Security Camera Security

Published on Monday 14th January, 2008 (AEST)

It's been a while since my last post. In recent months, my wife and I have moved from Hong Kong back to Australia, we've welcomed our daughter Leora into the world, and I've resumed work as a Systems Engineer with a past employer. So, in all the busyness, I haven't had much time to write, and now my backlog of ideas is getting a little too much to contain.

One topic I've wanted to write about is the security of network cameras. That is, the security considerations that need to be taken into account when deploying IP-based surveillance cameras, rather than a traditional CCTV system. I remember the first time I saw a wireless IP security camera and wondering how secure the security camera was itself. Could it be hacked? Could the signal be eavesdropped, or jammed?

Let's take a look at what's involved in a typical network camera deployment. Each network camera is attached to an IP network, and is assigned an individual IP address. You can usually connect to this IP address via a web browser, enter a password, and view the footage directly from the camera. However, most installations involve multiple cameras, requiring the use of video management software to monitor the feeds, and a storage server to record the footage.

The benefits of such a system are clear. Cabling requirements are minimal, and the technologies involved are understood by IT support staff. Network cameras also allow video footage to be monitored and stored remotely—even overseas if necessary. On top of this, network cameras often provide video footage of a higher quality, and include logic features such as motion detection.

However, with this convergence comes some risk. If an IP security system is not designed and configured carefully, it is possible for anyone with access to the network to view or interfere with the footage. This is especially so with wireless cameras, since a miscreant need only be in the vicinity of the camera in order to cause trouble, perhaps jamming the WiFi signal before committing a crime.

To mitigate some of these security risks, better network cameras use encryption (such as HTTPS) to send the video stream, and some have an X.509 certificate to authenticate the camera to the video management server. This means that the authentication and encryption used is similar to most banking and online shopping websites, whereby an SSL connection is established after the web server's certificate is verified. Many network camera systems can also add hidden timestamps and watermarks to the signal, further preserving the integrity of the video feed and preventing replay attacks.

With the range of cameras and video management software available today, and with the different security features they incorporate, it is possible to mitigate most of the risks involved in an IP security camera system. The design can be as open (using the company's WiFi) or closed (using isolated cabling) as required. A little forethought will go a long way.

Save to del.icio.us Digg this Submit to StumbleUpon