[go: up one dir, main page]

CN102664889A - IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves - Google Patents

IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves Download PDF

Info

Publication number
CN102664889A
CN102664889A CN2012101191100A CN201210119110A CN102664889A CN 102664889 A CN102664889 A CN 102664889A CN 2012101191100 A CN2012101191100 A CN 2012101191100A CN 201210119110 A CN201210119110 A CN 201210119110A CN 102664889 A CN102664889 A CN 102664889A
Authority
CN
China
Prior art keywords
point
elliptic curve
ims
encryption
session
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012101191100A
Other languages
Chinese (zh)
Inventor
孙朝晖
刘继明
林恩峰
王刚
谢炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ITIBIA TECHNOLOGIES
Original Assignee
ITIBIA TECHNOLOGIES
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ITIBIA TECHNOLOGIES filed Critical ITIBIA TECHNOLOGIES
Priority to CN2012101191100A priority Critical patent/CN102664889A/en
Publication of CN102664889A publication Critical patent/CN102664889A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides an IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves. The method includes: positive encryption, namely in an MIS communication process, any party in conversation encrypts sent IMS media data with oval curve points, and a receiving party decrypts; and reverse encryption, namely an opposite party encrypts IMS media with another oval curve points, and the original party decrypts. By means of bidirectional encryption, each party performs encryption protection of sent media data, so that possibility of secret divulging during network transmission can be lowered. Since oval curve codes have the advantages of high strength and low computing quantity, using the oval curve codes for encryption of IMS media data provides possibility for real-time encryption of IMS media data, and practical application value of safety SIP (session initiation protocol) can be greatly increased.

Description

IMS medium bidirectional encipher method based on elliptic curve
Technical field
The present invention relates to a kind of IMS medium bidirectional encipher method, belong to the media encryption technical field in the IMS communication process based on elliptic curve.
Background technology
Along with networks development, traditional P STN telephone network develops to the IMS network gradually.The IMS network has the advantage that bandwidth is big, media content is abundant, but its foundation also is an IP network, and the IMS network has also been introduced the security disadvantages of IP network.Mainly there is following safety issue: the one, the privacy concerns of media information; The 2nd, the information integrity decision problem; The 3rd, the authentication question of information; The 4th, the signature problem after the information issue.For the information privacy problem; Traditional method is to adopt symmetric cryptosystem, and like DES, AES, IDEA etc., i.e. two the sending out of communication all has a wildcard; One side encrypts the IMS media data with this key, and the opposing party deciphers encrypting back IMS medium with this key.But there is serious defective in this method; At first be that wildcard is easy to stolen by the third party in negotiations process; Secondly when session object increased, the management of key almost can't be accomplished, and supposes to have n people to carry out session; Then everyone need manage n-1 key, will have the key of n square number magnitude in the whole system.For authentification of message, the signature after integrality judgement and the issue, all there is defective in existing method.
The elliptic curve cipher technology has been brought a kind of new solution thinking for the problems referred to above, adopts the mechanism of open elliptic curve point and privately owned elliptic curve point.Because encryption key is disclosed elliptic curve point, the management of key and distribution are just very simple, for a said n user's system, only need 2n key.
To use the biggest integer factor decomposing system before is example, along with number theory research, and the development of Distribution calculation and the raising of computational speed, the decomposition rate of big integer factor is more and more faster.In application, be forced to bigger number; At least the number that reaches at present 1024 just is considered to comparatively safe; The increase of operand when but the increase of figure place has also brought encryption and decryption and signature verification; Also have the increase of memory space and transmitted data on network amount simultaneously, when handling the data of this big data quantity of IMS media information, serious performance restriction is arranged.Under identical Cipher Strength, elliptic curve cipher has the key length weak point, encrypts, deciphers the few advantage of required time.The speed of elliptic curve cipher can be decomposed more than the fast one magnitude than big integer factor generally.
Summary of the invention
The present invention is directed to the unsafe problem of media data in the IMS Internet phone-calling process, a kind of medium bidirectional encipher method based on the elliptic curve cipher technology is provided, strengthened the fail safe of IMS media data with less extra computation amount.
The object of the invention is realized through following technical scheme:
Based on the IMS medium bidirectional encipher method of elliptic curve, characteristics are: in the IMS communication process, any side of session encrypts with elliptic curve point the IMS media data that is sent out, recipient's deciphering, and promptly forward is encrypted; To the IMS media encryption, we decipher the other side, promptly reverse encryption with the another one elliptic curve point; Bidirectional encipher, each side carries out encipherment protection to the media data that is sent out respectively.
Further, above-mentioned IMS medium bidirectional encipher method based on elliptic curve, to the One-Way Encryption process, the initiator of IMS encryption session announces an elliptic curve point earlier as public-key cryptography, and passes to the other side with the SIP negotiations process; The opposing party of session according to public-key cryptography point of receiving and elliptic curve parameter, generates a temporary key to sharing point with secret, and with temporary key to passing back to the session initiator; At last, the session initiator is right according to temporary key, takes out the private cipher key point of oneself, according to the finite field principle of elliptic curve, recovers the shared secret point, and with the X axial coordinate value of this shared secret point as the shared secret data, deciphering IMS media data; The both sides of session encrypt the media data that is sent out with different Key; Behind the conversation end, a side of conversation can't reversely extrapolate the other side's privately owned elliptic curve point according to the information in the conversation procedure.
Further; Above-mentioned IMS medium bidirectional encipher method based on elliptic curve, the both sides of IMS session choose an elliptic curve finite field as the elliptic curve cipher parameter, and generate private cipher key point and public-key cryptography point; Negotiation phase in the IMS session passes to the other side with elliptic curve parameter and public-key cryptography point; The recipient gets the base field scope with an interior random value after receiving the other side's open elliptic curve point, do point multiplication operation with the other side's open point; The elliptic curve point of gained is right as temporary key; And this temporary key passed to the initiator of session through sip message, and do point multiplication operation with this random value and basic point, pass to the other side's IMS media data with this shared secret data encryption; The initiator of session receive temporary key to after; To doing point multiplication operation,, promptly calculate the shared secret elliptic curve point with privately owned elliptic curve point and this temporary key according to the elliptic curve principle; The X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption; After obtaining the shared secret data, adopt the IDEA algorithm that media data is encrypted, earlier clear data is filled; Fill out 0 in data trailer; Make that length just in time is 8 multiple, begin from data head then, get the grouping of 8 bytes at every turn; With the shared secret data it is encrypted, the ciphertext that calculates is saved in the IMS media buffer.
Substantive distinguishing features and obvious improvement that technical scheme of the present invention is outstanding are mainly reflected in:
1. the present invention proposes to encrypt the IMS media data with elliptic curve cipher because elliptic curve cipher has intensity height, advantage that amount of calculation is little, for real-time encrypted IMS media data provide maybe, improved the actual application value of safe Session Initiation Protocol greatly;
2. the IMS medium are carried out the method for bidirectional encipher; Be used for replacing the encryption mode in the original safe Session Initiation Protocol; Even the assailant in the network found the session both sides and transmitted the IMS media data, characteristic that can not be through forward and reverse data bag is to the used shared secret elliptic curve point of analysis session both sides recently.
Description of drawings
Below in conjunction with accompanying drawing technical scheme of the present invention is described further:
Fig. 1: with shared secret point to IMS media data ciphering process sketch map;
Fig. 2: with shared secret point to IMS media data decrypting process sketch map.
Embodiment
Based on the IMS medium bidirectional encipher method of elliptic curve, in the IMS communication process, any side of session encrypts with elliptic curve point the IMS media data that is sent out, recipient's deciphering, and promptly forward is encrypted; To the IMS media encryption, we decipher the other side, promptly reverse encryption with the another one elliptic curve point; Bidirectional encipher, each side carries out encipherment protection to the media data that is sent out respectively.Step is: to the One-Way Encryption process, the initiator of IMS encryption session announces an elliptic curve point earlier as public-key cryptography, and passes to the other side with the SIP negotiations process; The opposing party of session according to public-key cryptography point of receiving and elliptic curve parameter, generates a temporary key to sharing point with secret, and with temporary key to passing back to the session initiator; At last, the session initiator is right according to temporary key, takes out the private cipher key point of oneself, according to the finite field principle of elliptic curve, recovers the shared secret point, and with the X axial coordinate value of this shared secret point as the shared secret data, deciphering IMS media data; The both sides of session encrypt the media data that is sent out with different Key; Behind the conversation end, a side of conversation can't reversely extrapolate the other side's privately owned elliptic curve point according to the information in the conversation procedure.
Idiographic flow is: 1. the both sides of IMS session choose an elliptic curve finite field as the elliptic curve cipher parameter; And generation private cipher key point and public-key cryptography point; At the negotiation phase of IMS session oneself elliptic curve parameter and public-key cryptography point passed to the other side; The recipient gets the base field scope with an interior random value after receiving the other side's open elliptic curve point, do point multiplication operation with the other side's open point; The elliptic curve point of gained is right as temporary key, and this temporary key is passed to the initiator of session through sip message; Do point multiplication operation with this random value and basic point at last, the other side's IMS media data is passed in the back with this shared secret data encryption; The initiator of session receive temporary key to after; The privately owned elliptic curve point of usefulness oneself and this temporary key are to doing point multiplication operation; According to the elliptic curve principle; Can calculate the shared secret elliptic curve point, the X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption; 2. after obtaining the shared secret data, adopt the IDEA algorithm that media data is encrypted, at first clear data is filled; Fill out 0 in data trailer; Make that length just in time is 8 multiple, begin from data head then, get the grouping of 8 bytes at every turn; With the shared secret data it is encrypted, the ciphertext that calculates is saved in the IMS media buffer.
Like Fig. 1, transmit leg at first carries out data and fills IMS media data encrypted process, handles by 8 byte packet then.Like Fig. 2, decipher by 8 byte packet the process of IMS media data deciphering the side of meeting and sending off, after the total data deciphering, and the filling 0 of removing afterbody.
In the IMS communication process, media information comprises plurality of kinds of contents such as voice, video, text, and data volume is bigger, and general encryption method treatment effeciency is too low, has influenced the real-time of communication.Elliptic curve cryptography IMS medium technique; The session initiator is with curve public key in SIP Invite message; The recipient after receiving Invite message, in Response message with on oneself curve public key, reply to the initiator; The initiator replys ACK, confirms that both sides have all received the other side's curve public key.Any side of session is according to the other side's curve public key, according to key agreement algorithm; Generate temporary key to the shared secret point; And the X axial coordinate of getting this point is as the shared secret data, at last with this code data as symmetric key, encrypt the media data that all issue the other side.The opposing party of session, after receiving the other side's sip message, the temporary key that takes out wherein is right; In conjunction with the elliptic curve private key point of oneself; Calculate the shared secret data, with this secret data decoding IMS media data, revert to normal voice, video, content of text at last.
Based on the IMS medium bidirectional encipher method of elliptic curve, its characteristics have: 1) the session initiator will disclose elliptic curve point and parameter sends to the other side through sip message, and the recipient gets a random value in the finite field scope; And calculate temporary key point and shared secret point with this, and the X axial coordinate of getting this shared secret point is as the shared secret data, before media session; The both sides of session calculate oneself an open elliptic curve point and a privately owned elliptic curve point; To openly put and pass to the other side through sip message, the recipient gets the base field scope with an interior random value after receiving the other side's open elliptic curve point; Do point multiplication operation with the other side's open point; The elliptic curve point of gained is right as temporary key, and this temporary key is passed to the initiator of session through sip message, does point multiplication operation with this random value and basic point at last; The other side's IMS media data is passed to this shared secret data encryption in the back. the initiator of session receive temporary key to after; The privately owned elliptic curve point of usefulness oneself and this temporary key according to the elliptic curve principle, can calculate the shared secret elliptic curve point to doing point multiplication operation; The X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption; 2) different with common safe Session Initiation Protocol; The way that forward media data and reverse media data are separately encrypted is provided based on the IMS medium bidirectional encipher technology of elliptic curve; The both sides that are the IMS session only are responsible for the own media data that is sent is encrypted; The both sides of session adopt different secrets to share point and encrypt the own media data that is sent, and the assailant on the network can not remove to crack the used key point of encryption according to both sides' negotiations process.
In sum, the present invention combines elliptic curve cipher to hang down the characteristics of operand, high Cipher Strength, and the session initiator will disclose elliptic curve point and parameter sends to the other side through sip message; The recipient gets a random value in the finite field scope, and calculates temporary key point and shared secret point with this, and the X axial coordinate of getting this shared secret point is as the shared secret data; Before media session, the both sides of session calculate oneself an open elliptic curve point and a privately owned elliptic curve point, will openly put and pass to the other side through sip message; The recipient gets the base field scope with an interior random value after receiving the other side's open elliptic curve point, do point multiplication operation with the other side's open point; The elliptic curve point of gained is right as temporary key; And this temporary key passed to the initiator of session through sip message, and do point multiplication operation with this random value and basic point at last, the other side's IMS media data is passed in the back with this shared secret data encryption; The initiator of session receive temporary key to after; The privately owned elliptic curve point of usefulness oneself and this temporary key according to the elliptic curve principle, can calculate the shared secret elliptic curve point to doing point multiplication operation; The X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption.
What need understand is: the above only is a preferred implementation of the present invention; For those skilled in the art; Under the prerequisite that does not break away from the principle of the invention, can also make some improvement and retouching, these improvement and retouching also should be regarded as protection scope of the present invention.

Claims (3)

1. based on the IMS medium bidirectional encipher method of elliptic curve, it is characterized in that: in the IMS communication process, any side of session encrypts with elliptic curve point the IMS media data that is sent out, recipient's deciphering, and promptly forward is encrypted; To the IMS media encryption, we decipher the other side, promptly reverse encryption with the another one elliptic curve point; Bidirectional encipher, each side carries out encipherment protection to the media data that is sent out respectively.
2. the IMS medium bidirectional encipher method based on elliptic curve according to claim 1; It is characterized in that: to the One-Way Encryption process; The initiator of IMS encryption session announces an elliptic curve point earlier as public-key cryptography, and passes to the other side with the SIP negotiations process; The opposing party of session according to public-key cryptography point of receiving and elliptic curve parameter, generates a temporary key to sharing point with secret, and with temporary key to passing back to the session initiator; At last, the session initiator is right according to temporary key, takes out the private cipher key point of oneself, according to the finite field principle of elliptic curve, recovers the shared secret point, and with the X axial coordinate value of this shared secret point as the shared secret data, deciphering IMS media data; The both sides of session encrypt the media data that is sent out with different Key; Behind the conversation end, a side of conversation can't reversely extrapolate the other side's privately owned elliptic curve point according to the information in the conversation procedure.
3. the IMS medium bidirectional encipher method based on elliptic curve according to claim 2; It is characterized in that: the both sides of IMS session choose an elliptic curve finite field as the elliptic curve cipher parameter; And generate private cipher key point and public-key cryptography point, and at the negotiation phase of IMS session elliptic curve parameter and public-key cryptography point being passed to the other side, the recipient is after receiving the other side's open elliptic curve point; Get the base field scope with an interior random value; Do point multiplication operation with the other side's open point, the elliptic curve point of gained is right as temporary key, and this temporary key is passed to the initiator of session through sip message; Do point multiplication operation with this random value and basic point, pass to the other side's IMS media data with this shared secret data encryption; The initiator of session receive temporary key to after; To doing point multiplication operation,, promptly calculate the shared secret elliptic curve point with privately owned elliptic curve point and this temporary key according to the elliptic curve principle; The X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption; After obtaining the shared secret data, adopt the IDEA algorithm that media data is encrypted, earlier clear data is filled; Fill out 0 in data trailer; Make that length just in time is 8 multiple, begin from data head then, get the grouping of 8 bytes at every turn; With the shared secret data it is encrypted, the ciphertext that calculates is saved in the IMS media buffer.
CN2012101191100A 2012-04-23 2012-04-23 IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves Pending CN102664889A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012101191100A CN102664889A (en) 2012-04-23 2012-04-23 IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012101191100A CN102664889A (en) 2012-04-23 2012-04-23 IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves

Publications (1)

Publication Number Publication Date
CN102664889A true CN102664889A (en) 2012-09-12

Family

ID=46774299

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012101191100A Pending CN102664889A (en) 2012-04-23 2012-04-23 IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves

Country Status (1)

Country Link
CN (1) CN102664889A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107517184A (en) * 2016-06-16 2017-12-26 中兴通讯股份有限公司 Message transmission method, device and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1014617A2 (en) * 1998-12-22 2000-06-28 Hitachi, Ltd. Method and apparatus for elliptic curve cryptography and recording medium therefor
CN1801698A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Method for ensuring media stream safety in IP multimedia service subsystem network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1014617A2 (en) * 1998-12-22 2000-06-28 Hitachi, Ltd. Method and apparatus for elliptic curve cryptography and recording medium therefor
CN1801698A (en) * 2005-01-07 2006-07-12 华为技术有限公司 Method for ensuring media stream safety in IP multimedia service subsystem network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
任春静: "《椭圆曲线加密算法的研究与实现》", 10 March 2005, article "椭圆曲线加密算法的研究与实现" *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107517184A (en) * 2016-06-16 2017-12-26 中兴通讯股份有限公司 Message transmission method, device and system

Similar Documents

Publication Publication Date Title
CN109525386B (en) A Method of Private Intersection Sum Based on Paillier Homomorphic Encryption
CN104486077B (en) A kind of end-to-end cryptographic key negotiation method of VoIP real time datas safe transmission
CN105743646B (en) A kind of Identity based encryption method and system
CN105024994A (en) Secure certificateless hybrid signcryption method without pairing
CN101980558A (en) An Encryption Authentication Method on Ad hoc Network Transport Layer Protocol
CN104202158A (en) Data symmetric and asymmetric hybrid encryption and decryption method based on cloud computing
CN106067878A (en) A kind of network data encryption transmission method
CN103441834A (en) Encryption method suitable for multimedia transmission and service characteristics
CN102111273A (en) Pre-sharing-based secure data transmission method for electric load management system
CN113726725A (en) Data encryption and decryption method and device, electronic equipment and storage medium
CN106549963A (en) Safe storage system based on HDFS
CN109005027A (en) A kind of random data encryption and decryption method, apparatus and system
CN106453391A (en) Long repeating data encryption and transmission method and system
CN105262587A (en) Group key distribution method for machine-type communication based on proxy re-encryption
CN109104278A (en) A kind of encrypting and decrypting method
CN116132025A (en) Key negotiation method, device and communication system based on preset key group
CN101552666B (en) Real time media stream encryption transmission method
CN105099699A (en) Safe and high-efficiency communication method based on equipment of Internet of things and system
CN115834175B (en) Group chat encryption method, message sending and receiving device and system based on quantum key
Azaim et al. Design and implementation of encrypted SMS on Android smartphone combining ECDSA-ECDH and AES
CN101882996A (en) A Method of Information Encryption and Decryption in Identity-Based Distributed System
WO2013039659A1 (en) Hybrid encryption schemes
WO2013163861A1 (en) Method, device and system for proxy transformation
CN116743505B (en) Safety transmission encryption method based on national secret
CN202268897U (en) Fax data encryption system based on USB interface

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120912