Java implementation of an encrypted real-time media streaming system 🎥.
The system is composed by a Streaming Server, a ProxyBox and an MPEG Player tool.
- Streaming server: a component that distributes movies encoded in sequences of secured FFMPEG media frames and delivered to distant proxies;
- ProxyBox: : a component to receive the encrypted streams. The media frames must first be processed at the proxy level in order to be decrypted and to maintain the necessary integrity, after which the streams are transferred (decrypted or in clear-format) to the media player tool;
- MPEG Player tool: a common media-player software, such as VLC.
The security protocol used to encrypt the video stream is a simplified SRTSP - Secure Real Time Streaming Protocol. SRTSP is used to secure the media streams sent by the Streaming Server and received by the ProxyBox. To deliver the received MPEG frame segments encapsulated in the SRTSP payload in clear format (plainframes), the ProxyBox must be able to decrypt and process the protected frames.
It's simplified because the cryptography between Streaming Server and ProxyBox is symmetric. A better implementation will use separate keys and asymmetric cryptography.
UDP is the transport protocol. Data frames are encapsulated in SRTSP format and all SRTSP payload is, in turn, encapsulated in a UDP datagram, as you can see below:
The SRTSP Header is composed by:
- 4 bits: Simplified SRTSP protocol version ID (0001);
- 4 bits: message type. The default 0000 value denotes endpoint configuration by hand;
- 16 bits: integer which contains the size in bytes of the encrypted frame + MAC integrity check.
RTSP protected FFMPEG Frame. Frames in the payload are encrypted using the security configuration put up in the Streaming Server and ProxyBox endpoints that implement the SRSTP protocol. The cryptographic parameterizations, such as the symmetric cryptographic algorithm employed, the cryptographic mode, and the padding, determine the variable size.
MAC Integrity Check. Integrity check is supported by the HMAC and it can have variable sizes.
The complete structure of the project is the following:
.gitignore
src
├───hjStreamServer
│ │ hjStreamServer.java
│ │
│ └───movies
│ ._cars.dat
│ cars.dat
│ monsters.dat
│
├───hjUDPproxy
│ config.properties
│ hjUDPproxy.java
│
└───security
│ configSecurity.properties
│ MySRTSPDatagramSocket.java
│
└───encryption
EncryptPayload.java
KeyManager.java
LICENSE
You must have Java JDK installed on your system and an MPEG player like VLC.
There are two configuration files, src/hjUDPproxy/config.properties
and src/security/configSecurity.properties
.
- config.properties. In this file you can change the endpoints (IP addresses + ports) useful for the ProxyBox.
remote
is the endpoint from which the ProxyBox receives the encrypted data sent by the Streaming Server,localdelivery
is the endpoint to which ProxyBox sends the unencrypted media frames for the MPEG player. - configSecurity.properties.
algorithm
is the encryption algorithm (see here all algorithms available),keyStorePath
is the path where the encryption/decryption private key is being stored andkeyStorePass
is the password to access the private key.
The system will run by default on localhost, but you can choose to set up a remote host for the server.
To run the client, open a new terminal, move to the repository directory and to src
using the cd ...
command. From here, compile the client file by typing javac .\hjUDPproxy\hjUDPproxy.java
. Then, run the client by typing java hjUDPproxy.hjUDPproxy
. Now the client is waiting for a stream from the server.
Before starting the stream, let's open up VLC to receive it. From the main page, click Media -> Open Network Stream
. On the box type udp:\\@localdelivery
, where localdelivery
matches the value of the parameter presented here with the same name.
In the end, run the server similarly to the client. So, open a new terminal and, from the src
folder, type javac .\hjStreamServer\hjStreamServer.java
. Then, choose a movie you like from the hjStreamServer/movies
folder and type java hjStreamServer.hjStreamServer hjStreamServer\movies\movie-name.dat remote-ip remote-port
. movie-name.dat
must match the name of the movie you want to transmit, while remote-ip
and remote-port
are the values that match the configured remote
parameter.
You should now see that the server is transmitting, the client is receiving and the player is playing. Well done!