KR20180065183A - Embedded module for secure CCTV camera image encryption - Google Patents

Abstract

The present invention relates to a CCTV camera image security module. In addition, the present invention relates to a CCTV camera device which comprises: a photographing module for photographing an image; a hardware security module for generating an encryption key to be used for encryption on data of the image photographed by the photographing module; and an ARIA encryption module for performing ARIA encryption on the image data by using the encryption key generated by the hardware security module. Therefore, the security on the image data can be maintained by preventing hacking on the image data through the encryption module on CCTV camera image data.

Description

Embedded module for secure CCTV camera image encryption

The present invention relates to a CCTV camera image security module, and more particularly, to a CCTV camera image security module including a CCTV camera image security module implemented in the form of a hardware security module based on ARIA, ≪ / RTI >

Recently, a CCTV camera is connected to a client device that controls CCTV camera image data, and transmits photographed image data to the client device. In the case of transmitting the photographed image data, there is a risk of hacking and the like, and it is necessary to implement the CCTV camera surveillance function and to have an information protection function by encrypting the photographed image data.

Korean Patent "ARIA Cryptographic Device and Method (10-2012-0040954)"

A first object of the present invention is to provide a CCTV camera device including a CCTV camera image security module implemented in the form of a hardware security module based on aria.

A second object of the present invention is to provide a method of encrypting CCTV camera image data through a CCTV camera image security module implemented in the form of a hardware security module based on aria.

In order to solve the first problem, the present invention provides an image pickup apparatus, comprising: an image pickup module for picking up an image; A hardware security module for generating an encryption key to be used for encryption of image data photographed by the imaging module; And an ARIA encryption module for performing ARIA encryption on the image data using an encryption key generated by the hardware security module.

According to another embodiment of the present invention, the hardware security module may be a Trusted Platform Module or a Micro Controller Unit.

According to another embodiment of the present invention, the ariya encryption module generates a round key by expanding an encryption key generated by the hardware security module, performs encryption according to a round operation using the generated round key, And the rounding operation is performed through a permutation operation and a spreading operation.

According to another embodiment of the present invention, when the aria decryption is performed on the image data on which the ariA encryption has been performed, the image is not output or a noise image is output when the aria decryption key is not present. have.

According to another embodiment of the present invention, the CCTV camera device may further include a communication module for transmitting the aria-encrypted image data to the outside.

According to another aspect of the present invention, there is provided a method of encrypting CCTV camera image data, the method comprising: generating an encryption key to be used for encryption of image data captured by an imaging module; And performing an ARIA encryption on the image data using an encryption key generated by the hardware security module.

According to the present invention, hacking of the image data can be prevented through the encryption module for the CCTV camera image data, thereby securing the security of the image data.

1 is a block diagram of a CCTV camera apparatus according to an embodiment of the present invention.
FIG. 2 shows an actual implementation example of a CCTV camera image security encryption embedded module.
FIG. 3 shows the aria encryption and decryption process.
4 shows a process of encrypting and decrypting CCTV image data.
5 is a flowchart illustrating a method of encrypting CCTV image data according to an exemplary embodiment of the present invention.
6 is a flowchart of a method of encrypting CCTV image data according to another embodiment of the present invention.

Prior to the description of the concrete contents of the present invention, for the sake of understanding, the outline of the solution of the problem to be solved by the present invention or the core of the technical idea is first given.

In the CCTV camera apparatus according to an embodiment of the present invention, the CCTV camera apparatus may further include: an imaging module that captures an image; a hardware security module that generates an encryption key to be used for encryption of image data shot by the imaging module; And an ARIA encryption module for performing ARIA encryption on the image data using an encryption key.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. It will be apparent to those skilled in the art, however, that these examples are provided to further illustrate the present invention, and the scope of the present invention is not limited thereto.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other features and advantages of the present invention will become more apparent by describing in detail preferred embodiments thereof with reference to the attached drawings in which: It is possible to quote the above. In the following detailed description of the principles of operation of the preferred embodiments of the present invention, it is to be understood that the present invention is not limited to the details of the known functions and configurations, and other matters may be unnecessarily obscured, A detailed description thereof will be omitted.

1 is a block diagram of a CCTV camera apparatus according to an embodiment of the present invention.

The CCTV camera apparatus 100 according to an exemplary embodiment of the present invention may include the imaging module 110, the hardware security module 120, and the aria encryption module 130, and may further include the communication module 140 .

The imaging module 110 is a module composed of a CCTV camera for capturing an image.

The hardware security module 120 generates an encryption key to be used for encryption of the image data photographed by the imaging module 110. [

More specifically, the hardware security module 120 is a hardware module designed for encryption key protection, and is responsible for securely managing, processing, and storing the encryption key in the enhanced anti-fake device. It is a module that can be connected to a computer to utilize the security function, or it can be utilized and implemented in CCTV, smart phone, tablet computer, wearable device and security function. The hardware security module may be implemented as a trusted platform module (TPM) or a microcontroller unit (MCU). The trusted platform module is a module for recording a secure cryptographic processor capable of storing an encryption key in a computing environment, and can be implemented in a chip form. A microcontroller is a unit in which a microprocessor and an input / output module are made of a single chip and perform predetermined functions. It is designed for an embedded application and is widely used in an embedded system. The hardware security module 120 is implemented in the form of a trusted platform module or a microcontroller chip, and is installed inside the CCTV and used for encryption of image data.

The hardware security module 120 generates an encryption key for performing encryption on the image data. The encryption key generated by the hardware security module 120 is used for encryption in the aria encryption module 130, as shown in FIG.

The ARIA encryption module 130 performs ARIA encryption on the image data using the encryption key generated by the hardware security module 120. [

More specifically, the Academia (Research Institute, Agency, ARIA) encryption is a standard specified by the Ministry of Knowledge Economy (KS) in 2004 under the National Standard Basic Law and uses a variable- Block cipher algorithm that encrypts and decrypts data in units of units, which is advantageous for large-capacity data encryption / decryption. Aria encryption has the following characteristics.

 #. Standard number: KS X 1213: 2004

 #. Division: X-Information Industry <Information Technology (IT) Application

 #. Standard name: 128 bit block encryption algorithm ARIA

 (128 bit block encryption algorithm ARIA)

 #. History: Established December 30, 2004

 #. Block size: 128 bits

 #. Key size: 128/192/256 bits (same as AES)

 #. Overall structure: Involutional Substitution-Permutation Network

 #. Number of rounds: 12/14/16 (depends on key size)

As a general purpose block cipher algorithm with involutional SPN structure optimized for lightweight environment and hardware implementation, the main characteristics of ARIA are as follows. In order to protect secret communication and important data, The algorithm that performs encryption and decryption separately is called a block cipher algorithm. Most of the operations used by ARIA consist of simple byte operations such as XOR. In order to protect video communication and important data, the algorithm that encrypts and decrypts a message by block using a shared key among users is called a block cipher algorithm. The speed of the block cipher algorithm is very efficient because it is very fast compared to other cipher algorithms. AIRA is a typical block cipher algorithm together with SEED and HIGHT. Block ciphers are divided into Feistel structure and SPN structure. The advantage of Feistel structure is that it can be decrypted using an encryption machine without implementing a separate decoder . Conversely, the SPN architecture requires a separate decoder to decrypt the cipher. However, the Involutional SPN structure is a block cipher with a special structure that does not need a separate decoder even though it is an SPN. The encryption order of the general SPN cipher algorithm consists of plaintext-substitution layer-spreading layer-cipher text, and the decoding order is reverse cipher text-inverse spreading layer-inverse replacement layer-plain text. However, in each round function of the aria, the permutation layers are different from each other in the even and odd rounds, and the inverse of the permutation layers of the even-numbered rounds is an odd-round permutation layer. In addition, the inverse of the matrix of the spreading layer is the structure itself. Because of this structure, aria encryption does not require a separate decoder.

The ariya encryption module 130 generates a round key through expansion of the encryption key generated in the hardware security module and performs encryption according to the round operation using the generated round key, Is performed by spreading operation.

Aria encryption can select an encryption key according to the degree of difficulty of a cipher. Round operations are performed 12, 14, and 16 times according to the length of a key. The round key required for the round operation is generated by key expansion from the encryption key. Encryption is performed on a 128-bit data block through a round operation.

Key expansion consists of key initialization and round key generation. The key initialization process is initialized by filling the KL with the encryption key when the length of the encryption key is 128 bits, and filling the KR with 0. The round key generation process combines four 12 bits W0,1,2,3 to generate an encryption round key and a decryption round key.

The rounding operation of the aria is composed of three parts: round key addition, substitution operation, and diffusion operation. Round operations are based on odd rounds and even rounds, and other types of replacement operations are used. In the last round, the diff operation is replaced by round key addition. Round key addition performs bitwise XOR on the 128-bit round key and 128 round-input bits. The substitution operation consists of S-boxes S1 and S2 with 8-bit input and output and its inverse substitution. It is used alternately in odd rounds and even rounds to make the involution structure. The spreading operation uses a 16 x 16 Involution binary matrix. The diffusion operation outputs 16 bytes as a result of matrix multiplication in byte units for 16 input bytes.

When the aria decryption key is absent in the aria decryption on the aria-encrypted image data, the image is not output or a noise image is output. The aria decryption key is stored in a device having authority to receive and confirm the CCTV camera image data, and decryption of the aria-encrypted image data is performed using the aria decryption key. However, if there is no ARI decryption key, the image can not be recovered, and the image may not be output, or a noise image may be output.

The hardware security module based on the Aria encryption can be implemented in the form of an actual chip as shown in FIG. 2 and can be installed in a CCTV camera.

The communication module 140 transmits the ariya-encrypted image data to the outside. Various communication methods such as general wireless communication or TCP / IP method can be used as a communication method with the outside.

FIG. 4 shows a process of encrypting and decrypting CCTV image data. In the CCTV camera, ARIA encryption is performed using an encryption key generated in the TPM image module. For ARIA-encrypted image data, the CCTV image is recovered through ARIA decryption and the CCTV image is output. However, when the ARIA encryption is not performed or the decryption key is not present, it is determined that a hacking or an error has occurred and the CCTV camera operation is stopped. If decoding is not performed, no image is output or a noise image can be output.

FIG. 5 is a flowchart illustrating a method of encrypting CCTV image data according to an exemplary embodiment of the present invention, and FIG. 6 is a flowchart illustrating a method of encrypting CCTV image data according to an exemplary embodiment of the present invention. 5 to 6 correspond to the detailed description of the CCTV camera of FIGS. 1 to 4, and a repeated description will be omitted.

Step 510 is a step in which the hardware security module generates an encryption key to be used for encryption of the image data photographed by the imaging module. The hardware security module may be implemented as a trusted platform module or a microcontroller unit.

In operation 520, the ARIA encryption module performs ARIA encryption on the image data using the encryption key generated by the hardware security module.

The step of performing the ariA encryption includes generating a round key by expanding the encryption key generated by the hardware security module, and performing a round operation by performing a substitution operation and a diffusion operation for each round using the generated round key 620 &lt; / RTI &gt;

Embodiments of the present invention may be implemented in the form of program instructions that can be executed on various computer means and recorded on a computer readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

As described above, the present invention has been described with reference to particular embodiments, such as specific elements, and specific embodiments and drawings. However, it should be understood that the present invention is not limited to the above- And various modifications and changes may be made thereto by those skilled in the art to which the present invention pertains.

Accordingly, the spirit of the present invention should not be construed as being limited to the embodiments described, and all of the equivalents or equivalents of the claims, as well as the following claims, belong to the scope of the present invention .

100: CCTV camera
110: image pickup module
120: Hardware security module
130: Arya encryption module
140: Communication module

Claims (9)

An imaging module for photographing an image;
A hardware security module for generating an encryption key to be used for encryption of image data photographed by the imaging module; And
And an ARIA encryption module for performing ARIA encryption on the image data using an encryption key generated by the hardware security module. The method according to claim 1,
The hardware security module comprising:
A Trusted Platform Module or a Micro Controller Unit (CCU). The method according to claim 1,
Wherein the aria encryption module comprises:
Generates a round key by expanding the encryption key generated by the hardware security module, performs encryption according to the round operation using the generated round key,
Wherein each round operation is performed through a permutation operation and a spread operation. The method according to claim 1,
Wherein when the aria decryption is performed on the aria-encrypted image data, if the aria decryption key is not present, the image is not output or a noise image is output. The method according to claim 1,
And a communication module for transmitting the ariya-encrypted image data to the outside. A method of encrypting CCTV camera image data,
A hardware security module generating an encryption key to be used for encryption of image data photographed by the imaging module; And
And performing an ARIA encryption on the image data using an encryption key generated by the hardware security module. The method according to claim 6,
The hardware security module comprising:
A Trusted Platform Module or a Micro Controller Unit. The method according to claim 6,
Wherein the performing the ariya encryption comprises:
Generating a round key by extending an encryption key generated by the hardware security module; And
And performing a round operation through a substitution operation and a spreading operation for each round using the generated round key. A computer-readable recording medium storing a program for causing a computer to execute the method according to any one of claims 6 to 8.

Images