搜索
EncryptionVIDEOCOMMUNICATIONSYSTEM-TECHNICALDOCUMENTATIONPCS-1/1PVer.3.20orlaterPCS-11/11PVer.3.20orlaterPCS-HG90Ver.2.00orlaterPCS-G50/G50PVer.2.21orlaterPCS-G70/G70PVer.2.21orlaterPCS-TL30Ver.1.04orlaterPCS-TL33AllPCS-TL50Ver.2.21orlaterPCS-XG80SAllVIDEOCOMMUNICATIONSYSTEM-TECHNICALDOCUMENTATIONEncryptionJuly,2008/Ver1.5©2008SonyCorporation2IntroductionSony'svisualcommunicationproducts(PCSseries)encryptvideoandaudiodata.Encryptionprovidessecureconnectionsandprotectsdatafromunexpectedmodificationbyhackersorotheroutsiders.Sonyusestwotypesofencryptiontechnologies.OneisanITU-Tstandard-basedformat.ThisformatallowsSonyproducts,aswellasothermanufacturer'sproducts,tocommunicatewitheachother,providedtheysupportITU-Tencryption.TheotherformatisaSonyproprietaryencryptionstandard,whichissupportedonlyoverIPconnections.Acommonpasswordisrequiredforallattendeestoparticipateinthesameconference,whichcreatesamoresecureconnection.Sony'svisualcommunicationproductsprovidetheencryptionformatsasstandardfunctions,ratherthanasoptions.VIDEOCOMMUNICATIONSYSTEM-TECHNICALDOCUMENTATIONEncryptionJuly,2008/Ver1.5©2008SonyCorporation3EncryptionSchemeEncryptionAlgorithmBothITU-TstandardandSonyproprietaryformatsuseAdvancedEncryptionStandard(AES).AESisanencryptionstandardbasedontheRijndaelalgorithmforsecretkeycryptographywhichwasdevelopedbyBelgianmathematicians,JoanDaemonandVincentRijmen.AESwasfinallychosenbythe(US)NationalInstituteofStandardsandTechnology(NIST),asthemostadvancedencryptionmethodfromamongthemanyproposalssubmittedfromaroundtheworld.Theintentionwastoreplacetheformerstandard,DataEncryptionStandard(DES);therefore,AESisfarmorereliablethanDES.AESemploysacommonencryptionkeyforbothencodinganddecoding.Fromthesendingend,thedigitaldatastreamisdividedintomultipleblocksof128bitseach,whicharethenencodedbyakey.Atthereceivingend,thedatablocksaredecodedbythesamekeyandtheoriginaldataisrestored.ThekeylengthofAEScanbechosenfromamong128bits,192bits,and256bits.Withakeylengthof128bits,ahackerwouldrequire2128(2tothepowerof128)trialstofindthecorrectkey.Thiskeylengthisrelativelysecure,consideringthesecurityofthecomputerused.KeyExchangeSystemIfencryptionkeysarenotsharedsecurely,encryptionmayfail,nomatterhowadvancedAESis;thereforethekeyexchangesystemisveryimportant.ThemethodforexchangingkeysisdifferentbetweenITU-TstandardandSonyproprietaryformats.ITU-TusesamethodcalledDiffie-Hellmankeyexchangeprotocol,andSonyusesaSonyoriginalprotocol.TheDiffie-Hellmankeyexchangeprotocol,whichwasinventedbyWhitfieldDiffieandMartinE.Hellman,usesamathematicaldifficultythatisnotinherentinexchangingthekeyitselfbutisinherentinexchangingdataandrandomnumbersgeneratedfromthekey.Thankstothisdifficulty,commonkeysaresharedsecurelyateachend,andmanagingthekeyisnotanissue.Sony'sproprietaryformatusesauniqueSony-inventedkeyexchangeprotocol.Akeyisgeneratedbasedonapasswordenteredbytheuser.Becausethepasswordisscrambled,itissentsecurelytothefarend.Theparticipantoftheencryptedconferenceusesthepasswordincommon,whichhelpstopreventspoofing.VIDEOCOMMUNICATIONSYSTEM-TECHNICALDOCUMENTATIONEncryptionJuly,2008/Ver1.5©2008SonyCorporation4TwoEncryptionProtocolsusedforPCSSeriesITU-TInternationalStandardProtocolITU-T(InternationalTelecommunicationUnion-TelecommunicationStandardizationSector)definedsecurityandencryptionasrecommendationsofH.233,H.234,andH.235.BothH.233andH.234defineencryptionkeymanagementandtheauthenticationsystemforconnectionsoverISDN(H.320)connections.H.233definestheencryptionsystemformedia,andH.234definesthetotalsignalingprotocolforencryptedcommunication,includingkeyexchange.TheH.235recommendationdescribesencryptionprotocolsoverIP(H.323)connections.AESissupportedunderH.235version3.Sony'sPCSseriesvideoconferencingsystemssupporttheH.233,H.234,andH.235version3,andadoptAESwithakeylengthof128bit.ThedatamedialistedbelowareencryptedasfarassupportedbyyourPCSterminal:•Audio,Video•Far-endcameracontroldata•PCscreenimages*1•SecondvideostreamduringDualVideomode*1•Datadrawnonanelectricwhiteboard*1•Plotteddatainputfrompentablet*1Encryptionissupportedinbothpoint-to-pointandmultipointconnections.EncryptionisalsosupportedinmixedIP(H.323)andISDN(H.320)connections.However,encryptedcommunicationisnotpossiblewhenconnectedtoSonynetworkcamerassupportedbysomemodels.*1:Themethodforhandlingthisdatavariesdependingonthemodel.SonyProprietaryProtocol*2Sony'sproprietaryencryptionprotocolissupportedinallIPconnections,includingH.323andSIPprotocols.ISDNconnections(whicharemoresecurethanIPconnections)arenotsupported.Thedatamediaencryptedare:Audio,Video,PCscreenimages,andthesecondvideostreamonH.323duringDualVideomode.Encryptionissupportedinbothpoint-to-pointandmultipointconnections,regardlessofmixedH.323andSIPconnections.*2:ThePCS-HG90/XG80SdoesnotsupporttheSonyProprietaryProtocol.VIDEOCOMMUNICATIONSYSTEM-TECHNICALDOCUMENTATIONEncryptionJuly,2008/Ver1.5©2008SonyCorporation5IPOnlyISDNOnlySIPOnlyIP&SIPIP&ISDNSIP&ISDNIP&ISDN&SIPSONYencryption•N/A••N/AN/AN/AStandardencryption••N/AN/A•N/AN/A(Table2)DuringmultipointconnectionIPIS