Search

CN-122002084-A - Data transmission protection method and device of hardware state-to-secret algorithm based on SRTP protocol

CN122002084ACN 122002084 ACN122002084 ACN 122002084ACN-122002084-A

Abstract

The invention relates to a data transmission protection method and device for a hardware cryptographic algorithm based on an SRTP (secure digital transmission protocol), belongs to the technical field of communication, and solves the problems of low safety, excessive consumption of CPU (Central processing Unit) and low cryptographic operation efficiency of an open source soft algorithm used by the SRTP in the prior art. The video conference terminal A utilizes a media processing module to process an input image to obtain a plurality of original RTP data packets, and sends the original RTP data packets to an SRTP processing module of the video conference terminal A through asynchronous communication, the SRTP processing module respectively packages each original RTP data packet into RTP data packets with customized data structures and sends the RTP data packets to the cryptographic equipment Ta, the cryptographic equipment Ta respectively carries out encryption authentication calculation based on an SM4 cryptographic algorithm and an SM3 authentication algorithm and returns the encrypted RTP data packets to the SRTP processing module, the SRTP processing module packages the returned data into SRTP data packets and returns the SRTP data packets to the media processing module again through asynchronous communication and then transmits the SRTP data packets to the video conference terminal B, and safety and integrity of video data transmission are achieved.

Inventors

  • LI XIAOLONG
  • YANG PENG
  • WU KESONG

Assignees

  • 兴唐通信科技有限公司
  • 数据通信科学技术研究所
  • 北京通和实益电信科学技术研究所有限公司

Dates

Publication Date
20260508
Application Date
20241104

Claims (10)

  1. 1. The data transmission protection method of the hardware cryptographic algorithm based on the SRTP protocol is characterized by comprising the following steps: The video conference terminal A utilizes a media processing module to process the input image to obtain a plurality of original RTP data packets, and sends the RTP data packets to an SRTP processing module of the video conference terminal A through asynchronous communication; The SRTP processing module respectively packages the data to be encrypted extracted from each original RTP data packet into RTP data packets with customized data structures, and sends the RTP data packets to the cryptographic equipment Ta; the cryptographic device Ta respectively encrypts the effective load of each customized RTP data packet based on an SM4 cryptographic algorithm to obtain a ciphertext, and utilizes an SM3 authentication algorithm to obtain a message authentication code based on the ciphertext, and transmits the encrypted RTP data packet carrying the ciphertext and the message authentication code back to the SRTP processing module; The SRTP processing module encapsulates the returned encrypted RTP data packet into an SRTP data packet, and transmits the SRTP data packet back to the media processing module again through asynchronous communication, and the SRTP data packet is transmitted to the video conference terminal B by the media processing module.
  2. 2. The method for protecting data transmission of a hardware cryptographic algorithm based on an SRTP protocol according to claim 1, wherein implementing the asynchronous communication based on the custom data structure and two layers of callback functions by using the SRTP processing module comprises: The media processing module of the video conference terminal A utilizes the SRTP processing module to initialize an asynchronous interface; The media processing module registers a first layer callback function, and the SRTP processing module registers a second layer callback function; the password equipment returns the corresponding data packet to the SRTP processing module based on a second-layer callback function; The SRTP processing module triggers a first layer callback function based on the returned data, and returns the corresponding data packet to the media processing module.
  3. 3. The data transmission protection method of a hardware cryptographic algorithm based on SRTP protocol according to claim 2, wherein the custom data structure adds encryption and decryption offset, encryption and decryption length, authentication calculation offset, authentication calculation length, transmission mode and message authentication code part in the payload part of RTP/SRTP data packet.
  4. 4. The data transmission protection method based on the hardware cryptographic algorithm of the SRTP protocol according to claim 3, the method is characterized in that the initializing the asynchronous interface comprises the following steps: Initializing an asynchronous interface session context; Importing a symmetric encryption and decryption key of SM4 ECB and an authentication key of HMAC-SM3, wherein the encryption and decryption key and the authentication key are respectively generated by using an SRTP master key obtained through key negotiation and a key derivation algorithm; Initializing a session association SRTP processing module context of the password equipment, wherein the session association SRTP processing module context is used for distinguishing channels corresponding to asynchronous communication of the SRTP processing module and the password equipment based on a transmission mode in the customized data structure, and the transmission mode comprises a receiving mode and a sending mode.
  5. 5. The method for protecting data transmission by using the hardware cryptographic algorithm based on the SRTP protocol according to claim 4, wherein the ECB mode based on the SM4 cryptographic algorithm encrypts the payload of each custom RTP packet, comprising: Extracting effective load data to be encrypted from the customized RTP data packet according to the encryption and decryption offset and the encryption and decryption length; and performing ECB encryption calculation on the payload data by using the encryption and decryption key to obtain ciphertext.
  6. 6. The method for protecting data transmission according to claim 5, wherein obtaining a message authentication code using an SM3 authentication algorithm based on the ciphertext comprises: Intercepting corresponding data to be authenticated in the customized RTP data packet containing ciphertext according to the authentication calculation offset and the authentication calculation length; And performing HMAC-SM3 operation on the data to be processed by using the authentication key to generate a message authentication code.
  7. 7. The method for protecting data transmission of hardware cryptographic algorithm based on SRTP protocol according to any one of claims 1-6, further comprising the steps that the video conference terminal B uses its own SRTP processing module and the cryptographic device Tb to respectively perform authentication verification and decryption processing on the received SRTP data packet based on the asynchronous communication, so as to obtain an resolved RTP data packet, and then the RTP data packet is processed to obtain an output image.
  8. 8. The data transmission protection method according to claim 7, wherein the performing authentication check and decryption processing on the received SRTP data packet respectively includes: Intercepting data to be authenticated in the customized SRTP data packet according to the authentication calculation offset and the authentication calculation length; Performing HMAC-SM3 authentication operation on the data to be authenticated to obtain a message authentication code F'; If the message authentication code F ' is consistent with the message authentication code contained in the SRTP data packet, checking the message authentication code F ' to pass, otherwise, failing to check the message authentication code F '; and after verification, extracting data to be decrypted from the load of the SRTP data packet according to the encryption and decryption offset and the encryption and decryption length, and decrypting by using a symmetric algorithm SM4 ECB mode.
  9. 9. A data transmission protection device of a hardware cryptographic algorithm based on an SRTP protocol, comprising: The encoder is used for compressing the acquired video input image into a standard video frame when the video conference is sent; The media processing module is used for packaging the standard video frame into a plurality of original RTP data packets when the video conference is sent, and respectively sending the plurality of original RTP data packets to the SRTP processing module through asynchronous communication; The SRTP processing module is used for respectively packaging the data to be encrypted extracted from each original RTP data packet into RTP data packets with customized data structures and sending the RTP data packets to the password equipment when the video conference is sent, and also used for packaging the encrypted RTP data packets returned by the password equipment into SRTP data packets and returning the SRTP data packets to the media processing module again through asynchronous communication; the password equipment is used for completing symmetric algorithm encryption, decryption processing and authentication calculation on the basis of the data packet sent by the SRTP processing module and transmitting the data packet back to the SRTP processing module; A decoder for decoding standard video frames upon receipt of a video conference; And the display device is used for displaying the output image obtained after decoding.
  10. 10. The data transmission protection device based on the hardware cryptographic algorithm of the SRTP protocol according to claim 9, wherein the SRTP processing module is further configured to send the received SRTP data to the cryptographic device when receiving the video conference, return the SRTP data packet returned by the cryptographic device to the media processing module again through asynchronous communication, send the received SRTP data packet to the SRTP processing module, and group several RTP data packets returned by the SRTP processing module to restore to a standard video frame.

Description

Data transmission protection method and device of hardware state-to-secret algorithm based on SRTP protocol Technical Field The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for protecting data transmission of a hardware cryptographic algorithm based on an SRTP protocol. Background In video conferencing system applications, secure Real-time transport protocol (SRTP) protocol is mostly used for transmission protection of audio and video data packets, SRTP uses symmetric encryption algorithm for encryption protection of payload of Real-time transport protocol (Real-time Transport Protocol, RTP) data packets, and uses key-dependent Hash authentication code (Hash-based Message Authentication Code, HMAC) algorithm for integrity protection and message authentication. Firstly, the encryption algorithms in the RFC3711 specification of the SRTP protocol at the present stage are AES_ICM and AES_GCM, the authentication algorithm is HMAC-SHA1, the encryption algorithm and the authentication algorithm both use the international open source soft algorithm, and the SHA1 algorithm is announced to be cracked by hackers, so that the security is greatly compromised. Secondly, as the requirements of higher image quality (such as 4K and 8K resolution) of video conferences are rapidly increased, the frequency of cryptographic operation called by SRTP packet processing is higher, and a large amount of CPU consumption can be caused by using a soft algorithm, so that the normal operation of other functional modules of the system is influenced. Finally, the algorithm interface currently used by the SRTP protocol is a synchronous interface, and each RTP packet needs to wait for the processing of the last RTP packet to be completed, and the situation that the data packet blocks the waiting processing exists. Therefore, the open source soft algorithm used by the SRTP protocol in the present stage has the defects of lower safety, excessive consumption of CPU, low password operation efficiency and the like. Disclosure of Invention In view of the above analysis, the embodiment of the invention aims to provide a data transmission protection method and device for a hardware cryptographic algorithm based on an SRTP protocol, which are used for solving the problems of lower security, excessive consumption of CPU and low cryptographic operation efficiency in a video conference system in the prior art. The aim of the invention is mainly realized by the following technical scheme: in one aspect, an embodiment of the present invention provides a data transmission protection method for a hardware cryptographic algorithm based on an SRTP protocol, including the following steps: The video conference terminal A utilizes a media processing module to process the input image to obtain a plurality of original RTP data packets, and sends the RTP data packets to an SRTP processing module of the video conference terminal A through asynchronous communication; The SRTP processing module respectively packages the data to be encrypted extracted from each original RTP data packet into RTP data packets with customized data structures, and sends the RTP data packets to the cryptographic equipment Ta; the cryptographic device Ta respectively encrypts the effective load of each customized RTP data packet based on an SM4 cryptographic algorithm to obtain a ciphertext, and utilizes an SM3 authentication algorithm to obtain a message authentication code based on the ciphertext, and transmits the encrypted RTP data packet carrying the ciphertext and the message authentication code back to the SRTP processing module; The SRTP processing module encapsulates the returned encrypted RTP data packet into an SRTP data packet, and transmits the SRTP data packet back to the media processing module again through asynchronous communication, and the SRTP data packet is transmitted to the video conference terminal B by the media processing module. Further, implementing the asynchronous communication based on the custom data structure and a two-layer callback function by using the SRTP processing module includes: The media processing module of the video conference terminal A utilizes the SRTP processing module to initialize an asynchronous interface; The media processing module registers a first layer callback function, and the SRTP processing module registers a second layer callback function; the password equipment returns the corresponding data packet to the SRTP processing module based on a second-layer callback function; The SRTP processing module triggers a first layer callback function based on the returned data, and returns the corresponding data packet to the media processing module. Further, the customized data structure adds encryption and decryption offset, encryption and decryption length, authentication calculation offset, authentication calculation length, transmission mode and message authenticati