CN102664889A - IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves - Google Patents
IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves Download PDFInfo
- Publication number
- CN102664889A CN102664889A CN2012101191100A CN201210119110A CN102664889A CN 102664889 A CN102664889 A CN 102664889A CN 2012101191100 A CN2012101191100 A CN 2012101191100A CN 201210119110 A CN201210119110 A CN 201210119110A CN 102664889 A CN102664889 A CN 102664889A
- Authority
- CN
- China
- Prior art keywords
- point
- elliptic curve
- ims
- encryption
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000002457 bidirectional effect Effects 0.000 title claims abstract description 19
- 230000006854 communication Effects 0.000 claims abstract description 8
- 239000003999 initiator Substances 0.000 claims description 24
- 230000008569 process Effects 0.000 claims description 13
- 230000008901 benefit Effects 0.000 abstract description 4
- 230000000977 initiatory effect Effects 0.000 abstract description 4
- 230000005540 biological transmission Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 4
- 230000006872 improvement Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000002950 deficient Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves. The method includes: positive encryption, namely in an MIS communication process, any party in conversation encrypts sent IMS media data with oval curve points, and a receiving party decrypts; and reverse encryption, namely an opposite party encrypts IMS media with another oval curve points, and the original party decrypts. By means of bidirectional encryption, each party performs encryption protection of sent media data, so that possibility of secret divulging during network transmission can be lowered. Since oval curve codes have the advantages of high strength and low computing quantity, using the oval curve codes for encryption of IMS media data provides possibility for real-time encryption of IMS media data, and practical application value of safety SIP (session initiation protocol) can be greatly increased.
    Description
Technical field
      The present invention relates to a kind of IMS medium bidirectional encipher method, belong to the media encryption technical field in the IMS communication process based on elliptic curve.
    Background technology
      Along with networks development, traditional P STN telephone network develops to the IMS network gradually.The IMS network has the advantage that bandwidth is big, media content is abundant, but its foundation also is an IP network, and the IMS network has also been introduced the security disadvantages of IP network.Mainly there is following safety issue: the one, the privacy concerns of media information; The 2nd, the information integrity decision problem; The 3rd, the authentication question of information; The 4th, the signature problem after the information issue.For the information privacy problem; Traditional method is to adopt symmetric cryptosystem, and like DES, AES, IDEA etc., i.e. two the sending out of communication all has a wildcard; One side encrypts the IMS media data with this key, and the opposing party deciphers encrypting back IMS medium with this key.But there is serious defective in this method; At first be that wildcard is easy to stolen by the third party in negotiations process; Secondly when session object increased, the management of key almost can't be accomplished, and supposes to have n people to carry out session; Then everyone need manage n-1 key, will have the key of n square number magnitude in the whole system.For authentification of message, the signature after integrality judgement and the issue, all there is defective in existing method.
      The elliptic curve cipher technology has been brought a kind of new solution thinking for the problems referred to above, adopts the mechanism of open elliptic curve point and privately owned elliptic curve point.Because encryption key is disclosed elliptic curve point, the management of key and distribution are just very simple, for a said n user's system, only need 2n key.
      To use the biggest integer factor decomposing system before is example, along with number theory research, and the development of Distribution calculation and the raising of computational speed, the decomposition rate of big integer factor is more and more faster.In application, be forced to bigger number; At least the number that reaches at present 1024 just is considered to comparatively safe; The increase of operand when but the increase of figure place has also brought encryption and decryption and signature verification; Also have the increase of memory space and transmitted data on network amount simultaneously, when handling the data of this big data quantity of IMS media information, serious performance restriction is arranged.Under identical Cipher Strength, elliptic curve cipher has the key length weak point, encrypts, deciphers the few advantage of required time.The speed of elliptic curve cipher can be decomposed more than the fast one magnitude than big integer factor generally.
    Summary of the invention
      The present invention is directed to the unsafe problem of media data in the IMS Internet phone-calling process, a kind of medium bidirectional encipher method based on the elliptic curve cipher technology is provided, strengthened the fail safe of IMS media data with less extra computation amount.
      The object of the invention is realized through following technical scheme:
      Based on the IMS medium bidirectional encipher method of elliptic curve, characteristics are: in the IMS communication process, any side of session encrypts with elliptic curve point the IMS media data that is sent out, recipient's deciphering, and promptly forward is encrypted; To the IMS media encryption, we decipher the other side, promptly reverse encryption with the another one elliptic curve point; Bidirectional encipher, each side carries out encipherment protection to the media data that is sent out respectively.
      Further, above-mentioned IMS medium bidirectional encipher method based on elliptic curve, to the One-Way Encryption process, the initiator of IMS encryption session announces an elliptic curve point earlier as public-key cryptography, and passes to the other side with the SIP negotiations process; The opposing party of session according to public-key cryptography point of receiving and elliptic curve parameter, generates a temporary key to sharing point with secret, and with temporary key to passing back to the session initiator; At last, the session initiator is right according to temporary key, takes out the private cipher key point of oneself, according to the finite field principle of elliptic curve, recovers the shared secret point, and with the X axial coordinate value of this shared secret point as the shared secret data, deciphering IMS media data; The both sides of session encrypt the media data that is sent out with different Key; Behind the conversation end, a side of conversation can't reversely extrapolate the other side's privately owned elliptic curve point according to the information in the conversation procedure.
      Further; Above-mentioned IMS medium bidirectional encipher method based on elliptic curve, the both sides of IMS session choose an elliptic curve finite field as the elliptic curve cipher parameter, and generate private cipher key point and public-key cryptography point; Negotiation phase in the IMS session passes to the other side with elliptic curve parameter and public-key cryptography point; The recipient gets the base field scope with an interior random value after receiving the other side's open elliptic curve point, do point multiplication operation with the other side's open point; The elliptic curve point of gained is right as temporary key; And this temporary key passed to the initiator of session through sip message, and do point multiplication operation with this random value and basic point, pass to the other side's IMS media data with this shared secret data encryption; The initiator of session receive temporary key to after; To doing point multiplication operation,, promptly calculate the shared secret elliptic curve point with privately owned elliptic curve point and this temporary key according to the elliptic curve principle; The X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption; After obtaining the shared secret data, adopt the IDEA algorithm that media data is encrypted, earlier clear data is filled; Fill out 0 in data trailer; Make that length just in time is 8 multiple, begin from data head then, get the grouping of 8 bytes at every turn; With the shared secret data it is encrypted, the ciphertext that calculates is saved in the IMS media buffer.
      Substantive distinguishing features and obvious improvement that technical scheme of the present invention is outstanding are mainly reflected in:
      1. the present invention proposes to encrypt the IMS media data with elliptic curve cipher because elliptic curve cipher has intensity height, advantage that amount of calculation is little, for real-time encrypted IMS media data provide maybe, improved the actual application value of safe Session Initiation Protocol greatly;
      2. the IMS medium are carried out the method for bidirectional encipher; Be used for replacing the encryption mode in the original safe Session Initiation Protocol; Even the assailant in the network found the session both sides and transmitted the IMS media data, characteristic that can not be through forward and reverse data bag is to the used shared secret elliptic curve point of analysis session both sides recently.
    Description of drawings
      Below in conjunction with accompanying drawing technical scheme of the present invention is described further:
      Fig. 1: with shared secret point to IMS media data ciphering process sketch map;
      Fig. 2: with shared secret point to IMS media data decrypting process sketch map.
    Embodiment
      Based on the IMS medium bidirectional encipher method of elliptic curve, in the IMS communication process, any side of session encrypts with elliptic curve point the IMS media data that is sent out, recipient's deciphering, and promptly forward is encrypted; To the IMS media encryption, we decipher the other side, promptly reverse encryption with the another one elliptic curve point; Bidirectional encipher, each side carries out encipherment protection to the media data that is sent out respectively.Step is: to the One-Way Encryption process, the initiator of IMS encryption session announces an elliptic curve point earlier as public-key cryptography, and passes to the other side with the SIP negotiations process; The opposing party of session according to public-key cryptography point of receiving and elliptic curve parameter, generates a temporary key to sharing point with secret, and with temporary key to passing back to the session initiator; At last, the session initiator is right according to temporary key, takes out the private cipher key point of oneself, according to the finite field principle of elliptic curve, recovers the shared secret point, and with the X axial coordinate value of this shared secret point as the shared secret data, deciphering IMS media data; The both sides of session encrypt the media data that is sent out with different Key; Behind the conversation end, a side of conversation can't reversely extrapolate the other side's privately owned elliptic curve point according to the information in the conversation procedure.
      Idiographic flow is: 1. the both sides of IMS session choose an elliptic curve finite field as the elliptic curve cipher parameter; And generation private cipher key point and public-key cryptography point; At the negotiation phase of IMS session oneself elliptic curve parameter and public-key cryptography point passed to the other side; The recipient gets the base field scope with an interior random value after receiving the other side's open elliptic curve point, do point multiplication operation with the other side's open point; The elliptic curve point of gained is right as temporary key, and this temporary key is passed to the initiator of session through sip message; Do point multiplication operation with this random value and basic point at last, the other side's IMS media data is passed in the back with this shared secret data encryption; The initiator of session receive temporary key to after; The privately owned elliptic curve point of usefulness oneself and this temporary key are to doing point multiplication operation; According to the elliptic curve principle; Can calculate the shared secret elliptic curve point, the X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption; 2. after obtaining the shared secret data, adopt the IDEA algorithm that media data is encrypted, at first clear data is filled; Fill out 0 in data trailer; Make that length just in time is 8 multiple, begin from data head then, get the grouping of 8 bytes at every turn; With the shared secret data it is encrypted, the ciphertext that calculates is saved in the IMS media buffer.
      Like Fig. 1, transmit leg at first carries out data and fills IMS media data encrypted process, handles by 8 byte packet then.Like Fig. 2, decipher by 8 byte packet the process of IMS media data deciphering the side of meeting and sending off, after the total data deciphering, and the filling 0 of removing afterbody.
      In the IMS communication process, media information comprises plurality of kinds of contents such as voice, video, text, and data volume is bigger, and general encryption method treatment effeciency is too low, has influenced the real-time of communication.Elliptic curve cryptography IMS medium technique; The session initiator is with curve public key in SIP Invite message; The recipient after receiving Invite message, in Response message with on oneself curve public key, reply to the initiator; The initiator replys ACK, confirms that both sides have all received the other side's curve public key.Any side of session is according to the other side's curve public key, according to key agreement algorithm; Generate temporary key to the shared secret point; And the X axial coordinate of getting this point is as the shared secret data, at last with this code data as symmetric key, encrypt the media data that all issue the other side.The opposing party of session, after receiving the other side's sip message, the temporary key that takes out wherein is right; In conjunction with the elliptic curve private key point of oneself; Calculate the shared secret data, with this secret data decoding IMS media data, revert to normal voice, video, content of text at last.
      Based on the IMS medium bidirectional encipher method of elliptic curve, its characteristics have: 1) the session initiator will disclose elliptic curve point and parameter sends to the other side through sip message, and the recipient gets a random value in the finite field scope; And calculate temporary key point and shared secret point with this, and the X axial coordinate of getting this shared secret point is as the shared secret data, before media session; The both sides of session calculate oneself an open elliptic curve point and a privately owned elliptic curve point; To openly put and pass to the other side through sip message, the recipient gets the base field scope with an interior random value after receiving the other side's open elliptic curve point; Do point multiplication operation with the other side's open point; The elliptic curve point of gained is right as temporary key, and this temporary key is passed to the initiator of session through sip message, does point multiplication operation with this random value and basic point at last; The other side's IMS media data is passed to this shared secret data encryption in the back. the initiator of session receive temporary key to after; The privately owned elliptic curve point of usefulness oneself and this temporary key according to the elliptic curve principle, can calculate the shared secret elliptic curve point to doing point multiplication operation; The X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption; 2) different with common safe Session Initiation Protocol; The way that forward media data and reverse media data are separately encrypted is provided based on the IMS medium bidirectional encipher technology of elliptic curve; The both sides that are the IMS session only are responsible for the own media data that is sent is encrypted; The both sides of session adopt different secrets to share point and encrypt the own media data that is sent, and the assailant on the network can not remove to crack the used key point of encryption according to both sides' negotiations process.
      In sum, the present invention combines elliptic curve cipher to hang down the characteristics of operand, high Cipher Strength, and the session initiator will disclose elliptic curve point and parameter sends to the other side through sip message; The recipient gets a random value in the finite field scope, and calculates temporary key point and shared secret point with this, and the X axial coordinate of getting this shared secret point is as the shared secret data; Before media session, the both sides of session calculate oneself an open elliptic curve point and a privately owned elliptic curve point, will openly put and pass to the other side through sip message; The recipient gets the base field scope with an interior random value after receiving the other side's open elliptic curve point, do point multiplication operation with the other side's open point; The elliptic curve point of gained is right as temporary key; And this temporary key passed to the initiator of session through sip message, and do point multiplication operation with this random value and basic point at last, the other side's IMS media data is passed in the back with this shared secret data encryption; The initiator of session receive temporary key to after; The privately owned elliptic curve point of usefulness oneself and this temporary key according to the elliptic curve principle, can calculate the shared secret elliptic curve point to doing point multiplication operation; The X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption.
      What need understand is: the above only is a preferred implementation of the present invention; For those skilled in the art; Under the prerequisite that does not break away from the principle of the invention, can also make some improvement and retouching, these improvement and retouching also should be regarded as protection scope of the present invention.
    Claims (3)
1. based on the IMS medium bidirectional encipher method of elliptic curve, it is characterized in that: in the IMS communication process, any side of session encrypts with elliptic curve point the IMS media data that is sent out, recipient's deciphering, and promptly forward is encrypted; To the IMS media encryption, we decipher the other side, promptly reverse encryption with the another one elliptic curve point; Bidirectional encipher, each side carries out encipherment protection to the media data that is sent out respectively.
    2. the IMS medium bidirectional encipher method based on elliptic curve according to claim 1; It is characterized in that: to the One-Way Encryption process; The initiator of IMS encryption session announces an elliptic curve point earlier as public-key cryptography, and passes to the other side with the SIP negotiations process; The opposing party of session according to public-key cryptography point of receiving and elliptic curve parameter, generates a temporary key to sharing point with secret, and with temporary key to passing back to the session initiator; At last, the session initiator is right according to temporary key, takes out the private cipher key point of oneself, according to the finite field principle of elliptic curve, recovers the shared secret point, and with the X axial coordinate value of this shared secret point as the shared secret data, deciphering IMS media data; The both sides of session encrypt the media data that is sent out with different Key; Behind the conversation end, a side of conversation can't reversely extrapolate the other side's privately owned elliptic curve point according to the information in the conversation procedure.
    3. the IMS medium bidirectional encipher method based on elliptic curve according to claim 2; It is characterized in that: the both sides of IMS session choose an elliptic curve finite field as the elliptic curve cipher parameter; And generate private cipher key point and public-key cryptography point, and at the negotiation phase of IMS session elliptic curve parameter and public-key cryptography point being passed to the other side, the recipient is after receiving the other side's open elliptic curve point; Get the base field scope with an interior random value; Do point multiplication operation with the other side's open point, the elliptic curve point of gained is right as temporary key, and this temporary key is passed to the initiator of session through sip message; Do point multiplication operation with this random value and basic point, pass to the other side's IMS media data with this shared secret data encryption; The initiator of session receive temporary key to after; To doing point multiplication operation,, promptly calculate the shared secret elliptic curve point with privately owned elliptic curve point and this temporary key according to the elliptic curve principle; The X axial coordinate of getting this point is as the shared secret data, separates the IMS media data behind the code encryption; After obtaining the shared secret data, adopt the IDEA algorithm that media data is encrypted, earlier clear data is filled; Fill out 0 in data trailer; Make that length just in time is 8 multiple, begin from data head then, get the grouping of 8 bytes at every turn; With the shared secret data it is encrypted, the ciphertext that calculates is saved in the IMS media buffer.
    Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN2012101191100A CN102664889A (en) | 2012-04-23 | 2012-04-23 | IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves | 
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN2012101191100A CN102664889A (en) | 2012-04-23 | 2012-04-23 | IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves | 
Publications (1)
| Publication Number | Publication Date | 
|---|---|
| CN102664889A true CN102664889A (en) | 2012-09-12 | 
Family
ID=46774299
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN2012101191100A Pending CN102664889A (en) | 2012-04-23 | 2012-04-23 | IMS (internet protocol multimedia subsystem) media bidirectional encryption method based on oval curves | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN102664889A (en) | 
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN107517184A (en) * | 2016-06-16 | 2017-12-26 | 中兴通讯股份有限公司 | Message transmission method, device and system | 
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| EP1014617A2 (en) * | 1998-12-22 | 2000-06-28 | Hitachi, Ltd. | Method and apparatus for elliptic curve cryptography and recording medium therefor | 
| CN1801698A (en) * | 2005-01-07 | 2006-07-12 | 华为技术有限公司 | Method for ensuring media stream safety in IP multimedia service subsystem network | 
- 
        2012
        - 2012-04-23 CN CN2012101191100A patent/CN102664889A/en active Pending
 
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| EP1014617A2 (en) * | 1998-12-22 | 2000-06-28 | Hitachi, Ltd. | Method and apparatus for elliptic curve cryptography and recording medium therefor | 
| CN1801698A (en) * | 2005-01-07 | 2006-07-12 | 华为技术有限公司 | Method for ensuring media stream safety in IP multimedia service subsystem network | 
Non-Patent Citations (1)
| Title | 
|---|
| 任春静: "《椭圆曲线加密算法的研究与实现》", 10 March 2005, article "椭圆曲线加密算法的研究与实现" * | 
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN107517184A (en) * | 2016-06-16 | 2017-12-26 | 中兴通讯股份有限公司 | Message transmission method, device and system | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| CN109525386B (en) | A Method of Private Intersection Sum Based on Paillier Homomorphic Encryption | |
| CN104486077B (en) | A kind of end-to-end cryptographic key negotiation method of VoIP real time datas safe transmission | |
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| CN105024994A (en) | Secure certificateless hybrid signcryption method without pairing | |
| CN101980558A (en) | An Encryption Authentication Method on Ad hoc Network Transport Layer Protocol | |
| CN104202158A (en) | Data symmetric and asymmetric hybrid encryption and decryption method based on cloud computing | |
| CN106067878A (en) | A kind of network data encryption transmission method | |
| CN103441834A (en) | Encryption method suitable for multimedia transmission and service characteristics | |
| CN102111273A (en) | Pre-sharing-based secure data transmission method for electric load management system | |
| CN113726725A (en) | Data encryption and decryption method and device, electronic equipment and storage medium | |
| CN106549963A (en) | Safe storage system based on HDFS | |
| CN109005027A (en) | A kind of random data encryption and decryption method, apparatus and system | |
| CN106453391A (en) | Long repeating data encryption and transmission method and system | |
| CN105262587A (en) | Group key distribution method for machine-type communication based on proxy re-encryption | |
| CN109104278A (en) | A kind of encrypting and decrypting method | |
| CN116132025A (en) | Key negotiation method, device and communication system based on preset key group | |
| CN101552666B (en) | Real time media stream encryption transmission method | |
| CN105099699A (en) | Safe and high-efficiency communication method based on equipment of Internet of things and system | |
| CN115834175B (en) | Group chat encryption method, message sending and receiving device and system based on quantum key | |
| Azaim et al. | Design and implementation of encrypted SMS on Android smartphone combining ECDSA-ECDH and AES | |
| CN101882996A (en) | A Method of Information Encryption and Decryption in Identity-Based Distributed System | |
| WO2013039659A1 (en) | Hybrid encryption schemes | |
| WO2013163861A1 (en) | Method, device and system for proxy transformation | |
| CN116743505B (en) | Safety transmission encryption method based on national secret | |
| CN202268897U (en) | Fax data encryption system based on USB interface | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date: 20120912 |