[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN103401876B - VoIP service security assurance method and system based on scale variable window mechanism - Google Patents

VoIP service security assurance method and system based on scale variable window mechanism Download PDF

Info

Publication number
CN103401876B
CN103401876B CN201310343286.9A CN201310343286A CN103401876B CN 103401876 B CN103401876 B CN 103401876B CN 201310343286 A CN201310343286 A CN 201310343286A CN 103401876 B CN103401876 B CN 103401876B
Authority
CN
China
Prior art keywords
voice
sender
proxy1
message
receiver
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310343286.9A
Other languages
Chinese (zh)
Other versions
CN103401876A (en
Inventor
余荣威
石源
杜钢
吴开诚
王丽娜
袁杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201310343286.9A priority Critical patent/CN103401876B/en
Publication of CN103401876A publication Critical patent/CN103401876A/en
Application granted granted Critical
Publication of CN103401876B publication Critical patent/CN103401876B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a VoIP service security assurance method and system based on a scale variable window mechanism. The method comprises the following steps: a voice sending end (sender) launches conversation request to a voice receiving end (receiver), and builds safety conversation after bothway verification through an agent end, the sender sends the voice, which is encrypted through the encryption module, to the receiver, the receiver decrypts the encrypted voice and sends the voice to a voice quality assurance module, and the voice display time is adjusted through the caching technology based on the scale variable window, so as to guarantee the display quality of the voice; the system comprises the voice sending end (sender), a voice sending end proxy server (proxy 1), a voice receiving end proxy server (proxy 2), the voice receiving end (receiver) and a private key generator; the voice sending end (sender) comprises a safety SIP conversation module (SSM) and a voice encryption/decryption module (VEM), the voice receiving end (receiver) comprises an SIP conversation module (SSM), a voice encryption/decryption module (VEM) and a voice quality guarantee module (QEM); the method and system can effectively improve VoIP communication safety and communication quality.

Description

A kind of VoIP service method for protecting based on size-varied window mechanism and system
Technical field
The present invention relates to communication network information security technology area, relate generally to the safety meeting of identity-based signature and checking Words technology and the voice encryption technology based on stream cipher, using adaptive based on size-varied window while ensuring communication safety Caching technology is answered to ensure the quality of communication speech.
Background technology
VoIP is a kind of Novel Communication technology of utilization the Internet bearer speech data, it voice is taken compressed encoding, The multiple technologies such as packing packet, route transmission, unpacking decoding realize voice communication on IP network or internet, due to internet certainly Body feature, VoIP with respect to traditional telephone network, transmit voice more cheap it is easier to be extended, but VoIP protocol Body imperfection, VoIP is faced with a lot of safety problems, specifically can be summarized as follows:
(1)VoIP communication system has much potential security threats
In VoIP communication system, conventional signaling control protocol has H.323 protocol family and Session Initiation Protocol cluster, but both of which is not Customize special safety approach.Especially there is much potential security threats in the VoIP communication system using Session Initiation Protocol cluster, Attack including registration hijack attack, message Tampering attack, bogus server attack, dismounting reply attack, Denial of Service attack, media Hit.The security threat that SIP faces is mainly derived from SIP system and cannot provide bidirectional identity authentication and the sip message of inter-entity Integrity checking.Registration is kidnapped and message Tampering attack is because sip message cannot find after illegally being distorted in time, and Server-spoofing attacks and dismounting session attack etc. be then due to communication entity between cannot effectively carry out bidirectional identification inspection;
(2)VoIP communication system has been damaged to voice quality;
VoIP communication is different from black phone, and it uses packet-switch technology, and on network, transmission is packet, And non-speech audio, therefore encode after voice signal need to be quantified, compress, pack (packet) etc. some row operation, to voice quality Damage;
(3)VoIP communication system may lead to the loss of voice packet and delay to reach
Because the unstability of network and dynamic change may lead to the loss of voice packet and delay to reach, have a strong impact on logical Letter quality.
Content of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of VoIP service peace based on size-varied window mechanism All risk insurance hinders method and system, and this system can effectively improve the security of VoIP communication, provide voice quality guarantee simultaneously Technology is eliminating or to mitigate the loss of the voice packet that the uncertain factor such as unstable networks occurring in voice communication course causes Impact communication quality being caused with delay.
The method of the present invention be employed technical scheme comprise that:A kind of VoIP service based on size-varied window mechanism is protected safely Barrier method is it is characterised in that comprise the following steps:
Step 1:Voice transmitting terminal sender sends registration request to sender proxy server proxy1, is signed by mutual Name succeeds in registration after being verified, and subsequently described sender sends session request to voice receiving terminal receiver;
Step 2:Described proxy1 passes through afterwards, described session request to be sent out in the identity of the described sender of checking Give receiving terminal proxy server proxy2, described proxy2 passes through in the described proxy1 identity of checking afterwards again will be described Session request be sent to described receiver;
Step 3:Described receiver first verifies that the identity of described proxy2, if by checking, to described Proxy2 send request and reply message and set up session, described proxy2 passes through it in the identity of the described receiver of checking Afterwards, described request is replied message and be sent to described proxy1, described proxy1 is being verified described proxy2 Identity is transmitted to described sender by replying message described request more afterwards, and described sender is being verified Session is set up with described receiver after the identity of the proxy1 stating;
Step 4:Described sender is encrypted operation to speech message, is sent to described after encryption receiver;
Step 5:Described receiver is decrypted to it after receiving the speech message of described encryption, and will Speech message after deciphering is sent to the jitter-buffer of the adaptive jitter buffering algorithm based on mutative scale statistical window;
Step 6:Described speech message is sent to speech play end after described adaptive jitter buffering is processed Play out.
Preferably, the implementing and include following sub-step of the user registration course described in step 1:
Step 1.1:Described sender sends registration request to described proxy1, and private key generator is according to described The identity information that sender and described proxy1 provides generates corresponding private key for them;Described Proxy1 is receiving registration After request, computing of signing is carried out according to the part header field in the private key pair SIP registration request message of oneself, and return without permission Message 401Unauthorized, to voice transmitting terminal sender, contains described in wherein said 401Unauthorized message Proxy1 signature;
Step 1.2:The signature that the SSM of described sender is received using the public key verifications of described Proxy1,
If signature verification is passed through, send registration message REGISTER and registered, wrap in this registration message REGISTER Signature containing described sender;
If signature verification failure, terminate being registered to described Proxy1;
Step 1.3:After described Proxy1 receives the registration message REGISTER of SSM transmission of described sender, make With the signature of the sender described in the public key verifications of described sender,
If being verified, sending the described sender of 200OK response prompting and succeeding in registration,
If authentication failed, respond error message.
Preferably, session request described in step 2 and step 3 with set up session flow process, it implements including following Sub-step:
Step 2.1:Described sender generates the data for key agreement and by it and comprises own private key signature Session request is sent to described proxy1;
Step 2.2:The signature of the described sender of described proxy1 checking, by then replacing institute by the signature of oneself After the signature of the sender stating, this session request is transmitted to described Proxy2;
Step 2.3:After described Proxy2 is verified signature, the signature of oneself is replaced described proxy1's Signature, and this session request is transmitted to described receiver;
Step 2.4:The signature of the described Proxy2 of described receiver checking, generates for key after being verified The data of negotiation simultaneously by it and confirms that message returns to described sender through reverse signature step by step and authentication, respectively Level signature is by afterwards it is established that session generate the session key that session both sides have.
Preferably, described sender is encrypted operation to speech message, it implements including following sub-step:
Step 4.1:When described voice message transmission starts, the synchronous initial vector of communicating pair, often subsynchronous Send random 8 32 signless integer;
Step 4.2:After described initial vector synchronization, the session key that had using both sides and initial vector are ensureing The synchronization of communicating pair key stream;
Step 4.3:Described speech message sends to described receiver after encryption, described receiver It is decrypted by synchronous key.
Preferably, described voice message transmission for a period of time after, need the once described initial vector of re-synchronization, To ensure the randomness that key stream produces;
Preferably, the speech message described in step 6 is processed through described adaptive jitter buffering, it is voice quality Strengthen the guarantee stage, mainly by a kind of adaptive jitter buffering algorithm based on mutative scale statistical window according to voice packet delay Latest development real-time update statistical window in sample size, using the history language that can reflect network delay present situation in window Sound bag builds the distribution function of network delay, based on maximizing voice quality adaptively selected optimal jitter cache size, to protect The quality of barrier speech play;It implements including following sub-step:
Step 6.1:The decrypted voice bag that adaptive jitter buffering reception based on mutative scale statistical window sends, sentences Disconnected:Whether the decrypted voice bag receiving is first voice packet of a call section?
If so, then the playout-delay of this voice packet is just set as its network delay;
If it is not, then continuing executing with following step;
Step 6.2:Adaptive jitter buffering calls self adaptation size-varied window algorithm according to the delay of follow-up voice packet ADWIN is updating size ω of statistical window;
Step 6.3:Build the histogram of network delay using the remaining history speech data in the window after updating, and then The approximate probability-distribution function obtaining network delay;
Step 6.4:According to losing that the probability-distribution function estimation of described network delay leads under the conditions of certain time-delay Bag rate;
Step 6.5:Voice quality MOS value is calculated using E-Model model;
Step 6.6:Finding optimum broadcast time-delay makes the MOS under this time delay condition maximum;
Step 6.7:Described optimum broadcast time-delay is arranged to the broadcast time-delay of this voice packet.
Preferably, described part header field includes From, To, Contact, Via, Cseq, Content-length.
The system of the present invention be employed technical scheme comprise that:A kind of VoIP service based on size-varied window mechanism is protected safely Barrier system, including:Voice transmitting terminal sender, sender proxy server proxy1, receiving terminal proxy server proxy2, language Sound receiving terminal receiver and private key generator;It is characterized in that:Described voice transmitting terminal sender is provided with safe SIP meeting Words module SSM and voice encryption/decryption module VEM, described voice receiving terminal receiver is provided with safe SIP conversation module SSM, voice encryption/decryption module VEM and voice quality assurance module QEM;
Described safe SIP conversation module SSM, for providing a kind of SIP safety approach of ID-based cryptosystem for system;
Described voice encryption/decryption module VEM, for encryption and decryption speech message;
Described voice quality assurance module QEM, for providing a kind of adaptive jitter based on mutative scale statistical window Caching.
The present invention compared with prior art has following major advantage:
First, is used SIP URL as identity information, realizes point-to-point identity by information signature and signature verification and recognizes Card, identity signature and key agreement scheme using identity-based cryptosystems are realized authentication end to end and are assisted with key Business, avoided HTTP digest authentication wildcard and provided only the defect of unilateral authentication, it is to avoid PKI certificate verification management is multiple The miscellaneous deficiency with sessionless key agreement function, can effectively overcome the security threat in SIP, and compare the domain towards SIP communication Between certifiede-mail protocol mechanism there is the advantage of computing more light weight;
2nd, voice encryption, using the technology based on stream cipher encrypting voice, reduces the time delay that encryption voice brings, Avoid and lead to the nonsynchronous serious problems of encryption and decryption because of packet loss and shake;
3rd. the network delay for IP network and shake, invention introduces a dynamic calculation adjusting window size To realize the self adaptation of dithering cache, this algorithm not only increases the accuracy rate of prediction network delay moreover it is possible to timely and accurately to method Reply network emergency case, improves because of time delay and shakes the voip quality of service decline problem causing;
In a word, the present invention provides safe session using the SIP safety approach of ID-based cryptosystem, using close based on flowing The encryption voice technology of code, reduces the encryption time delay that brings of voice and it also avoid the nonsynchronous problem of encryption and decryption, finally simultaneously Introduce an adaptive cache based on dynamic window and tackle network delay with shake to ensure final broadcasting language as far as possible The quality of sound.
Brief description
Fig. 1:System architecture for the embodiment of the present invention.
Fig. 2:For secured session Establishing process in the embodiment of the present invention.
Fig. 3:For voice encryption flow process in the embodiment of the present invention.
Fig. 4:Ensure flow process for voice quality in the embodiment of the present invention.
Specific embodiment
Below in conjunction with specific embodiments and the drawings, the present invention is further elaborated.
Ask for an interview Fig. 1, the technical scheme that the system of the present invention is adopted is:A kind of VoIP clothes based on size-varied window mechanism Business safe-guard system, including:Voice transmitting terminal sender, sender proxy server proxy1, receiving terminal proxy server Proxy2, voice receiving terminal receiver and private key generator;Voice transmitting terminal sender is provided with safe SIP conversation module SSM and voice encryption/decryption module VEM, voice receiving terminal receiver is provided with safe SIP conversation module SSM, voice adds solution Close module VEM and voice quality assurance module QEM;
Safe SIP conversation module SSM, for providing a kind of SIP safety approach of ID-based cryptosystem, the program for system Using the signature mechanism of ID-based cryptosystem realize point-to-point between bidirectional identity authentication, using message integrity inspection and Diffie-Hellman key agreement mechanisms realize cross-domain user agency's authentication end to end and key agreement;
Voice encryption/decryption module VEM, for encryption and decryption speech message, employs stream cipher arithmetic HC-256;
Voice quality assurance module QEM, for providing a kind of adaptive jitter buffering based on mutative scale statistical window, root Time delay according to the voice packet receiving is sample size in the latest development real-time update statistical window of network, using in window Can reflect that the history voice packet of network presence builds the distribution function of network delay, be selected based on maximizing voice quality self adaptation Select optimal jitter cache size.
The technical scheme that the method for the present invention is adopted is:A kind of VoIP service based on size-varied window mechanism is protected safely Barrier method, comprises the following steps:
Step 1:Voice transmitting terminal sender sends registration request to sender proxy server proxy1, is signed by mutual Name succeeds in registration after being verified, and subsequent sender sends session request to voice receiving terminal receiver;
Ask for an interview Fig. 2, the implementing and include following sub-step of its user registration course:
Step 1.1:Safe SIP conversation module SSM of sender to proxy1 send registration request, private key generator according to The identity information that sender and proxy1 provides generates corresponding private key for them;Proxy1 is after receiving registration request according to certainly Part header field in oneself private key pair SIP registration request message(Including From, To, Contact, Via, Cseq, Content- length)Carry out sign computing, and return without permission message 401Unauthorized message to voice transmitting terminal sender, Signature containing Proxy1 { Unauthorized } Sign in its 401Unauthorized messageproxy1
Step 1.2:The signature that the SSM of sender is received using the public key verifications of Proxy1,
If signature verification is passed through, send registration message REGISTER and registered, wrap in this registration message REGISTER Signature containing sender { REGISTER } Signsender
If signature verification failure, terminate being registered to Proxy1;
Step 1.3:After Proxy1 receives the registration message REGISTER of SSM transmission of sender, using the public affairs of sender The signature of sender verified by key,
If being verified, sending 200OK response prompting sender and succeeding in registration,
If authentication failed, respond error message.
Step 2:Proxy1 passes through afterwards in the identity of checking sender, it will words request is sent to receiving terminal agency service Device proxy2, proxy2 checking proxy1 identity by again session request being sent to receiver afterwards,
Ask for an interview Fig. 2, the implementing including following sub-step of its session request:
Step 2.1:Safe SIP conversation module SSM of voice transmitting terminal sender randomly generates several n1, calculate itself and voice Receiving terminal receiver public key PBProduct n1·PBAnd its value is stored in locally, then by n1·PBUtilize it private with sender Signature { INVITE } Sign to conversation request message for the keysenderIt is included in session request INVITE and send request Set up session;
Step 2.2:Sender proxy server proxy1 first verifies that the signature of voice transmitting terminal sender, if checking is logical Cross, then the signature of oneself is replaced the signature of sender, then will sign { INVITE } Signproxy1It is included in INVITE to disappear It is transmitted to receiving terminal proxy server Proxy2 in breath;
Step 2.3:Receiving terminal proxy server Proxy2 first verifies that the signature of Proxy1, if being verified, will be from Oneself signature replaces the signature of Proxy1, then by { INVITE } Signproxy2It is included in INVITE and be transmitted to voice The SSM of receiving terminal receiver;
Step 3:Receiver first verifies that the identity of proxy2, if by checking, sending to proxy2 and ask back Multiple message sets up session, and proxy2 passes through afterwards, request to be replied message and is sent to proxy1 in the identity of checking receiver, Proxy1 is transmitted to sender by replying message request more afterwards being verified proxy2 identity, and sender is logical in checking Session is set up with receiver after crossing the identity of proxy1;It may be summarized to be the signature that receiver verifies Proxy2, tests Card passes through to generate afterwards the data for key agreement and by it and confirms that message is recognized with identity through reverse signature step by step Card returns to sender, and signatures at different levels pass through afterwards it is established that session generate the session key that session both sides have;
Ask for an interview Fig. 2, set up the implementing including following sub-step of session:
Step 3.1:The SSM of phonetic incepting end receiver first verifies that the signature of Proxy2, if being verified, at random Produce number n2, calculate the P of itself and voice transmitting terminal public keyAProduct n2·PAAnd save it in local, then by n2· PA, receiver utilize its private key pair OK message signature { OK } SignreceiverIt is included in 200OK message and return to Proxy2;
Step 3.2:Receiving terminal proxy server Proxy2 first verifies that the signature of receiver, if being verified, will The signature of oneself replaces the signature of receiver, then signature { OK } Sign to OK message by Proxy2proxy2It is included in OK It is transmitted to sender proxy server proxy1 in message;
Step 3.3:Transmitting terminal end proxy server Proxy1 verifies the signature of proxy2, if being verified, by oneself Signature replace the signature of proxy2, then signature { OK } Sign to OK message by Proxy1proxy1It is included in OK message Forward the SSM of voice transmitting terminal sender;
Step 3.4:Sender after the identity being verified proxy1, the safe SIP session mould of voice communication both sides Block SSM calculates total session key according to key agreement protocol by the data receiving.
Step 4:Sender is encrypted operation to speech message, is sent to receiver and is decrypted after encryption;
Ask for an interview Fig. 3, its encryption and decryption operates, and implements including following sub-step:
Step 4.1:The session key that both sides have is sent to voice and adds by safe SIP conversation module SSM of communicating pair Deciphering module VEM, the VEM of transmitting terminal generates initial vector and is sent to receiving terminal VEM and carries out an initial vector Synchronous, synchronous initial vector bag comprises the synchronizing information of a byte, the synchronous vector of 32 bytes and the data check of a byte;
Step 4.2:The session key being had using both sides and synchronization are same initially through the generation of HC-256 key stream generator The password of step ensured the synchronization of communicating pair key stream originally;
Step 4.3:Speech coder coding in the VEM of transmitting terminal performs the encoding operation to voice packet, using from password The key stream of this selection is encrypted operation to voice packet after coding, is sent to voice encryption/decryption module VEM of receiving terminal afterwards, Each voice packet after stream cipher encrypting, packet carried simultaneously the sequence number of cryptographic item and plaintext verification and;
Step 4.4:The VEM at phonetic incepting end receive include password sequence number, synchronizing information, the verification of plaintext and with And after the packet of encryption voice, using synchronous key stream, operation is decrypted to encryption voice, final speech coder pair Decrypted voice is decoded operating;
Wherein, voice message transmission for a period of time after, need initial vector of re-synchronization, with ensure key stream produce Randomness.
Step 5:Deciphering and decoded voice packet are sent to be based in voice quality assurance module QEM and become by receiver The adaptive jitter buffering area of yardstick statistical window;
Step 6:Speech message is sent to speech play end after adaptive jitter buffering process and plays out;
Ask for an interview Fig. 4, speech message is processed through adaptive jitter buffering, be that voice quality strengthens the guarantee stage, mainly lead to Cross a kind of latest development real-time update according to voice packet delay for adaptive jitter buffering algorithm based on mutative scale statistical window Sample size in statistical window, builds network delay using the history voice packet that can reflect network delay present situation in window Distribution function, based on maximizing voice quality adaptively selected optimal jitter cache size, to ensure the quality of speech play;Its Implement including following sub-step:
Step 6.1:Adaptive jitter buffering based on mutative scale statistical window receives the decrypted voice bag that VEM sends, Judge:Whether the decrypted voice bag receiving is first voice packet of a call section?
If so, then the playout-delay of this voice packet is just set as its network delay;
If it is not, then continuing executing with following step;
Step 6.2:Voice quality assurance module QEM calls self adaptation size-varied window according to the delay of follow-up voice packet Algorithm ADWIN is updating size ω of statistical window;
Step 6.3:Build the histogram of network delay using the remaining history speech data in the window after updating, and then The approximate probability-distribution function obtaining network delay;
Step 6.4:The packet loss being led under the conditions of certain time-delay according to the probability-distribution function estimation of network delay;
Step 6.5:Calculate voice quality MOS value using E-Model model (to calculate through substituting into, MOS value is finally one One-variable function with network delay as independent variable, i.e. MOS ∝ network delay);
Step 6.6:Finding optimum broadcast time-delay makes the MOS under this time delay condition maximum;
Step 6.7:Optimum broadcast time-delay is arranged to the broadcast time-delay of this voice packet.
These are only presently preferred embodiments of the present invention, be not intended to limit protection scope of the present invention, therefore, all Any modification, equivalent substitution and improvement made within the spirit and principles in the present invention etc., should be included in the protection model of the present invention Within enclosing.

Claims (6)

1. a kind of VoIP service method for protecting based on size-varied window mechanism is it is characterised in that comprise the following steps:
Step 1:Voice transmitting terminal sender sends registration request to sender proxy server proxy1, is tested by mutual signature By succeeding in registration afterwards, subsequently described sender sends session request to phonetic incepting end receiver to card;
Step 2:Described proxy1 passes through afterwards, described session request to be sent in the identity of the described sender of checking Receiving terminal proxy server proxy2, described proxy2 passes through afterwards again by described meeting in the described proxy1 identity of checking Words request is sent to described receiver;
Wherein said session request flow process, it implements including following sub-step:
Step 2.1:Described sender generates the data for key agreement and by it and comprises the session that own private key is signed Request is sent to described proxy1;
Step 2.2:The signature of the described sender of described proxy1 checking, described by then replacing the signature of oneself After the signature of sender, this session request is transmitted to described proxy2;
Step 2.3:After described proxy2 is verified signature, the signature of oneself is replaced the label of described proxy1 Name, and this session request is transmitted to described receiver;
Step 3:Described receiver first verifies that the identity of described proxy2, if by checking, to described Proxy2 transmission request replies message sets up session, and described proxy2 passes through it in the identity of the described receiver of checking Afterwards, described request is replied message and be sent to described proxy1, described proxy1 is being verified described proxy2 Identity is transmitted to described sender by replying message described request more afterwards, and described sender is being verified Session is set up with described receiver after the identity of the proxy1 stating;
Wherein said session flow process of setting up also includes:The signature of the described proxy2 of described receiver checking, checking is logical Generate the data for key agreement after crossing and by it and confirm that message is returned with authentication through reverse signature step by step Back to described sender, signatures at different levels pass through afterwards it is established that session generate the session key that session both sides have;
Step 4:Described sender is encrypted operation to speech message, is sent to described receiver after encryption;
Step 5:Described receiver is decrypted to it after receiving the speech message of described encryption, and will decipher Speech message afterwards is sent to the jitter-buffer of the adaptive jitter buffering algorithm based on mutative scale statistical window;
Step 6:Described speech message is sent to speech play end after described adaptive jitter buffering is processed to be carried out Play;Described speech message is processed through described adaptive jitter buffering, by a kind of based on mutative scale statistical window Adaptive jitter buffering algorithm according to the sample size in the latest development real-time update statistical window of voice packet delay, using window Can reflect in mouthful that the history voice packet of network delay present situation builds the distribution function of network delay, based on maximization voice quality Adaptively selected optimal jitter cache size, to ensure the quality of speech play;It implements including following sub-step:
Step 6.1:The decrypted voice bag that adaptive jitter buffering reception based on mutative scale statistical window sends, judges to receive To decrypted voice bag be whether a call section first voice packet;
If so, then the playout-delay of this voice packet is just set as its network delay;
If it is not, then continuing executing with following step;
Step 6.2:Adaptive jitter buffering calls self adaptation size-varied window algorithm ADWIN according to the delay of follow-up voice packet To update size ω of statistical window;
Step 6.3:Build the histogram of network delay using the remaining history speech data in the window after updating, and then approximately Obtain the probability-distribution function of network delay;
Step 6.4:The packet loss being led under the conditions of certain time-delay according to the probability-distribution function estimation of described network delay;
Step 6.5:Voice quality MOS value is calculated using E-Model model;
Step 6.6:Finding optimum broadcast time-delay makes the MOS under this time delay condition maximum;
Step 6.7:Described optimum broadcast time-delay is arranged to the broadcast time-delay of this voice packet.
2. the VoIP service method for protecting based on size-varied window mechanism according to claim 1 it is characterised in that: The implementing and include following sub-step of user registration course described in step 1:
Step 1.1:Described sender sends registration request to described proxy1, and private key generator is according to described sender The identity information providing with described proxy1 generates corresponding private key for them;Described proxy1 is after receiving registration request Computing of signing is carried out according to the part header field in the private key pair SIP registration request message of oneself, and returns to message 401 without permission Unauthorized, to voice transmitting terminal sender, contains described in 401 wherein said Unauthorized message The signature of proxy1;
Step 1.2:Safe SIP conversation module SSM of described sender is received using the public key verifications of described proxy1 Signature,
If signature verification is passed through, send registration message REGISTER and registered, include in this registration message REGISTER The signature of described sender;
If signature verification failure, terminate being registered to described proxy1;
Step 1.3:After described proxy1 receives the registration message REGISTER of SSM transmission of described sender, using institute The signature of the sender described in the public key verifications of the sender stating,
If being verified, sending the described sender of 200 OK response promptings and succeeding in registration,
If authentication failed, respond error message.
3. the VoIP service method for protecting based on size-varied window mechanism according to claim 1 it is characterised in that: Described sender is encrypted operation to speech message, and it implements including following sub-step:
Step 4.1:When described voice message transmission starts, the synchronous initial vector of communicating pair, each synchronized transmission with 8 32 signless integers of machine;
Step 4.2:After described initial vector synchronization, the session key that had using both sides and initial vector are ensureing to communicate The synchronization of both sides' key stream;
Step 4.3:Described speech message sends to described receiver after encryption, and described receiver passes through Synchronous key is being decrypted.
4. the VoIP service method for protecting based on size-varied window mechanism according to claim 3 it is characterised in that: Described voice message transmission for a period of time after, need the once described initial vector of re-synchronization, with ensure key stream produce Randomness.
5. the VoIP service method for protecting based on size-varied window mechanism according to claim 2 it is characterised in that: Described part header field includes From, To, Contact, Via, Cseq, Content-length.
6. a kind of VoIP service safe-guard system based on size-varied window mechanism, including:Voice transmitting terminal sender, transmission End proxy server proxy1, receiving terminal proxy server proxy2, phonetic incepting end receiver and private key generator;It is special Levy and be:Described voice transmitting terminal sender is provided with safe SIP conversation module SSM and voice encryption/decryption module VEM, described Phonetic incepting end receiver be provided with safe SIP conversation module SSM, voice encryption/decryption module VEM and voice quality guarantee Module QEM;
Safe SIP conversation module SSM of described voice transmitting terminal sender and phonetic incepting end receiver, for carrying for system For a kind of SIP scheme of the identity-based signature mechanism towards secured session;This SIP safety approach uses dialogue-based identity Signature mechanism realize point-to-point between bidirectional identity authentication, using message integrity inspection and Diffie-Hellman key association Business opportunity system realizes cross-domain user agency's authentication end to end and key agreement;
The SIP scheme of described identity-based signature mechanism implements process is:Described voice transmitting terminal sender and transmitting terminal Proxy server proxy1 connects two-way communication, and described phonetic incepting end receiver and receiving terminal proxy server proxy2 is even Connect two-way communication, described sender proxy server proxy1, receiving terminal proxy server proxy2 connect two-way communication;Described Voice transmitting terminal sender sends registration request to sender proxy server proxy1, is passed through afterwards by mutual signature verification Succeed in registration, subsequently described sender sends session request to phonetic incepting end receiver;Described proxy1 is in checking The identity of described sender is passed through afterwards, described session request to be sent to receiving terminal proxy server proxy2, described Proxy2 pass through to be sent to described session request more afterwards in the described proxy1 identity of checking described in receiver; Described receiver first verifies that the identity of described proxy2, if by checking, sending to described proxy2 please Ask to reply message and set up session, described proxy2 passes through afterwards in the identity of the described receiver of checking, please by described Ask to reply message and be sent to described proxy1, described proxy1 is being verified described proxy2 identity by afterwards again Described request is replied message and is transmitted to described sender, described sender is in the body being verified described proxy1 Session is set up with described receiver after part;Described sender is encrypted operation to speech message, sends out after encryption Give described receiver;Described receiver solves to it after receiving the speech message of described encryption Close, and the speech message after deciphering is sent to the jitter buffer of the adaptive jitter buffering algorithm based on mutative scale statistical window Area;
Voice encryption/decryption module VEM of described voice transmitting terminal sender and phonetic incepting end receiver, for encryption and decryption language Sound message;
Described voice quality assurance module QEM, for providing a kind of adaptive jitter buffering based on size-varied window, according to Sample size in the latest development real-time update statistical window of the time delay of the voice packet receiving, can reflect using in window The history voice packet of network presence builds the distribution function of network delay, and based on maximizing, voice quality is adaptively selected most preferably to tremble Dynamic cache size;
The process that implements of the described adaptive jitter buffering based on size-varied window is:Described speech message is through described Adaptive jitter buffering process after be sent to speech play end and play out;Described speech message is through described adaptive Dithering cache is answered to process, by a kind of adaptive jitter buffering algorithm based on mutative scale statistical window according to voice packet delay Sample size in latest development real-time update statistical window, using the history voice that can reflect network delay present situation in window Bag builds the distribution function of network delay, based on maximizing voice quality adaptively selected optimal jitter cache size, to ensure The quality of speech play;
The described adaptive jitter buffering algorithm based on mutative scale statistical window, it implements including following sub-step:
Step 6.1:The decrypted voice bag that adaptive jitter buffering reception based on mutative scale statistical window sends, judges to receive To decrypted voice bag be whether a call section first voice packet;
If so, then the playout-delay of this voice packet is just set as its network delay;
If it is not, then continuing executing with following step;
Step 6.2:Adaptive jitter buffering calls self adaptation size-varied window algorithm ADWIN according to the delay of follow-up voice packet To update size ω of statistical window;
Step 6.3:Build the histogram of network delay using the remaining history speech data in the window after updating, and then approximately Obtain the probability-distribution function of network delay;
Step 6.4:The packet loss being led under the conditions of certain time-delay according to the probability-distribution function estimation of described network delay;
Step 6.5:Voice quality MOS value is calculated using E-Model model;
Step 6.6:Finding optimum broadcast time-delay makes the MOS under this time delay condition maximum;
Step 6.7:Described optimum broadcast time-delay is arranged to the broadcast time-delay of this voice packet.
CN201310343286.9A 2013-08-07 2013-08-07 VoIP service security assurance method and system based on scale variable window mechanism Expired - Fee Related CN103401876B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310343286.9A CN103401876B (en) 2013-08-07 2013-08-07 VoIP service security assurance method and system based on scale variable window mechanism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310343286.9A CN103401876B (en) 2013-08-07 2013-08-07 VoIP service security assurance method and system based on scale variable window mechanism

Publications (2)

Publication Number Publication Date
CN103401876A CN103401876A (en) 2013-11-20
CN103401876B true CN103401876B (en) 2017-02-22

Family

ID=49565401

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310343286.9A Expired - Fee Related CN103401876B (en) 2013-08-07 2013-08-07 VoIP service security assurance method and system based on scale variable window mechanism

Country Status (1)

Country Link
CN (1) CN103401876B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103944727B (en) * 2014-04-25 2017-11-10 天地融科技股份有限公司 Operation requests processing method
US10694034B1 (en) 2018-12-12 2020-06-23 International Business Machines Corporation Avoiding identity fraud and unwarranted calls by authorization mechanism in communication system
CN110061814B (en) * 2019-04-26 2022-03-25 北京达佳互联信息技术有限公司 Voice delay jitter control method and device, electronic equipment and storage medium
CN114978704B (en) * 2022-05-24 2023-07-04 北京天融信网络安全技术有限公司 Password modification method based on server and server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521660A (en) * 2008-02-27 2009-09-02 华为技术有限公司 Session initiation protocol registry method, certification and authorization method, system and equipment
CN101626294A (en) * 2008-07-07 2010-01-13 华为技术有限公司 Certifying method based on identity, method, equipment and system for secure communication
CN102668495A (en) * 2009-09-29 2012-09-12 网能和光公司 Method and system for low-latency transfer protocol

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294366A1 (en) * 2005-06-23 2006-12-28 International Business Machines Corp. Method and system for establishing a secure connection based on an attribute certificate having user credentials

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521660A (en) * 2008-02-27 2009-09-02 华为技术有限公司 Session initiation protocol registry method, certification and authorization method, system and equipment
CN101626294A (en) * 2008-07-07 2010-01-13 华为技术有限公司 Certifying method based on identity, method, equipment and system for secure communication
CN102668495A (en) * 2009-09-29 2012-09-12 网能和光公司 Method and system for low-latency transfer protocol

Also Published As

Publication number Publication date
CN103401876A (en) 2013-11-20

Similar Documents

Publication Publication Date Title
US11943262B2 (en) Securing method for lawful interception
Zimmermann et al. ZRTP: Media path key agreement for unicast secure RTP
US8503681B1 (en) Method and system to securely transport data encryption keys
US20180294959A1 (en) Identity and content authentication for phone calls
Reaves et al. {AuthLoop}:{End-to-End} cryptographic authentication for telephony over voice channels
US8345871B2 (en) Fast authentication over slow channels
US20070237144A1 (en) Transporting authentication information in RTP
CN106357690B (en) data transmission method, data sending device and data receiving device
CN104717220B (en) Based on the encrypted control signaling safe transmission method of hardware
JP3948595B2 (en) Message authentication device
US20110320359A1 (en) secure communication method and device based on application layer for mobile financial service
CN107483191A (en) A kind of SM2 algorithm secret keys segmentation signature system and method
CN101729871B (en) Method for safe cross-domain access to SIP video monitoring system
CN106936788A (en) A kind of cryptographic key distribution method suitable for VOIP voice encryptions
CN103401876B (en) VoIP service security assurance method and system based on scale variable window mechanism
CN113904809A (en) Communication method, communication device, electronic equipment and storage medium
US8023654B2 (en) Securing multimedia network communication
CN107517194A (en) A kind of content distributing network returns source authentication method and device
Rebahi et al. Performance analysis of identity management in the Session Initiation Protocol (SIP)
JP2009111594A (en) Authentication system using short sequence
Al-juaifari Secure SMS Mobile Transaction with Peer to Peer Authentication Design for Mobile Government
Obinna et al. Ensuring message freshness in a multi-channel SMS steganographic banking protocol
Samanta et al. Secure short message peer-to-peer protocol
CN104202337B (en) A kind of data transmission system and method based on audio signal
CN118678126B (en) Self-adaptive cross-domain code stream password security protection method, system and equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170222

Termination date: 20170807