| The rapid development of the digital society has promoted the advancement of some emerging technologies such as artificial intelligence and cloud computing.Meanwhile,it has also continuously expanded the application of the security technology in the industry system.With the vigorous development of audio and video processing and information transmission technology,the video surveillance system has widely popularized in the national wide.However,there are still some challenges in the process of development.The video surveillance system is facing the challenges of information security brought by large-scale networking applications.The key problems such as the identity security of front-end devices,the security of communication signaling,and the security of video data are urgently needed to be solved.This thesis is based on the "Research on Key Technologies of Security Sharing and Feature Analysis of Public Security Surveillance Video" project of Chengdu 30 Kaitian Corporation,which is a subsidiary company of the 30 th Research Institute in China Electronics Technology Group Corporation.This thesis analyzes the various security risks of traditional video surveillance system in the aspects of identity authentication,signaling transmission,video data encryption and decryption.Through the in-depth research on authentication technology,cryptographic technology and key management,a security protection scheme for video surveillance system is proposed.First of all,in order to solve the security problem of communication,an authentication scheme of system security based on Public Key Infrastructure/Certificate Authority(PKI/CA)is designed.On the one hand,by improving the digest authentication method of Hyper Text Transfer Protocol(HTTP)and combining with the signature of private key and the verification of digest value,a bidirectional identity authentication mechanism between the Internet protocol camera and the security management platform is realized,which can control the legitimate device to access the system safely.On the other hand,aiming at the process of requesting video stream,the surveillance client and the video stream sending device complete the negotiation process of the session key by checking the digital certificate and obtaining the public key,and the session key is used to encrypt and protect the signaling message body.Meanwhile,the reinforcement mechanism of signaling security is realized by combining the verification of digest value of signaling header and the signature of encrypted message body,which are operated by the SIP server to ensure the safety of signaling interaction.Secondly,in order to solve the security problem of video data,a key management mechanism for the derivation and application of the device and video key is proposed.The Device Master Key(DMK)is derived from the unique representation information of the Internet protocol camera.The Video Encryption Key(VEK)is derived from DMK and the feature factor of the captured video,which is used to encrypt the video data.Meanwhile,in order to ensure the security of VEK,the Video Key Encryption Key(VKEK)is introduced to encrypt VEK.Based on the above key management mechanism,an encryption and decryption scheme of video data is proposed.The Internet protocol camera repackages the secret video stream,the secret VEK,and the video identification sequence into a combined stream for transmission.The surveillance client re-derives VKEK to get VEK,and finally decrypts the video stream.This scheme can improve the security of video data during transmission.Finally,the above scheme is tested on the basis of the project.The test and analysis results demonstrate that the scheme has the functions of the bidirectional identity authentication,the security reinforcement of signaling,the derivation of device and video key,and the encryption and decryption of video data,which meet the requirements of the project and effectively improves the security of the video surveillance system. |
PDF Full Text Request