One of the reasons that IP video systems are becoming increasingly popular for CCTV surveillance is the flexibility that a networked solution can provide. System components and video display workstations can be located at any point on the network. This allows users to access live and recorded video from anywhere on the network, whether it is in a security control room or on a manager’s desk. The implementation of Identity Authentication Management, or IAM, is therefore fundamental to ensure the integrity of IP Video systems.
IAM is implemented in the system’s video management software. This software is at the heart of an IP video system and manages the display of live camera feeds from the network, handles the recording to networked video recorders, and provides a suite of tools for analysing recorded video. Video clips can be exported from the software for evidential purposes.
User management
IAM is supported in IP Video systems through the use of sophisticated user account features that allow a system administrator to customise accounts according to the role of the user. This prevents them from accessing unauthorised functionality and sensitive video feeds not appropriate to their role or position. The following details how IndigoVision’s ‘Control Center’ video and alarm management software implements user accounts, and is typical of high-end IP video systems.
When Control Center is first installed, a single user group is automatically created, containing the initial system administrator account. This administrator can then create other users and user groups. Each user must be a member of a user group, and this group governs what level of administrator functionality the user has access to. The three levels of user groups are full administrators, restricted administrators, and operators. Full administrators have access to all the management software functionality. Restricted administrators have access to all functionality, except for the creation, deletion and modification of user accounts and groups. Operators do not have access to administrator functionality and so they cannot change the site database. Each group can have multiple members and groups can have the same level of access, thus allowing multiple, full and restricted administrators in the same site database.
User access permissions enable the administrator to specify restrictions on how each user interacts with objects in the site database (camera, monitor, relay etc). The administrator can grant or deny access permissions for operator users and user groups. For example a camera has the following access permissions that can be granted or denied:
By having feature-based permissions, the administrator can tailor access to a site object based on the actions a user will be performing. For example, a user whose sole job is to review recorded video would need List, Playback and possibly Export permissions, but would not need View, Record, Control or Transmit. If they tried to view a camera they don’t have View permission for, the system would inform them that they do not have permission to do this. Full and restricted administrators have all access permissions to all site objects by default, and this cannot be changed.
User access permissions are set up in a similar manner to setting permissions on files and folders in a Windows based system. Access permissions are hierarchical and can be inherited from the site that the object is in. In this case the administrator specifies the access permissions for the site and then all objects in the site inherit these permissions. User groups speed up configuration because access permissions for site objects can be applied to user groups. All users in the group then inherit the same access permissions, eliminating the need to set up permissions for each user account.
Authentication
When an administrator creates a user, he specifies how he wants that user to be authenticated when logging in. Control Center currently supports two methods of authentication: password authentication and Windows account authentication.
Password authentication requires the user to enter an individual password each time they log in. For Windows account authentication the administrator selects a Windows account that authenticates the user. This can be an account on the local PC or on a Windows Active Directory domain. When the user tries to log on, the system checks whether the account of the currently logged on Windows user matches the one which authenticates the selected account. If yes, the user is granted access.
‘Video lockout’ allows an authorised user to prevent all other users from viewing live or recorded video from one or more cameras while an incident is taking place. This means that all video being viewed is stopped immediately, and can only be viewed by the authorised user. When a “lockout” occurs, the system suspends scheduled recording and immediately starts recording to a designated “lockout” NVR. Users who can no longer view video are informed that a “lockout” has taken place.
Protection of exported video is important to ensure that vital information, such as the time and date of an incident, the duration of a video clip, the identity of an intruder, a licence plate or any other vital information is accurately preserved for evidential purposes.
Modified clips
There are many ways and reasons, malicious and accidental, that an exported clip can be modified in an insecure environment. For example: a file can be shortened in duration to remove incriminating evidence; a file may be imported into a third party editor and video modified; the internal time associated with the video in the file may be altered to give the impression that the video was recorded at a different time; frames, or segments, of video may be removed or re-ordered; individual video pixels may be altered in the file; or video corruption can occur through faulty file storage.
The authentication process will detect all of the above scenarios. Control Center, and other management systems, use a dual layer encryption system comprising of both digital signature and watermarking technology.
The use of a digital signature offers strong cryptography using industry-standard public key encryption techniques, to secure the video data.
The digital signature is then “hidden” within the video itself using a watermarking technique, making it invisible when viewing the video in a standard video player or when the actual raw bytes of data are directly examined.
Encryption
Public key encryption is a modern, standard method for encrypting digital data and is used in a wide range of applications, such as protecting bank details, Internet transactions, and ensuring secure computer communication, not just for protecting video content.
A key is basically a very long string of binary digits typically containing over 1000bits. Public key encryption uses two such related keys: a private key and a public key. The private key is used to encrypt the data to be protected and is kept totally secret. The second half of the key pair, the public key, can be used to unlock the data. With the public key it is possible to see the data but it is not possible to modify the encrypted data without the private key.
Watermarking is the process of adding information to the actual video content itself. A watermark may be designed to be visible, for example for copyrighting, or invisible, for content protection or secret communication.
Watermarking is the more traditional approach to protecting video content and has been used extensively in analogue video systems. However, its suitability for the protection of digital video is less justifiable as digital techniques, such as public key encryption, are far more powerful, secure, and faster to compute.
Watermarking is often used to hide the digital signature of a file within the video itself, in order that the hidden signature is totally imperceptible to the human eye. This adds a further level of security and confidence that the video cannot be compromised.
