1. Secure Data Collection: Secure Camera Access and Situation Awareness
- Two-way Authentication of Camera Access A large number of cameras are connected to the video surveillance platform through the network. Before the connection, identities of cameras and the platform are authenticated based on the device certificate and platform certificate, ensuring the authenticity and trustworthiness of cameras and the platform, as well as data security from the source.
- Device certificate: Issued by the certificate authority (CA). The device certificate, preconfigured in the camera, is used to identify a camera.
- Platform certificate: Issued by the CA to identify a platform.The two-way authentication process is as follows.
- Camera Secure BootSecure boot is also called verified boot. In a system that supports secure boot, every program to be loaded in each step of the boot will be verified first. If the verification fails, the boot is terminated, thereby ensuring that each software module loaded during the boot is secure. The process of camera secure boot is as follows:
Secure boot is now widely applied in the video surveillance industry. This technology helps protect against the following attacks. - Security Situation AwarenessSecurity situation awareness technology analyzes massive amounts of collected traffic data and logs, to detect the network security status and network attacks, mitigating risk in the process.The video surveillance system automatically analyzes logs reported by cameras/the client, such as detection logs and traffic data, so as to detect potential attacks on cameras, and provide a responsive video surveillance platform. With security situation awareness technology, the following attacks can be detected in advance.
2. Secure Data Transmission: Building a Secure Transmission Channel Based on Standard Protocols
Various attacks, such as network hijacking and brute-force cracking, may occur during network transmission. A secure transmission channel based on the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocol can effectively improve data transmission security.
- SSL: Provides communications security and data integrity.
- TLS: Provides privacy and data integrity between two applications that are in communication with each other
In a video surveillance system, substantial sensitive data is transmitted between cameras and the platform, as well as between the client and the platform, making the system vulnerable to network attacks. Secure transmission protocols based on SSL/TLS can ensure data transmission security. The application scenario is as follows:
- Data transmission between cameras and the video surveillance platform: SDK protocol based on TLSThe SDK protocol encapsulated based on TLS, encrypts the transmission channel between cameras and the platform to ensure secure data transmission.
- Data transmission between the client and video surveillance platform: Hypertext Transfer Protocol Secure (HTTPS) based on SSLHTTPS, the extension of Hypertext Transfer Protocol (HTTP), is encrypted using SSL, and ensures secure data transmission between the client and platform.
The following table compares HTTPS and HTTP.
| Protocol | Description |
| HTTP | Simple, small program, and fast communicationData is transmitted in plaintext without encryption; not suitable for sensitive data transmission |
| HTTPS | Data is encrypted for transmission; more secure than HTTP |
3. Secure Data Storage: Chip-Level Data Encryption and Privacy Mask
- Chip-Level Data EncryptionAttacks such as network intrusion, Trojan horses, and worms can lead to data leakage. Data encryption can prevent data leakage even after the data is stolen. Common encryption algorithms are as follows: Advanced Encryption Standard (AES): Also known as Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST). SM4: A block cipher used in the Chinese National Standard. The key size and block size are both 128 bits.
- Privacy MaskA large amount of personal data (such as faces and license plates) is generated in a video surveillance system. The privacy mask technology can mask sensitive information, effectively protecting personal privacy. Privacy mask, as a trending technology in the video surveillance sector, can be classified into static and dynamic types. The former masks static objects, while the latter can identify and mask moving objects in video images, such as faces.
4. Secure Data Application: How Invisible Watermarks Protect Privacy and Data Security
In video surveillance, unauthorized video recording and photographing can lead to data leakage. The invisible watermark technology is used to trace source of the leakage.
Common invisible watermark technologies are as follows.
| Watermark Technology | Implementation Method |
| Spatial domain watermarking | Modifies the color component of the image based on the least significant bit (LSB) steganography technology to make the watermark more robust. |
| Time domain watermarking | Embeds the watermark based on the motion vectors in the P and B frames to ensure video quality |
| Transform domain watermarking | Scrambles watermark information based on the dual-tree complex wavelet transform (DT CWT) to protect against geometric attacks. |
5. Summary
This section describes a series of mission-critical technologies used to ensure data security throughout the full data lifecycle, including data collection, transmission, storage, and application.
| Lifecycle | Technology | Description |
| Collection | Two-way authentication | Authenticates identities of cameras and the video surveillance platform, based on device and platform certificates. |
| Secure boot | During secure boot, each software to be loaded is verified by the previous component to ensure that the software is not tampered with by hackers or malicious programs. | |
| Security situation awareness | Data security analysis (such as log, traffic, and abnormal file detection) helps detect network security status and attacks in advance. | |
| Transmission | SSL/TLS-based encrypted transmission | Encrypts data using the key agreed by two parties of the communication. |
| Storage | Chip-level encryption | Integrates encryption algorithms in chips to encrypt/decrypt data through hardware circuits. No CPU resource is occupied and the performance loss is low. |
| Privacy mask | Integrates encryption algorithms in chips to encrypt/decrypt data through hardware circuits. No CPU resource is occupied and the performance loss is low. Recognizes sensitive information in video images using algorithms such as face detection, and masks the information to protect personal privacy. | |
| Application | Invisible watermark | Embeds watermarks into video images using methods such as LSB steganography and CWT. |
Recent Comments