Advanced

Cryptographic Attestation of the Origin of Surveillance Images

Eliasson, Anton LU (2017) EITM01 20162
Department of Electrical and Information Technology
Abstract
A method is devised that provides authentication and integrity protection
for H.264 encoded surveillance video. A digital signature is created
at the H.264 Network Abstraction Layer and included in the video stream,
providing robustness against video container changes while remaining
format compliant for compatibility with software that does not support
the signing feature. The signature is created using asymmetric cryptography,
which provides protection to both data in transit and at rest. The
usage of asymmetric cryptography is compared to other methods of securing
digital video and found to be the best approach for this application.
Keys are unique per camera, allowing identification of the specific
camera unit that created a... (More)
A method is devised that provides authentication and integrity protection
for H.264 encoded surveillance video. A digital signature is created
at the H.264 Network Abstraction Layer and included in the video stream,
providing robustness against video container changes while remaining
format compliant for compatibility with software that does not support
the signing feature. The signature is created using asymmetric cryptography,
which provides protection to both data in transit and at rest. The
usage of asymmetric cryptography is compared to other methods of securing
digital video and found to be the best approach for this application.
Keys are unique per camera, allowing identification of the specific
camera unit that created a particular video recording. A Public Key
Infrastructure is described, where the camera vendor acts as a Certificate
Authority.

A proof-of-concept implementation is developed for an Axis ARTPEC-6
development board. To establish that the platform is capable of operating
the protocol in real time its cryptographic performance is first measured.
The benchmark shows that for typical surveillance video the performance
is sufficient. To protect the private part of the key used for signing
even in the face of partial system intrusion, a memory access restriction
feature that the platform provides is used. This feature is compared
to the functions offered by standard Trusted Platform Modules. The
concept itself is platform agnostic and can be implemented on any
platform that handles H.264 video and offers similar security features.

Finally limitations of, as well as threats against, the concept are
discussed and analysed. The protocol is considered a viable way of
securing video and providing additional trustworthiness to the authenticity
of surveillance video. (Less)
Popular Abstract (Swedish)
Trovärdigheten hos övervakningsvideo ökar med en ny metod som med hjälp av kryptografi säkrar dess ursprung och äkthet. Metoden anpassar sig till befintliga system genom kompatibilitet framåt, bakåt och i sidled.
Please use this url to cite or link to this publication:
author
Eliasson, Anton LU
supervisor
organization
alternative title
Kryptografisk attestering av kamerabilders ursprung
course
EITM01 20162
year
type
H2 - Master's Degree (Two Years)
subject
keywords
Video signing, Video surveillance, H.264/AVC, Public-key cryptography, Axis Communications AB
report number
LU/LTH-EIT 2017-559
language
English
id
8903447
date added to LUP
2017-02-21 14:53:30
date last changed
2017-02-21 14:53:30
@misc{8903447,
  abstract     = {A method is devised that provides authentication and integrity protection
for H.264 encoded surveillance video. A digital signature is created
at the H.264 Network Abstraction Layer and included in the video stream,
providing robustness against video container changes while remaining
format compliant for compatibility with software that does not support
the signing feature. The signature is created using asymmetric cryptography,
which provides protection to both data in transit and at rest. The
usage of asymmetric cryptography is compared to other methods of securing
digital video and found to be the best approach for this application.
Keys are unique per camera, allowing identification of the specific
camera unit that created a particular video recording. A Public Key
Infrastructure is described, where the camera vendor acts as a Certificate
Authority.

A proof-of-concept implementation is developed for an Axis ARTPEC-6
development board. To establish that the platform is capable of operating
the protocol in real time its cryptographic performance is first measured.
The benchmark shows that for typical surveillance video the performance
is sufficient. To protect the private part of the key used for signing
even in the face of partial system intrusion, a memory access restriction
feature that the platform provides is used. This feature is compared
to the functions offered by standard Trusted Platform Modules. The
concept itself is platform agnostic and can be implemented on any
platform that handles H.264 video and offers similar security features.

Finally limitations of, as well as threats against, the concept are
discussed and analysed. The protocol is considered a viable way of
securing video and providing additional trustworthiness to the authenticity
of surveillance video.},
  author       = {Eliasson, Anton},
  keyword      = {Video signing,Video surveillance,H.264/AVC,Public-key cryptography,Axis Communications AB},
  language     = {eng},
  note         = {Student Paper},
  title        = {Cryptographic Attestation of the Origin of Surveillance Images},
  year         = {2017},
}