CN102868683B - Terminal-to-terminal based voice safety multi-path communication system and method - Google Patents
Terminal-to-terminal based voice safety multi-path communication system and method Download PDFInfo
- Publication number
- CN102868683B CN102868683B CN201210302491.6A CN201210302491A CN102868683B CN 102868683 B CN102868683 B CN 102868683B CN 201210302491 A CN201210302491 A CN 201210302491A CN 102868683 B CN102868683 B CN 102868683B
- Authority
- CN
- China
- Prior art keywords
- terminal
- path
- nodal
- node
- voice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a terminal-to-terminal based voice safety multi-path communication system and method. The end-to-end based voice safety multi-path communication system comprises a plurality of node terminals, a center server and at least three network paths, wherein the plurality of node terminals are respectively a calling terminal, an opposite terminal, a common node and a super node; the calling terminal is in communication connection with the opposite terminal through the network path, the common node and the super node are arranged on the network path, each node terminal comprises a distributed hash table interconnecting module, a voice processing forwarding module, a multi-path searching module and a security module; and the node terminals are mutually communicated through the distributed hash table interconnecting modules and are connected into a terminal-to-terminal network structure with an issuing and searching function. The terminal-to-terminal based voice safety multi-path communication method comprises the following steps of: firstly, partitioning voice into a plurality of data packets after encrypting on a calling end, labeling a sequence of the data packets; and then enabling the data packets to reach the opposite terminal through at least three independent route paths, recombining, decrypting and reducing the data packets according to the serial numbers on the opposite terminal so that the voice is transmitted in multiple paths.
Description
Technical field
The present invention relates to a kind of voice secure multi-path communication system based on end-to-end (P2P, Peer-to-Peer) and method, belong to network voice communication and field of information security technology.
Background technology
Because the environment of the Internet and global ip interconnection is become better and better, the voice communication on network, especially voip technology can make full use of the omnipresent of IP network, cheap advantage, provides more than traditional business, better serves.But, although VoIP has the unrivaled innate advantage of black phone, it has defect equally, easily be subject to impact, the definition of network quality as speech quality and traditional fixed line has gap, service quality can not get ensureing, and wherein the safety problem of VoIP is of crucial importance and urgent problem.
VoIP control protocol conventional at present existing H.323 agreement, SIP agreement, MEGACO agreement and MGCP agreement etc.These control protocols mainly carry out creating, revise and delete connection session, and end points realizes the conversation procedure of foundation and control and other end points.They too not deep restriction for the confidentiality of session, are only generally carry out block encryption to data, and between calling terminal and opposite end are direct end-to-end data packet transmission.This key issue produced is exactly that voice-over-net stream is compared traditional code phone and is easier to be intercepted and captured, even the voice flow after encryption, also all may be intercepted and captured and decrypt.Therefore, hiding voice-over-net stream, or even separating treatment seems particularly important.
Had the technology hidden voice, as DCT domain Information hiding, wavelet domain information are hidden, but these Information Hiding Techniques thoroughly can not solve the possibility of the monitored intercepting of one-way network voice in the past.In multi-path transmission, the open source literature that we find at present mainly contains: Guo Qiang etc. describe a kind of method of multirouting of applying in wireless sensor network and parallel transmission in " the multirouting method for building up of wireless sensor network and parallel data transmission method " (201010228323.8), and do not relate to the multipath safe transmission of IP network voice aspect.And Huawei Company proposes a kind of single current, single current realized between both devices in patent " method of transmitting voice message in multipath, equipment and system " (201010620239.0) backs up and the voice transmission and reception pattern of dual transmitting and receiving.There is following technical problem: two paths transmission are supported at most only at the two ends 1) communicated, and only receive the valid data wherein on; 2) safety problem is not considered, and adopts dual transmitting and receiving mechanism due to it, voice message is copied and transmits on mulitpath simultaneously, add the security risk of the monitored intercepting of speech data.3) the voice transfer problem in less than 2 paths that what it described is under MPRTP mode between two equipment, the voice safety problem in end-to-end multiple spot forwarding multi-path transmission is not set forth.
Summary of the invention
Goal of the invention: the present invention proposes a kind of based on voice secure multi-path communication system and method end to end, and system is by central server, and super node and ordinary node realize safe and reliable voice communication; Method is based on the end to end network basis of distributed hash structure, selector unifies the transmission that more than 3 or 3 network paths causing qos requirement are encrypted voice, ensureing to meet on the basis of voice-over-net time delay, delay variation and packet loss requirement, realizing based on multipath secure voice communication end to end.
Technical scheme: a kind of based on voice secure multi-path communication system end to end, comprises multiple nodal terminal, central server, at least 3 network paths; Described multiple nodal terminal is respectively calling terminal, opposite end, ordinary node and super node; Described calling terminal is communicated to connect by network path and opposite end; Described ordinary node and super node are located on network path; Each nodal terminal includes distributed hashtable interconnecting modules, speech processes forwarding module, multipath searching module and security module; Nodal terminal realizes intercoming mutually by distributed hashtable interconnecting modules, and connects into the end-to-end network infrastructure with issue and function of search; Distributed hashtable interconnection is by the address of each nodal terminal and relevant information by after Hash calculation, forms binary coding, and carries out the interconnection mode of deposit data and search based on binary tree search mode; Described super node is the nodal terminal carrying out data retransmission; Described ordinary node is the nodal terminal not carrying out data retransmission.
Described central server possesses key generator function; Oneself identity id information, when registering, is passed to central server by newly added node terminal, and central server generates private key according to this id information, and the identity of user is as PKI; The private key generated gives newly added node terminal by the passage of safety.
Described speech processes forwarding module for realizing compression, the encryption of nodal terminal voice, and carries out multipath segmentation by maximum safe distance mode, forms the packet that multipath transmits, and identifies packet interpolation sequence number; Maximum safe distance mode refers to voice, divides it and is transmitting without on path, makes in individual paths, remain the alap mode of the intelligibility of speech.
Described speech processes forwarding module also forwards relay voice except the speech processes completing this nodal terminal; The packet received with forwarding mark is carried out data retransmission according to forwarding target by nodal terminal.
Described multipath finds module according to the consistency principle, under the prerequisite ensureing QoS of voice, chooses the good routed path of more than 3 or 3 of consistent performance and opposite end and sets up and converse.
Described security module completes the management of key and security algorithm, comprises and obtains public private key information from central server.
A kind of first after calling terminal is by voice encryption, be divided into multiple packet based on voice secure multi-path communication means end to end, and to multiple packet sequence label; Then described packet is passed through arrival opposite end, at least 3 separated rout ing paths, carry out the recombinating by sequence number, decipher and reduce of packet in opposite end again, realize the multi-path transmission of voice; Wherein, the nodal terminal on path realizes intercoming mutually by distributed hashtable interconnecting modules, and connects into the end-to-end network infrastructure with issue and function of search.
The issue of described Hash table interconnecting modules and search procedure comprise following 7 steps:
Step one: new node terminal through completing registration and after logging in, obtaining the public private key information of oneself on central server;
Step 2: the nodal terminal information that new node terminal is preset from central server obtaining portion subsystem, and these nodal terminals are added as contact person;
Step 3: new node terminal, again by central server or distributed hash interconnecting modules, loads the online information of other contact person's nodal terminals and IP address information etc., and is that online associated person information is stored into local contact database according in storehouse by state;
Step 4: new node terminal sends on-line message to online contact person's nodal terminal, and the address information of oneself is sent over together;
Step 5: new node terminal is by measuring oneself platform computing capability and network condition, and judge oneself to bear super node role according to measurement result or as ordinary node, then the information of oneself is comprised user name, IP address, node property, issuing time etc., be published on other nodal terminals by distributed hash list structure through network path;
Step 6: new node terminal can carry out search to other contact persons and calling by distributed hash list structure, and other nodal terminals also can be searched for new node by distributed hash list structure and call out;
Step 7: when there being nodal terminal to roll off the production line, offline information is sent to central server and its online connection people nodal terminal by this nodal terminal that rolls off the production line, and exits distributed hashtable structural network.
By described packet by arrival opposite end, at least 3 separated rout ing paths, wherein at least 3 paths foundation and select step as follows:
A) any node terminal all has 3 routing tables for the information of memory node terminal and introductory path, the nodal terminal that the first routing table R1 storage networking situation is good respectively, secondary route table R2 storing communication path candidate, the 3rd routing table R3 stores the path of more than 3 articles or 3 articles being used for present communications;
B) after calling terminal A nodal terminal logs in and reaches the standard grade, inquire about and test the data retransmission quality of local contact database according to nodal terminal each in storehouse, on the basis ensureing data retransmission quality, the nodal terminal that network condition is good is stored in the first routing table R1, when communicating for calling terminal A nodal terminal, forwards speech data;
If c) in calling terminal A nodal terminal, in the first routing table R1, enabled node is less, lower than setting threshold, then start the super node in distributed hashtable interconnection search distributed hash network, supplement new super node information stored in the first routing table R1, make the first routing table R1 interior joint terminal arrive predetermined threshold value and then stop search;
D), during calling terminal A nodal terminal calling opposite end B nodal terminal, first by the address information of local contact database according to library lookup opposite end B, if do not find, then the information of opposite end B is obtained by the function of search of distributed hash list structure;
E) calling terminal A sends pathfinding demand signalling to the first routing table R1 interior joint, and pathfinding demand signalling is used for other nodal terminal transmit path test request, measures the accessibility and lag characteristic that arrive object opposite end B; If after the nodal terminal C in the first routing table R1 receives the pathfinding demand signalling of calling terminal A, the work of repeated call end A, sends to other nodal terminals in the first routing table R1 of oneself by pathfinding demand signalling;
After nodal terminal C1, C2, C3 in the first routing table R1 of f) nodal terminal C receive pathfinding demand signalling, test the path situation that self arrives destination node terminal B and opposite end B, and by information feed back such as time delay, delay variation and packet loss to nodal terminal C; Nodal terminal C, according to after the feedback information received, compares the path delay of time of path C-C1-B, C-C2-B, C-C3-B, and the path of the best such as C-C1-B also chooses and feeds back to calling terminal A by delay variation and packet loss situation;
G) calling terminal A receives optimal path C-C
1after-B information, judge the fullpath (A-C-C from calling terminal A to optimal path
1-B) whether information meet the time delay of the reasonable voice communication of setting, and the numerical requirements such as delay variation and packet loss, meets the requirements, and is deposited in secondary route table R2;
H) kindred circumstances, in the first routing table R1 of calling terminal A, other nodal terminals test out respective optimal path respectively by above scheme, ensure that these paths do not intersect as far as possible simultaneously, by the path delay of time after being completed, delay variation and packet loss situation feed back to calling terminal A, meet the path of default reasonable voice communication condition stored in secondary route table R2;
I) after the whole node tests in the first routing table R1, relatively each paths situation in secondary route table R2, selecting paths time delay, the better performances such as delay variation and packet loss and the close path of more than 3 or 3 of performance are as the path of this voice call communication, and this forward-path of more than 3 or 3 will be stored in the 3rd routing table R3;
J) the first routing table R1 fixed time test also upgrades nodal terminal information wherein, and have new contact person's nodal terminal to reach the standard grade and also test, contact person's nodal terminal rolls off the production line, and will delete in time;
K) after having nodal terminal to roll off the production line in the 3rd routing table R3, then change suitable nodal terminal in time, both candidate nodes terminal is selected from secondary route table R2, also fixed time test and the renewal of the nodal terminal in secondary route table R2.
Described judgement newly added node terminal is the general standard of super node, nodal terminal IP address is public network IP address, the comprehensive evaluation value of computing capability, the network bandwidth and memory space exceedes setting threshold, otherwise is ordinary node, and ordinary node does not carry out data retransmission;
After each communication node terminal receives link pathfinding demand signalling, the measurement of link-quality comprises the network attainability measured from self to destination node, network delay value and delay variation value and packet loss numerical value, then carry out comprehensive descision by these values and obtain link evaluating;
During nodal terminal communication, transmit leg can be interrupted the VoP generating a certain size, each packet is encrypted by the symmetric key shared by nodal terminal, and then the packet after encryption is divided into the parcel of more than 3 or 3, be sent to opposite end respectively by the path of more than 3 or 3, and ensure continuous print one section of voice packet not to be sent by same path; Voice packet is decrypted after receiving the voice packet of each paths by opposite end, then voice packet is carried out again arranged in sequence, combination, and then decoding recovers primitive sound; The key of encrypted voice data time the key agreement mechanisms of communicating pair identity-based is consulted to obtain per call; Signaling between calling terminal A and opposite end B and key protocol are consulted transmission and will be transmitted based on single-link.
Before carrying out multipath voice communication, the path selected in 3rd routing table R3, port numbers need be sent to called nodal terminal (opposite end) by the nodal terminal (calling terminal) made a call, packet, after encryption, directly sends to called nodal terminal by fixing port numbers; Equally, if change path in communication, the path after replacing, port numbers are also sent to called nodal terminal by the nodal terminal made a call.
Beneficial effect: compared with prior art, the present invention by selecting more than 3 or 3 communication paths of consistency the best from mulitpath, and utilize this path of more than 3 or 3 to be encrypted VoP transmission simultaneously, on the basis ensureing voice QoS, achieve sound end-to-end safe transmission.And by independently 3 or 3 be encrypted the transmission of voice with upper pathway, greatly reduce the possibility of the monitored intercepting of voice-over-net.A road be monitored or be intercepted to potential listener often can only, the voice encryption fragment of two tunnels or part, and be difficult to recover raw tone completely, the fail safe of end-to-end voip communication obtains great guarantee.
Accompanying drawing explanation
Fig. 1 is the systematic schematic diagram of the embodiment of the present invention;
Fig. 2 is the nodal terminal composition frame chart of the embodiment of the present invention;
Fig. 3 is the distributed hashtable interconnection process schematic diagram of the embodiment of the present invention;
Fig. 4 is that the multipath of the embodiment of the present invention finds process schematic;
Fig. 5 is the voice encryption processing method schematic diagram of the embodiment of the present invention;
Fig. 6 is the key management of the embodiment of the present invention and consults schematic diagram.
Embodiment
Below in conjunction with specific embodiment, illustrate the present invention further, these embodiments should be understood only be not used in for illustration of the present invention and limit the scope of the invention, after having read the present invention, the amendment of those skilled in the art to the various equivalent form of value of the present invention has all fallen within the application's claims limited range.
As seen from Figure 1, method of the present invention is set up based on these 3 kinds of equipment of super node, ordinary node and central server.Calling terminal A is communicated to connect by network path and opposite end B; Ordinary node and super node are located on network path.
In the schematic diagram of Fig. 1, calling terminal A will carry out based on end-by-end security voice multi-path communications with opposite end B.Through the negotiation at two ends, calling terminal A have selected while 3 paths are encrypted voice and transmits.Communication path I is made up of super node C and super node C1; Communication path II is made up of super node D and super node D1; Communication path III is then made up of super node E and super node E1.
Super node is by having public network IP address, and the enough strong node of computing capability, the network bandwidth and storage capacity is served as.Do not possess the node of public network IP address or do not reach the nodal terminal of preset requirement then as ordinary node in computing capability, the network bandwidth and storage capacity etc.Calling terminal A and opposite end B can be super node, also can be ordinary node.Super node can complete data retransmission function, and ordinary node does not possess such ability.
The registration of all nodes is responsible for by central server, logs in, and generates the whole network public safety parameter simultaneously and carries out the distribution of public and private key, management, inquiry work for each user.When new nodal terminal accesses, first need be registered to central server, each node has a pair public and private key, is distributed by center service management.
The nodal terminal of new registration safeguards that a transfer quality numerical value is to represent the quality height of forward node terminal.When the forwarding work providing speech data, be successfully completed and be once forwarded to sign off and then increase transfer quality value 1, having failed is forwarded to sign off and stops, and reduces transfer quality value 1.
Fig. 2 gives the composition of each functional module on nodal terminal.Nodal terminal at least has distributed hashtable interconnecting modules, security module, and multipath finds module and speech processes forwarding module.
Distributed hashtable interconnecting modules on each nodal terminal sets up the interconnection structure issued and search for by distributed hash structural table algorithm, the ID of each nodal terminal and relevant information after Hash process, become each end points on binary tree structure, then by quick binary tree search algorithm realization to the quick search of each node ID and address information etc.
Security module completes the key of nodal terminal and the management of security algorithm, comprises and to communicate with central server 5 and to obtain public private key information.
Multipath is found module and is closed on super node database according to what each nodal terminal stored, find packet loss, time delay and delay variation performance good, and the path of more than 3 or 3 that consistency is good is set up reply and is consulted, for follow-up audio call is set up ready.
Speech processes forwarding module, except realizing relay data forwarding capability, also realizes the compress speech of this nodal terminal, encryption, and carries out multipath segmentation by maximum safe distance mode, forms the packet that multipath transmits, and adds sequence number and identify; Maximum safe distance refers to voice, divides it and is transmitting without on path, makes in individual paths, remain the intelligibility of speech low as far as possible.
Can intercom mutually between above-mentioned each module, carry out the transmission of information and realize cooperation mutually.
Fig. 3 gives issue based on the Hash table interconnecting modules in end-to-end speech secure multi-path communication means and search procedure, and it comprises following 7 steps:
201: during the access of new node terminal, on central server, first complete registration and log in; Meanwhile, by consulting to obtain oneself public private key information with central server;
202: the information of the nodal terminal that new node terminal is preset from central server obtaining portion subsystem, and these nodal terminals are added as contact person;
203: new node terminal passes through central server or distributed hash interconnecting modules, the online information of loading contact person nodal terminal and IP address information etc., and be that online associated person information is stored into local contact database according in storehouse by state;
204: new node terminal sends on-line message to online contact person's nodal terminal, and the address information of oneself is sent over together;
205: new node terminal is by measuring oneself platform computing capability and network condition, and judge oneself to bear super node role according to measurement result or as ordinary node, then the information of oneself is comprised user name, IP address, node property, issuing time etc., by distributed hash list structure by Web Publishing on other nodal terminals;
206: new node terminal can carry out search to other contact persons and calling by distributed hash list structure, and other nodal terminals also can be searched for by distributed hash list structure new node terminal and call out;
207: when there being nodal terminal to roll off the production line, offline information is sent to central server and its online connection people nodal terminal by this nodal terminal, exits distributed hashtable structural network.
Fig. 4 gives the multipath that the present invention is based in end-by-end security voice multi-path communications method and finds process schematic, and the step that multipath is found is as follows:
A) any node terminal all has 3 routing tables for the information of memory node terminal and introductory path, that R1 shows the good nodal terminal of storage networking situation respectively, R2 shows storing communication path candidate, and R3 table stores the path of more than 3 or 3 being used for present communications;
B) after calling terminal A nodal terminal logs in and reaches the standard grade, inquire about and test the data retransmission quality of local contact database according to nodal terminal each in storehouse, on the basis ensureing communication data transfer quality, the nodal terminal meeting default QoS condition is stored in table R1, when communicating for calling terminal A, forwards speech data.Such as: calling terminal A uses ping test local contact database according to the network condition of storehouse interior joint terminal to oneself, according to the time delay that ping returns, the time delay of calculating path, delay variation and packet loss situation, while query node terminal transfer quality value.Such as, time delay lower than 50ms, shake lower than 10ms, without packet loss, transfer quality value higher than 50 and idle available nodal terminal will be stored in and show in R1.
If it is less c) to show enabled node terminal in R1 in calling terminal A, lower than setting threshold, then start the super node in distributed hashtable search structure distributed hash network, supplement new super node information stored in R1, make R1 interior joint terminal arrive threshold value and then stop search;
D), when calling terminal A calls out opposite end B, first by the address information of local contact database according to library lookup opposite end B, if do not find, then the information of opposite end B is obtained by the function of search of distributed hash list structure;
E) calling terminal A sends pathfinding demand signalling to table R1 interior joint terminal, pathfinding demand signalling is used for other nodal terminal transmit path test request, measure and arrive destination node terminal B(namely, opposite end B) accessibility and the characteristic such as time delay, delay variation and packet loss; If after the nodal terminal C in R1 receives the pathfinding demand signalling of calling terminal A, the work of repeated call end A, sends to other nodal terminals in the R1 of oneself by pathfinding demand signalling;
After nodal terminal C1, C2, C3 in the R1 of f) nodal terminal C receive pathfinding demand signalling, test the path situation that self arrives object opposite end B, comprise time delay, shake, packet loss and the nodal terminal transfer quality of self, and by information feed back such as time delay, delay variation and packet loss to nodal terminal C; Nodal terminal C, according to after the feedback information received, compares the path situation of path C-C1-B, C-C2-B, C-C3-B and is chosen and feed back to calling terminal A by best path such as C-C1-B; Such as, measuring process comprises the situation of time delay, shake, packet loss and nodal terminal transfer quality value, with accumulation time delay lower than 150ms, accumulated jitter lower than 15ms, without packet loss, and forward node terminal quality is not less than 50 for prerequisite, the path selecting time delay little feeds back to calling terminal A, the information then returned without suitable path do not satisfied condition;
G) after calling terminal A receives path C-C1-B information, judge whether the path complete path information of A-C-C1-B meets the time delay of the reasonable voice communication of setting, and the numerical requirements such as delay variation and packet loss, meets the requirements, be deposited in table R2;
H) kindred circumstances, in the table R1 of calling terminal A, other nodal terminals test out respective optimal path respectively by above scheme, ensure that these paths do not intersect as far as possible simultaneously, by the path delay of time after being completed, delay variation and packet loss situation feed back to calling terminal A, meet the path of default reasonable voice communication condition stored in table R2; Such as, in the table R1 of nodal terminal A, other nodal terminals D, E, F etc. test out respective path A-D-D1-B, A-D-D2-B, A-E-E1-B, A-E-E2-B, A-F-F1-B, A-F-F2-B respectively by above scheme, then select wherein qualified path A-D-D1-B, A-E-E2-B, A-F-F1-B, after being completed, path situation is fed back to nodal terminal A;
I) after the whole nodal terminals in R1 are completed, relatively each paths situation in R2, selecting paths time delay, delay variation and packet loss better performances and the close path of more than 3 or 3 of performance are as the path of this voice call communication, and this forward-path of more than 3 or 3 will be stored in table R3; Such as, R2 interior joint terminal is divided into each group according to time delay, difference be no more than 20ms be then one group by them stored in R3, as this communication path;
If 3 paths meeting above-mentioned condition cannot be found out in R2, or total path number is not less than 3, then grouping difference condition is expanded and be twice as 40ms; If still cannot find out suitable group, then the condition that differs continues double, until find out;
If 3 paths meeting above-mentioned condition cannot be found out in R2, and total path number is lower than 3, then the time delay in test condition and delay variation can also be required to expand, such as wherein time delay absolute value is set to 200ms, packet loss is set to and is not less than 5%, again searching route; If still cannot find out, condition continues to increase, until find out;
After finding these communication paths, notify the forward node terminal of this 3 paths, latch node terminal, in order to avoid taken by other nodal terminals;
Calling terminal A directly sends to opposite end B by fixing port numbers by after the public key encryption of 3 paths, port numbers opposite end B; Opposite end B receives, and after deciphering, it judges; If refusal, then sign off; If receive, communicating pair is then consulted to obtain this symmetric key communicated for encrypted voice data bag by the Bilinear map key agreement mechanisms of identity-based, and then calling terminal A brings into use 3 paths to communicate with opposite end B;
J) show R1 fixed time test and upgrade nodal terminal information wherein, have new contact person's nodal terminal to reach the standard grade and also test, contact person's nodal terminal rolls off the production line, and will delete in time; Such as, table R1 is tested once to the situation of wherein nodal terminal for every 5 minutes, table R2 is tested once to the situation of wherein nodal terminal for every 2 minutes, the situation of testing once wherein path for every 30 seconds is then needed for path in table R3, when nodal terminal rolls off the production line if having in R3, path quality declines temporarily, then from R2, select suitable path to carry out substitute at once change;
K) after showing have nodal terminal to roll off the production line in R3, then change suitable nodal terminal in time, both candidate nodes terminal is selected from R2 table, and the nodal terminal in R2 is fixed time test and renewal also.
The voice encryption/decryption processing procedure of the method for the invention is given in Fig. 5.At calling terminal A, voice are sampled, quantize and encode and compress after, become a series of packet voice data.Such as, if adopt the compression algorithm of the 4800bps of MELP, then every 20ms obtains a 12bytes compressed encoding information.Speech data after coding will carry out grouping adjustment according to sequence number, encryption, and the process of sequence number mark obtains encrypted packets.What consult out according to two ends is that employing 3 path or more than 3 number of path carry out grouping adjustment, encryption and mark process.Obtain encrypted packets 1, encrypted packets 2 and encrypted packets 3 etc.Then, the multipath passage by consulting between calling terminal A and opposite end B carries out data input and data output.Encrypted packets 1 is transmitted on path 1; Encrypted packets 2 is transmitted on path 2; And encrypted packets 3 is transmitted on path 3.
At receiving terminal, opposite end B receive from mulitpath transmit receive packet after, first buffering get up.Then reset according to sequence number, be then decrypted and adjustment of dividing into groups, finally recover the packet voice data of the restructuring by sequence number.
Voice encryption key between calling terminal A and opposite end B had been consulted by communicating pair by the key agreement mechanisms of identity-based before call.Meanwhile, from opposite end B to calling terminal A, the transmission of the multipath encrypted speech in direction is still carried out based on this link paths selected equally, and the encryption and decryption key agreement that encryption and decryption key is consulted to B direction, opposite end with calling terminal A.
When terminating communication, calling terminal A will empty table R2 and R3, and notification path interior joint terminal communication simultaneously terminates, and discharges path, improve own node terminal transfer quality value.
Fig. 6 gives key management based on voice secure multi-path communication means end to end and negotiations process.Key management completes primarily of central server, and cipher key agreement process adopts the key agreement mechanisms based on user identity, and wherein can adopt the pattern based on Bilinear map.In figure 6,
Central server just creates when whole system is set up and discloses the parameter <G of system
1, G
2,
e,
q,
p,
p pub , H
1, H>, wherein G
1be addition cyclic group, its generator is
p;
e() is Bilinear map computing; Q is G
1base.Central server Stochastic choice random number
s, calculate
p pub =
sP, wherein s is public private key, is retained in central server, underground; And
p pub can disclosed public PKI.A strong cipher hash function H and H also selected by central server
1, wherein H
1: { 0,1}
n× G
1→ G
1.Then, step is as follows:
401: establish the user identity of calling terminal A to be ID
a, ID
acan be that other users disclosed can know.And its oneself generation private key is x
a, then by ID
aand x
awarp
p pub after encryption, be transferred to central server.
402: central server is according to the ID received
aand x
a, generate the PKI of calling terminal A to P
a=<X
a, Y
a>, wherein X
a=x
a p, Y
a=x
a sP.Then Q is calculated
a=H
1(ID
a|| P
a), and obtain D
a=
sq
a.Central server is by D
athrough X
aafter encryption, send it back to calling terminal A together with other information.
403: the processing procedure of same opposite end B is as described in 401.If the user identity of opposite end B is ID
b, ID
bcan be that other users disclosed can know.And its oneself generation private key is x
b, then by ID
band x
bwarp
p pub after encryption, be transferred to central server.
404: central server is according to the ID received
band x
b, generate the PKI of opposite end B to P
b=<X
b, Y
b>, wherein X
b=x
b p, Y
b=x
b sP.Then Q is calculated
b=H
1(ID
b|| P
b), and obtain D
b=
sq
b.Central server is by D
bthrough X
bafter encryption, send it back to opposite end B together with other information.
The key management step of above-mentioned 401 to 402, when each new node access, just implements and completes at once after registration logs in.Then each node will obtain its oneself public private key pair.Such as node A, PKI is to being P
a=<X
a, Y
a>, private key is S
a=x
ad
a=x
a sq
a=x
a sh
1(ID
a|| P
a).
After per call, before call, the cipher key agreement process of following steps between calling terminal A and opposite end B, to be carried out.
405: calling terminal A from producing a random number a, and produce a reply identifier TS according to per call situation.Then by [ID
a, TS, T
a=a
p, P
a] send to opposite end B.
406: after receiving 405, opposite end B same self-generatings random number b, then by [ID
b, TS, T
b=b
p, P
b] send to calling terminal A.
Then calling terminal A generates KA
1=
e(S
a, T
b)
e(Q
b, aY
b), KA
2=(ID
a|| ID
b|| aT
b|| x
ax
b), speech data encryption and decryption key SK when at every turn being conversed
aB=H (T
a|| T
b|| KA
1|| KA
2).
Equally, opposite end generates KB
1=
e(S
b, T
a)
e(Q
a, bY
a), KB
2=(ID
a|| ID
b|| bT
a|| x
bx
a), speech data encryption and decryption key SK when at every turn being conversed
bA=H (T
a|| T
b|| KB
1|| KB
2).
SK can be proved out
aB=SK
bA, namely negotiated consistent encryption and decryption key.And the benefit of key agreement to resist key substitution attack like this, possess and improve forward security and temporary key fail safe.
A passage in multi-path communications passage by selecting carries out by the communication process between calling terminal A and opposite end B between above-mentioned 405 and 406 steps.
The foregoing is only better embodiment of the present invention; protection scope of the present invention is not limited with above-mentioned execution mode; within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (6)
1., based on a voice secure multi-path communication system end to end, it is characterized in that: comprise multiple nodal terminal, central server, at least 3 network paths; Described multiple nodal terminal is respectively calling terminal A, opposite end B, ordinary node and super node; Described calling terminal A is communicated to connect by network path and opposite end B; Described ordinary node and super node are located on network path; Each nodal terminal includes distributed hashtable interconnecting modules, speech processes forwarding module, multipath searching module and security module; Nodal terminal realizes intercoming mutually by distributed hashtable interconnecting modules, and connects into the end-to-end network infrastructure with issue and function of search; Distributed hashtable interconnection is by the address of each nodal terminal and relevant information by after Hash calculation, forms binary coding, and carries out the interconnection mode of deposit data and search based on binary tree search mode; Described super node is the nodal terminal carrying out data retransmission; Described ordinary node is the nodal terminal not carrying out data retransmission;
Described central server comprises key generator; Oneself identity id information, when registering, is passed to central server by newly added node terminal, and central server generates private key according to this id information, and the identity of user is as PKI; The private key generated gives newly added node terminal by the passage of safety;
Described speech processes forwarding module for realizing compression, the encryption of nodal terminal voice, and carries out multipath segmentation by maximum safe distance mode, forms the packet that multipath transmits, and identifies packet interpolation sequence number; Maximum safe distance mode refers to voice, divides it and is transmitting without on path; Described speech processes forwarding module also forwards relay voice; The packet received with forwarding mark is carried out data retransmission according to forwarding target by nodal terminal.
2. as claimed in claim 1 based on voice secure multi-path communication system end to end, it is characterized in that: described multipath finds module according to the consistency principle, under the prerequisite ensureing QoS of voice, choose the good routed path of more than 3 or 3 of consistent performance and opposite end B and set up and converse.
3., as claimed in claim 1 based on voice secure multi-path communication system end to end, it is characterized in that: described security module completes the management of key and security algorithm, comprise and obtain public private key information from central server.
4., based on a voice secure multi-path communication means end to end, it is characterized in that: first after calling terminal A is by voice encryption, be divided into multiple packet, and to multiple packet sequence label; Then described packet is passed through at least 3 separated rout ing paths arrival opposite end B, carry out the recombinating by sequence number, decipher and reduce of packet again at opposite end B, realize the multi-path transmission of voice; Wherein, the nodal terminal on path realizes intercoming mutually by distributed hashtable interconnecting modules, and connects into the end-to-end network infrastructure with issue and function of search;
The issue of described Hash table interconnecting modules and search procedure comprise following 7 steps:
Step one: new node terminal through completing registration and after logging in, obtaining the public private key information of oneself on central server;
Step 2: the nodal terminal information that new node terminal is preset from central server obtaining portion subsystem, and these nodal terminals are added as contact person;
Step 3: new node terminal by central server or distributed hash interconnecting modules, loads online information and the IP address information of other contact person's nodal terminals, and is that online associated person information is stored into local contact database according in storehouse by state again;
Step 4: new node terminal sends on-line message to online contact person's nodal terminal, and the address information of oneself is sent over together;
Step 5: new node terminal is by measuring oneself platform computing capability and network condition, and judge oneself to bear super node role according to measurement result or as ordinary node, then the information of oneself is comprised user name, IP address, node property, issuing time, be published on other nodal terminals by distributed hash list structure through network path;
Step 6: new node terminal can carry out search to other contact persons and calling by distributed hash list structure, and other nodal terminals also can be searched for new node by distributed hash list structure and call out;
Step 7: when there being nodal terminal to roll off the production line, offline information is sent to central server and its online connection people nodal terminal by this nodal terminal that rolls off the production line, and exits distributed hashtable structural network;
By described packet by least 3 separated rout ing paths arrival opposite end B, wherein at least 3 paths foundation and select step as follows:
Any node terminal all has 3 routing tables for the information of memory node terminal and introductory path, the nodal terminal that the first routing table R1 storage networking situation is good respectively, secondary route table R2 storing communication path candidate, the 3rd routing table R3 stores the path of more than 3 articles or 3 articles being used for present communications;
After calling terminal A logs in and reaches the standard grade, inquire about and test the data retransmission quality of local contact database according to nodal terminal each in storehouse, on the basis ensureing data retransmission quality, the nodal terminal that network condition is good is stored in the first routing table R1, when communicating for calling terminal A, forwards speech data;
If in the first routing table R1, enabled node is less in calling terminal A, lower than setting threshold, then start the super node in distributed hashtable interconnection search distributed hash network, supplement new super node information stored in the first routing table R1, make the first routing table R1 interior joint terminal arrive predetermined threshold value and then stop search;
When calling terminal A calls out opposite end B, first by the address information of local contact database according to library lookup opposite end B, if do not find, then obtained the information of opposite end B by the function of search of distributed hash list structure;
Calling terminal A sends pathfinding demand signalling to the first routing table R1 interior joint, and pathfinding demand signalling is used for other nodal terminal transmit path test request, measures the accessibility and lag characteristic that arrive object opposite end B; If after the nodal terminal C in the first routing table R1 receives the pathfinding demand signalling of calling terminal A, the work of repeated call end A, sends to other nodal terminals in the first routing table R1 of oneself by pathfinding demand signalling;
After nodal terminal C1, C2, C3 in the first routing table R1 of nodal terminal C receive pathfinding demand signalling, test the path situation that self arrives destination node terminal B and opposite end B, and by information feed back such as time delay, delay variation and packet loss to nodal terminal C; Nodal terminal C according to after the feedback information received, compare path C-C1-B, C-C2-B, C-C3-B path situation and by the Path selection of the best out and feed back to calling terminal A;
After calling terminal A receives optimal path information, judge whether the complete path information from calling terminal A to optimal path meets the time delay of the reasonable voice communication of setting, and the numerical requirements such as delay variation and packet loss, meets the requirements, be deposited in secondary route table R2;
Kindred circumstances, in the first routing table R1 of calling terminal A, other nodal terminals test out respective optimal path respectively by above scheme, ensure that these paths do not intersect simultaneously, by the path delay of time after being completed, delay variation and packet loss situation feed back to calling terminal A, meet the path of default reasonable voice communication condition stored in secondary route table R2;
After whole node tests in first routing table R1, relatively each paths situation in secondary route table R2, selecting paths time delay, delay variation and packet loss better performances and the close path of more than 3 or 3 of performance are as the path of this voice call communication, and this forward-path of more than 3 or 3 will be stored in the 3rd routing table R3;
First routing table R1 fixed time test also upgrades nodal terminal information wherein, and have new contact person's nodal terminal to reach the standard grade and also test, contact person's nodal terminal rolls off the production line, and will delete in time;
After having nodal terminal to roll off the production line in 3rd routing table R3, then change suitable nodal terminal in time, both candidate nodes terminal is selected from secondary route table R2, also fixed time test and the renewal of the nodal terminal in secondary route table R2.
5. as claimed in claim 4 based on voice secure multi-path communication means end to end, it is characterized in that: to be the general standard of super node be described judgement newly added node terminal, nodal terminal IP address is public network IP address, the comprehensive evaluation value of computing capability, the network bandwidth and memory space exceedes setting threshold, otherwise be ordinary node, ordinary node does not carry out data retransmission; During nodal terminal communication, transmit leg can be interrupted the VoP generating a certain size, each packet is encrypted by the symmetric key shared by nodal terminal, and then the packet after encryption is divided into the parcel of more than 3 or 3, be sent to opposite end B respectively by the paths of more than 3 or 3, and ensure continuous print one section of voice packet not to be sent by same path; Voice packet is decrypted after receiving the voice packet of each paths by opposite end B, then voice packet is carried out again arranged in sequence, combination, and then decoding recovers primitive sound; The key of encrypted voice data time the key agreement mechanisms of communicating pair identity-based is consulted to obtain per call; Signaling between calling terminal A and opposite end B and key protocol are consulted transmission and will be transmitted based on single-link.
6. as claimed in claim 4 based on voice secure multi-path communication means end to end, it is characterized in that: before carrying out multipath voice communication, the path selected in 3rd routing table R3, port numbers need be sent to opposite end B by calling terminal A, packet, after encryption, directly sends to called nodal terminal by fixing port numbers; Equally, if change path in communication, the path after replacing, port numbers are also sent to called nodal terminal by the nodal terminal made a call.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210302491.6A CN102868683B (en) | 2012-08-23 | 2012-08-23 | Terminal-to-terminal based voice safety multi-path communication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210302491.6A CN102868683B (en) | 2012-08-23 | 2012-08-23 | Terminal-to-terminal based voice safety multi-path communication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102868683A CN102868683A (en) | 2013-01-09 |
| CN102868683B true CN102868683B (en) | 2015-06-03 |
Family
ID=47447274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210302491.6A Expired - Fee Related CN102868683B (en) | 2012-08-23 | 2012-08-23 | Terminal-to-terminal based voice safety multi-path communication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102868683B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5477501B1 (en) * | 2013-07-26 | 2014-04-23 | 富士ゼロックス株式会社 | Information processing system and information processing program |
| CN104243142A (en) * | 2014-10-11 | 2014-12-24 | 江阴润玛电子材料股份有限公司 | Information segmented transmission system |
| CN104243135A (en) * | 2014-10-11 | 2014-12-24 | 江阴润玛电子材料股份有限公司 | Information communication method |
| CN105913848A (en) * | 2016-04-13 | 2016-08-31 | 乐视控股(北京)有限公司 | Path storing method and path storing system based on minimal heap, and speech recognizer |
| CN108243152A (en) * | 2016-12-23 | 2018-07-03 | 航天星图科技(北京)有限公司 | A kind of secure data exchange method |
| CN108696428B (en) * | 2018-05-17 | 2020-10-27 | 北京大米科技有限公司 | Tunnel technology-based route detection method, route node and central server |
| CN110098931B (en) * | 2019-06-05 | 2020-04-24 | 浙江汇信科技有限公司 | Data transmission method based on trusted 'government-enterprise connection' platform |
| CN112214647B (en) * | 2020-10-12 | 2023-10-27 | 北京同心尚科技发展有限公司 | Super node processing method, device, electronic equipment and readable storage medium |
| WO2024065732A1 (en) * | 2022-09-30 | 2024-04-04 | 新华三技术有限公司 | Data processing method and apparatus, forwarding chip, and network device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394273A (en) * | 2008-10-17 | 2009-03-25 | 电子科技大学 | Multichannel ciphered information transmission method |
| CN101420434A (en) * | 2008-12-03 | 2009-04-29 | 深圳市众方信息科技有限公司 | P2P method for supporting VoIP communication |
| CN102137094A (en) * | 2010-12-31 | 2011-07-27 | 华为技术有限公司 | Method, device and system for transmitting voice message in multipath |
-
2012
- 2012-08-23 CN CN201210302491.6A patent/CN102868683B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394273A (en) * | 2008-10-17 | 2009-03-25 | 电子科技大学 | Multichannel ciphered information transmission method |
| CN101420434A (en) * | 2008-12-03 | 2009-04-29 | 深圳市众方信息科技有限公司 | P2P method for supporting VoIP communication |
| CN102137094A (en) * | 2010-12-31 | 2011-07-27 | 华为技术有限公司 | Method, device and system for transmitting voice message in multipath |
Non-Patent Citations (2)
| Title |
|---|
| 基于Kademlia 的P2P VoIP系统的设计与实现;陈伟涛 等;《微计算机信息》;20110105;第178-179页 * |
| 基于Kademlia协议的VoIP系统的研究与设计;陈智毅;《江西师范大学硕士学位论文》;20120606;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102868683A (en) | 2013-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102868683B (en) | Terminal-to-terminal based voice safety multi-path communication system and method | |
| EP1472849B1 (en) | Method and module for securing packet-based communications by address hopping | |
| US20090133105A1 (en) | Multi-medium wide area communication network | |
| US8023513B2 (en) | System and method for reducing overhead in a wireless network | |
| CN102035813B (en) | The implementation method of end-to-end calling, end-to-end calling terminal and system | |
| Lazar et al. | Yodel: strong metadata security for voice calls | |
| CN1938962A (en) | Systems and methods for communication | |
| CN101895535B (en) | Network authentication method, device and system for identifying separate mapping network | |
| CN100370724C (en) | Anonymous connection method of broadband radio IP network | |
| US20100177789A1 (en) | Device and Method for Reducing Overhead in a Wireless Network | |
| CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
| CN104023006A (en) | Multi-path transmission system and method based on application layer relaying | |
| CN102714839A (en) | Packet routing in a network | |
| WO2007125404A2 (en) | Communications in relay networks | |
| Zhang et al. | Bnnc: improving performance of multipath transmission in heterogeneous vehicular networks | |
| CN114362938B (en) | Quantum communication key management dynamic route generation network architecture and method | |
| CN212115341U (en) | Compatible center and system of multi-type quantum secret communication network | |
| Gurumoorthi et al. | Performance enhancement for QoS in VoIP applications over MANET | |
| CN112311817A (en) | Multimedia data access method based on multi-protocol convergence network | |
| Ramasamy et al. | Ant colony optimization based handoff scheme and verifiable secret sharing security with MM scheme for VoIP. | |
| KR101078226B1 (en) | Gateway system for secure realtime transport protocol session transmission and redundancy providing method using the same | |
| CN112751661B (en) | Industrial field device privacy data protection method based on homomorphic encryption | |
| Barbeau | Point-to-point voice over ad hoc networks: A survey | |
| CN101379841A (en) | System and method for providing packet connectivity between heterogeneous networks | |
| CN101421973A (en) | Plural telecommunications functions having sharing transaction(s) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150603 Termination date: 20180823 |