CN105791853B - H.264 a kind of embedded video Development of Chaotic Secure Communication Method encrypted after coding - Google Patents

Abstract

The invention discloses the embedded video Development of Chaotic Secure Communication Method encrypted after a kind of H.264 coding, comprise the following steps：S1, in transmitting terminal, video data is carried out H.264 hardware encoding, chaos stream cipher encrypting, the Chaotic Scrambling encryption of location of pixels, network send, wide area network transmission；S2, in receiving terminal, enciphered video data is received by network, the chaos for completing location of pixels inverts disorderly decryption and chaos stream cipher decryption, under conditions of cipher key match, realize that H.264 hardware decodes, under key mismatch condition, H.264 stop the communication between transmitting terminal and receiving terminal after hardware decoding failure.This method is provided with chaos stream cipher encrypting and chaos position scrambling encryption this two re-encryption, two re-encryptions do not destroy the correlation of original video after H.264 coding compression, improve the efficiency of coding, reduce the redundancy of data, encryption system real-time and safe.

Description

An embedded video chaos security communication method encrypted after H.264 encoding

technical field

The invention relates to video security communication technology in multimedia communication, in particular to an embedded video chaos security communication method encrypted after H.264 encoding.

Background technique

In video chaotic secure communication, there are currently two chaotic encryption methods widely used by people:

The first way is to encrypt first and then perform H.264 or HEVC encoding and compression. The characteristic of this encryption method is that it is more convenient to deal with at the technical level, but it has the following shortcomings:

1. After chaotic encryption, the correlation of the original video is disrupted, resulting in a greatly reduced encoding and compression efficiency of H.264, and the amount of encoded video data is large. Whether H.264 hardware encoding or software encoding is used, the encrypted video The transmission rate via Ethernet is not high enough; the image data volume in RGB format is much larger than the I frame or P frame data volume after H.264 compression. 264 compression to the order of KB. The amount of encrypted data is large, and the encryption takes a long time;

2. The encoding efficiency is low. The H.264 encoder relies on image spatial correlation to compress to obtain I frames, and relies on inter-frame temporal correlation to compress to obtain P frames. However, the spatial-temporal correlation of the encrypted RGB image pixels is disrupted, which seriously affects the efficiency of the encoder, which is reflected in the greatly reduced encoding compression rate;

3. Low transmission efficiency. The low compression efficiency of H.264 leads to a large amount of data in the H.264 video signal. When the network transmission bandwidth is constant, the transmission frame rate decreases;

4. Only the encryption method of position scrambling can be used, and the size of video pixels cannot be encrypted. Otherwise, due to the quantization in H.264, the receiving end will not be able to decrypt correctly even if the key matches. The original video is only encrypted by position scrambling, which has poor statistical properties and low security performance.

The second method is selective chaotic encryption based on H.264 software encoding compression, which specifically refers to stream cipher encryption for some variables in the H.264 encoding process, including encrypted intra-frame prediction mode and inter-frame motion vector residual , the quantization parameter residual, the DCT coefficient sign, and the DC component of the residual data. This scheme only encrypts a small number of variables in the encoding process, the amount of encrypted data is small, and the encoding format is not damaged. Therefore, the advantage is to maintain the compatibility of the H.264 video format, and at the same time, the compression efficiency of the encoder and the encoding time have little impact. But its disadvantages are:

1. Poor encryption effect. The encrypted image is mosaic-like rather than snowflake-like, and the human eye can occasionally recognize some scenes in the video;

2. Low operating efficiency. H.264 has two forms of software encoding and decoding and hardware encoding and decoding. Software encoding and decoding is obtained by compiling open source code, and the CPU is responsible for encoding and decoding functions; hardware encoding and decoding is fixed in the chip through the form of a dedicated circuit, and the hardware circuit is responsible for encoding and decoding. Function. The execution speed of software is much lower than that of hardware, so the operating efficiency is low. The selective encryption scheme can only transplant the encryption algorithm based on the H.264 encoding and decoding open source code, but not based on the hardware encoding and decoding circuit. Therefore, this scheme can not use the hardware resources in the chip, and the encoding operation efficiency is low.

3. The design is difficult. The H.264 encoding process is complicated, with many variables and branches. It is quite difficult to accurately encrypt the corresponding variables and decrypt them accurately;

4. At present, mobile phones and other mobile terminals mainly use H.264 hardware encoding and compression, but it is still difficult to complete selective chaotic encryption on the basis of H.264 hardware encoding. .

In order to fundamentally improve and increase the transmission rate of the chaotic encrypted video signal through Ethernet, the present invention intends to propose an embedded video chaotic secure communication method encrypted after H.264 encoding. On the ARMLinux embedded real-time video communication system, the The video data stream after H.264 encoding and compression is double-encrypted by chaotic self-synchronized stream cipher encryption and chaotic map position scrambling encryption, which combines the characteristics of stream cipher encryption, scrambling encryption and H.264 video stream. Encrypting the H.264 video stream has the following difficulties:

1. The data size of each frame of video stream after H.264 compression is variable, so it is difficult to use a set of scrambling parameters for scrambling encryption, but it is impossible to use countless sets of scrambling parameters for encryption;

2. The size of each frame of H.264 video stream must meet the requirements of extending into a regular m×n order matrix in units of 3 bytes, so as to meet the conditions of scrambling and encryption, and the video stream obtained by H.264 compression The length cannot be guaranteed to meet this requirement;

3. Stream cipher encryption will destroy part of the data in the H.264 video stream during the self-synchronization process. Because of the strict syntax of H.264, even one bit of data damage will cause decoding failure and interrupt the normal video communication.

On the ARMLinux embedded real-time video communication system, the video data stream after H.264 encoding and compression is double-encrypted with chaotic self-synchronized stream cipher encryption and chaotic cat mapping position scrambling encryption. The key issues that must be solved are:

1. Solve the problem of variable size of H.264 video stream with only a limited number of scrambling parameters and a limited number of memory blocks corresponding to the scrambling parameters;

2. Construct each frame of H.264 video stream as a specific length to meet the conditions of scrambling encrypted m×n order matrix;

3. Construct additional protection data for the H.264 video stream to prevent valid data from being destroyed.

Judging from the currently published patent literature, there are mainly several situations in the video chaos security communication system: algorithm research based on matlab, experimental verification on the PC platform based on the Windows operating system, and integration of chaotic encryption modules into a larger system based on FPGA chips. In the secure communication system, and the embedded method based on ARM running Linux operating system realizes video secure communication. Among them, the method of implementing a chaotic secure communication system based on embedded ARMLinux is usually to encrypt first and then encode, rather than first encode and then encrypt. There are security and efficiency deficiencies in encrypting first and then encoding.

Contents of the invention

In order to fundamentally improve the transmission rate of the chaotic encrypted video signal through the Ethernet, the present invention adopts an embedded video chaotic secure communication method encrypted after H.264 encoding, which is provided with chaotic stream cipher encryption and chaotic position scrambling Encrypt these two encryptions, the two encryptions are all after H.264 encoding and compression, without destroying the correlation of the original video, improving the efficiency of encoding, reducing the redundancy of data, and the encryption system has high real-time and security.

The present invention adopts following technical scheme to realize: H.264 encoded post-encrypted embedded video chaos security communication method, comprising the following steps: S1, at the sending end, video data is carried out H.264 hardware encoding, chaotic stream cipher encryption, pixel Chaotic scrambling encryption of positions, network transmission, and wide area network transmission; S2. At the receiving end, receive encrypted video data through the network, and complete the chaotic anti-scrambling decryption of pixel positions and the decryption of chaotic stream ciphers. Under the condition of key matching, realize H.264 hardware decoding, under the condition of key mismatch, stop the communication between the sending end and the receiving end after the H.264 hardware decoding fails.

Preferably, the encryption of the chaotic stream cipher described in step S1 is: adding a protection byte of all 0s in front of the video data.

Preferably, the chaos scrambling encryption described in step S1 is: according to the size of the I frame and the P frame of the video data output after the H.264 hardware encoding, three different memory capacity allocation methods are respectively adopted, and the method of supplementing 0 is adopted The number of bytes of video data is expanded to 3×m×n, which meets the number of bytes required by chaos scrambling and anti-scrambling. Wherein, the three different memory capacities are determined according to the largest I frame and the smallest P frame of video data.

Preferably, step S1 also includes the following steps before carrying out H.264 hardware encoding to video data: the JPEG decoding of camera capture video, video image, the conversion of RGB format to YUV420 format; Step S2 also includes after realizing H.264 hardware decoding The method comprises the following steps: converting the YUV420 format into an RGB format, and displaying the decrypted video.

It can be seen from the above that in the technical solution of the present invention, the designed double encryption is encrypted after the H.264 code compression, not before. At the sending end, the operation mode of four cores and four threads is adopted, and the order of H.264 hardware encoding is performed first, and then chaotic encryption is performed. The order of H.264 hardware decoding does not destroy the correlation of the original video, improves H.264 encoding efficiency, reduces encoding time and the amount of encoded video data, reduces redundancy, increases the unique solution distance, and improves the real-time performance of the entire system sex and safety. Compared with the prior art, the present invention has the following advantages and beneficial effects:

1. Improve encryption security;

Analyze the first advantage from increasing the unique solution distance: According to the formula U=H/R, where U represents the unique solution distance, H represents the key entropy value, and R represents the data redundancy. Under certain conditions of H, the smaller R is, the larger U is, and the secrecy is better. Because the amount of H.264 video signal data is smaller than that of RGB format, when the H.264 video stream is encoded and compressed, the redundancy R is greatly reduced compared with the original video data, so encryption after encoding is more secure than encryption before encoding . In addition, the H.264 compressed video signal has strict syntax, and one bit of data corruption will cause the decoder to fail to decode and exit the application program, resulting in the termination of video communication. Therefore, if the decryption process cannot be decrypted strictly and accurately, it will not work normally. Show video.

2. Improve encryption efficiency and operating efficiency;

Analyze the advantages of the second point from the size of data before and after H.264 encoding: the image size of the previous frame before encoding is on the order of MB, while the size of the encoded H.264 video stream is on the order of KB or even smaller. The front data is smaller and the encryption speed is faster.

Because the data volume of the encrypted compressed video signal reaches the minimum, the encryption operation takes less time; the H.264 codec is implemented in the form of a hardware circuit, and the execution speed is fast; the data volume of a compressed video signal is small, and the frame rate sent by the network is high. .

3. Maintain the original video coding efficiency.

Analyze the third advantage from the temporal-spatial correlation of images: the encryption scheme after H.264 encoding does not affect the encoding operation at all, and maintains the encoding efficiency of H.264, while the encryption before H.264 encoding disrupts the temporal-spatial relationship. Correlation seriously reduces the coding efficiency of H.264.

Description of drawings

Fig. 1 is a kind of H.264 coded post-encryption embedded video chaos secret communication method hardware realization general block diagram of the present invention;

Fig. 2 is the implementation block diagram of two-level chaotic encryption at the sending end in Fig. 1;

Fig. 3 is the realization block diagram of two-stage chaotic decryption at the receiving end in Fig. 1;

Fig. 4 is the working principle block diagram of multi-core multi-thread in Fig. 1;

Fig. 5 is a working principle block diagram of the multi-core multi-thread synchronization mechanism in Fig. 1;

FIG. 6 is a block diagram of four cores and four threads at the sending end in FIG. 1;

FIG. 7 is a block diagram of the implementation of two cores and two threads at the receiving end in FIG. 1;

detailed description

The present invention will be further described in detail below with reference to the embodiments and the accompanying drawings, but the embodiments of the present invention are not limited thereto.

Example

Referring to Fig. 1, the method of the present invention comprises the following steps: camera captures video, JPEG decoding of video images, conversion of RGB format to YUV420 format, H.264 hardware encoding, chaotic stream cipher encryption, chaotic scrambling encryption of pixel positions, network transmission , WAN transmission, network reception, chaotic anti-scrambling decryption of pixel position, chaotic stream cipher decryption, successful decoding of H.264 hardware under key matching conditions, conversion from YUV420 format to RGB format, decrypted video display, key Under the condition of mismatch, the communication between the sending end and the receiving end stops after the H.264 hardware decoding fails, and the original video signal cannot be decrypted.

1. At the sending end, the operation mode of four cores and four threads is adopted, and the sequence of H.264 hardware encoding and chaotic encryption is followed. The specific operation steps at the sending end are: the camera captures the video, decodes the JPEG of the video image to obtain the RGB format, converts from the RGB format to the YUV420 format, completes H.264 hardware encoding, and then performs chaotic stream cipher encryption and chaotic scrambling of pixel positions Encryption, encrypted video is sent over the network and transmitted over the WAN.

As shown in Figure 6, the four threads at the sending end execute the following process cyclically: thread 1 cyclically collects JPEG images, thread 2 reads JPEG images and decompresses them into RGB images; thread 3 reads RGB images and displays them on the LCD display; thread 4 reads RGB After the image is converted, H.264 encoding and compression is performed, stream cipher encryption is performed on the H.264 video stream, position scrambling is encrypted, and double-encrypted data is sent. The process of two-level chaotic encryption is shown in Figure 2.

The first level of encryption is chaotic stream cipher encryption, which adds 20 all-0 protection bytes in front of the H.264 video data, and realizes the chaotic stream cipher at the sending end under the condition that the initial values of the sending end and the receiving end are different but the keys match. Accurate synchronization between the encryption of video data and the decryption of video data by chaotic stream cipher at the receiving end, restore the correct format of H.264 before chaotic encryption at the receiving end, complete the decoding of H.264 and correctly decrypt the original video signal; under the condition that the initial values of the sending end and the receiving end are different and the keys do not match, it is impossible to realize the precise synchronization between the encryption of the video data by the chaotic stream cipher on the sending end and the decryption of the video data by the chaotic stream cipher on the receiving end. , the receiving end cannot recover the correct format of H.264 before the chaotic encryption, cannot complete the decoding of H.264, and the receiving end cannot decrypt the original video signal; add 20 all-0 protection bytes in front of the H.264 video data to Ensure that after encryption and decryption of the chaotic stream cipher, all the correct formats of H.264 can be correctly restored. Since the syntax of H.264 is very strict, any bit of data damage will cause the decoding of H.264 to fail, thereby interrupting Normal communication between sender and receiver.

The second level encryption scrambles the chaotic position of the video data. According to the size of the I frame and P frame output by H.264, three memory allocations with a memory capacity of 24300 bytes, 10800 bytes and 2400 bytes are used respectively. Method: In view of the different size of each frame of video data after H.264 compression, the number of bytes is expanded by adding 0, and the number of bytes is expanded to 3×m×n, which meets the requirements of chaotic position scrambling and anti-scrambling The number of bytes required; according to the size of the I frame and P frame output by H.264, three different memory capacities can be used to significantly reduce the time of chaotic encryption and decryption, and the transmission rate of chaotic encrypted video signals via Ethernet can reach every 27 frames per second.

2. At the receiving end, the operation mode of two cores and two threads is adopted, and the order of H.264 hardware decoding is followed by chaotic decryption. When the initial values of the receiving end and the sending end are different but the keys match, the decoding process of H.264 is completed at the receiving end and the original video signal is correctly decrypted; when the initial values of the receiving end and the sending end are different and the keys do not match, the receiving end The decoding process of H.264 at the end cannot be completed, and a decoding failure signal is sent and the normal communication between the sending end and the receiving end is interrupted, and the receiving end cannot decrypt the original video signal. The process of two-stage chaotic decryption at the receiving end is shown in Figure 3.

The specific operation steps of the receiving end are as follows: the network receives encrypted video, completes the decryption of chaotic anti-scrambling at the pixel position and the decryption of chaotic stream cipher, and realizes the successful decoding of H.264 hardware under the condition of key matching, and converts the YUV420 format into RGB The format and the decrypted video show that the communication between the sending end and the receiving end stops after the H.264 hardware decoding fails under the key mismatch condition, and the original video signal cannot be decrypted.

As shown in Figure 7, the two threads at the receiving end execute the following process cyclically: Thread 1 cyclically receives the variable value representing the size of the H.264 video stream and the double-encrypted H.264 video stream data; performs position scrambling and decryption, and stream cipher decryption. H.264 decodes and decompresses, and converts the format to RGB format; thread 2 reads the data in RGB format and displays it on the LCD display.

The ARMLinux embedded real-time video communication system is divided into a sending end development board and a receiving end development board. The present invention selects two embedded development boards with four ARM cores and H.264 encoding and decoding hardware acceleration engine chips as the sending end and the receiving end development board. The two ends are respectively connected to the LCD display through the VGA interface, and the two ends and the PC are connected to the LAN interface of the router through the Ethernet interface RJ45. The assigned IP addresses are: 192.168.1.100, 192.168.1.101 and 192.168.1.102 to form a LAN connection. Connect the USB camera to the sending end. The sending end and the receiving end are connected to the router through Ethernet, and the double-encrypted video stream data is transmitted through the TCP/IP protocol.

Set up a software development environment. Install the VMware10 virtual machine on the PC, install the Ubuntu12.04 PC version of the Linux operating system, and install the ARM-Linux-gcc compiler provided by the development board manufacturer for cross-compilation. The development boards at both ends run the Linux operating system provided by the manufacturer, establish an NFS connection between the development board and the PC, and mount the directory of the application program on the PC to the /mnt directory on the development board. Establish an SSH connection between the PC and the development boards at both ends, and the PC can remotely log in to control the development board through Ethernet.

Determine the memory size encrypted by the stream cipher: the memory block encrypted by the stream cipher is used to store compressed video signal data (I frame and P frame), and it is required to be slightly larger than the I frame, so the design of the memory is 30KB. Each frame of H.264 video stream data output by the H.264 encoder is stored in bytes from the address 0x0015 (address 21Byte) of the first 30KB memory block, 0x0000～0x0014 memory space and 0xyyyy～ The unfilled memory space of 0x7800 is supplemented with 0x00 bytes by default, among which 0x0015~0xyyyy is the effective data space of H.264 video stream, and the address of 0xyyyy changes with the effective data size of H.264 video stream. The 30K memory reserves the first 20 protection bytes to prevent the H.264 compressed video data from being destroyed during the self-synchronization process, resulting in the decoder being unable to correctly decode the H.264 compressed video signal. 10 iterations of the equation can restore synchronization, so 20 protection bytes are reserved for encryption and decryption in the self-synchronization process, and the H.264 compressed video signal data after the 21st byte can be encrypted and decrypted in a synchronized state. Decryption, thus ensuring that the data is not corrupted.

The process of stream cipher encryption and decryption is as follows: the encryption equation of the stream cipher at the sending end is

In the formula

Among them, X, Y, and Z are system state variables, a _ij (i, j=1, 2, 3) are key parameters, variable X takes an integer and obtains a byte variable x according to mod (256), and the equation is iterated once, x is updated once. O is the encrypted variable of the feedback. Take a byte from address 0x0000 of the 30KB stream cipher encrypted memory 1 and XOR with x, and the operation result O is stored in 0x0000 of the 30KB stream cipher encrypted memory 2, and fed back to the equation to participate in the next iteration; then fetch the 30KB stream One byte of address 0x0001 of password encrypted memory 1 is bitwise XORed with the updated x, and the operation result O is stored in 0x0001 of 30KB stream cipher encrypted memory 2, and the operation is performed in turn according to the address until the calculation of address 0xyyyy is completed, and after 0xyyyy The data does not need to participate in the XOR operation.

The structure of the stream cipher decryption equation at the receiving end is the same as the parameter size and the encryption equation. Decryption is the inverse process of encryption, which is similar to encryption. The variable X is an integer and mod (256) to obtain a variable x of one byte. The equation is iterated once, and x is updated. once. Take a byte from the 0x0000 address of the 30KB stream cipher decryption memory 1 and XOR it with x, and store the operation result O in the 0x0000 of the 30KB stream cipher decryption memory 2, and feed it back to the equation to participate in the next iteration; then take the 30KB stream One byte of the 0x0001 address of the password decryption memory 1 is bitwise XORed with the updated x, and the operation result O is stored in the 0x0001 of the 30KB stream cipher decryption memory 2, and the above operation process is repeated in order of addresses until the 30KB memory Address 0xyyyy until the operation is completed. The last 30KB memory space 0x0000~0xyyyy saves the original video data, among which 0x0000~0x0014 saves a byte 00 value, and 0x0015~0xyyyy saves the original unencrypted H.264 video stream data. Finally, the 20 bytes before the H.264 data and all the bytes after the H.264 data are removed, and the rest is all H.264 compressed data, which is sent to H.264 decoding.

Determine the size of scrambling and anti-scrambling memory 1 to 3 according to the largest I frame and the smallest P frame: According to different real-time video encoding methods, H.264 compressed video signals are divided into IDR frames, I frames and P frames. The coding essence of IDR frame is the same as that of I frame, and eliminates image space redundancy through intra-frame prediction; P frame eliminates image temporal redundancy through inter-frame prediction. The compression rate of the I frame is much smaller than that of the P frame, so the I frame must be larger than the P frame.

The encoding output mode can be set to each I frame followed by several P frames, or it can be set to judge the severity of the scene change to output I frames or P frames. The present invention adopts the former, and is set as an output mode in which every I frame is followed by 9 P frames. Save the H.264 compressed video data as an H264 file, analyze the H264 file with the help of Elecardstreameyetools software, and verify the output results of the settings.

Find out the maximum I frame and the minimum P frame under the VGA video format (image length and width 640×480) through experiments. Factors that affect the size of compressed video data, in addition to the parameter settings of the encoder, also include the light and shade of the shooting scene, the complexity of the scene, and the intensity of object movement. Under the VGA format and the default setting of the encoder, dimming the light, enriching the content of the scene, and intensifying the movement of the object can increase the data volume of each frame of compressed video data. Conversely, brightening the light, reducing scene detail, and keeping objects still reduces the amount of data per frame of compressed video. Every time the application calls the API function of the H.264 encoder to encode a frame of image, a function return value is obtained, representing the size of a frame of compressed video signal data. By changing the experimental conditions and comparing the returned values, the size of the largest I frame and the smallest P frame can be obtained.

The scrambling encryption memory is used to store the valid data encrypted by the stream cipher, and perform scrambling encryption on these valid data. The memory size must meet the first condition: the entire memory space can just be extended into an m×n order matrix in units of 3 bytes. In the first condition, the size and number of scrambled encrypted memory are selected according to the largest I-frame and P-frame.

In order not to overflow when storing the largest I frame, the largest scrambled encrypted memory block must be larger than the I frame, because the unfilled scrambled encrypted memory block space is all filled with 0x00, 0x00 is redundant data, in order to reduce redundant data , under the condition that it is larger than the I frame and can be extended to an m×n order matrix, the memory space should be reduced as much as possible. Continue to design the scrambled encrypted memory block for storing P frames with the same principle.

The larger the number of memory blocks, the finer the level, the better the size of the memory block and the P frame match, the redundant data is reduced, and the efficiency of scrambling and encryption processing is improved, but each frame of P frame is stored in the most matching size The number of memory block judgments increases, which affects operating performance; on the contrary, the fewer the number of memory blocks, the more extensive the level, the worse the matching between memory blocks and P frames, the increase of redundant data, and the reduction of scrambling encryption processing efficiency, but each frame P The number of judgments to save the frame to the memory block with the most matching size is reduced, and the running performance is improved.

The quantity of memory block is selected according to specific circumstances, and the present invention selects 3 memory blocks, and the largest memory block is used to deposit I frame, is slightly larger than I frame under meeting primary condition, is 24300 bytes, and other two memory blocks are by gradient Decrement, used to store P frames, respectively 10800 bytes and 4800 bytes.

Chaotic scrambling and anti-scrambling: according to the size of the image, open up 3 memories for scrambling encryption and anti-scrambling decryption. 3. Three memory sizes are required to decrease in gradient, and the memory space is required to be in units of 3 bytes, which can be extended to a regular m×n order matrix. Chaotic mapping equations using positional scrambling and anti-scrambling:

Three sets of scrambling encryption parameters b ₁₁ , b ₁₂ , b ₂₁ , b ₂₂ are calculated. For the scrambling and anti-scrambling memory 1 with 24300 bytes, extend it into a 90×90 order matrix in units of 3 bytes, and the encryption parameters are 89, 75, 70, 59; for the scrambling with 10800 bytes And anti-scrambling memory 2, also extended to 60×60 order matrix in units of 3 bytes, encryption parameters are 48, 35, 37, 27; for scrambling and anti-scrambling memory 3 with 4800 bytes, the same It is extended into a matrix of order 40×40 in units of 3 bytes, and the encryption parameters are 24, 11, 37, and 17.

At the sending end, the 30KB stream cipher encrypted memory 2 stores the effective encrypted data encrypted by the stream cipher from 0x0000 to 0xyyyy. The effective encrypted data is compared with the scrambled memory 1, scrambled memory 2, and scrambled memory 3. The effective encrypted data If the size is in the range of 24300 bytes to 10800 bytes, connect the switch K1 and K2 to 1 through software control, and store the data in the scrambling memory 1; if it is in the range of 10800 bytes to 4800 bytes, control it through software Connect the switch K1 and K2 to 2, and store the data in the scrambling memory 2; if it is within the range of 4800 bytes to 0 bytes, connect the switch K1 and K2 to 3 through software control, and store the data in the scrambling memory In 3, the remaining space in the scrambled memory is defaulted to zero, and finally the double-encrypted data is sent over the network and transmitted via Ethernet. At the receiving end, the descrambling of the pixel position is descrambled in the same manner, and details will not be described here.

The principle of multi-core multi-threading and its synchronization mechanism: the essence of multi-core multi-threading is to divide the application program into multiple relatively independent small tasks, each of which is assigned to a core processor for processing, and the serial processing originally performed by a core processor The executed application program is designed to process multiple small tasks in parallel by multiple core processors, so as to improve the execution speed of the system. The block diagram of the execution principle of the thread is shown in Figure 4. The specific implementation of the thread synchronization mechanism in Figure 5 is divided into the following four steps:

(1) After thread 2 reads a frame of JPEG image, it calls the pthread_cond_wait function, unlocks the memory, and waits for the condition variable of thread 1;

(2) Thread 1 in the blocked state is ready, calls the pthread_mutex_lock function to lock the memory, and writes the JPEG image to the memory;

(3) After thread 1 writes the JPEG data to the memory, it calls the pthread_cond_broadcast function to send the condition variable, and calls the pthread_mutex_unlock function to unlock the memory;

(4) Thread 2 automatically locks the memory after receiving the condition variable, and reads the JPEG image in the memory. After reading the data, enter the first step again, call the pthread_cond_wait function, unlock the memory, and realize the data synchronization operation between threads in this way.

The specific implementation process of four cores and four threads at the sending end and two cores and two threads at the receiving end: the function of multithreading under the Linux system is mainly to parallelize serial processing tasks to improve the speed of system processing tasks. In order to make the system display frame rate up to 25fps (FramePerSecond), the running time of each thread is within 40ms.

The system processing process at the sending end includes the following tasks: JPEG image acquisition, JPEG image decompression into RGB format, RGB format image for LCD display, RGB image conversion into NV12 format, NV12 format image for H.264 encoding, after encoding is completed Double encryption with chaotic stream cipher and position scrambling, then send via TCP. The present invention uses four threads to process the above task content, each thread is bound to a CPU core on the development board, and each part is divided into four threads according to the measured running time of each part. Thread 1 includes the collection of JPEG images; thread 2 includes decompressing JPEG images into RGB format; thread 3 includes displaying RGB original images; thread 4 includes converting RGB format images into NV12 format, performing H.264 encoding, encryption and TCP transmission. The data sharing between threads is controlled by mutual exclusion locks and condition variables provided by the Linux operating system. Mutex 1 and condition variable 1 are used for sharing JPEG image data between threads 1 and 2; mutex 2 and condition variable 2 are used for sharing RGB image data between threads 2 and 3; mutex 3 And condition variable 3 is used for the sharing of RGB image data between thread 2 and thread 4.

The system processing process at the receiving end includes the following tasks: TCP data reception, position anti-scrambling and chaotic stream cipher decryption, H.264 decoding to obtain NV12 format images, NV12 images are converted to RGB format, and RGB images are used for LCD display. The present invention uses two threads to process the above task content, each thread is bound to a CPU core on the development board, and each part is divided into two threads according to the measured running time of each part. Thread 1 includes TCP data reception, decryption, H.264 decoding and conversion of NV12 image to RGB image; thread 2 includes display of RGB image. Use mutex 1 and condition variable 1 to control the sharing of RGB image data between thread 1 and thread 2.

The above task division ensures that the average running time of each thread is the shortest, and the waiting time for each other is the shortest, so that the video display can reach a relatively high frame rate.

The above description is only a preferred embodiment of the present invention, which certainly cannot limit the scope of protection of the claims of the present invention. It should be pointed out that for those skilled in the art, the technical solutions of the present invention can be modified or equivalently replaced , do not depart from the scope of protection of the claims of the present invention.

Claims (8)

1. a kind of H.264 coded post-encrypted embedded video chaos security communication method, it is characterized in that, may further comprise the steps: S1. At the sending end, H.264 hardware encoding, chaotic stream cipher encryption, chaotic scrambling encryption of pixel positions, network transmission and wide area network transmission are performed on the video data; Wherein, the encryption equation of the chaotic stream cipher is: <mfenced open = "{" close = ""><mtable><mtr><mtd><mrow><mi>X</mi><mrow><mo>(</mo><mi>k</mi><mo>+</mo><mn>1</mn><mo>)</mo></mrow><mo>=</mo><msub><mi>a</mi><mn>11</mn></msub><mi>X</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow><mo>+</mo><msub><mi>a</mi><mn>12</mn></msub><mi>Y</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow><mo>+</mo><msub><mi>a</mi><mn>13</mn></msub><mi>Z</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow></mrow></mtd></mtr><mtr><mtd><mrow><mi>Y</mi><mrow><mo>(</mo><mi>k</mi><mo>+</mo><mn>1</mn><mo>)</mo></mrow><mo>=</mo><msub><mi>a</mi><mn>21</mn></msub><mi>O</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow><mo>+</mo><msub><mi>a</mi><mn>22</mn></msub><mi>Y</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow><mo>+</mo><msub><mi>a</mi><mn>23</mn></msub><mi>Z</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow></mrow></mtd></mtr><mtr><mtd><mrow><mi>Z</mi><mrow><mo>(</mo><mi>k</mi><mo>+</mo><mn>1</mn><mo>)</mo></mrow><mo>=</mo><msub><mi>a</mi><mn>31</mn></msub><mi>O</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow><mo>+</mo><msub><mi>a</mi><mn>32</mn></msub><mi>Y</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow><mo>+</mo><msub><mi>a</mi><mn>33</mn></msub><mi>Z</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow><mo>+</mo><mn>3</mn><mo>&amp;times;</mo><msup><mn>10</mn><mn>8</mn></msup><mi>s</mi><mi>i</mi><mi>n</mi><mo>&amp;lsqb;</mo><mn>2</mn><mo>&amp;times;</mo><msup><mn>10</mn><mn>5</mn></msup><mo>&amp;times;</mo><mi>O</mi><mrow><mo>(</mo><mi>k</mi><mo>)</mo></mrow><mo>&amp;rsqb;</mo></mrow></mtd></mtr></mtable></mfenced> In the formula: <mrow><mfenced open = "(" close = ")"><mtable><mtr><mtd><msub><mi>a</mi><mn>11</mn></msub></mrow>mtd><mtd><msub><mi>a</mi><mn>12</mn></msub></mtd><mtd><msub><mi>a</mi><mn>13</mn></msub></mtd></mtr><mtr><mtd><msub><mi>a</mi><mn>21</mn></msub></mtd><mtd><msub><mi>a</mi><mn>22</mn></msub></mtd><mtd><msub><mi>a</mi><mn>23</mn></msub></mtd></mtr><mtr><mtd><msub><mi>a</mi><mn>31</mn></msub></mtd><mtd><msub><mi>a</mi><mn>32</mn></msub></mtd><mtd><msub><mi>a</mi><mn>33</mn></msub>msub></mtd></mtr></mtable></mfenced><mo>=</mo><mfenced open = "(" close = ")"><mtable><mtr><mtd><mn>0.205</mn></mtd><mtd><mrow><mo>-</mo><mn>0.595</mn></mrow></mtd><mtd><mn>0.265</mn></mtd></mtr><mtr><mtd><mrow><mo>-</mo><mn>0.265</mn></mrow></mtd><mtd><mrow><mo>-</mo><mn>0.125</mn></mrow></mtd><mtd><mn>0.595</mn></mtd></mtr><mtr><mtd><mn>0.33</mn></mtd><mtd><mrow><mo>-</mo><mn>0.33</mn></mrow></mtd><mtd><mn>0.47</mn></mtd></mtr></mtable></mfenced></mrow> Among them, X, Y, and Z are system state variables, a _ij (i, j=1, 2, 3) are key parameters, variable X takes an integer and obtains a byte variable x according to mod (256), and the equation is iterated once, x is updated once; O is the XOR result of x and H.264 video data; When carrying out the chaos scrambling encryption of described pixel position, according to the size of the output I frame and P frame after H.264 hardware coding, adopt three kinds of memory allocation modes of different sizes respectively; The size of the frame video data is different, and the number of bytes is expanded by the method of filling 0, and the number of bytes is expanded to 3×m×n, which meets the number of bytes required by the chaotic position scrambling and anti-scrambling. Anti-scrambling chaotic mapping equation <mfenced open = "{" close = ""><mtable><mtr><mtd><mrow><mi>X</mi><mo>=</mo><mrow><mo>(</mo><mrow><msub><mi>b</mi><mn>11</mn></msub><mi>i</mi><mo>+</mo><msub><mi>b</mi><mn>12</mn></msub><mi>j</mi></mrow><mo>)</mo></mrow></mrow></mtd><mtd><mrow><mi>%</mi><mi>m</mi></mrow></mtd></mtr><mtr><mtd><mrow><mi>Y</mi><mo>=</mo><mrow><mo>(</mo><mrow><msub><mi>b</mi><mn>21</mn></msub><mi>i</mi><mo>+</mo><msub><mi>b</mi><mn>22</mn></msub><mi>j</mi></mrow><mo>)</mo></mrow></mrow></mtd><mtd><mrow><mi>%</mi><mi>n</mi></mrow></mtd></mtr></mtable></mfenced> Calculate 3 sets of scrambling encryption parameters b ₁₁ , b ₁₂ , b ₂₁ , b ₂₂ ; S2. At the receiving end, the encrypted video data is received through the network, and the chaotic anti-scrambling and decryption of the pixel position and the decryption of the chaotic stream cipher are completed. Under the condition of key matching, H.264 hardware decoding is realized. Under the condition of key mismatch , stop the communication between the sending end and the receiving end after the H.264 hardware decoding fails. 2. The embedded video chaos secure communication method according to claim 1, wherein the encryption of the chaos stream cipher described in step S1 is as follows: adding a protection byte of all 0s in front of the video data. 3. The embedded video chaotic secure communication method according to claim 2, characterized in that the encryption of the chaotic stream cipher in step S1 is as follows: adding 20 all-0 protection bytes in front of the video data. 4. embedded video chaos secure communication method according to claim 3, is characterized in that, described three kinds of different memory capacities are determined according to the maximum I frame and the minimum P frame of video data. 5. The embedded video chaos secure communication method according to claim 3, characterized in that, the three different memory capacities are respectively 24300 bytes, 10800 bytes, and 2400 bytes. 6. The embedded video chaos secure communication method according to claim 1, characterized in that, step S1 also includes the following steps before carrying out H.264 hardware encoding to video data: the JPEG decoding and RGB decoding of video images taken by camera, video images Format to YUV420 format conversion; Step S2 further includes the following steps after realizing H.264 hardware decoding: converting YUV420 format to RGB format and displaying the decrypted video. 7. The embedded video chaos secure communication method according to claim 6, characterized in that, the sending end of the step S1 adopts four thread loops to execute the following flow process: thread 1 loops to collect video images, and after thread 2 reads the video images Decompress to RGB image; Thread 3 reads the RGB image and displays it on the LCD monitor; Thread 4 converts the format after reading the RGB image, performs H.264 encoding and compression, and performs chaotic stream cipher encryption and chaotic scrambling encryption on the H.264 video stream , to send double-encrypted video stream data. 8. The embedded video chaos secure communication method according to claim 6, characterized in that, the step S2 receiving end adopts two thread loops to execute the following flow process: thread 1 loop receives the variable value representing the size of the H.264 video stream And double-encrypted video stream data, perform chaotic scrambling decryption and chaotic stream cipher decryption, H.264 decoding and decompression, and convert the format to RGB format; thread 2 reads RGB format data and displays it on the LCD display.