【School】 VOD system weak features and a simple security protocol】..

<br> VOD system features and simple security protocols <BR> Abstract: This paper introduces a typical VOD system, but mainly in the VOD system security requirements are described, Finally, the characteristics of VOD system, the reference security for the Web .. application of SSL / STL agreement, proposed a simplified, dedicated to VOD system a security agreement.. Keywords: VOD security protocol for a digital signature authentication RSA keys, the introduction of multimedia technology with the computer, communications, packet switching technology, digital .and optical transmission technology has become more mature, video on demand (VOD: Video On Demand) system is also developed.. Increasingly widespread use of the VOD system today, the establishment of a secure VOD system is a very pressing requirement.. VOD system ., through the exchange of control information security protocol, to ensure the security of the connection.. Because a large amount of multimedia data, so all the encrypted transmission of multimedia data is unrealistic, and even encryption and decryption speed of the request, the server .can not, and there is no need to bear such a large amount of calculation.. Therefore, the solution is between client and server control information is encrypted, not the multimedia data stream encryption.. Since the control information encryption, and fully capable of .ensuring the security of the entire system.. As social and economic development and technological progress, people, and the image business, in particular the needs of multi-media business is also increasing, to develop new broadband services as information industry, an important goal ... Broadband video on demand service is the most representative in the typical application.. Through the VOD system, the user is free to the library from the selected remote video program to watch TV programs, just like home, like video recorders.. Video .on demand technology is in the computer multimedia technology, packet switching communications technology, digital and fiber optic transmission technology has become more sophisticated conditions to develop.. Advances in computer technology, especially Web technology has changed the structure of information infrastructure, including information generation, .storage, transmission and expression and so on.. Currently, text, images, and narrow-band video signal is digitized and network storage, transmission and reproduction; However, these traditional methods can not fully meet today's society of high-quality, continuous multimedia .(such as high-fidelity audio and video quality of video) of the application requirements ... VOD system covers a wide range of areas, such as video on demand, karaoke OK, distance learning, corporate training, advertising kiosks, intelligent community and .so on.. Meanwhile, the introduction of such a media information infrastructure development of the computer has brought new challenges, because their own inherent properties, including continuous flow of data storage and playback requirements.. They require large capacity storage devices, require broadband network .environment, the most important is the need to ensure real-time transmission.. Traditional technology can not meet the stringent requirements of real time and large capacity, the technical bottlenecks particularly reflected in the network bandwidth, file system and storage device I / O performance .of these three aspects.. To this end, many solutions have emerged, some of which program to use dedicated hardware platform or a super computer as a multimedia server.. However, hardware solutions depend not only expensive, but will in future expansion, upgrading .and maintenance cause problems.. Other programs target low-bandwidth connections Zeyi, for the transmission of low quality, small screen video content, for example, we watch through the dial-up some "program", these methods can only be restricted to .certain applications and can not guarantee high. quality video on demand requirements.. With the deepening of information needs, multi-media information services, especially for the on-demand video and audio information services, has aroused great interest; and storage technology, communication .technology and the rapid development of video compression technology, enables high-speed network. video on demand services possible.. VOD is the essence of the needs of information users according to their own initiative to access multimedia information, information publishing and broadcasting it with the .difference between the initiative and interactivity.. This information service in a manner consistent awareness of the need for a deeper level of information resources, it changes the way broadcast passive indoctrination.. There are many compelling VOD service applications, such as on-demand movies ., karaoke OK, visual journals, computer-aided teaching or training.. However, the amount of data video services is very large, real-time transmission needs to be huge bandwidth, such as 640 × 480 dots, 64K color (16bit), .25 frames / second TV data transmission bandwidth is required 122.88Mbit / s, before. the PSTN (co-switched telephone network) and N-ISDN (Narrowband Integrated Services Digital Network), etc. are based on circuit-switched narrowband network.. .<BR> PSTN can only provide 14.4kbit / s or 28.8kbit / s data rates; N-ISDN's BRI (Basic Rate Interface) is a 2B + D, PRI (Primary Rate Interface) for the 30B + D, where B is .64kbit. / s.. In such a slow network can not be achieved in real-time transmission of video services.. In recent years, with the MPEG-1 and MPEG-2 high compression ratio of compression to the emergence and transmission of ATM .as the basic B-ISDN and high-speed Ethernet communications technology development, video services and technology gradually become. hot research topic.. Second, a typical VOD system, a typical VOD system structure diagram See "Chinese multimedia video" Seventh.. .The system includes: (1) Server Media Services Module: Provides multimedia and service information.. (2) Server application service module: accepts user requests to download a variety of user terminal application, completion of the work interact with the user terminal.. .(3) network transmission equipment: local area network approach can be used, or even wide area network mode.. (4) server management module: responsible for the operation of the entire system to record the relevant information.. (5) user terminals .: You can use a personal computer, dedicated set-top boxes to achieve.. High performance personal computer can be achieved by loading the software for personal computers with lower performance by Decompression Card to complete the decoding.. Use a dedicated set-top box .to watch TV can match.. (6) Web-based management system: The administrator may, at any location, any device certified by the system immediately after administration.. (7) program production system: under normal circumstances the user can load the .program directly to the video server, VCD, if you need to tape, LD and other storage media is loaded into the analog video library video, you need to program production system. to complete.. Third, VOD system, users of security protocols when .using the VOD system, needs, and the server exchange a wide variety of information, which has many of the need for strict confidentiality, such as the user enters the user name and password and so on.. VOD providers need to run this information to .record the user's usage and to charge under these circumstances.. Sure that the user must also be able to use the correct server, not fake.. So that users can safely enter your user name and password and other information.. All this must be .built on the basis of a secure connection, if you do not have this secure connection, built up the VOD system is completely unreliable.. We know that currently use TCP / IP is not taken into account security, so if the establishment of such a .VOD system is not security, it is possible fake users, but the real user's password is also very easily be monitored. The.. This VOD system is not able to actually use, so to create a practical VOD system, we must take into account .security, allowing users to safely use and can not deny its use.. Now, in order to achieve a secure protocol, in reference to the use of the Web Security SSL / STL protocol, based on a simplified design, specifically for the VOD system ., a protocol, of course, this protocol can also be used for multimedia transmission. Other aspects, such as video conferencing (Video Conference) and so on.. See flow chart protocol "China multimedia video" Seventh.. Protocol design enables the .server and client to identify each other's identity, negotiation, and encryption and MAC algorithms used to protect transmitted data encryption key.. Is provided for the two communication between individuals confidentiality and integrity (authentication), and to achieve interoperability, scalability, higher relative efficiency ... Agreement by a series of exchanges between the client and the server component of packets.. The figure shows the client and server to establish a logical connection between the original required the exchange process to: <BR> (1) exchange of Hello .messages, for the algorithms, exchange random values such as consensus; (2) Exchange the necessary cryptographic parameters. in order to unify the two sides before the master key; (3) exchange certificates and the corresponding password information for authentication; (4) .generation master key; (5) testing whether the two sides have access to the same security parameters.. The exchange can be seen as a four stage.. 1.. Ability to attribute this stage to establish security for the client and server-side .and began to establish a logical connection associated with this connection security capabilities.. Customer initiated this exchange, with the following parameters client_hello send messages.. (1) version: The customer can use the highest protocol version, add this field is intended to facilitate .the future extension agreement.. (2) Random Number: Customer-generated random number, timestamp, and security from the 32-bit random number generator to generate random sequence of 28 bytes.. These values are among the key exchange in order to prevent .replay attacks.. (3) ciphertext family: Customer list of supported cryptographic algorithms (CipherSuite), in accordance with the order of decreasing priority.. Each element of the list (each ciphertext family) defines the key exchange algorithm and encryption instructions.. .(4) compression method: compression method supported by a list of customers.. In the message sent client_hello, customers waiting for the packets with the same parameters client_hello server server_hello message.. Server sends the following message parameters server_hello agreement.. (1) .version field contains the recommended minimum client and server versions of the highest version supported (2) random numbers generated by the server segment, independent of the client's random number above.. (3) dense text that contains the server from the client to pick out .the proposed set of cipher encryption.. (4) Compression field contains the server from the client to pick out the proposed compression method, a compression method.. Ciphertext family parameter of the first element is the key exchange algorithm (that is used for conventional .encryption and MAC encryption key exchange method).. Here is some support for key exchange method.. (1) RSA: RSA public key using the recipient of the keys for encryption.. The recipient's public key certificate keys must be provided.. ( .2) Diffie-Hellman key exchange: can be fixed Diffie-Hellman key exchange and short-term Diffie-Hellman key exchange or the anonymous Diffie-Hellman key exchange.. If you want to improve the system that can support more of the key exchange .algorithm, so that safety performance improved significantly.. Here the sake of discussion, on the use of the international community has widely used RSA public key system.. After the key exchange method is the encryption method defined, we know, the use of public .key encryption is impractical because the calculation of large, slow, so we generally use the public key exchange key, the real encrypted using the encryption algorithm. or encryption algorithm, the algorithm can be used a lot, which can be RC series, DES, .IDEA, AES and more.. Here, the need to point out that the agreement to support the implementation of the encryption algorithm as much as possible, so that the client and server have more choices, so that security can be a very good guarantee. ..2.. Server authentication and key exchange server needs to be identified, so that users know that this is connected to the correct server, which requires the server to send its own certificate to the user, where the use of international standards of X. ..509 certificates (X.509 information, please check on the relevant national standard, where limited space is not described in detail), so the message to contain an X. .509 certificate.. Above, we use RSA public key system is discussed ., so the server does not need to send server_key_exchange message, but if in other ways, you may need to send server_key_exchange news.. Then, the server sends certificate_request message that public key algorithm and use.. Finally, the server sends server_hello_done, then .wait for clients at once.. This message has no parameters.. 3.. Client authentication and key exchange client receives the server server_done news, according to need to check the server's certificate, and determine whether the parameters server_hello acceptable, if there is no .problem, send the following one or more messages to the server.. (1) If the server requests a client certificate, then the client first sends a certificate message, if the customer does not have a certificate, send a no_certificate warning.. This .step is generally necessary because the server is the legitimate user to know the on-demand VOD system, and as a client to use the VOD system based on non-repudiation.. (2) The client sends client_key_exchange message, the content of the message .depends on the type of key exchange, here we only discuss the RSA public key system, customers generate 48-byte pre-master password, and use its server certificate's public key. encryption.. (3) Finally, the client sends a certificate_verify message .that contains a signature, the first message from all handshake messages since the HMAC value (master_secret) be signed.. The aim is to provide a clear validation.. Thus, if someone wants to fake a legitimate user on demand VOD, he can not .issue this message, it can not fake success.. 4.. End of the 4 stages to establish a secure connection.. (1) client sends a change_cipher_spec message, and copies of the consultation are key to the current state of the connection. .. (2) Then, the customer with the new algorithm, the key parameter to send a finished message, the message can check whether the key exchange and authentication process has been successful.. Including a checksum, and check all incoming and outgoing messages. .. (3) server sends the same message and finished change_cipher_spec news.. The entire process is completed, the client and server have negotiated a secure key, and established a secure connection, so that the client and the server can safely exchange data and control .words of the ...