Security integration in IP video surveillance systems

Abstract: Video surveillance systems are a rapidly growing industry. As with most systems, this technology presents both opportunities and threats. The wide adoption of video surveillance systems by various businesses and individuals has raised some vital security issues.  Appropriately addressing these security issues is of great importance for video surveillance systems, as these systems may capture sensitive personal data and may attract numerous attacks. As of today nearly all devices have become networked (or are on their way to being connected to networks), hence eavesdropping is a common attack which can exploit a breach of a system’s security and result in data disclosure to unauthorised parties, video stream alterations, interference, and reduction of a system’s performance. Moreover, it is important that video surveillance systems are standardized by appropriate standardization organizations in order to assure high quality of the security services that utilize these systems and to facilitate interoperability. In this master thesis project rules and regulations concerning personal data protection were studied in order to define the requirements of the proposed robust and high quality security scheme that is to be integrated into video surveillance systems. This security scheme provides United States Federal Information (FIPS)' compliant security services by securing the communication channel between the system’s devices. The authentication of the system’s devices is established by using certificates and key exchanges. The proposed security scheme has been scrutinized in order to analyze its performance (and efficiency) in terms of overhead, increased jitter, and one-way delay variations.<p> Our implementation of the proposed security scheme utilized OpenVPN to provide privacy, integrity and authentication to the video streaming captured by Veracity’s clients and stored in Veracity’s proprietary NAS device (COLDSTORE). Utilization of OpenSSL FIPS Object module develops our security scheme in a FIPS compliant solution. For testing purposes, we created different test scenarios and collected data about the total delivery time of a video file, delivered from the IPCamera/NVR/DVR devices to the COLDSTORE device, the network overhead and lastly the one-way delay between the two endpoints. Another area of interest that we focus on is how to deploy certificates to new, existing, and replacement devices; and how this deployment may affect the system’s security design. In addition, we investigate the problems arising when a secured video stream needs to be played back via another device outside of our system’s network.The results of the thesis will be used as an input for product development activities by the company that hosted this thesis project.