Encrypting IP Camera Stream?

I'm not sure how ubiquitous it is among all manufacturers but I think it's fairly common. I don't have stats to back it up but I suspect the added latency is imperceptible compared to the compression latency of h264.

You ask if encryption is the solution but you don't mention the problem you're trying to solve.

Encrypting the video stream is a good idea when there is highly sensitive video being recorded. For example proprietary IP, anything HIPPA sensitive, anything where pin numbers and passwords could be gleaned etc.

Video encryption won't do anything to improve the network security, except in edge cases where there might be a vulnerability in the rtp/rtsp protocol or something similar.

On the other hand, encryption is a "cheap" added layer of security, so unless it adds significant latency on a PTZ channel for example, there's not much reason not to do it.

Look at the WWW, most major sites automatically redirect you to the secure (https) portal and mostly nobody notices. If the security industry did the same, it would be simultaneously the biggest, and most boring piece of news regarding network security.

Look at the WWW, most major sites automatically redirect you to the secure (https) portal and mostly nobody notices. If the security industry did the same, it would be simultaneously the biggest, and most boring piece of news regarding network security.

Related: IPVM Site Goes All HTTPS, Largest 3 Manufacturers Do Not

thanks a lot for response,

I agree the https://ipcamer adds/ is always better if the certificates are signed by certification authority (CA), I am not sure on the self signed certificates.

Some of the consultant have been sold on this idea "Encryption of the rtp/rtsp steam from the camera", I would like to know which OEM's offer AES 128 Bit Encryption of the rap/rtsp stream? could not find this param in the "camera finder".

from http://www.edn.com/electronics-blogs/video-stream/4426154/Thoughts-on-Streaming-Video-Securely

• Secure RTP, or SRTP, is an IETF standard based around 128-bit AES encryption (in the default configuration). It is widely used in VoIP telephony but as far as I know it is rarely used in streaming video.
• Also in the RTP/RTSP family, video can be sent via “HTTP Tunneling”—specifically, over RTP/RTSP/HTTP, as I described in a blog post about RTP. However, in order to encrypt the content, you would replace the HTTP with HTTPS, thus using TLS. This mechanism is discussed in section 5.1.1.4 of the ONVIF Streaming Spec, but I don’t believe it is widely utilized.
• Finally, video can be sent using HLS, but again over HTTPS and TLS. This approach is more complex to implement but—if the embedded device has the capability—could offer the promise of adaptive bit rate streaming, which the other approaches don’t.

and from http://download.vivotek.com/downloadfile/downloads/handbook/ip_surveillance_handbook_en.pdf on page 33-35. "Security protocols protect data from unauthorized access. SSL/TLS and IPSec are three basic network security protocols. The major difference is that SSL/TLS encrypts the data and IPSec encrypts the transmission channel."

the OEM clears talks of IPSec, but IPSec is more used in VPN tunnel..?

so back to the question, how exactly the RTSP stream is encrypted with AES 128 bit and which OEM's provide RTSP encrypted streams..

any insight would be help to to underhand the concept.

opps clicked post before adding the following,

from http://resource.boschsecurity.com/documents/Data_Security_Guideb_Special_enUS_22335871499.pdf page 21

Data security hint no. 8 There have been recent reports of cyberattacks utilizing an RTSP stack overflow buffer assault. These attacks were written to target specific vendors’ devices. Best practices would be to disable the service if it is not being utilized by an ONVIF conformant video management system or for basic real-time streaming.

Alternatively, and when the receiving client allows, the RTSP communication can be tunneled using a HTTPS connection, which is so far the only way to transmit RTSP data encrypted.

I am not sure how they do it, but DMP encrypts their data stream using 256bit-aes. They re-label hikvision cameras. They're using cloud storage. They also use a 2048 RSA certificate when logging into the camera.

John, any comments.. ?