An H.323 protocol based multimedia communication system is implemented on the basis of Packet Based Network (PBN) without Quality of Service (QOS) assurance. Due to the intrinsic technical nature of PBN, a PBN is usually unable to assure QOS, and thereby unable to provide secure QOS for communication between endpoints in such network system.
In order to provide timely secure communication service on such an insecure network system, the following two issues have to be taken into consideration in communication between different endpoints: authentication and privacy.
Though some authentication and privacy techniques for H.323 protocol based multimedia communication systems have been defined in predecessors of H.235 protocol V3, those techniques were technical solutions in Gate Keeper (GK) routing mode (a routing mode for H.323-based communication systems, the core of which is to utilize GK to forward call signaling between different endpoints). Furthermore, Appendix I of H.235 V3 puts forth an authentication and privacy technique based on direct routing mode (direct routing mode is another routing mode that is used in H.323-based communication systems; in contrast to above GK routing mode, direct routing mode doesn't utilize GK to forward call signaling between different end points, instead, the two endpoints involved in communication exchange call signaling with each other directly); however, when such an authentication and privacy technique based on direct routing mode utilizes basic features defined in Appendix D and Appendix F of H.235 V3 to provide secure communication service for an H.323-based communication system, it is limited that the different endpoints involved in communication must managed by the same GK, i.e., it is required that the endpoints should be in the same GK management domain in the network system; therefore, it imposes severe constraint to actual application.
Appendix I of supplement Amd1 to H.235 V3, which was issued by ITU-T recently, revised the Appendix I of above H.235 V3 with an authentication and privacy technique across different GK management domains (management across GKs means that the calling endpoint and the called endpoint are in different GK management domains, and the calling endpoint need to locate the called endpoint with assist of the home GK of the calling endpoint and the home GK of the called endpoint) and based on direct routing mode, to provide secure communication service in case that the endpoints involved in communication are in different GK management domains.
Hereinafter is described in brief the secure communication service processing procedures in prior art for communication between endpoints in different GK management domains in a multimedia communication system on the basis of direct routing mode, with reference to FIG. 1. As shown in the modular block diagram of H.323-based network system in FIG. 1, the calling End Point a (EPa) and the called End Point b (EPb) are two different endpoints; wherein, gate keeper GKg is the home GK of EPa, and gate keeper GKh is the home GK of EPb. Here, the authentication and privacy technique across different GK management domains and based on direct routing mode presets a shared key Kag between EPa and GKg as well as a shared key Kbh between EPb and GKh, so that EPa and GKg authenticate each other with Kag and EPb and GKh authenticate each other with Kbh; meanwhile, a shared key (Kgh) between GKg and GKh is also set, so that GKg and GKh authenticates each other with Kgh. On the basis of above set conditions, the secure communication processing procedures between EPa and EPb are as follows:
1. When prepares for calling EPb, EPa sends a call Admissions Request (ARQ) message containing EPb identification information to GKg, to request for admission.
2. After receiving the ARQ message, GKg finds the home GK of EPb is GKh with the EPb identification information contained in the ARQ message, and sends a Location Request (LRQ) message to GKh.
3. After receiving the LRQ message, GKh generates a random sequence Challenge and an initialization vector IV, and then carries out encryption operation on Kbh (the shared key between EPb and GKh) with the generated random sequence Challenge to obtain the derived keys EKbh and KSbh; similarly, GKh carries out encryption operation on Kgh (the shared key between GKg and GKh) with the random sequence Challenge to obtain the derived keys EKgh and KSgh; wherein, in each of above encryption operations on shared keys with the random sequence Challenge, two derived keys are generated correspondingly in case that the random sequence Challenge is preceded by different data tags;
Next, GKh utilizes the generated initialization vector IV to carry out encryption operation on the derived keys Ekbh, KSbh, EKgh, and KSgh as follows to obtain:
ENCEKgh, KSgh, IV(EKbh), which indicates EKbh is encrypted by EKgh and KSgh on the basis of IV initialization vector;
ENCEKgh, KSgh, IV(KSbh), which indicates KSbh is encrypted by EKgh and KSgh on the basis of IV initialization vector;
Then, GKh creates a Location Confirm (LCF) message, stores the above ENCEKgh, KSgh, IV(EKbh) and ENCEKgh, KSgh, IV(KSbh) into the respective fields of the clear token Clear Token contained in the LCF message, and stores the random sequence Challenge, initialization vector IV, and the corresponding algorithm information into the respective fields of the clear token Clear Token, and finally feeds the LCF massage back to GKg.
4. After receiving the LCF message, GKg reads the Challenge, IV, and the corresponding algorithm information in the respective fields of the clear token Clear Token in the LCF message to decrypt ENCEKgh, KSgh, IV(EKbh) and ENCEKgh, KSgh, IV(KSbh) to obtain EKbh and KSbh;
Afterwards, GKg generates its own random sequence Challenge and initialization vector IV as well as a shared key Kab between EPa and EPb; with the same principle as described above, GKg carries out encryption for Kab with the generated random sequence Challenge, initialization vector IV, Kag (the shared key between EPa and GKg), and EKbh and KSbh as follows:
EKab1=ENCEKag, KSag, IV(Kab); and
EKab2=ENCEKbh, KSbh, IV(Kab);
Next, GKg creates two clear tokens Clear Token a and Clear Token b, hereinafter referred to as CTa and CTh; GKg sets its own Challenge, IV, EKab1 obtained by encryption, and the corresponding algorithm information into the respective fields of CTa; and sets its own Challenge, IV, Ekab2 obtained by encryption, and the corresponding algorithm information into the respective fields of CTb;
Finally, GKg sets CTa and CTb into the created call Admissions Confirm (ACF) message simultaneously, and feeds the ACF message back to EPa.
5. After receiving the ACF message, EPa reads the Challenge, IV, and the corresponding algorithm information in the respective fields of clear token CTa in the ACF message, carries out operation on Kag with the Challenge and IV by the algorithm information to obtain EKag and KSag, and then decrypts EKab1=ENCEKag, KSag, IV(Kab) with the obtained EKag, KSag, and IV to obtain Kab;
EPa creates a Setup message, copies the clear token CTb in the received ACF message to the Setup message completely, and utilizes Kab obtained in above decryption process to set authentication information in the Setup message, and then sends the Setup message to EPb;
After receiving the Setup message from EPa, EPb processes as follows:
It reads the Challenge, IV, and the corresponding algorithm information in the respective fields of CTb in the Setup message, carries out operation on Kbh with the Challenge and IV by the algorithm information to obtain EKbh and KSbh, and then decrypts Ekab2=ENCEKbh, KSbh, IV(Kab) with the obtained EKbh, KSbh, and IV to obtain Kab;
EPb utilizes the Kab obtained through decryption to authenticate the received Setup message.
In the subsequent communication process between EPa and EPb, EPa and EPb encrypts communication information with key data Kab generated above by GKg, and the counterpart utilizes Kab to authenticate the received message, so that the secure communication mechanism is achieved when communicate between two endpoints in different GK management domains.
It can be seen from the above authentication and privacy technique across different GK management domains and based on direct routing mode in actual implementation that:
(1) The shared key Kab between calling endpoint EPa and called endpoint EPb is generated by the home gate keeper GKg of the calling endpoint EPa, and the called endpoint EPb has to accept that shared key Kab passively, even though the called endpoint EPb doesn't trust the shared key Kab; therefore, for the called endpoint EPb, the flexibility is restricted.
(2) In above step 4, the key Kab is encrypted by GKg when GKg creates the clear token CTb; however, when EPb receives the Setup message, it has to decrypt the encrypted part of the clear token CTb contained in the Setup message to obtain Kab; therefore, the algorithm used at GKg side to encrypt the key Kab is required to be consistent with that used at EPb side to decrypt CTb to obtain the key Kab; as the result, for endpoints in different GK management ranges, a consistent algorithm have to be used between different endpoints, which degrades the expansibility of such secure communication mechanism.
(3) In above step 3 and 4, the derived keys (EKbh and KSbh, respectively) between the called endpoint EPb and the home gate keeper GKh of the called endpoint EPb have to be transmitted between the home gate keeper GKg of the calling endpoint EPa and the home gate keeper GKh of the called endpoint EPb; as the result, the two derived keys have to be encrypted twice at GKh side when they are transmitted between GKg and GKh, and correspondingly they have to be decrypted twice at GKg side; resulting in degraded processing efficiency of the secure communication mechanism.