CN113055716A - Video stream real-time encryption method and system - Google Patents
Video stream real-time encryption method and system Download PDFInfo
- Publication number
- CN113055716A CN113055716A CN202110235851.4A CN202110235851A CN113055716A CN 113055716 A CN113055716 A CN 113055716A CN 202110235851 A CN202110235851 A CN 202110235851A CN 113055716 A CN113055716 A CN 113055716A
- Authority
- CN
- China
- Prior art keywords
- encryption
- packet
- stream
- interleaver
- initial vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 239000013598 vector Substances 0.000 claims abstract description 57
- 238000012545 processing Methods 0.000 claims abstract description 9
- 238000013507 mapping Methods 0.000 claims description 14
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 238000000605 extraction Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 abstract description 14
- 238000010586 diagram Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000009792 diffusion process Methods 0.000 description 2
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0637—Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N19/00—Methods or arrangements for coding, decoding, compressing or decompressing digital video signals
- H04N19/85—Methods or arrangements for coding, decoding, compressing or decompressing digital video signals using pre-processing or post-processing specially adapted for video compression
- H04N19/88—Methods or arrangements for coding, decoding, compressing or decompressing digital video signals using pre-processing or post-processing specially adapted for video compression involving rearrangement of data among different coding units, e.g. shuffling, interleaving, scrambling or permutation of pixel data or permutation of transform coefficient data among different blocks
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a real-time video stream encryption method and system, and belongs to the technical field of video encryption. The method comprises the following steps: step 1: generating a plurality of initial vectors and keys; step 2: extracting PID and packet continuous counting information in TS stream; and step 3: selecting an initial vector and a key corresponding to each TS packet from a plurality of initial vectors and keys according to the disordered PID and packet continuity counting information of each TS packet; and 4, step 4: generating a cipher stream of each TS packet by using the selected initial vector and the key; and 5: and processing the video stream by using the cipher stream and outputting a cipher text. The system of the invention is simple and efficient to realize, needs no filling and has no protocol overhead, and can be directly applied to digital television broadcasting systems such as DVB, DTMB and the like and wireless image transmission systems.
Description
Technical Field
The invention relates to the technical field of video encryption, in particular to a method and a system for encrypting a video stream in real time.
Background
A ts (transport stream) stream, also called transport stream, is a standard format for storing and transmitting audio/video data, and is widely used in DVB and DTMB systems. Most of the existing wireless image transmission systems adopt TS streams as transmission units. The TS packet is a basic unit of the TS stream, and each packet includes 188 bytes, a packet header divided into 4 bytes and a data payload of 184 bytes, where the packet header includes fields such as a synchronization byte "47" (hexadecimal, and 47 is hexadecimal hereinafter), a packet identifier PID, and packet continuity count information. The packet PID of different programs in different types of TS streams is different, and the packet continuous counting field value of the packets of the same type is accumulated from 0 to 15 in sequence.
Advanced Encryption Standard (AES) and SM4 are currently common block Encryption algorithms. The encryption algorithm has a plurality of working modes in real application, the common working modes include five types, namely, an Electronic codebook (Electronic codebook, abbreviated as ECB), a Cipher-block chaining (CBC), a calculator mode (Counter, abbreviated as CTR), a Cipher text feedback (CFB) and an Output feedback mode (OFB), and the functional block diagrams of the working modes are shown in fig. 1 to 4.
However, DVB and DTMB are public digital television standards, and any person or organization can easily receive and obtain transmission information, so that the requirement of people on private information transmission cannot be met. There have been individuals and organizations that have proposed techniques and methods for private video transmission by encrypting TS streams. Such as: method and system for parallel encryption by AES-CBC algorithm (patent publication No.: CN104284208A)
The encryption method in the above patent specifically executes the following processes:
a, cutting the transmission stream video file into n sub-video blocks;
b, selecting a key;
c, determining the least common multiple b of the length 188 bytes and the length a;
d, inserting a filling part;
e, independently encrypting each sub video block in parallel;
and f, forming a ciphertext block.
The encryption method used in the above patent re-partitions the video stream file, each video block is no longer 188 bytes, which has the problem of interface compatibility with the existing DVB, DTMB broadcast transmission system and other common transmission systems, and also needs to add padding, which has protocol overhead, which reduces transmission efficiency. The loss of bytes in the transmission process can destroy the continuity of the whole video block, cause error diffusion, easily cause large-area decryption failure at a receiving end in practical application, only support an AES-CBC mode, be easily cracked in a targeted manner and have great limitation.
Disclosure of Invention
In order to solve the problems of filling, high protocol overhead, interface compatibility with a transmission system, single encryption mode and the like in the conventional video stream encryption system, the invention provides a real-time video stream encryption method, which comprises the following steps:
step 1: generating a plurality of initial vectors and keys;
step 2: extracting PID and packet continuous counting information in TS stream;
and step 3: selecting an initial vector and a key corresponding to each TS packet from a plurality of initial vectors and keys according to the disordered PID and packet continuity counting information of each TS packet;
and 4, step 4: generating a cipher stream of each TS packet by using the selected initial vector and the key;
and 5: and processing the video stream by using the cipher stream and outputting a cipher text.
Further, the step 1 specifically includes: an initial vector and a key are generated from a random signal extracted from a physical thermal noise source according to the number of bits required by the selected encryption algorithm and stored in memory.
Further, before extracting PID and packet continuous count information in step 2, the method further includes a step of synchronizing the TS stream in a secondary synchronization manner, and the step includes: detecting a received TS stream, entering a pre-synchronization state when detecting that data of bytes in the TS stream is 47, clearing a counter and starting to count the subsequently received bytes one by one, detecting whether the data of the next received byte is 47 when the counter is 187, entering a synchronization state and clearing the counter again when the data of the next received byte is 47, continuing counting, finishing synchronization when the counter is accumulated to 187 again and the data of the next received byte is 47, otherwise, restarting synchronization.
Preferably, the step 3 specifically comprises: and inputting the PID of one TS packet and each bit data of the continuous counting of the packets into an interleaver A, and realizing the scrambling and reordering of the bit data by the interleaver A.
The output of the interleaver A is used as address information to address the memory stored with the initial vector and the key, and the data obtained by addressing is output to the interleaver B to realize the scrambling and reordering of the data.
And selecting a part of the output of the interleaver B as an initial vector used for encryption, and using the rest part of the output of the interleaver B as a key used for encryption.
Preferably, the AES or SM4 encryption algorithm is used in the step 4.
Preferably, the encryption algorithm in step 4 adopts one of ECB, CBC, CTR, CFB and OFB as a working mode;
preferably, when the OFB operation mode is adopted, the initial vector used for encryption or the initial vector used for encryption after shifting is subjected to interleaving and disordering processing, and the key is kept unchanged.
Preferably, the step 5 specifically comprises: carrying out XOR on each group of cipher streams and 184 bytes of the corresponding TS packet except for 4 bytes of the packet header to obtain a cipher text and outputting the cipher text;
preferably, the serial TS stream is converted into a plurality of parallel sub-streams, and each sub-stream is encrypted in parallel.
The invention also provides a video stream real-time encryption system, which comprises:
a generating module for generating a plurality of initial vectors and keys;
the extraction module is used for extracting PID and packet continuous counting information in the TS stream;
the mapping module is coupled with the interleaver A and a memory for storing the initial vector and the secret key, and is used for selecting the initial vector and the secret key corresponding to each TS packet from a plurality of initial vectors and secret keys according to the disordered PID and packet continuous counting information of each TS packet;
the encryption module is used for generating the cipher stream of each TS packet by using the initial vector and the key selected by the mapping module;
and processing the video stream by using the cipher stream and outputting a cipher text.
Further, the generation module is configured to extract a random signal from a physical thermal noise source according to the number of bits required by the selected encryption algorithm to generate an initial vector and a key, and store the initial vector and the key in the memory.
Furthermore, a synchronization module is coupled in the extraction module and used for synchronizing the TS stream before extracting the PID and the packet continuous counting information;
the module is configured to perform the steps of: detecting a received TS stream, entering a pre-synchronization state when detecting that data of bytes in the TS stream is 47, clearing a counter and starting to count the subsequently received bytes one by one, detecting whether the data of the next received byte is 47 when the counter is 187, entering a synchronization state and clearing the counter again when the data of the next received byte is 47, continuing counting, finishing synchronization when the counter is accumulated to 187 again and the data of the next received byte is 47, otherwise, restarting synchronization.
Preferably, an interleaver B is further coupled in the mapping module;
the mapping module is configured to input PID of a TS packet and each bit data of packet continuous counting into an interleaver A, and the interleaver A realizes the bit data scrambling and reordering;
the output of the interleaver A is used as address information to address the memory stored with the initial vector and the key, and the data obtained by addressing is output to the interleaver B to realize the scrambling and reordering of the data;
and selecting a part of the output of the interleaver B as an initial vector used for encryption, and using the rest part of the output of the interleaver B as a key used for encryption.
Preferably, the encryption module is configured to employ an AES or SM4 encryption algorithm.
Preferably, the operation mode of the encryption algorithm is configured as one of ECB, CBC, CTR, CFB or OFB.
Preferably, when the OFB operation mode is adopted, the encryption module is configured to perform interleaving and disordering processing on the initial vector used for encryption or the initial vector used for encryption after shifting, and the key is kept unchanged.
Preferably, the encryption module is further configured to: and carrying out XOR on each group of cipher streams and 184 bytes of the corresponding TS packet except for 4 bytes of the packet head to obtain a cipher text and outputting the cipher text.
Preferably, the system further comprises a serial-to-parallel conversion module for converting the serial TS stream into a plurality of parallel sub-streams,
the system comprises a plurality of parallel encryption modules for performing parallel encryption on each of the sub-streams.
The technical scheme provided by the invention has the beneficial effects that: aiming at the scene that TS (transport stream) needs to be encrypted in private video transmission, filling is not needed in the encryption process, an advanced key distribution mechanism is realized only through an interleaving technology, the length of an original TS packet is kept, so that more protocol overhead is not generated, and further, independent encryption of audio and video streams is realized while supporting various encryption algorithms such as AES (advanced encryption standard), SM4 and the like and various encryption working modes, so that the security of key storage is further ensured, and meanwhile, the transmission efficiency is also ensured.
In the technical scheme provided by the invention, each TS packet is encrypted by adopting different initial vectors and keys according to PID and packet continuous counting, the one-time pad principle is realized to the maximum extent by utilizing the effective information of the TS stream protocol, and meanwhile, interleavers are introduced in a plurality of links to increase the randomness, including interleaving is also introduced in an OFB working mode, so that the encryption strength is effectively improved.
Drawings
FIG. 1 is a schematic block diagram of a CBC encryption mode of operation in the prior art;
FIG. 2 is a schematic block diagram of a CTR encryption mode of operation in the prior art;
FIG. 3 is a schematic block diagram of a CFB encryption mode of operation in the prior art;
FIG. 4 is a schematic block diagram of the OFB encryption operation mode in the prior art;
FIG. 5 is a schematic block diagram of a video stream encryption system in an embodiment of the present invention;
FIG. 6 is a flow chart of the steps of a video stream encryption method provided in an embodiment of the present invention;
fig. 7 is a schematic diagram of state transition of TS stream secondary synchronization implemented by the synchronization module in the embodiment of the present invention;
FIG. 8 is a schematic diagram of an implementation of addressing an initial vector and key store using PID and packet continuity count provided by the present invention;
FIG. 9 is a functional block diagram of an improved OFB encryption mode of operation implemented by the encryption module in an embodiment of the present invention;
fig. 10 is a schematic logic block diagram of another embodiment of the present invention implementing parallel encryption.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The video stream real-time encryption method in the present embodiment is implemented by a video stream real-time encryption system as shown in fig. 5, and the system includes a generation module, an extraction module, a mapping module and an encryption module; the extraction module is coupled with a synchronization module, and the mapping module is coupled with an interleaver A, an interleaver B and a memory for storing an initial vector and a key.
The flow of the steps of the video stream real-time encryption method is basically shown in fig. 6, and the steps are specifically as follows:
step 101: the generation module extracts random signals from a physical thermal noise source to generate an initial vector and a key, and the initial vector and the key are stored in a memory, the lengths of the initial vector and the key vary with a selected encryption algorithm and an operation mode, the length of the key is 128 bits when the encryption algorithm is AES128 and SM4, and the length of the key is 256 bits when the encryption algorithm is AES 256.
Step 102: TS flow synchronization, extracting PID and continuous counting information, synchronizing TS flow to be encrypted by a synchronization module, and determining packet head position; the synchronization module in this embodiment synchronizes the TS stream in a secondary synchronization manner, and the specific implementation process is as shown in fig. 7: detecting a received TS stream, entering a pre-synchronization state when detecting that data of bytes in the TS stream is 47, clearing a counter and starting to count the subsequently received bytes one by one, detecting whether the data of the next received byte is still 47 when the counter is 187, entering a secondary synchronization state if the data of the next received byte is 47, and jumping back to the pre-synchronization state if the data of the next received byte is not 47. And in the secondary synchronization state, the counter is cleared again and continues to count, when the counter is accumulated to 187 again, if the data of the next received byte is 47, the synchronization is completed, otherwise, the pre-synchronization is skipped, and the synchronization process is restarted. And after the code stream synchronization is finished, extracting PID and packet continuous counting information in the TS packet, wherein the PID is the lower 13 bits after two bytes of 47 synchronous bytes are spliced, and the packet continuous counting information is the lower 4 bits of the third byte after the 47 synchronous bytes.
Step 103: as shown in fig. 8, the execution flow of the mapping module determining the initial vector and the key according to the PID and the packet continuous count information is as follows: inputting 17-bit data of PID and packet continuous counting into an interleaver, wherein the interleaver A realizes the function of disordering and reordering data lines 17, such as reverse output of 17-bit input data, the output of the interleaver A is used as address information to address an initial vector and a key memory, the output of the memory is connected with an interleaver B, the interleaver B realizes further scattering of the output data of the memory, and finally, the low part of the output of the interleaver B is used as the initial vector and the high part is used as the key. The number of input and output bits of the interleaver B is the same, the number of input bits of the interleaver A is fixed 17 bits, and the number of output bits can be flexibly changed according to the depth of a memory, so that one-to-one mapping or many-to-one mapping is realized. Many-to-one mapping saves memory, but because multiple TS packets are all encrypted with the same initial vector and key, security is sacrificed.
Step 104: the cipher stream output is completed by the encryption module, the encryption module in this embodiment may adopt either AES or SM4 algorithm, and adopts an improved OFB encryption operation mode, the process is as shown in fig. 9, as can be seen from a comparison between fig. 9 and fig. 4, unlike simple shift of the OFB mode, the improved interleaver is introduced, the splicing unit of the initial vector and the cipher stream of the subsequent module is rearranged out of order, and the output of the interleaver is used as the initial vector input of the encryptor. In some other embodiments of the present invention, other operation modes as shown in fig. 1-4 can be adopted by the encryption module and implemented by reconfiguring the encryption module.
The plaintext length required to be encrypted in this embodiment is 1472 bits in a total of 184 bytes. The packet length of the AES and SM4 encryption modules are both 128 bits, 1472 divided by 128 rounded up to 12, thus requiring concatenation of 12 cipher blocks to form the cipher stream. The improved OFB mode is the same as the ordinary OFB mode, the generation of the cipher stream does not depend on the input of the plaintext, so that the improved OFB mode can work in advance, the output can be directly encrypted when the plaintext arrives, and the encryption delay is reduced.
Step 105: as shown in fig. 9, the encryption module performs xor on the cipher stream and 184 bytes of the TS packet except for 4 bytes of the packet header to obtain a cipher text and outputs the cipher text.
In the video stream encryption system provided in this embodiment, an improved OFB mode is used in TS packets, and each TS packet is encrypted using different initial vectors and keys according to PID and packet continuous count information. The one-time pad principle is realized to the greatest extent by utilizing effective information of a TS (transport stream) protocol and an improved OFB (office file bridge) encryption working mode, and meanwhile, interleavers are introduced in multiple links to increase randomness, so that the encryption strength is effectively improved.
The encryption system in the embodiment can conveniently introduce a parallel structure to improve the encryption throughput. As shown in fig. 10, in another embodiment of the present invention, a serial-to-parallel conversion module is further added, and there are a plurality of encryption modules (3 are taken as an example in the figure), the serial-to-parallel conversion module is used to convert a serial TS stream into three parallel sub-streams, the three parallel encryption modules are used to perform parallel encryption on each sub-stream, and finally, a ciphertext stream output by each encryption module is converted into a serial ciphertext TS stream by parallel-to-serial conversion. When the OFB mode or the improved OFB mode is adopted, the high-N-bit password output serving as output feedback can be transmitted among the encryption modules; each encryption module only feeds back to itself for the next TS packet encryption.
The decryption process of the encryption system provided by the invention is to perform XOR on the ciphertext and the cipher stream again to obtain plaintext output. The decryption system is consistent with the encryption system in structure, the initial vectors, the secret keys and the interleaving sequence in each interleaver in the memory are synchronous, time division multiplexing can be performed in some occasions, hardware expenditure is saved, errors of the ciphertext in the propagation process are limited to the ciphertext, diffusion is avoided, large-area decryption failure cannot be caused, and the method has great practical value in reality.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein. It should be noted that, the system provided in the foregoing embodiment is only illustrated by dividing the functional units, and in practical applications, the functions may be distributed by different functional units according to needs, that is, the units or steps in the embodiments of the present invention are further decomposed or combined, for example, the units in the foregoing embodiment may be combined into one unit, or may be further decomposed into multiple sub-units, so as to complete all or part of the functions described above. The names of the units and steps involved in the embodiments of the present invention are only for distinguishing the units or steps, and are not to be construed as unduly limiting the present invention.
Those of skill in the art would appreciate that the various illustrative elements, method steps, described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that programs corresponding to the elements, method steps may be located in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. To clearly illustrate this interchangeability of electronic hardware and software, various illustrative components and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as electronic hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Claims (18)
1. The video stream real-time encryption method is characterized by comprising the following steps:
step 1: generating a plurality of initial vectors and keys;
step 2: extracting PID and packet continuous counting information in TS stream;
and step 3: selecting an initial vector and a key corresponding to each TS packet from a plurality of initial vectors and keys according to the disordered PID and packet continuity counting information of each TS packet;
and 4, step 4: generating a cipher stream of each TS packet by using the selected initial vector and the key;
and 5: and processing the video stream by using the cipher stream and outputting a cipher text.
2. The method for encrypting the video stream in real time according to claim 1, wherein the step 1 specifically comprises: an initial vector and a key are generated from a random signal extracted from a physical thermal noise source according to the number of bits required by the selected encryption algorithm and stored in memory.
3. The real-time encryption method for video stream according to claim 1, wherein said step 2 further comprises a step of synchronizing the TS stream in a secondary synchronization manner before extracting the PID and packet continuity count information, the step comprising:
detecting a received TS stream, entering a pre-synchronization state when detecting that data of bytes in the TS stream is 47, clearing a counter and starting to count the subsequently received bytes one by one, detecting whether the data of the next received byte is 47 when the counter is 187, entering a synchronization state and clearing the counter again when the data of the next received byte is 47, continuing counting, finishing synchronization when the counter is accumulated to 187 again and the data of the next received byte is 47, otherwise, restarting synchronization.
4. The method for encrypting the video stream in real time according to claim 1, wherein the step 3 specifically comprises: inputting PID of a TS packet and each bit data of packet continuous counting into an interleaver A, wherein the interleaver A realizes the bit data scrambling and reordering;
the output of the interleaver A is used as address information to address the memory stored with the initial vector and the key, and the data obtained by addressing is output to the interleaver B to realize the scrambling and reordering of the data;
and selecting a part of the output of the interleaver B as an initial vector used for encryption, and using the rest part of the output of the interleaver B as a key used for encryption.
5. The real-time encryption method for video stream according to claim 1, wherein the AES or SM4 encryption algorithm is adopted in step 4.
6. The method according to claim 5, wherein the encryption algorithm in step 4 adopts one of ECB, CBC, CTR, CFB and OFB.
7. The real-time video stream encryption method according to claim 6, wherein when the OFB operation mode is adopted, the initial vector used for encryption or the initial vector used for encryption after shifting is subjected to interleaving and disordering processing, and the key is kept unchanged.
8. The method for encrypting the video stream in real time according to claim 1, wherein the step 5 specifically comprises: and carrying out XOR on each group of cipher streams and 184 bytes of the corresponding TS packet except for 4 bytes of the packet head to obtain a cipher text and outputting the cipher text.
9. The method of claim 1, further comprising converting the serial TS stream into a plurality of parallel sub-streams, and performing parallel encryption on each sub-stream.
10. A system for real-time encryption of video streams, comprising:
a generating module for generating a plurality of initial vectors and keys;
the extraction module is used for extracting PID and packet continuous counting information in the TS stream;
the mapping module is coupled with the interleaver A and a memory for storing the initial vector and the secret key, and is used for selecting the initial vector and the secret key corresponding to each TS packet from a plurality of initial vectors and secret keys according to the disordered PID and packet continuous counting information of each TS packet;
and the encryption module is used for generating a cipher stream of each TS packet by using the initial vector and the key selected by the mapping module, processing the video stream by using the cipher stream and outputting a ciphertext.
11. The system of claim 10, wherein the generation module is configured to generate an initial vector and a key from a random signal extracted from a physical thermal noise source according to the number of bits required by the selected encryption algorithm and store in the memory.
12. The system for real-time encryption of video streams according to claim 10, wherein the extracting module is coupled with a synchronizing module for synchronizing the TS stream before extracting the PID and packet continuity count information;
the module is configured to perform the steps of: detecting a received TS stream, entering a pre-synchronization state when detecting that data of bytes in the TS stream is 47, clearing a counter and starting to count the subsequently received bytes one by one, detecting whether the data of the next received byte is 47 when the counter is 187, entering a synchronization state and clearing the counter again when the data of the next received byte is 47, continuing counting, finishing synchronization when the counter is accumulated to 187 again and the data of the next received byte is 47, otherwise, restarting synchronization.
13. The system for real-time encryption of video streams according to claim 10, wherein an interleaver B is further coupled in the mapping module;
the mapping module is configured to input PID of a TS packet and each bit data of packet continuous counting into an interleaver A, and the interleaver A realizes the bit data scrambling and reordering;
the output of the interleaver A is used as address information to address the memory stored with the initial vector and the key, and the data obtained by addressing is output to the interleaver B to realize the scrambling and reordering of the data;
and selecting a part of the output of the interleaver B as an initial vector used for encryption, and using the rest part of the output of the interleaver B as a key used for encryption.
14. The real-time encryption system for video streams of claim 10, wherein said encryption module is configured to employ AES or SM4 encryption algorithms.
15. The system of claim 14, wherein the encryption algorithm is configured in one of ECB, CBC, CTR, CFB, or OFB mode.
16. The system according to claim 15, wherein the encryption module is configured to perform interleaving and de-ordering processing on the initial vector used for encryption or the initial vector used for encryption after shifting when the OFB operation mode is adopted, and a key is kept unchanged.
17. The video stream real-time encryption system of claim 10, wherein the encryption module is further configured to: and carrying out XOR on each group of cipher streams and 184 bytes of the corresponding TS packet except for 4 bytes of the packet head to obtain a cipher text and outputting the cipher text.
18. The real-time encryption system for video stream according to claim 10, further comprising a serial-to-parallel conversion module for converting a serial TS stream into a plurality of parallel sub-streams,
the system comprises a plurality of parallel encryption modules for performing parallel encryption on each of the sub-streams.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110235851.4A CN113055716A (en) | 2021-03-03 | 2021-03-03 | Video stream real-time encryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110235851.4A CN113055716A (en) | 2021-03-03 | 2021-03-03 | Video stream real-time encryption method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113055716A true CN113055716A (en) | 2021-06-29 |
Family
ID=76509691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110235851.4A Pending CN113055716A (en) | 2021-03-03 | 2021-03-03 | Video stream real-time encryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113055716A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114039959A (en) * | 2021-11-05 | 2022-02-11 | 北京奇艺世纪科技有限公司 | TS stream transmission method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101904168A (en) * | 2007-08-08 | 2010-12-01 | 迈凌有限公司 | TS packet grooming |
| CN102006593A (en) * | 2010-10-29 | 2011-04-06 | 公安部第一研究所 | End-to-end voice encrypting method for low-speed narrowband wireless digital communication |
| CN102223228A (en) * | 2011-05-11 | 2011-10-19 | 北京航空航天大学 | Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system |
| CN104284208A (en) * | 2014-10-23 | 2015-01-14 | 航天数字传媒有限公司 | Method and system for conducting parallel encryption through AES-CBC algorithm |
| US20180191742A1 (en) * | 2007-06-12 | 2018-07-05 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
| CN110868287A (en) * | 2019-10-24 | 2020-03-06 | 广州江南科友科技股份有限公司 | Authentication encryption ciphertext coding method, system, device and storage medium |
-
2021
- 2021-03-03 CN CN202110235851.4A patent/CN113055716A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180191742A1 (en) * | 2007-06-12 | 2018-07-05 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
| CN101904168A (en) * | 2007-08-08 | 2010-12-01 | 迈凌有限公司 | TS packet grooming |
| CN102006593A (en) * | 2010-10-29 | 2011-04-06 | 公安部第一研究所 | End-to-end voice encrypting method for low-speed narrowband wireless digital communication |
| CN102223228A (en) * | 2011-05-11 | 2011-10-19 | 北京航空航天大学 | Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system |
| CN104284208A (en) * | 2014-10-23 | 2015-01-14 | 航天数字传媒有限公司 | Method and system for conducting parallel encryption through AES-CBC algorithm |
| CN110868287A (en) * | 2019-10-24 | 2020-03-06 | 广州江南科友科技股份有限公司 | Authentication encryption ciphertext coding method, system, device and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 曾志平等: "基于国产X86处理器的异构计算平台构建及敏感数据保护", 《计算机科学》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114039959A (en) * | 2021-11-05 | 2022-02-11 | 北京奇艺世纪科技有限公司 | TS stream transmission method and device |
| CN114039959B (en) * | 2021-11-05 | 2024-04-09 | 北京奇艺世纪科技有限公司 | TS stream transmission method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102609221B1 (en) | Methods and systems for improved authenticated encryption in counter-based cryptographic systems | |
| US7688974B2 (en) | Rijndael block cipher apparatus and encryption/decryption method thereof | |
| US5757913A (en) | Method and apparatus for data authentication in a data communication environment | |
| Lim | CRYPTON: A new 128-bit block cipher | |
| US20030156715A1 (en) | Apparatus, system and method for validating integrity of transmitted data | |
| EP3178190B1 (en) | Encoder, decoder and method | |
| WO2012071717A1 (en) | Data encryption and decryption method and device | |
| KR19990067590A (en) | Apparatus and method for crypto stealing when encrypting MPEG transport packet | |
| CA2466704A1 (en) | Method and system for securely storing and transmitting data by applying a one-time pad | |
| US20030059054A1 (en) | Apparatus for generating encryption or decryption keys | |
| JPH0756831A (en) | Method for transmission and reception of program for personal use | |
| WO2012071714A1 (en) | Data encryption and decryption method and device | |
| CN105391701A (en) | Data encryption method and system | |
| JP2001086110A (en) | Packet communication system for encrypted information | |
| CN105337728A (en) | Data encryption method and system | |
| CN112491532A (en) | Video data encryption method and device, storage medium and electronic equipment | |
| CN105429748A (en) | Data encryption method and system | |
| CN113055716A (en) | Video stream real-time encryption method and system | |
| US11057193B2 (en) | Enhanced randomness for digital systems | |
| CN101710964B (en) | Method for enciphering and deciphering MPEG2 transport stream packets | |
| CN1524362A (en) | Streamcipher information redundant in next packet of encrypted frame | |
| CN110730366A (en) | Bit operation-based lightweight video stream encryption and decryption method and encryption and decryption mechanism | |
| JP2000092044A (en) | Communication system | |
| CN113852456A (en) | Image encryption system based on Matlab chaotic mapping and feature extraction | |
| CN114827672B (en) | Transmission encryption method and device of HD-SDI interface |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210629 |