What it takes to safeguard video surveillance data
Digital transformation is rapidly changing the video surveillance industry. A growing amount of digital security cameras – London alone is home to more than 500,000 cameras, mostly digital – are safeguarding public and private spaces. But the massive amounts of surveillance data generated on a daily basis are moving the industry closer to the realm of Information Technology (IT), with two major trends emerging in 2015:
Skyrocketing petabytes of captured video dataare boosting the global video surveillance storage market: According to the current Global Forecast from MarketsandMarkets, the storage market is set to reach $18.28 billion by 2020 at a compound annual growth rate (CAGR) of 22.41%.
In addition, today’s video surveillance data is increasingly connected across local and global networks. This opens the door to cybercrime and extends the focus of security from the physical level into the digital domain.
“In the analog age, we mostly thought safeguarding video data was simply a question of securing your surveillance tapes in a safe box. Hacking a system would need extraordinary skills. Now that systems are networked across the Web and cloud infrastructure, the number of exploits is rising – and so is the number of crimes,” said Dieter Jöcker, Chief Technical Officer, Bosch Security Systems, business unit Video Systems.
A troubling amount of security breaches remain unnoticed – and unreported. But the number of high-level personal data exploits is rising. At federal agencies in the U.S., incidents have climbed from 10,400 in 2009 to more than 25,500 in 2013. In June 2015, a major developer of government-level surveillance software based in Italy became the victim of a major breach, leaking 400 gigabytes of sensitive client data onto the Internet.
“For most organizations, it’s not a question if the strength of their data security will be tested by intruders, it’s a question of when it will happen,” said Mr. Jöcker at Bosch Security Systems. “And keeping in mind that video data is often highly critical and sensitive, Bosch is driving a systematic approach to maximize data security by considering physical and cyber security.”
COVERING ALL ANGLES
Today’s hyper-connected world – where edge components (cameras) send data to core components (servers) over the Internet – requires a hyper-vigilant approach to data security.
Even a single weak link in the surveillance set-up can jeopardize the entire system. For example, skilled hackers can stage so-called man-in-the-middle attacks, hijacking communications between a camera and video management system (VMS). Once hackers have access, they can inject an alternate video feed to conceal illicit activity, or manipulate live camera footage to selectively remove certain details or persons from the scene.
This calls for a big-picture view of the entire security network – a perspective Bosch has focused on for years. “Data security is only possible when we take into account the complete system,” said Dieter Jöcker.
Bosch’s systematic approach seamlessly covers all major elements of video surveillance infrastructure, including:
1. Cameras (edge components). Access protection via passwords and user management; authentication as trusted devices on network (via certificates); encrypted data (via certificates) transfer to core components
2.Servers, clients and storage devices (core components) Authentication as trusted device and “video authentication” to check validity of live and recorded video. Encryption of data.
3. Communication: Network protocols.Encryption and data transfer in line with industry standard communication protocols
4. Security infrastructure: Certificates.Support standard key infrastructures – e.g. public key infrastructure (PKI) – by offering hardware, software, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates. Our officially authorized in-house Certification Authority (CA) ensures that all products leave the factory with proper certificates. Partnerships with authorized third-party certification authorities support customer-specific solutions.
THE FOUR COMPONENTS OF DATA SECURITY
Bosch’s systematic approach is the key to achieving the highest standards in end-to-end data security. For many years, the company has been at the forefront of surveillance data security with a four-step approach:
1. Create trust. In the first step,Bosch not only considers the safety of the cameras but the entire infrastructure. Trustworthy communication between cameras and network components are ensured by assigning each element an authentication key. This electronic signature serves to verify all components – from Bosch cameras to the Video Management System or viewing client. “In a video surveillance infrastructure, only trusted partners should be enabled to exchange data. Bosch components offer trusted authentication as a plug-and-play feature,” said Dieter Jöcker. In the bigger picture, authenticated devices are also admissible as legal evidence in court proceedings, thanks to Bosch’s official electronic signature.
2. Secure data. When it comes to safeguarding surveillance data, encryption of data streams and stored data is key. Bosch already implements encryption at the hardware level: All Bosch IP-cameras and recording solutions are factory-loaded with a trusted platform module (TPM).
Created from a root certificate safely stored within the TPM, the system creates and distributes
cryptographic keys for protecting and authenticating all recorded data. “Even in the event of a breach, the data would be useless to hackers without Bosch’s proprietary hardware key,” said Dieter Jöcker. Once the data reaches the Video Management System or viewing client, the cryptographic key helps decrypt the data and also verifies the camera as an authenticated network partner (see 1.). Next to applying the same rigorous encryption to data archived on storage devices, Bosch surveillance systems also tightly monitor authenticity of firmware updates to avoid upload of corrupted firmware to cameras.
3. Manage user access rights. Video surveillance data can range from sensitive to top secret. Even a network of trusted devices with secure data transfer is prone to the largest risk factor: the human element. That’s why Bosch video surveillance systems offer management options for individual user access rights. “Not every user needs to see – or is legally allowed to see – all recorded video data. Detailed user access rights management is a primary focus of end-to-end surveillance data security,” said Dieter Jöcker, Chief Technical Officer. With secure and flexible access rights management, the Video Management System – in combination with existing industry standards such as Microsoft Active Directory (see 4.) – ensures that only authorized individuals have access to the data and that access rights are easily maintained.
4. Meet industry standards. In our hyper-connected world, data security is a community effort. Bosch video surveillance solutions meet leading industry standards in public key infrastructure (PKI) for the management of digital encryption certificates (see 2.). Bosch offers its own PKI solutions with Escrypt and also supports third-party PKI solutions such as SXI. “In order to meet market requirements, we need to be sure that our security measures meet public standards or work with third-party solutions,” said Dieter Jöcker. In the management of user access rights, Bosch systems integrate existing personnel databases in Microsoft Active Directory. And looking ahead, Bosch experts actively contribute to the transfer of well-established IT standards and encryption methods to the security world via initiatives such as the ONVIF Security Working Group.
So what does this end-to-end approach mean for Bosch video surveillance solutions users? “With Bosch’s integrated data security backbone, our clients can enjoy the peace of mind that comes with knowing their data is protected,” said Dieter Jöcker, Chief Technical Officer. “And from an installation and maintenance standpoint, they also enjoy the quick set-up and seamless scalability that comes from working with a single provider as the go-to partner for one-stop security solutions.”
You can find more information on our products and solutions at www.boschsecurity.com/hdsecurity.