White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Netwrk Vide Management System Octber 7, 2016 NVMSWP002 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Table f Cntents 1. Intrductin... 3 2. Purpse and target audience... 4 3. Vide flw and inherent security risks... 5 4. Addressing security cncerns and risks... 7 4.1. Vide captured by camera... 7 4.2. Vide streamed t the Recrding Server... 8 4.3. Vide stred in the Recrding Server database... 9 4.4. Live r recrded vide is send t a client ver a netwrk... 9 4.5. Live r recrded vide viewed and exprted t a media... 10 4.6. Exprted evidence media is transprted frm the surveillance site t plice r a curt... 11 4.7. The exprted evidence is viewed by plice r a judge in a curt... 12 5. Benefits and summary...14 Revisin Histry...15 Sny Netwrk Vide Management System 2 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 1. Intrductin In applicatins and installatins where vide plays a critical rle as evidence material, it is paramunt that the vide is transmitted, stred and in general handled in a secure way; frm the time it is captured by the camera t the time it is used as evidence, fr example in a curt f law. Sny s Netwrk Vide Management System (NVMS) Enterprise Editin and NVMS Smart Client prvide a series f security mechanisms that enable users t maintain full end-t-end security and integrity f recrded vide data. Vide database encryptin, digital signing f vide databases and a functin t prevent re-exprt f the exprted material are cre cmpnents f Sny s vide management slutin fr ensuring and prtecting the integrity f the vide evidence. Sny Netwrk Vide Management System 3 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 2. Purpse and target audience The purpse f this white paper is t give a general verview f hw vide is transmitted frm the camera and stred securely in the NVMS Enterprise Editin Recrding Server databases, as well as hw exprted recrdings are secured and validated in the NVMS Smart Client Player when used as evidence. The primary audience fr this white paper is individuals r rganizatins with surveillance prjects/installatins where vide and evidence handling is critical. The target grup might include (but is nt limited t) the fllwing audiences: surveillance system architects/designers and surveillance prject cnsultants security fficers cmpanies rganizatins and law enfrcement bdies This white paper shuld enable the reader t understand hw recrdings are secured frm transmissin frm the camera t viewing exprted recrdings as evidence, as well as hw t implement and use the extended security in the mst ptimal way. The reader is assumed t have a general understanding f NVMS Enterprise Editin and IP vide management slutins in general. Sny Netwrk Vide Management System 4 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 3. Vide flw and inherent security risks In any vide surveillance system, analg r digital, there is an inherent security risk in the different parts, cmpnents r data/vide transprtatin media used. These elements f the system may be tampered with r the security f them can be cmprmised. In digital vide surveillance systems, the vide flw is typically as illustrated belw. Each functin and cmpnent has its wn inherent risks, examples f which are listed here: 1. Vide is captured by a camera Camera may be discnnected, stlen r simply vandalized Camera may be tampered with by turning it r by cvering the lens 2. Vide is streamed ver the netwrk t a Recrding Server The netwrk may be discnnected r flded with unwanted data due t a distributed denial-f-service (DDOS) attack The netwrk may be cmprmised giving unauthrized persns access t tapping int the transmitted vide 3. The Recrding Server stres the vide in its vide database The Recrding Server may be turned ff r fail Micrsft Windws security culd be cmprmised giving lcal r remte access t the vide database files 4. Live r recrded vide is sent ver a netwrk t a client Sny Netwrk Vide Management System 5 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity The netwrk may be discnnected r flded with unwanted data due t a DDOS attack The netwrk may be cmprmised giving unauthrized persns access t tapping int the transmitted vide 5. The client decdes the vide and displays it n the mnitr and ffers a functin t exprt vide recrdings fr evidence Unauthrized persns may try t hack r therwise btain lgin credentials t gain unauthrized access t viewing and exprting vide Authenticated surveillance users may try t tamper with exprted material 6. Exprted evidence media is transprted frm the surveillance site t plice r a curt The exprted vide may be viewed and cpied by unauthrized persns The exprted vide may be tampered with remving critical sequences f the recrded vide r be mdified t give anther impressin f the recrded evidence 7. The exprted evidence is viewed by plice r a judge in curt The exprted vide may have been tampered with remving critical sequences f the recrded vide r be mdified t give anther impressin f the recrded evidence Sny Netwrk Vide Management System 6 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 4. Addressing security cncerns and risks As highlighted in the previus sectin, there are several places where security can be breached. T address these security cncerns and inherent risks, Sny has implemented several security functins in additin t the standard security measures that can be used t increase the security f the verall vide system and its recrdings. The belw illustratin shws the pssible security measures t cunter tampering and fraud in each f the vide flw steps. 4.1. Vide captured by camera Risk: Camera may be discnnected, stlen r simply vandalized NVMS Enterprise Editin will autmatically detect if the camera is nt respnding r stps streaming vide t the system. Once the system detects this it issues a cmmunicatin errr event, which triggers alarms r rules that ntifies the right peple f the issue. Risk: Camera may be tampered with by turning it r by cvering the lens Many cameras can detect tampering events f different kinds, such as tampering, vide lss, and temperature. These events can be received by the NVMS Enterprise Editin system that triggers alarms r rules, which ntifies the right peple f the issue. Sny Netwrk Vide Management System 7 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 4.2. Vide streamed t the Recrding Server Risk: The netwrk may be discnnected r flded with unwanted data due t a DDOS attack NVMS Enterprise Editin will autmatically detect if the camera is nt respnding r stps streaming vide t the system. Once the system detects this it issues a cmmunicatin errr event, which triggers alarms r rules that ntifies the right peple f the issue. In additin t creating alarms r ntificatins via emails, NVMS Enterprise Editin als supprts Edge Strage n selected devices. Edge Strage ffers the functin t recrd vide in the camera itself and let the Recrding Server retrieve these recrdings after a netwrk failure, effectively ensuring vide recrding even fr perids with n cnnectin t the camera. Fr mre infrmatin n Edge Strage supprt in NVMS Enterprise Editin: www.sny.net/camerasystem/nvms/technical-dcuments Risk: The netwrk may be cmprmised giving unauthrized persns access t tapping int the transmitted vide Tw methds can be used t prtect the transmitted vide: VPN tunneling and HTTPS. A virtual private netwrk (VPN) tunnel can be set up between the camera and Recrding Server using standard equipment r sftware. The VPN will encrypt all data transmitted thrugh the tunnel and thus prtect against unauthrized access t the vide. Using a VPN is a generic slutin that can be used with any camera. In additin t a VPN, NVMS Enterprise Editin als supprts HTTP Secure (HTTPS) fr a subset f cameras. HTTPS uses Secure Scket Layer (SSL) and ffers encrypted cmmunicatin directly with the camera withut a VPN tunnel. Fr mre infrmatin abut VPN, HTTPS and SSL: http://en.wikipedia.rg/wiki/virtual_private_netwrk http://en.wikipedia.rg/wiki/http_secure http://en.wikipedia.rg/wiki/transprt_layer_security Sny Netwrk Vide Management System 8 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 4.3. Vide stred in the Recrding Server database Risk: The Recrding Server may be turned ff r fail Edge Strage can help because, as described in the previus sectin, it can recrd vide in the camera, allwing the Recrding Server t retrieve the vide nce it is up and running again. Risk: Windws (the perating system) security culd be cmprmised giving lcal r remte access t the vide database files T prevent unauthrized access t the vide database files several layers f security can be implemented: Physical security Access t the rm with the physical Recrding Server shuld be limited t a few authrized peple nly Windws Server security Lcal cnsle and remte desktp access t the server running the Recrding Server shuld be limited t a few authrized peple Windws shuld be set t autmatically lgut after a shrt time f inactivity Windws shuld be kept updated with the newest service releases 4.4. Live r recrded vide is send t a client ver a netwrk Risk: The netwrk may be discnnected r flded with unwanted data due t a DDOS attack In case the netwrk is flded with unwanted data, the cnnectin t the client may be discnnected r rendered inperable. In this case the peratr will immediately see this and can alert the administratr abut the issue. While the clients may nt be able t view live r recrded vide, the Recrding Server can cntinue t recrd vide unaffected if the netwrk has been designed as tw separate netwrks; ne fr clients and ne fr cameras. Risk: The netwrk may be cmprmised giving unauthrized persns access t Sny Netwrk Vide Management System 9 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity tapping int the transmitted vide As with the netwrk cnnectin frm the cameras t the Recrding Server, the transmitted vide frm the Recrding Server t the client can be prtected by using VPN tunneling. In additin t VPN tunneling, NVMS Web Client and NVMS Mbile als supprt HTTPS. 4.5. Live r recrded vide viewed and exprted t a media Risk: Unauthrized persns may try t hack r therwise btain lg-in credentials t gain unauthrized access t viewing and exprting vide T prevent smene frm hacking int the system, NVMS Enterprise Editin relies n secure Windws Active Directry (AD) authenticatin that ffers strng prtectin against hacking. In extensin t the built-in technical security in Windws AD, it is imprtant that all users f the system have their wn separate Windws AD accunt because a single accunt, r just a few shared accunts, will make it hard t cntrl wh knws the user name and passwrd and thus wh can access the system. Using separate accunts fr each user will als make it easier t investigate in the NVMS Enterprise Editin audit lg wh lgged in, viewed live r recrded vide r wh exprted vide frm the system. In additin t securing access t the client, NVMS Enterprise Editin ffers centrally cntrlled security settings with time prfiles that set when and which cameras can be viewed live, played back and exprted by the user. Furthermre, NVMS Enterprise Editin can cntrl all exprt settings available in the NVMS Smart Client via a s-called NVMS Smart Client prfile. Belw is highlighted a few f the NVMS Smart Client prfile s exprt settings with the recmmended value fr the mst secure exprt. Sny Netwrk Vide Management System 10 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Exprt t set t T media burner NVMS frmat set t Available Media player and Still image frmats set t Unavailable Include NVMS Smart Client Player set t Yes Prevent re-exprt set t Yes Passwrd prtect data set t Yes Passwrd set t a predefined passwrd Encryptin strength set t 256-bit AES Manage prject cmments set t Required Include digital signature set t Yes The Lcked check bx must be selected fr all f the abve settings t ensure that an NVMS Smart Client user cannt verride them. The full list f the NVMS Smart Client prfile s exprt settings can be seen in the screensht t the abve. 4.6. Exprted evidence media is transprted frm the surveillance site t plice r a curt T prevent unauthrized persns frm viewing r cpying exprted vide, NVMS Smart Client supprt three levels f security n the exprted vide database: 1. Database encryptin with passwrd prtectin 2. Disable re-exprt 3. Digital signature Risk: The exprted vide may be viewed and cpied by unauthrized persns The database encryptin supprts up t 256-bit advanced encryptin standard (AES) and access is prtected by a passwrd. Sny Netwrk Vide Management System 11 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity NVMS Smart Client ffers the ptin t prevent the exprted vide frm being re- exprted when viewed again in the NVMS Smart Client Player. This ensures that the vide cannt be exprted in anther frmat r be exprted t the NVMS frmat again but withut encryptin and digital signing. Risk: The exprted vide may be tampered with remving critical sequences f the recrded vide r be mdified t give anther impressin f the recrded evidence When vide that shuld be exprted is prtected with a digital signature n the Recrding Server, the signature f the recrded vide will be checked during the exprt t ensure that the vide has nt been tampered with n the Recrding Server. If the recrded vide passes the signature check, including the riginal digital signature, the vide is exprted t a new database created by NVMS Smart Client n the client PC. During the exprt, NVMS Smart Client adds its wn signature s the vide is prtected by tw signatures the riginal ne made during recrding and the ne created by NVMS Smart Client during the exprt. 4.7. The exprted evidence is viewed by plice r a judge in a curt Risk: The exprted vide may have been tampered with remving critical sequences f the recrded vide r be mdified t give anther impressin f the recrded evidence When the exprted recrdings prtected by encryptin and digital signing are viewed again by plice r a judge in curt, the NVMS Smart Client Player will request the user t enter the passwrd t decrypt the recrdings. Once the crrect passwrd has been entered, the client infrms the user that the vide is signed and can be verified by clicking the Verify Signatures buttn. This indicates fr the persn viewing the vide that the recrdings have been prtected by an encryptin and in additin t this have a digital signature that can be verified fr authenticity. Activating the digital signing verificatin will pen a new windw and may take sme time t cmplete depending n the size f the recrdings and amunt f cameras in the exprt. When cmpleted, it will display if the recrdings have been tampered with r if the integrity is intact. Sny Netwrk Vide Management System 12 Revisin 1.0.0
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity The belw screensht shws an example f crrectly validated databases. Bth signatures can be validated directly in the Player. If the validatin fails, the dialg bx will display the time f the first failed segment f the database as seen in the screen sht belw. Sny Netwrk Vide Management System Revisin 1.0.0 13
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 5. Benefits and summary By cmbining a set f standard security functins and cncepts with a set f slutin unique functins, NVMS Enterprise Editin enables users t deply vide surveillance slutins with full end-t-end security. With the encryptin and signing features in NVMS Enterprise Editin and NVMS Smart Client, it is pssible t keep streamed and recrded vide secure and prve the integrity f recrdings all the way frm the riginal stream frm the camera and t the pint where it is viewed, fr example in a curt f law. Fr cmpanies that require strict cntrl f the exprt frmat and security settings, the NVMS Smart Client prfile can be used t cntrl exprt settings and parameters strictly frm a central pint. NVMS Enterprise Editin and NVMS Smart Client ffer secure handling f vide all the way frm the pint where it is captured and streamed frm the camera t the vide surveillance system and t the time it is viewed as evidence. Sny Netwrk Vide Management System Revisin 1.0.0 14
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Revisin Histry Date Revisin Descriptin 2016/10/07 1.0.0 First editin. Sny Netwrk Vide Management System Revisin 1.0.0 15
White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Disclaimer This dcument, in whle r in part, may nt be reprduced r transferred fr any purpse withut prir written apprval frm Sny Crpratin. Sny Crpratin reserves the right t make any mdificatin t this dcument r the infrmatin cntained herein at any time withut ntice. Sny Crpratin shall nt bear any respnsibility r liability fr any damage, lst earning, and third party claim, resulting frm the prducts and related dcuments. Cpyright This dcument cntains registered trademarks and trademarks that are wned by their respective cmpanies. Sny Netwrk Vide Management System Revisin 1.0.0