10 is a block diagram illustrating a network receiving module according to an embodiment;
fig. 11 is a block diagram illustrating an AXIS interface protocol module at an input end of a network sending module according to an embodiment;
fig. 12 is a block diagram illustrating an AXIS interface protocol module at an output end of a network receiving module according to an embodiment;
FIG. 13 is a diagram illustrating a hardware implementation result of key matching according to one embodiment;
fig. 14 is a diagram illustrating a hardware implementation result of key mismatch in the first embodiment.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a schematic structural diagram of a video chaotic secret communication device according to an embodiment of the present invention. As shown in fig. 1, an embodiment of the present invention provides a video chaotic secret communication device, including:
the video receiving terminal comprises a second FPGA chip, a decrypted video data buffer area, a data receiving device and a second display;
the first FPGA chip comprises a video acquisition module, a first HDMI controller, a first VDMA, a second VDMA, a chaotic encryption module and a network transmission module;
the video acquisition module is used for controlling the camera to acquire video data and storing the video data to the original video data buffer area through the first VDMA;
the first HDMI controller is configured to obtain, through the first VDMA, original video data stored in the original video data buffer, and display the original video data through the first display;
the chaotic encryption module is used for acquiring the original video data stored in the original video data buffer area through the second VDMA, and encrypting the original video data based on a preset chaotic encryption algorithm to obtain encrypted data; the network sending module is used for sending the encrypted data to the data sending device and forwarding the encrypted data to the data receiving device by the data sending device;
the second FPGA chip comprises a second HDMI controller, a third VDMA, a chaotic decryption module and a network receiving module;
the network receiving module is used for acquiring the encrypted data transmitted from the data receiving device and sending the encrypted data to the chaotic decryption module;
the chaotic decryption module is used for decrypting the encrypted data based on a preset chaotic decryption algorithm to obtain corresponding decrypted data, and storing the decrypted data in the decrypted video data buffer area through the third VDMA;
and the second HDMI controller is used for acquiring the decrypted data stored in the decrypted video data buffer through the third VDMA and displaying the decrypted data through the second display.
Preferably, the data sending device and the data receiving device each include a network daughter board and a router.
Preferably, the chaotic encryption module and the chaotic decryption module both adopt an AXIS protocol as an interface protocol.
Preferably, the signals involved in the AXIS protocol include tvalid, tready, tdata [31:0], tuser, and tlast;
wherein tvalid and tdata [31:0] are handshake signals between modules, tuser is a data effective handshake signal output by a previous-stage module to a next-stage module, tlast is a handshake signal output by the next-stage module to the previous-stage module for data preparation, tdata [31:0] is a video data signal, tuser is a frame start signal, and tlast is a line end signal.
Preferably, the signal channels in the chaotic encryption module and the chaotic decryption module are parallel channels;
parallel channels in the chaotic encryption module and the chaotic decryption module respectively process tdata [31:0], tuser, tlast and data _ en;
each signal channel in the chaotic encryption module and the chaotic decryption module is provided with a multi-stage pipeline structure, each stage of pipeline adopts a D trigger to buffer data, and the strict time sequence relation between the channels is kept through the multi-stage pipeline technology.
In more detail, in the technical solution provided by the embodiment of the present invention, a hardware environment is first established. Two sets of FPGA development platforms are selected as a video sending end and a video receiving end, a VC707 development board of Virtex-7 series high-end FPGA platform of Xilinx company is selected, and the model of a chip is XC7VX485T-2FFG 1761. The video transmitting end and the video receiving end are respectively connected with the display by adopting HDMI interfaces, the two ends of the video transmitting end and the video receiving end are connected with the TOE network sub-board and the router by an FMC _ HPC connector to form a local area network, the IP address of the transmitting end is 192.168.1.100, and the IP address of the receiving end is 192.168.1.101. In addition, the sending end is connected with a camera through an FMC _ HPC connector, and the model of the camera is MT9P 001. And the PC downloads the FPGA configuration file and the executable software through a USB download line.
And secondly, establishing a software environment. A VIvado development tool is installed on a PC of a Win10 operating system and used for FPGA logic circuit design, and a 2014.4.1 version is selected; and installing the SDK development tool with the same version for configuring the DDR and the HDMI. Firstly, a hardware circuit is designed to generate a bitstream file, and then DDR and HDMI are configured to generate an elf file. Downloading the bitstream file first and then downloading the elf file to finish the starting of the system.
The video transmitting end in fig. 1 realizes video acquisition, display, chaotic encryption and network transmission functions, and the video receiving end realizes video network receiving, chaotic decryption and display functions.
The whole system has 2 video data buffers, namely an original video data buffer and a decrypted video data buffer, each buffer has 3 frame buffers, and each frame buffer stores one frame of video. In the case of a resolution of 640 × 480, the frame buffer capacity is 1229 KB. Through register configuration, after obtaining the frame buffer initial address and capacity value, the read-write channel of VDMA can completely access the corresponding 3 frame buffers and read and write the frame buffers thereof by using ping-pong operation. As shown in fig. 1, 3 pieces of frame buffer information of the original video data buffer are respectively configured into registers of a first VDMA read channel, a first VDMA write channel, and a second VDMA read channel; the frame buffer of the decrypted video data buffer is configured into the third VDMA read channel and the write channel.
The first VDMA realizes the transmission function of video frames among the video acquisition module, the HDMI controller and the DDR memory. The access and transmission process of the video relates to frame synchronization and read-write synchronization control, wherein the frame synchronization refers to that the VDMA can correctly judge the boundary of the video frame, and the read-write synchronization refers to the time sequence relation which should be kept when a read-write channel of the VDMA operates the same buffer zone, so that the operation of the read channel is required to lag behind at least one frame buffer of the write channel, thereby preventing the read-write conflict of the frame buffers. The VDMA frame synchronization has two modes of tuser and fsync, the synchronization in tuser mode is triggered and controlled by AXIS protocol signal tuser and belongs to internal trigger frame synchronization signal, and the synchronization in fsync mode is triggered and controlled by external pulse signal and belongs to external trigger frame synchronization signal. In the system, all read channels of the VDMAs adopt the fsync mode to carry out frame synchronization, and all write channels of the VDMAs adopt the tuser mode to carry out frame synchronization. The read-write synchronization of the VDMA has two modes, namely, a dynamic master mode and a dynamic slave mode, when the read-write channel operates the same buffer, the write channel is configured in the dynamic master mode, and the read channel is configured in the dynamic slave mode, in this case, if the read-write channel belongs to different VDMA modules, the frame buffer pointer output signal frame _ ptr _ out of the write channel needs to be further connected to the pointer input signal frame _ ptr _ in of the read channel. The read and write channels operating the same buffer have to be configured in a read and write synchronous mode, in particular further connection pointer signals are needed between the first VDMA write channel and the second VDMA read channel.
After the original video is collected, the original video is sequentially and circularly written into 3 frame buffers through a first VDMA writing channel. The tuser signal is configured as a frame sync signal at the input of the write channel, which is controlled by the video capture module. the tuser rising edge triggers the writing channel to receive and cache a new frame of video, and after the caching is finished, the writing channel waits for the arrival of the next tuser rising edge. After the HDMI controller finishes displaying one frame of video, the HDMI controller triggers the first VDMA to transmit a new frame of video. The fsync signal is configured as a frame sync signal at the read channel input, which is controlled by the HDMI controller. The fsync rising edge triggers the first VDMA to read the frame buffer. The dynamic master-slave mode dynamic master and dynamic slave are configured, so that the writing channel and the reading channel are synchronized, the two channels do not operate the same frame buffer at the same time, and the accuracy of data reading and writing is ensured.
The second VDMA realizes the function of transmitting the video frame between the DDR memory and the chaotic encryption module. The fsync signal at the read channel selection input end is used as a frame synchronization signal, and the fsync signal is controlled by the network sending module. The rising edge of the fsync signal triggers the read channel to begin reading and transferring a new frame of video. The read channel is configured in a dynamic slave mode and receives the frame _ ptr _ out signal from the first VDMA write channel, both channels achieving read and write synchronization. The frame _ ptr _ out signal is an identification signal for the current frame buffer. After the sending end network sending module finishes sending one frame of encrypted video each time, a second VDMA is triggered to start transmission and storage of a new frame of video. After the receiving end network receiving module finishes receiving one frame of encrypted video, the decryption module obtains the decrypted video, and the third VDMA is triggered to carry out access and transmission of video frames.
The third VDMA realizes the transmission function of the chaotic decryption module, the DDR memory and the HDMI controller video frame, and the read channel and the write channel respectively select the fsync signal and the tuser signal at the input end as the frame synchronization signal. The fsync signal is controlled by the HDMI controller, and the tuser signal is generated by counting through the network receiving module. the tuser rising edge triggers the writing channel to receive and cache a new frame of video, and after the caching is finished, the writing channel waits for the arrival of the next tuser rising edge. After the HDMI controller finishes displaying one frame of video, the rising edge of the fsync triggers the first VDMA to transmit a new frame of video. The dynamic master-slave mode dynamic master and dynamic slave are configured, so that the writing channel and the reading channel are synchronized, the two channels do not operate the same frame buffer at the same time, and the accuracy of data reading and writing is ensured.
Fig. 2 and fig. 3 are a chaotic encryption module and a chaotic decryption module, respectively, and the input and output of the modules communicate by using the AXIS interface protocol. The AXIS protocol input interface signal has 4 input signals tvalid, tdata [31:0], tuser, tlast and 1 output signal tready; the output interface signal of AXIS protocol has 4 output signals tvalid, tdata [31:0], tuser, tlast and 1 input signal tready, clk is global system clock signal. When tvalid 1 is satisfied, tdata [31:0], tuser, tlast starts to be transmitted between modules, and otherwise, transmission is suspended. tdata [31:0] is a data video transmission signal of 4 byte width, tuser and tlast are a frame start and line end signal, respectively, and when tuser is 1, the first pixel tdata [31:0] of the current video frame is transmitted, and when tlast is 1, the last pixel tdata [31:0] of the current video line is transmitted. It should be noted that the data width of VDMA is 32bits, tdata [31:0] is defined as 4 bytes ARGB in the protocol interface, and only RGB bytes are transmitted and processed in the chaotic encryption and decryption module, so data extraction and interpolation operations need to be performed on a byte at the input end and the output end of the protocol interface, and the data width of tdata [23:0] in the chaotic encryption and decryption module is 3 bytes.
The chaotic encryption and decryption module has a parallel multi-channel and multi-stage pipeline structure. The parallel channel comprises a synchronous signal tlast channel, a synchronous signal tuser channel, a serial data signal tdata channel and a data validity enabling signal data _ en channel, and the 4 channels are all in a 6-level pipeline structure. Under the triggering of the rising edge of the system clock, the pipeline signal jumps to the next stage. The Full signal in the figure is FIFO Full signal at the output end of AXIS protocol, and is obtained after negation operation
The signal acts as a pipeline global enable signal,
the production line works normally. data _ en is a validity identification signal of the video data tdata, and data _ en are used
Generating an encryption enable signal encrypt _ en and a decryption enable signalNumber decryption _ en, for tdata [23:0]And tdata _ e [23:0]]Encryption and decryption processes are performed. According to FIG. 2, in the chaotic encryption module, tdata [23:0] is applied to the video data]Encrypting to obtain video encryption data tdata _ e [23:0]]. According to FIG. 3, in the chaotic decryption module, the video encryption data tdata _ e [23:0]]Decrypting to obtain decrypted video data tdata _ d [23:0]]. In the chaotic encryption and decryption module shown in fig. 2-3, a state machine control method with 4 states is adopted to design and realize chaotic encryption and decryption, wherein start is a state machine feedforward control signal, and start and decryption are utilized
And generating a pipeline enable signal pipeline _ en, wherein the pipeline enable signal pipeline _ en is 0 when one data is input into the encryption and decryption module, the pipeline of the preceding stage is suspended, and the pipeline enable signal pipeline _ en is 1 when one data is output from the encryption and decryption module, and the pipeline of the preceding stage is recovered to normal operation. . All signals need to be aligned with tdata [23:0] according to pipeline design principles]And tdata _ e [23:0]]The synchronization relationship is maintained, and the specific solution is to perform 4-stage pipeline design on tlast, tuser and data _ en respectively, as shown in fig. 4.
In the chaotic encryption equation operation submodule based on state machine control shown in fig. 5, the mathematical expression of the chaotic encryption algorithm is
In the formula
The kth iteration data, tdata _ e [23:16], which is the encryption side state variable](k)、tdata_e[15:8](k)、tdata_e[7:0](k) Tdata _ e [23:16, respectively]、tdata_e[15:8]、tdata_e[7:0]Where k is 1,2,3 … is the number of iterations. Sigma5=1.6×1017、σ6=1.7×1017、σ7=1.1×1017、εi=226(i ═ 5,6,7), key parameter aij(i, j-1, 2,3, 4, 5,6,7) has a size of
In the formulas (1) to (2), the state variables and the key parameters are represented by a signed 64-bit Q32 fixed-point format, and fixed-point operation is realized through a special FPGA multiplier and an adder.
According to the formula (1), the original video data tdata [23:16], tdata [15:8] and tdata [7:0] are encrypted to obtain encrypted video data tdata _ e [23:16], tdata _ e [15:8] and tdata _ e [7:0], and the mathematical expressions are
In which a sequence of iterations s is encryptedi(k) The mathematical expressions of (i ═ 5,6,7) are respectively
In the chaos decryption equation operation submodule based on state machine control shown in fig. 6, the mathematical expression of the chaos decryption algorithm is
In the formula
Is the k-th iteration data of the state variable at the decryption end, wherein k is 1,2,3 … is the iteration number, tdata _ e [23: 16)](k)、tdata_e[15:8](k)、tdata_e[7:0](k) Respectively, red, green and blue three primary colors.
According to the formula (5), the encrypted video data tdata _ e [23:16], tdata _ e [15:8] and tdata _ e [7:0] are decrypted to obtain the decrypted video data tdata _ d [23:16], tdata _ d [15:8] and tdata _ d [7:0], and the mathematical expressions are
In which the iterative sequence is decrypted
Is expressed as
In the case of a match of the key parameters,
when it is true, tdata _ d [23:16] is obtained from the expressions (3) and (6)]=tdata[23:16]、tdata_d[15:8]=tdata[15:8]、tdata_d[7:0]=tdata[7:0]Therefore, the original video data can be correctly decrypted at the receiving end. And in the case of a key parameter mismatch,
similarly, tdata _ d [23:16] is obtained according to the formulas (3) and (6)]≠tdata[23:16]、tdata_d[15:8]≠tdata[15:8]、tdata_d[7:0]≠tdata[7:0]It can be seen that the original video data cannot be decrypted at the receiving end.
In fig. 5-6, the 3-level multiplier operation and the 1-level xor output of the chaotic encryption and decryption equation are both implemented by state machine control. The main delay in the operation of the 3-level multiplier is the operation delay of the multiplier, and under the condition of meeting the time sequence, the operation of the 1 st-level multiplier comprises nonlinear operation, iterative sequence operation, fixed point format processing of 64-bit Q data and rounding-down operation; the 2 nd and 3 rd multiplier operations comprise nonlinear operations and data 64-bit Q fixed-point format processing; the exclusive-or output includes an exclusive-or and output of the video data and the chaotic encryption/decryption sequence. In order to meet the time sequence requirement, the chaotic encryption and decryption equation needs to be operated by adopting state machine control, so that the states of the system are mutually transferred under a certain condition, data in each stage of operation are cached by a plurality of layers of D triggers, and the more the layers are, the larger the representative data width is.
In the encryption module, a state machine control method is adopted to complete the operation of 4 states, which are respectively marked as S0、S1、S2、S3. Wherein S0、S1、S2Respectively controlling the 1 st, 2 nd and 3 rd multiplier operations, S3And controlling exclusive-or output. When encrypt _ En is 1, the output enable signal En of the state machine control unit0=1,En3En2En1En00001, the feedforward control signal start of the state machine is 0, the pre-stage pipeline is suspended, and the state of the state machine is S0Completing the 1 st level multiplier operation, and jumping to S after the operation1. When encrypt _ En is 0, En0The output of the 1 st multiplier operation remains at 0, while the state machine stays at the current S0Status. When the output En of the state machine control unit1When 1, En3En2En1En00010, the feedforward control signal start of the state machine is 0, the preceding stage pipeline is suspended, and the state of the state machine is S1Completing the 2 nd level multiplier operation, and jumping to S after the operation2Status. When the output En of the state machine control unit2When 1, En3En2En1En00100, the feedforward control signal start of the state machine is 0, the preceding stage pipeline is suspended, and the state of the state machine is S2Completing the 3 rd level multiplier operation, and jumping to S after the operation3Status. When the output En of the state machine control unit3When 1, En3En2En1En01000, the feedforward control signal start of the state machine is 1, the pre-stage pipeline resumes normal operation, and the state of the state machine is S3Finishing the XOR and output operation of the video data and the chaotic encryption sequence, outputting the encrypted video data, and skipping to S by the state machine0Status. Similarly, the state machine control method of the decryption module is similar to that of the encryption module, and detailed description is omitted.
Schematic diagrams of the AXIS interface protocol at the input end and the output end of the chaotic encryption and decryption module are respectively shown in fig. 7 and fig. 8, and the chaotic encryption and decryption module comprises three parts, namely a dual-port RAM memory, an AXIS protocol interface and a pipeline interface.
Because the input and output clocks of the AXIS bus are the same system clock, a synchronous FIFO memory is adopted, a dual-port RAM is selected for reading and writing data, and 34-bit storage width and 2048 storage depth are selected. The 34-bit storage width is formed by combining signals tdata [31:0], tuser and tlast, tdata [31:0] is represented by 4 layers of D triggers, each layer of D triggers respectively represents one byte of data in video data ARGB, the storage depth of 2048 is 211 addresses, and the effective address spaces of a read pointer rd _ ptr [10:0] and a write pointer wr _ ptr [10:0] are 11 bits. In order to facilitate the judgment of FIFO empty/full, 12-bit read/write pointers, namely rd _ ptr [11:0] and wr _ ptr [11:0], are selected in practical use, wherein the most significant bit is only used as a flag bit for judging the FIFO state, and is not used as an address.
Each read and write of the FIFO will cause the read and write pointer to automatically add 1, and when the read pointer and the write pointer are completely equal, namely wr _ ptr [11:0] ═ rd _ ptr [11:0], the FIFO is in an empty state. If the highest bit of the read-write pointer is different and the lower bit addresses are the same, the FIFO is in a full state when wr _ ptr [11] ≠ rd _ ptr [11] and wr _ ptr [10:0] ═ rd _ ptr [10:0] are satisfied.
In fig. 7, the AXIS protocol interface is used to implement data transmission. The AXIS protocol input interface is a slave device end of an IP core, where tvalid is an input signal and tready is an output signal. When the FIFO memory is not full,
if tvalid 1 is further satisfied, handshake is established, wr _ ptr _ en 1, and writing of data is started. When in use
Or tvalid is 0, the handshake fails, and writing of data is stopped. When the FIFO memory is not empty,
if it is still further satisfied
Then rd _ ptr _ en equals 1 and the data starts to be read. When in use
Or
When the data is read, the reading of the data is stopped. Additionally, tvalid and
generating wr _ ptr _ en by
And
together, rd _ ptr _ en, where full is the FIFO full signal,
is obtained after negation operation is carried out on full, empty is an FIFO empty signal,
is obtained by inverting the empty, and note that
The global enable signal of fig. 2-3.
In fig. 8, the protocol output interface of AXIS is the master side of the IP core, where tvalid is the output signal and linear is the input signal, when the FIFO memory is not full,
if data _ en is further satisfied as 1, wr _ ptr _ en is 1, and writing of data is started. When in use
Or data _ en is 0, the writing of data is stopped. The FIFO memory is not empty and,
if the linear is still further satisfied, 1, a handshake is established, rd _ ptr _ en is 1, and the reading of data is started. When in use
Or when the read is 0, the handshake fails and the reading of data is stopped. In addition, data _ en and
generating wr _ ptr _ en by means of tread and
together generate rd _ ptr _ en and satisfy
In fig. 7, a pipeline interface is used to implement data transfer between the memory and the pipeline. The FIFO outputs tdata, tlast, tuser and data _ en which respectively enter respective channels for transmission. As shown in fig. 2-3, when
The cryptographic equation pair tdata [23:0]]For encryption, the decryption equation pair tdata _ e [23:0]]For decryption, when data _ en is 0 or
The treatment is not performed.
Fig. 9 and 10 are a network transmission module and a network reception module, respectively. The input of fig. 9 communicates with the output of fig. 10 using the AXIS interface protocol. And only transmitting the encrypted RGB bytes in the network transmission process, and respectively performing data extraction and interpolation operation on the A bytes at the input end and the output end of the protocol interface.
The network sending module and the network receiving module are provided with a plurality of parallel channels, and the parallel channels comprise a synchronizing signal tlast channel, a tuser channel, a sending end serial data signal Tx _ data channel, a receiving end serial data signal Rx _ data channel, a data valid enabling signal data _ en channel and a counter carry signal C _ out channel. According to fig. 9, tlast and tuser generate fsync signals through the frame synchronization module under the trigger of the external control signal User _ send, so as to ensure the read-write synchronization of VDMA2 in fig. 1. In fig. 9-10, Tx _ data and Rx _ data represent network transmission encrypted video data, Tx _ chan-001 represents a network transmission channel control signal, Tx _ data and Rx _ data are both encrypted video data of one byte, Tx _ en-data _ en is a network transmission enable signal, Tx _ full is a transmission full signal provided by the TOE network daughter board, and after performing an inversion operation, the Tx _ data and Rx _ data serve as a global data enable signal transmitted by the network. The FIFO Full signal Full in the AXIS protocol output interface is used as a global enable signal, and the Full is Rx _ Full, and the Rx _ en signal is a TOE network reception enable signal.
The network sending module and the network receiving module have a serial-parallel conversion structure. The data parallel-to-serial function is realized by the 1-out-of-3 data selector and the counter in fig. 9, and the data serial-to-parallel function is realized by the shift register in fig. 10. The 1-out-of-3 data selector is a 3-byte input 1-byte output, and the select signal Q _ sel is controlled by a 2-bit counter. In fig. 9, the carry signal C _ out of the 2-bit counter controls the data output of the AXIS protocol input interface, and in fig. 10, the carry signal C _ out of the 2-bit counter controls the frame synchronization module to generate the synchronization signals tlast and tuser and the handshake signal tvalid.
Schematic diagrams of the AXIS interface protocol at the input end of the network sending module and the output end of the network receiving module are respectively shown in fig. 11 and fig. 12, and include a dual-port RAM memory and an AXIS protocol interface.
Because the input and output clocks of the AXIS bus are different clock sources, the clock frequency provided by the TOE network daughter board in the control module is 125MHZ, the clock of the AXIS protocol is the clock provided by the Virtex-7 platform, and the clock frequency is 100MHZ, the module adopts an asynchronous FIFO memory to process data conversion and cache across clock domains, but because the read-write operation in the asynchronous FIFO memory respectively adopts different clocks to read and write, when the condition that the FIFO is judged to be full is judged, the problem of clock synchronization is involved, namely, the read-write address is synchronized from one clock domain to another clock domain for comparison. When the binary coding is adopted for counting, the problem of address counting error can occur, so that the read-write address is counted by adopting Gray code coding, and when the hardware is realized, the address value can be converted into a corresponding Gray code format only by performing XOR operation after the binary number and the address value are shifted to the right by one bit. The asynchronous FIFO memory selects a dual-port RAM to read/write data, and selects a storage width of 34 bits and a storage depth of 2048 bits. The storage width of 34 bits is formed by combining signals tdata [31:0], tlast and tuser, the storage depth of 2048 is 211 addresses, and the effective address spaces of the read pointer rd _ ptr [10:0] and the write pointer wr _ ptr [10:0] are 11 bits. The corresponding read and write addresses are represented by 12-bit Gray codes rd _ ptr _ gray [11:0] and wr _ ptr _ gray [11:0 ]. In order to facilitate the judgment of FIFO empty/full, in practical use, 12-bit read/write pointers, namely rd _ ptr _ gray [11:0] and wr _ ptr _ gray [11:0], are taken, wherein the most significant bit is only used as a flag bit for judging the FIFO status, and is not used as an address. Each read and write of the FIFO results in the read/write pointer automatically adding 1, and when the read pointer and the write pointer are completely equal, namely rd _ ptr _ gray [11:0] ═ wr _ ptr _ gray [11:0], the FIFO is in an empty state. For the judgment of the FIFO full state, because the Gray code has the characteristic of mirror symmetry except the highest bit, namely after all effective addresses are accumulated once, the flag bit of the highest bit is 1, so that the rest bits cannot be accumulated like the situation that the highest bit is 0, but are reversely processed. Therefore, only the most significant bit cannot be detected, the second most significant bit is considered, and the following three points are required to be met when the full state of the FIFO is judged on the Gray code format:
(1) the highest bits of the read-write address gray code are not equal.
wr_ptr_gray[11]≠rd_ptr_gray[11]
(2) The next highest bits of the read and write address gray codes are not equal.
wr_ptr_gray[10]≠rd_ptr_gray[10]
(3) The remaining bits are exactly equal.
wr_ptr_gray[9:0]=rd_ptr_gray[9:0]
When the empty/full state of the FIFO memory is judged, the read/write addresses need to be synchronized across clock domains and compared at the same clock, because the clock domains of the read/write addresses are different. The second-level register is adopted as the data synchronization and cache, and the synchronization process of the read/write pointer is as follows: synchronizing a write pointer of a write clock domain to a read clock domain, and comparing the synchronized write pointer with a read pointer to generate a read null signal; the read pointer of the read clock domain is synchronized to the write clock domain and the synchronized read pointer is compared to the write pointer of the write clock domain to generate a full write signal.
In fig. 11, the AXIS protocol interface is used to implement data transmission. The protocol input interface of the AXIS is a slave device end of an IP core, where tvalid is an input signal and tready is an output signal. When the FIFO memory is not full,
if tvalid 1 is further satisfied, handshake is established, wr _ ptr _ en 1, and writing of data is started. When in use
Or tvalid is 0, the handshake fails, and writing of data is stopped. When the FIFO memory is not empty,
if C _ out is still further satisfied, rd _ ptr _ en is 1, and the reading of data is started. When in use
Or C _ out is 0, the reading of data is stopped. Additionally, tvalid and
generating wr _ ptr _ en by
Generates rd _ ptr _ en together with C _ out and satisfies
clkinBeing a module internal clock, clkoutIs a module external clock.
In fig. 12, the protocol output interface of the AXIS is the master device side of the IP core, where tvalid is an output signal and tready is an input signal. When the FIFO memory is not full,
if data _ en is still further satisfied, wr _ ptr _ en is 1, and writing of data is started. When in use
Or data _ en is 0, the writing of data is stopped. When the FIFO memory is not empty,
if the linear is still further satisfied, 1, a handshake is established, rd _ ptr _ en is 1, and the reading of data is started. When in use
Or when the read is 0, the handshake fails and the reading of data is stopped. In addition, data _ en and
generating wr _ ptr _ en through tread and
together generate rd _ ptr _ en and satisfy
Fig. 13 and fig. 14 are hardware implementation result diagrams of key matching and key mismatching, respectively, and a method and an apparatus for implementing video chaotic secure communication based on Virtex-7 are implemented according to the selected hardware platform and the adopted design method.
The video chaotic secret communication device provided by the invention realizes the purpose of carrying out real-time chaotic secret communication on video data on a hardware platform based on a high-end FPGA platform technology, has the advantages of higher safety, better real-time performance, low design difficulty and the like, is favorable for accelerating the daily application and commercial popularization of the video chaotic secret communication technology, and has great commercial application value.
Example two
The second embodiment of the invention provides a video chaotic secret communication method. The method is executed by the video chaotic secret communication device provided by the embodiment of the invention, the video chaotic secret communication device comprises a video sending end and a video receiving end, the video sending end comprises a first FPGA chip, an original video data buffer area, a data sending device, a camera and a first display, and the video receiving end comprises a second FPGA chip, a decrypted video data buffer area, a data receiving device and a second display; the first FPGA chip comprises a video acquisition module, a first HDMI controller, a first VDMA, a second VDMA, a chaotic encryption module and a network transmission module; the second FPGA chip comprises a second HDMI controller, a third VDMA, a chaotic decryption module and a network receiving module; the method comprises the following steps:
the video acquisition module controls the camera to acquire video data and stores the video data to the original video data buffer area through the first VDMA;
the first HDMI controller acquires original video data stored in the original video data buffer area through the first VDMA and displays the original video data through the first display;
the chaotic encryption module acquires the original video data stored in the original video data buffer area through the second VDMA, and encrypts the original video data based on a preset chaotic encryption algorithm to obtain encrypted data; the encrypted data are sent to the data sending device through the network sending module and forwarded to the data receiving device by the data sending device;
the network receiving module acquires the encrypted data transmitted from the data receiving device and sends the encrypted data to the chaotic decryption module;
the chaotic decryption module decrypts the encrypted data based on a preset chaotic decryption algorithm to obtain corresponding decrypted data, and stores the decrypted data in the decrypted video data buffer area through the third VDMA;
the second HDMI controller obtains the decrypted data stored in the decrypted video data buffer through the third VDMA, and displays the decrypted data on the second display.
Preferably, the data sending device and the data receiving device each include a network daughter board and a router.
Preferably, the chaotic encryption module and the chaotic decryption module both adopt an AXIS protocol as an interface protocol.
Preferably, the signals involved in the AXIS protocol include tvalid, tready, tdata [31:0], tuser, and tlast;
wherein tvalid and tdata [31:0] are handshake signals between modules, tuser is a data effective handshake signal output by a previous-stage module to a next-stage module, tlast is a handshake signal output by the next-stage module to the previous-stage module for data preparation, tdata [31:0] is a video data signal, tuser is a frame start signal, and tlast is a line end signal.
Preferably, the signal channels in the chaotic encryption module and the chaotic decryption module are parallel channels;
parallel channels in the chaotic encryption module and the chaotic decryption module respectively process tdata [31:0], tuser, tlast and data _ en;
each signal channel in the chaotic encryption module and the chaotic decryption module is provided with a multi-stage pipeline structure, each stage of pipeline adopts a D trigger to buffer data, and the strict time sequence relation between the channels is kept through the multi-stage pipeline technology.
The video chaotic secret communication method provided by the invention realizes the purpose of real-time chaotic secret communication of video data on a hardware platform based on a high-end FPGA platform technology, has the advantages of higher safety, better real-time performance, low design difficulty and the like, is favorable for accelerating the daily application and commercial popularization of the video chaotic secret communication technology, and has great commercial application value.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (8)
1. A video chaotic secret communication device is characterized by comprising a video sending end and a video receiving end, wherein the video sending end comprises a first FPGA chip, an original video data buffer area, a data sending device, a camera and a first display, and the video receiving end comprises a second FPGA chip, a decrypted video data buffer area, a data receiving device and a second display;
the first FPGA chip comprises a video acquisition module, a first HDMI controller, a first VDMA, a second VDMA, a chaotic encryption module and a network transmission module;
the video acquisition module is used for controlling the camera to acquire video data and storing the video data to the original video data buffer area through the first VDMA;
the first HDMI controller is configured to obtain, through the first VDMA, original video data stored in the original video data buffer, and display the original video data through the first display;
the chaotic encryption module is used for acquiring the original video data stored in the original video data buffer area through the second VDMA, and encrypting the original video data based on a preset chaotic encryption algorithm to obtain encrypted data; the network sending module is used for sending the encrypted data to the data sending device and forwarding the encrypted data to the data receiving device by the data sending device;
the second FPGA chip comprises a second HDMI controller, a third VDMA, a chaotic decryption module and a network receiving module;
the network receiving module is used for acquiring the encrypted data transmitted from the data receiving device and sending the encrypted data to the chaotic decryption module;
the chaotic decryption module is used for decrypting the encrypted data based on a preset chaotic decryption algorithm to obtain corresponding decrypted data, and storing the decrypted data in the decrypted video data buffer area through the third VDMA;
the second HDMI controller is configured to obtain the decrypted data stored in the decrypted video data buffer through the third VDMA, and display the decrypted data on the second display;
the data sending device and the data receiving device respectively comprise a network daughter board and a router;
the external working clocks of the network sending module and the network receiving module are 100MHZ, and the frequency of the working clocks is provided by a Virtex-7 platform; the internal working clock frequency of the network sending module and the network receiving module is 125MHZ, the working clock frequency is provided by the network daughter board, and the asynchronous FIFO is adopted to carry out synchronous processing on the video data;
the mathematical expression of the chaotic encryption algorithm is as follows:
in the formula (I), the compound is shown in the specification,
the kth iteration data, tdata _ e [23:16], which is the encryption side state variable](k)、tdata_e[15:8](k)、tdata_e[7:0](k) Tdata _ e [23:16, respectively]、tdata_e[15:8]、tdata_e[7:0]The k-th iteration data of (1), 2,3 …, where k is the number of iterations; sigma5=1.6×1017、σ6=1.7×1017、σ7=1.1×1017、εi=226(i ═ 5,6,7), key parameter aij(i, j ═ 1,2,3, 4, 5,6,7) sizes are:
in the formulas (1) to (2), the state variables and the key parameters are represented by a signed 64-bit Q32 fixed-point format, and fixed-point operation is realized through a special FPGA multiplier and an adder;
according to the formula (1), the original video data tdata [23:16], tdata [15:8] and tdata [7:0] are encrypted to obtain encrypted video data tdata _ e [23:16], tdata _ e [15:8] and tdata _ e [7:0], and the mathematical expressions are as follows:
wherein the iterative sequence s is encryptedi(k) The mathematical expressions (i ═ 5,6,7) are respectively:
the mathematical expression of the chaotic decryption algorithm is as follows:
in the formula (I), the compound is shown in the specification,
is the k-th iteration data of the state variable at the decryption end, wherein k is 1,2,3 … is the iteration number, tdata _ e [23: 16)](k)、tdata_e[15:8](k)、tdata_e[7:0](k) Respectively encrypting data of red, green and blue three primary colors;
according to the formula (5), the encrypted video data tdata _ e [23:16], tdata _ e [15:8] and tdata _ e [7:0] are decrypted to obtain decrypted video data tdata _ d [23:16], tdata _ d [15:8] and tdata _ d [7:0], and the mathematical expression is as follows:
wherein the iterative sequence of decryption
The mathematical expression of is:
2. the video chaotic secret communication device according to claim 1, wherein the chaotic encryption module and the chaotic decryption module both use an AXIS protocol as an interface protocol.
3. The video chaotic secret communication apparatus according to claim 2, wherein the signals related to the AXIS protocol include tvalid, tready, tdata [31:0], tuser, and tlast;
wherein tvalid and tdata [31:0] are handshake signals between modules, tuser is a data effective handshake signal output by a previous-stage module to a next-stage module, tlast is a handshake signal output by the next-stage module to the previous-stage module for data preparation, tdata [31:0] is a video data signal, tuser is a frame start signal, and tlast is a line end signal.
4. The video chaotic secret communication device according to claim 3, wherein signal channels in the chaotic encryption module and the chaotic decryption module are parallel channels;
parallel channels in the chaotic encryption module and the chaotic decryption module respectively process tdata [31:0], tuser, tlast and data _ en;
each signal channel in the chaotic encryption module and the chaotic decryption module is provided with a multi-stage pipeline structure, each stage of pipeline adopts a D trigger to buffer data, and the strict time sequence relation between the channels is kept through the multi-stage pipeline technology.
5. A video chaotic secret communication method is executed by adopting the video chaotic secret communication device disclosed by any one of claims 1 to 4, the video chaotic secret communication device comprises a video sending end and a video receiving end, the video sending end comprises a first FPGA chip, an original video data buffer area, a data sending device, a camera and a first display, and the video receiving end comprises a second FPGA chip, a decrypted video data buffer area, a data receiving device and a second display; the first FPGA chip comprises a video acquisition module, a first HDMI controller, a first VDMA, a second VDMA, a chaotic encryption module and a network transmission module; the second FPGA chip comprises a second HDMI controller, a third VDMA, a chaotic decryption module and a network receiving module; characterized in that the method comprises:
the video acquisition module controls the camera to acquire video data and stores the video data to the original video data buffer area through the first VDMA;
the first HDMI controller acquires original video data stored in the original video data buffer area through the first VDMA and displays the original video data through the first display;
the chaotic encryption module acquires the original video data stored in the original video data buffer area through the second VDMA, and encrypts the original video data based on a preset chaotic encryption algorithm to obtain encrypted data; the encrypted data are sent to the data sending device through the network sending module and forwarded to the data receiving device by the data sending device;
the network receiving module acquires the encrypted data transmitted from the data receiving device and sends the encrypted data to the chaotic decryption module;
the chaotic decryption module decrypts the encrypted data based on a preset chaotic decryption algorithm to obtain corresponding decrypted data, and stores the decrypted data in the decrypted video data buffer area through the third VDMA;
the second HDMI controller acquires the decrypted data stored in the decrypted video data buffer through the third VDMA and displays the decrypted data through the second display;
the data sending device and the data receiving device respectively comprise a network daughter board and a router;
the external working clocks of the network sending module and the network receiving module are 100MHZ, and the frequency of the working clocks is provided by a Virtex-7 platform; the internal working clock frequency of the network sending module and the network receiving module is 125MHZ, the working clock frequency is provided by the network daughter board, and the asynchronous FIFO is adopted to carry out synchronous processing on the video data;
the mathematical expression of the chaotic encryption algorithm is as follows:
in the formula (I), the compound is shown in the specification,
the kth iteration data, tdata _ e [23:16], which is the encryption side state variable](k)、tdata_e[15:8](k)、tdata_e[7:0](k) Tdata _ e [23:16, respectively]、tdata_e[15:8]、tdata_e[7:0]The k-th iteration data of (1), 2,3 …, where k is the number of iterations; sigma5=1.6×1017、σ6=1.7×1017、σ7=1.1×1017、εi=226(i ═ 5,6,7), key parameter aij(i, j ═ 1,2,3, 4, 5,6,7) sizes are:
in the formulas (1) to (2), the state variables and the key parameters are represented by a signed 64-bit Q32 fixed-point format, and fixed-point operation is realized through a special FPGA multiplier and an adder;
according to the formula (1), the original video data tdata [23:16], tdata [15:8] and tdata [7:0] are encrypted to obtain encrypted video data tdata _ e [23:16], tdata _ e [15:8] and tdata _ e [7:0], and the mathematical expressions are as follows:
wherein the iterative sequence s is encryptedi(k) The mathematical expressions (i ═ 5,6,7) are respectively:
the mathematical expression of the chaotic decryption algorithm is as follows:
in the formula (I), the compound is shown in the specification,
is the k-th iteration data of the state variable at the decryption end, wherein k is 1,2,3 … is the iteration number, tdata _ e [23: 16)](k)、tdata_e[15:8](k)、tdata_e[7:0](k) Respectively encrypting data of red, green and blue three primary colors;
according to the formula (5), the encrypted video data tdata _ e [23:16], tdata _ e [15:8] and tdata _ e [7:0] are decrypted to obtain decrypted video data tdata _ d [23:16], tdata _ d [15:8] and tdata _ d [7:0], and the mathematical expression is as follows:
wherein the iterative sequence of decryption
The mathematical expression of is:
6. the video chaotic secret communication method according to claim 5, wherein the chaotic encryption module and the chaotic decryption module both use an AXIS protocol as an interface protocol.
7. The video chaotic secret communication method according to claim 6, wherein the signals related to the AXIS protocol include tvalid, tready, tdata [31:0], tuser, and tlast;
wherein tvalid and tdata [31:0] are handshake signals between modules, tuser is a data effective handshake signal output by a previous-stage module to a next-stage module, tlast is a handshake signal output by the next-stage module to the previous-stage module for data preparation, tdata [31:0] is a video data signal, tuser is a frame start signal, and tlast is a line end signal.
8. The video chaotic secret communication method according to claim 7, wherein signal channels in the chaotic encryption module and the chaotic decryption module are parallel channels;
parallel channels in the chaotic encryption module and the chaotic decryption module respectively process tdata [31:0], tuser, tlast and data _ en;
each signal channel in the chaotic encryption module and the chaotic decryption module is provided with a multi-stage pipeline structure, each stage of pipeline adopts a D trigger to buffer data, and the strict time sequence relation between the channels is kept through the multi-stage pipeline technology.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910053773.9A CN109788347B (en) | 2019-01-21 | 2019-01-21 | Video chaotic secret communication device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910053773.9A CN109788347B (en) | 2019-01-21 | 2019-01-21 | Video chaotic secret communication device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109788347A CN109788347A (en) | 2019-05-21 |
| CN109788347B true CN109788347B (en) | 2021-09-21 |
Family
ID=66501004
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910053773.9A Expired - Fee Related CN109788347B (en) | 2019-01-21 | 2019-01-21 | Video chaotic secret communication device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109788347B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112217967B (en) * | 2019-07-12 | 2022-04-12 | 杭州海康威视数字技术股份有限公司 | Network camera |
| CN111064740B (en) * | 2019-12-27 | 2021-09-24 | 郑州信大捷安信息技术股份有限公司 | System and method for encryption and decryption processing of network data packet |
| CN111954062A (en) * | 2020-07-14 | 2020-11-17 | 西安万像电子科技有限公司 | Information processing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107317670A (en) * | 2017-08-08 | 2017-11-03 | 广东工业大学 | A kind of video chaotic secret communication system and method |
| CN107395338A (en) * | 2017-08-30 | 2017-11-24 | 广东工业大学 | Video chaotic secret communication device and method based on non-linear nominal matrix |
| CN107483173A (en) * | 2017-08-30 | 2017-12-15 | 广东工业大学 | A kind of video chaotic secret communication device and method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101527823B (en) * | 2009-04-10 | 2012-10-17 | 南京大学 | Network video monitoring system based on FPGA chaotic encryption |
| PL2681672T3 (en) * | 2011-03-01 | 2016-06-30 | Univ King Abdullah Sci & Tech | Fully digital chaotic differential equation-based systems and methods |
| CN105791853B (en) * | 2016-03-04 | 2018-02-09 | 广东工业大学 | H.264 a kind of embedded video Development of Chaotic Secure Communication Method encrypted after coding |
-
2019
- 2019-01-21 CN CN201910053773.9A patent/CN109788347B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107317670A (en) * | 2017-08-08 | 2017-11-03 | 广东工业大学 | A kind of video chaotic secret communication system and method |
| CN107395338A (en) * | 2017-08-30 | 2017-11-24 | 广东工业大学 | Video chaotic secret communication device and method based on non-linear nominal matrix |
| CN107483173A (en) * | 2017-08-30 | 2017-12-15 | 广东工业大学 | A kind of video chaotic secret communication device and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109788347A (en) | 2019-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109788347B (en) | Video chaotic secret communication device and method | |
| US9596075B2 (en) | Transparent serial encryption | |
| US9898611B2 (en) | Method and apparatus for scrambling a high speed data transmission | |
| CN101969376B (en) | Self-adaptive encryption system and method with semantic security | |
| US10924263B2 (en) | Systems and methods for facilitating iterative key generation and data encryption and decryption | |
| US20060078108A1 (en) | Hardware-based encryption/decryption employing dual ported memory and fast table initialization | |
| EP3276875A1 (en) | Method and apparatus for updating an encryption key | |
| US10965456B2 (en) | Systems and methods for facilitating data encryption and decryption and erasing of associated information | |
| US6873707B1 (en) | Hardware-based encryption/decryption employing cycle stealing | |
| US20030179882A1 (en) | Variable-length/fixed-length data conversion method and apparatus | |
| CN103346878A (en) | Secret communication method based on FPGA high-speed serial IO | |
| Chen et al. | Design and SOPC-based realization of a video chaotic secure communication scheme | |
| US7006634B1 (en) | Hardware-based encryption/decryption employing dual ported key storage | |
| US10860403B2 (en) | Systems and methods for facilitating truly random bit generation | |
| CN107483173A (en) | A kind of video chaotic secret communication device and method | |
| CN107087213A (en) | A kind of system and method for video chaotic secret communication | |
| CN103338447B (en) | A kind of self-access encryption and decryption circuit being applied to short-distance transmission | |
| WO2008017261A1 (en) | High-efficient encryption and decryption processing method for implementing sms4 algorithm | |
| CN106452743A (en) | Communication secret key acquisition method and apparatus and a communication message decryption method and apparatus | |
| CN113922949B (en) | Cryptographic coprocessor based on CLEFIA-SHA3 | |
| US7764614B2 (en) | Multi-mode management of a serial communication link | |
| JP2001024712A (en) | Transmission system, transmitter, receiver and interface device for interface-connecting parallel system with transmitter-receiver of data strobe type | |
| CN108063663B (en) | Video encryption transmission method, device and system | |
| Muzaffar et al. | Lightweight, single-clock-cycle, multilayer cipher for single-channel IoT communication: Design and implementation | |
| CN107395338A (en) | Video chaotic secret communication device and method based on non-linear nominal matrix |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210921 |