1、 INTERNATIONAL TELECOMMUNICATION UNION ITU-T H.233TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2002) SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMSInfrastructure of audiovisual services Systems aspects Confidentiality system for audiovisual services ITU-T Recommendation H.233 ITU-T H-SERIES REC
2、OMMENDATIONS AUDIOVISUAL AND MULTIMEDIA SYSTEMS CHARACTERISTICS OF VISUAL TELEPHONE SYSTEMS H.100H.199 INFRASTRUCTURE OF AUDIOVISUAL SERVICES General H.200H.219 Transmission multiplexing and synchronization H.220H.229 Systems aspects H.230H.239 Communication procedures H.240H.259 Coding of moving vi
3、deo H.260H.279 Related systems aspects H.280H.299 SYSTEMS AND TERMINAL EQUIPMENT FOR AUDIOVISUAL SERVICES H.300H.399 SUPPLEMENTARY SERVICES FOR MULTIMEDIA H.450H.499 MOBILITY AND COLLABORATION PROCEDURES Overview of Mobility and Collaboration, definitions, protocols and procedures H.500H.509 Mobilit
4、y for H-Series multimedia systems and services H.510H.519 Mobile multimedia collaboration applications and services H.520H.529 Security for mobile multimedia systems and services H.530H.539 Security for mobile multimedia collaboration applications and services H.540H.549 Mobility interworking proced
5、ures H.550H.559 Mobile multimedia collaboration inter-working procedures H.560H.569 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. H.233 (11/2002) i ITU-T Recommendation H.233 Confidentiality system for audiovisual services Summary This Recommendation describes th
6、e confidentiality part of a privacy system suitable for use in narrow-band audiovisual services conforming to ITU-T Recs H.320, H.221, H.230 and H.242. Although an encryption algorithm is required for such a privacy system, the specifications of such algorithms are not all included here: the system
7、caters for more than one specific algorithm. Some of those algorithms and their parameters are defined in Annex A. A privacy system consists of two parts, the confidentiality mechanism or encryption process for the data, and a key management subsystem as described in ITU-T Rec. H.234. This revised v
8、ersion of ITU-T Rec. H.233 introduces a number of corrections and clarifications to the original version and, more importantly, introduces the description on the usage of Triple DES and AES encryption in applicable H.320.x-series Recommendations. Source ITU-T Recommendation H.233 was revised by ITU-
9、T Study Group 16 (2001-2004) and approved under the WTSA Resolution 1 procedure on 29 November 2002. ii ITU-T Rec. H.233 (11/2002) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardi
10、zation Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which
11、meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-
12、Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. INTELLECTUAL PROPERTY RIGHTS ITU dra
13、ws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members o
14、r others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementors are cautioned that this may not represe
15、nt the latest information and are therefore strongly urged to consult the TSB patent database. ITU 2003 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. H.233 (11/2002) iii CONTENTS Page 1 Scope 1 2 N
16、ormative references 1 3 Abbreviations 1 4 Properties of the system specified 2 4.1 Confidentiality 2 4.2 Algorithm specification 2 5 The confidentiality mechanism 2 5.1 Description of operation. 2 5.1.1 Controls and indication within the H.221 frame 3 5.1.2 Message formats. 3 5.1.3 Unenciphered ECS
17、channel 4 5.2 Transmission encryption method . 8 5.3 Procedure for use of the system 9 6 Encryption of MLP channel 9 Annex A Encryption algorithms and their parameters 9 A.1 Scope 9 A.2 Normative References 9 A.3 FEAL 10 A.4 DES. 12 A.5 IDEA. 12 A.6 TDEA . 12 A.7 AES. 13 Appendix I Encryption and de
18、cryption for 2 B channels 15 Appendix II Audiovisual privacy communication procedure. 17 ITU-T Rec. H.233 (11/2002) 1 ITU-T Recommendation H.233 Confidentiality system for audiovisual services 1 Scope A privacy system consists of two parts, the confidentiality mechanism or encryption process for the
19、 data, and a key management subsystem. This Recommendation describes the confidentiality part of a privacy system suitable for use in narrow-band audiovisual services conforming to ITU-T Recs H.221, H.230 and H.242. Although an encryption algorithm is required for such a privacy system, the specific
20、ation of such an algorithm is not included here: the system caters for more than one specific algorithm. The confidentiality system is applicable to point-to-point links between terminals or between a terminal and a Multipoint Control Unit (MCU); it may be extended to multipoint working in which the
21、re is no decryption at the MCU, but this is for further study. 2 Normative references The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated we
22、re valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommend
23、ations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. 1 ITU Recommendation H.221 (1999), Frame structure for a 64 to 1920 kbit/s channel in audiovisual teleservices. 2 ITU Recommendation H.24
24、2 (1999), System for establishing communication between audiovisual terminals using digital channels up to 2 Mbit/s. 3 ITU Recommendation H.230 (1999), Frame-synchronous control and indication signals for audiovisual systems. 4 ITU Recommendation X.680 (2002), Information technology Abstract Syntax
25、Notation One (ASN.1): Specification of basic notation. 5 ITU Recommendation H.234 (2002), Encryption key management and authentication system for audiovisual services. 6 ISO 8732:1988, Banking Key management (wholesale). 3 Abbreviations This Recommendation uses the following abbreviations: AIA Audio
26、 Indicate Active (Control keys are provided by other mechanisms such as that described in ITU-T Rec. H.234 on Authentication and Key Management, or may be manually entered. 2) It is applicable to audiovisual signals framed according to ITU-T Rec. H.221, at transfer rates of p 64 kbit/s where p takes
27、 any one value from 1 to 30. In accordance with ITU-T Rec. H.221, the FAS, BAS, and ECS channels of the frame structure are not encrypted. 3) Confidentiality is given to all user audio, video and data transmissions, these signals being encrypted together under the same key (this currently includes M
28、LP data, according to Annex A/H.221, though this aspect is for further study). 4) The system is independent of the encryption algorithm used; some algorithms are currently provided for, and further algorithms could be added. 5) The confidentiality mechanism is capable of working in point-to-point ca
29、lls, and also in multipoint calls where decryption is permitted at the MCU (the so-called “trusted MCU“). 4.2 Algorithm specification The specification of algorithms is not included in this Recommendation, which caters to a wide range of encryption algorithms. The specifications may be defined in An
30、nex A, or shall be available elsewhere (see 5.2) and shall contain the following details: lengths of initialization vector and session keys; generation of starting variable from initialization vector. 5 The confidentiality mechanism 5.1 Description of operation Figure 1 gives a block diagram of a li
31、nk encryptor. It consists of an encryptor block and a decryptor block. The encryptor takes in user data and enciphers it to form enciphered data. The decryptor takes enciphered data and deciphers it to obtain user data. ITU-T Rec. H.233 (11/2002) 3 Two channels are needed to connect the encryptor an
32、d decryptor. One is used to transmit the enciphered user data. The second is an unenciphered channel known as the Encryption Control Signal (ECS) which is used to pass control information from the encryptor to the decryptor. Although these two channels are shown physically separated, in practice, th
33、ey are multiplexed into a single frame structure as shown in ITU-T Rec. H.221. Additive-stream encipherment techniques are used (see 5.2). Keys are provided by other mechanisms and are presented to the confidentiality mechanism as required. They are used by the encryptor and decryptor synchronously
34、with the data, the key-loading synchronization flag being sent via the control channel (see L in 5.1.3). Data encipherment is controlled from the encryptor: the encryption ON/OFF flag is sent via the control channel to indicate when data is being enciphered. The decryptor responds to this flag and d
35、eciphers data when requested. H.233_F01Sender Transmission channel ReceiverKeys KeysUser dataRecovereduser dataEncryptor DecryptorEncyphered datachannelPlain data control channelInitialization vectorsFigure 1/H.233 Block diagram of a link encryptor 5.1.1 Controls and indication within the H.221 fram
36、e To indicate the presence of a confidentiality system within a terminal the BAS code “Encryption capability“ shall be transmitted. If this capability is signalled from both ends of a link, the Encryption Control Signal (ECS) channel may be opened in each direction by use of the encrypt-on BAS comma
37、nd; the ECS channel may be closed using the command encrypt-off, but this shall be preceded by the transmission of the encryption-off flag within the channel itself (see below). If a terminal receives the BAS command encrypt-off without first receiving the encryption-off flag, the user shall be aler
38、ted to a possible intrusion or malfunction of the confidentiality system. In cases where an H.221-framed signal is in use in one direction only, the ECS channel may be activated without use of the capability mechanism: the mechanism to ensure that the receiving end is able to decrypt the chosen algo
39、rithm, etc., is outside the scope of this Recommendation. 5.1.2 Message formats The messages used by the encryption system for key distribution and authentication are formatted in a nested ILC (Identifier, Length, Content) form as described in ITU-T Rec. X.680 4. The length may be encoded in short f
40、orm or long form. The indefinite form as defined in 4 will not be used. A short description of some of the ITU-T Rec. X.680 4 definitions used within this Recommendation is given below. 4 ITU-T Rec. H.233 (11/2002) 5.1.2.1 Identifier An identifier is an octet with the structure shown next. MSB LSB c
41、cpttttt c Tag class p Primitive/constructor (0/1) t Tag The tag class defines the type of identifier and takes a value of 10 or 11 (context specific). The primitive/constructor (P) bit indicates whether the content is primitive or whether it is composed of nested elements. The 5-bit tag uniquely def
42、ines the identifier (according to its class). Thus, all identifiers in this Recommendation have the octet form: 10 P t1t2t3t4t5or 11 P t1t2t3t4t5. 5.1.2.2 Length The length specifies the length in octets of the contents and is itself variable in length. The short form is one octet long and shall be
43、used in preference to the long form when L is less than 128. Bit 8 has the value zero and bits 7-1 encode L as an unsigned binary number whose MSB and LSB are bit 7 and bit 1, respectively. The Long form is from 2 to 127 octets long and is used when L is greater than, or equal to, 128 and less than
44、2 to the power 1008. Bit 8 of the first octet has the value one. Bits 7-1 of the first octet encode a number one less than the size of the length in octets as an unsigned binary number whose MSB and LSB are bit 7 and bit 1, respectively. L itself is encoded as an unsigned binary number whose MSB and
45、 LSB are bit 8 of the second octet and bit 1 of the last octet, respectively. This binary number shall be encoded in the fewest possible octets, with no leading octets containing the value 0. 5.1.2.3 Bit string A bit string in primitive form has the bits packed eight to an octet and preceded by an o
46、ctet that encodes the number of unused bits in the final octet of the contents, from zero to seven, as an unsigned binary number those MSB and LSB are bit 8 and bit 1, respectively. 5.1.3 Unenciphered ECS channel The confidentiality system requires the use of an unenciphered control channel between
47、encryptor and decryptor. Only one control channel per link encryption system is required. The same control channel is used in association with the encryption of the audio, video and any data that may be present. The content of the ECS channel is structured in blocks of 128 bits, synchronous with the
48、 H.221 multiframe (see Figure 2); thus the first bit of the block is bit 8 of octet 17 of frame number 0 in a multiframe. There are two types of block: Session Exchange (SE) and Initialization Vector (IV). The information contained within an IV block takes effect from the start of the next multifram
49、e, and remains effective until another IV has been sent. The ECS channel shall always contain either an IV block or an SE block. It shall be noted that according to some algorithm definitions the same IV may be loaded repeatedly; the choice as to whether or not to do this would be based on the trade-off between faster recovery from errors and additional security. ITU-T Rec. H.233 (11/2002) 5 Bit No. 0 1 2 3 4 5 6 7 8 9 10 11 | 12-119 | 120-127 SE Type 0 n n s s s s s e e e e | message | spare Bit No. 0 1 2 3 4 5 6 7 8 9 10 11 | 12-1
