Subscriber Discussion

Camera Manufacturers Offering SHA-2 & TLS?

UI
Undisclosed Integrator #1
Nov 28, 2018

Does anyone know what camera manufacturer provides End to End Encryption with SHA-2 (Secure hash Algorithm 2) & TLS (Transport Layer Security)?

SD
Shannon Davis
Nov 28, 2018
IPVMU Certified

Bosch would probably be one of the most secure for End to End Encryption, especially if you use their BVMS as well.

(2)
UM
Undisclosed Manufacturer #5
Nov 29, 2018
In reply to Shannon Davis

Bosch cameras support SHA-256.  TLS 1.2 minimum can  be defined, (e.g. to avoid vulnerabilities from TLS 1.0 and 1.1). Also, certificates & keys are kept in a Trusted Platform Module (TPM) chip useful for protecting against unauthorized access. (I believe these physical chips are currently only found in Bosch IP cameras).  Cameras ship with valid certificates & beginning in FW 6.4x Certificate revocation handling was added which includes an internal algorithm that can check if a certificate issued by a Certificate Authority is revoked or is valid.

(1)
(2)
SD
Shannon Davis
Nov 29, 2018
IPVMU Certified
In reply to Undisclosed Manufacturer #5

Thanks TM!

U
Undisclosed #2
Nov 28, 2018

Reach out to Axis Communications, I believe their cameras with ARTPEC v6 or > cpu can process SHA-256. What are you using for the headend? VMS, Analytics, Live, Recording or all of the above?

UI
Undisclosed Integrator #1
Nov 28, 2018
In reply to Undisclosed #2

I understand AXIS cannot offer this, we are using XProtect Corporate 

(1)
UM
Undisclosed Manufacturer #5
Nov 29, 2018
In reply to Undisclosed Integrator #1

With Genetec, you can use either Bosch or Axis to achieve end-to-end security. Using SRTP throughout the whole infrastructure enables you to set up a secured multi-cast network.

 

U
Undisclosed #2
Nov 29, 2018
In reply to Undisclosed Integrator #1

Au Contraire,

https://patchwork.kernel.org/patch/9858879/

Perhaps one of your Engineers is savvy enough to dibble dabble.

U
Undisclosed #3
Nov 29, 2018
IPVMU Certified
In reply to Undisclosed #2

It’s about time Axis went open source...

Avatar
Brian Karas
Nov 28, 2018
Pelican Zero

Our DH-390 camera in the Saros product family supports this. A screenshot below of the setup/config page shows some of the options around TLS and certificate options:

 

 

Several of our other thermal camera lines (eg: FC-ID cameras) also support TLS.

U
Undisclosed #3
Nov 28, 2018
IPVMU Certified

I have used TLS with Milestone Corporate and an Axis camera, as discussed in Encrypting Video By Tunneling Rtsp/Rtp Inside Https:

Here’s a link to Axis’ statement of compatibility with SHA-256.

(1)
UI
Undisclosed Integrator #1
Nov 28, 2018
In reply to Undisclosed #3

thanks, very useful much appreciated 

U
Undisclosed #3
Nov 29, 2018
IPVMU Certified
In reply to Undisclosed Integrator #1

No problem. I hope you found it Informative :)

UM
Undisclosed Manufacturer #4
Nov 28, 2018

All Hanwha cameras have tls support with self signed or CA certs  Certain vms can encrypt video with srtsp (or is it rtsps) or rtsp over https. 

(1)
JH
John Honovich
Dec 02, 2018
IPVM

Axis confirms, noting:

When generating a self-certificate in an Axis camera it will use SHA-2 signature. A CA-signed certificate is made by a CA (Certificate Authority). A CA may use SHA-1 or SHA-2 when signing certificates.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions