Cryptographic Attestation of the Origin of Surveillance Images

Abstract: A method is devised that provides authentication and integrity protection for H.264 encoded surveillance video. A digital signature is created at the H.264 Network Abstraction Layer and included in the video stream, providing robustness against video container changes while remaining format compliant for compatibility with software that does not support the signing feature. The signature is created using asymmetric cryptography, which provides protection to both data in transit and at rest. The usage of asymmetric cryptography is compared to other methods of securing digital video and found to be the best approach for this application. Keys are unique per camera, allowing identification of the specific camera unit that created a particular video recording. A Public Key Infrastructure is described, where the camera vendor acts as a Certificate Authority. A proof-of-concept implementation is developed for an Axis ARTPEC-6 development board. To establish that the platform is capable of operating the protocol in real time its cryptographic performance is first measured. The benchmark shows that for typical surveillance video the performance is sufficient. To protect the private part of the key used for signing even in the face of partial system intrusion, a memory access restriction feature that the platform provides is used. This feature is compared to the functions offered by standard Trusted Platform Modules. The concept itself is platform agnostic and can be implemented on any platform that handles H.264 video and offers similar security features. Finally limitations of, as well as threats against, the concept are discussed and analysed. The protocol is considered a viable way of securing video and providing additional trustworthiness to the authenticity of surveillance video.