Method for safe cross-domain access to SIP video monitoring system

Abstract

The invention discloses a method for the safe cross-domain access to an SIP video monitoring system. In the method, an INVITE method defined in RFC 3261 is expanded to complete cross-domain route exploration, server safety capacity negotiation and inter-server bidirectional identity authentication and safely transmit two shared keys between servers, and after the route exploration is completed, the digest computing of information on the two shared keys, user identity and the like guarantees the legality of a follow-up cross-domain signaling source so as to guarantee the safety of the cross-domain access of a user. The method solves the safety problem of cross-domain access, prevents phishing server attack and replay attack, solves single sing-on problem of the cross-domain access user and ensures simple safety capacity negotiation and digest authentication-based signaling safety. And due to the high efficiency of the digest computing, the high efficiency of the system is achieved, and the real-time and high application value of the system are guaranteed.

Description

technical field [0001] The invention relates to a secure cross-domain access method for a SIP video surveillance system, belonging to the technical fields of communication and video surveillance. technical background [0002] At present, the cross-domain access structure of the SIP video surveillance system is as follows: figure 1 As shown, user 1 of domain 1 accesses camera 2 of domain 2 across domains. The information exchanged in the cross-domain access includes real-time and historical video and audio, log information, configuration of front-end equipment, control operations and other information. Among them, video and audio Information is generally transmitted through the establishment of an RTP channel under the control of SIP signaling. Under the control of SIP signaling, large file information is transmitted through protocols such as FTP, and other shorter information is directly carried by the message body of SIP signaling. If an attacker masters SIP signaling, he...

AI Technical Summary

Problems solved by technology

[0008] 5) Destruction of message integrity (Message Integrity) - the attacker inserts offensive data into the information data accessed across domains, destroying the integrity of the information transmitted by both parties in communication

Since S / MIME encrypts, signs, or both encrypts and signs the message body or even the entire message, the encryption result and signature result must be transmitted as part of the message body, so the SIP message will be very long, so the transport layer It is necessary to use the TCP protocol instead of the UDP method recommended by the SIP protocol for transmission. TCP establishes a long connection, which is a big bottleneck for system performance.

In addition, S / MIME is based on certificate authentication, and the trust relationship must be re-established for each session, so the cost of the system is high and the delay is long

Not suitable for system applications with strong real-time requirements

Images