Cryptographic Attestation of the Origin of Surveillance Images

Eliasson, Anton

Cryptographic Attestation of the Origin of Surveillance Images

Mark

Eliasson, Anton ^LU (2017) EITM01 20162
Department of Electrical and Information Technology

Abstract: A method is devised that provides authentication and integrity protection
for H.264 encoded surveillance video. A digital signature is created
at the H.264 Network Abstraction Layer and included in the video stream,
providing robustness against video container changes while remaining
format compliant for compatibility with software that does not support
the signing feature. The signature is created using asymmetric cryptography,
which provides protection to both data in transit and at rest. The
usage of asymmetric cryptography is compared to other methods of securing
digital video and found to be the best approach for this application.
Keys are unique per camera, allowing identification of the specific
camera unit that created a... (More); A method is devised that provides authentication and integrity protection
for H.264 encoded surveillance video. A digital signature is created
at the H.264 Network Abstraction Layer and included in the video stream,
providing robustness against video container changes while remaining
format compliant for compatibility with software that does not support
the signing feature. The signature is created using asymmetric cryptography,
which provides protection to both data in transit and at rest. The
usage of asymmetric cryptography is compared to other methods of securing
digital video and found to be the best approach for this application.
Keys are unique per camera, allowing identification of the specific
camera unit that created a particular video recording. A Public Key
Infrastructure is described, where the camera vendor acts as a Certificate
Authority.

A proof-of-concept implementation is developed for an Axis ARTPEC-6
development board. To establish that the platform is capable of operating
the protocol in real time its cryptographic performance is first measured.
The benchmark shows that for typical surveillance video the performance
is sufficient. To protect the private part of the key used for signing
even in the face of partial system intrusion, a memory access restriction
feature that the platform provides is used. This feature is compared
to the functions offered by standard Trusted Platform Modules. The
concept itself is platform agnostic and can be implemented on any
platform that handles H.264 video and offers similar security features.

Finally limitations of, as well as threats against, the concept are
discussed and analysed. The protocol is considered a viable way of
securing video and providing additional trustworthiness to the authenticity
of surveillance video. (Less)
Popular Abstract (Swedish): Trovärdigheten hos övervakningsvideo ökar med en ny metod som med hjälp av kryptografi säkrar dess ursprung och äkthet. Metoden anpassar sig till befintliga system genom kompatibilitet framåt, bakåt och i sidled.

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/8903447

author

Eliasson, Anton ^LU

supervisor

Martin Hell ^LU

organization

Department of Electrical and Information Technology

alternative title

Kryptografisk attestering av kamerabilders ursprung

course

EITM01 20162

year

2017

type

H2 - Master's Degree (Two Years)

subject

Technology and Engineering

keywords

Video signing, Video surveillance, H.264/AVC, Public-key cryptography, Axis Communications AB

report number

LU/LTH-EIT 2017-559

language

English

id

8903447

date added to LUP

2017-02-21 14:53:30

date last changed

2017-02-21 14:53:30

@misc{8903447,
  abstract     = {{A method is devised that provides authentication and integrity protection
for H.264 encoded surveillance video. A digital signature is created
at the H.264 Network Abstraction Layer and included in the video stream,
providing robustness against video container changes while remaining
format compliant for compatibility with software that does not support
the signing feature. The signature is created using asymmetric cryptography,
which provides protection to both data in transit and at rest. The
usage of asymmetric cryptography is compared to other methods of securing
digital video and found to be the best approach for this application.
Keys are unique per camera, allowing identification of the specific
camera unit that created a particular video recording. A Public Key
Infrastructure is described, where the camera vendor acts as a Certificate
Authority.

A proof-of-concept implementation is developed for an Axis ARTPEC-6
development board. To establish that the platform is capable of operating
the protocol in real time its cryptographic performance is first measured.
The benchmark shows that for typical surveillance video the performance
is sufficient. To protect the private part of the key used for signing
even in the face of partial system intrusion, a memory access restriction
feature that the platform provides is used. This feature is compared
to the functions offered by standard Trusted Platform Modules. The
concept itself is platform agnostic and can be implemented on any
platform that handles H.264 video and offers similar security features.

Finally limitations of, as well as threats against, the concept are
discussed and analysed. The protocol is considered a viable way of
securing video and providing additional trustworthiness to the authenticity
of surveillance video.}},
  author       = {{Eliasson, Anton}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Cryptographic Attestation of the Origin of Surveillance Images}},
  year         = {{2017}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Cryptographic Attestation of the Origin of Surveillance Images