Bosch/Genetec Video Cybersecurity Partnership Examined (CHAVE)

Author: Brian Karas, Published on Feb 15, 2017

Surveillance products have been relatively weak when it comes to cyber security. Default passwords, open ports, and weak authentication mechanisms led to a wave of exploits.

Now, Bosch and Genetec are working together to deliver a system that is "resilient against unauthorized access, malware, brute force cracking and other exploit techniques."

The two companies described the solution, which Bosch is marketing as CHAVE (Credentialed High Assurance Video Encryption), in a conversation with IPVM.

In this report we describe how CHAVE differs from other security mechanisms, what it adds in terms of costs, and how installation and day to day use vary from other systems.

************ ******** **** **** ********** **** **** ** ***** ** cyber ********. ******* *********, **** *****, *** **** ************** ********** led ** * **** ** ********.

***, ***** *** ******* *** ******* ******** ** ******* * system **** ** "********* ******* ************ ******, *******, ***** ***** ******** *** ***** exploit **********."

*** *** ********* ********* *** ********, ***** ***** ** ********* as ***** (************ **** ********* ***** **********), ** * ************ **** ****.

** **** ****** ** ******** *** ***** ******* **** ***** security **********, **** ** **** ** ***** ** *****, *** how ************ *** *** ** *** *** **** **** ***** systems.

[***************]

CHAVE ****** ********

***** ** ** ***-**-*** ******** *********** *** ***** *******. ** utilizes ******* **** ********** ******** / ******** *** ******** **** encryption, ***** **** ***-****** ******** ************ *** * *** **** can ********* **** *** ** ***** **********.

*** **** ** ***** ** ** ****** *** ********* ** video, **** *** ******* **** *** **** ***********, *** ** better ****** *** *** **** ****** ** **** *** ****** video. ***** ***** *.*. ************** ***-****** * ************, ***** ***** ****** ** ***** ************ ** able ** **.

*********, ***** ** ********* *****-******* *******, *** ******* ** ****** CHAVE ******* ** ** ******** ******** ****** *******.

User **************

***** ** * ***** ****** *** ****** ***** *****, **** commonly**********-****** ****-** *****, ***** **** **** ** ********** ****. ***** ** *** VMS ******** ********* ***** ***** **** ** * ****** ******** to *** ****** ** *** ******** * ***.

Target *********

*******/**********, ** ******* ********* **** **** ********** ** ********** ************ around ************* *** *** ****** ******. ** ** ******** **** even * ***** ********** *******-****** ******** ***** ********* ***** ******* outside ************.

CHAVE ********** ********

********* ** *****, *** ********** ********** ** ***** *** *** based ** *********-********* ********, **** ***.*** ****************** (********* ***** ********). ***** ** *****'* ********* **** *** ******* ***** ********* together **** ** ** ******, *** ************ *** ******** *** accessing *** *******.

******* ******* *** ******** ** **** ******** ******** ********** ** support *****, ** ** *** * ******* **** *** ** added ** ******** ******* *** ******** ******** ** ***** *******.

Username/Password ** ****

***** *************** ***** **************, ***** ********** ********/******** ****** ** *******, *** *** **** of ****** ** ******* *********. *** ****** ** ******** ** have ****** ** *** ********, ** **** *** ******* *** routinely ******* *** *********** ********* ** ****** *** ***** *** still *****. ********* ** *****, *** ******** ****** *********** ** not ** *****, **** *** ********-****** ********** *************, ** *** systems ********* ******* **** ******** ****** *** ****** ******/************** ********.

Supported *******

***** ***** *** ********* ******* ** ********* ********** *****:

  • ********* ** **** ** ***** **** ******
  • ********* ** ********* **** ** ***** **** ******
  • ****** ** ********* **** ** ***** *** ******
  • ********* ** **** ** ********* ******
  • ******** ** ******* **** ** ***
  • *** ** ********* **** ** ********** ***
  • ****** ** ****** **** ** ******

Genetec *******

******* **** **** *** ****** ** **** **** ******* *** CHAVE ** *** **** ******* ** ******** ******, ***** ****** be *.*.

********* ***** ******* ** ********* ** *******, ****** ******* ***** nor ******* ***** ******* *** **** *** ********* *********** ** intended ** ****.

Additional ******** *** ************ ************

******* **** ** **** *** ******** ************ ***-********* ****** ********, this **** ** ******* **************. *** *********** ******* ******* **** ******** ****-**** ********, ********* to *****, *** ****** *** *** **** **** * *** extra ****.

**** ********, ************* ************ **** ** ** ******** **** ******** Center ****** *** ******* *** ** ***** ** *** *** and **********. ***** ******** ** ****** *****, **** ** ******** bitrate ******** ** ******** ******** *** *** **** ** ***-***** cameras.

*******, *** ********** **** ******** ** ******* *** ********* *****-******* cameras ****** ** *******, *** **** ******* ***** ** ** through * ********/************* *******.

Training ************

***** **** **** *********** **** **** ** ******* ********** ******** before **** *** ********* ** **** *** ******* ***** ********. The ******** ** ******** ** ** ********* *****, *** **** likely ** * **** *** ******.

Cost ** *****

***** *** ********** ******* ***** ** ********* ***** ** * non-CHAVE ******. ***** *** ********* ******* ** *** **** ***** and ***-***** ********, ******* **** * ******** **** *** *** more *** ***** *******, *** ******* ***** *** * ***** camera *** ** ****** **** * *********** *******.

*** ******** ******** ************ **** $**-$***, ********* ** *** ***** level ** *** *********** ***** ******, *** **** **** ** be ******* ***** * *****.

******* **** **** **** *** ********* ******* *** ******** ****** with *****, *** *** *** ** ***** ****** ** * different ******* *******, **** ** ********** ****.

***** **** **** **** ** ** ****** ***** *****, *** have ****** *** ******** **** ***** **** *******. *******, ** is ****** **** ********* ************ ***** **** ******* ** ***** smart *****, ** **** **** *** *** ** ********, ** may **** ******* * *** *** ** **** ***** **** readers *****.

Compared ** ***** ******** *******

*****'* ******* *************** *** *** **** ***-* ***** * **********, and ***********-***** ****** **** *** *********** ** ********/******** *****. **** *** **** ******** ** *** ***** ** **** ************ claims *** **** **********, ***** ***** ** ******** ** ********* that **** ** **** ***** ************, ** ** ***** ********* the **** ** ****** ** *********** ******** *** *******/********. *********** the ******* ** ***** **** * ****/**** ***** ***** ** valuable ** ********-****** *********, **** ** **** *** *** **** to **** *** ******** ********** ************.

*******, * ***** ****** ***** ****** ** ************ **** ********* than *********** *******, **** ** ***** * *** *** ******* that ******* ***** ************** *** ***** *********, ** ** ******** specific ****** ********, ************ **** **** ** ** ****** ********* and **** ******* ***** * *****, **** ********** *****/************ ****.

Outlook *** *****

***** **** ** ****** ******** ** ********** ************, ** **** help *** * ********* *** **** *** ** **** **** a ************* *********** ** **** ******* **** **********. ****/** ***** VMSes ******* *****, ** *** ****** **** ** ***** ******** methods ** *******-**** ** ******** *******, ****** ****** **** ******* requirements (*.*., ** *********** *** ***** *****). *****, **** ** unlikely ** ****** ** ****, ****** ***** * ********** ***** concept **** **** ** *** ********** ******.

Comments (18)

Undisclosed Manufacturer #1

02/15/17 02:12pm

**** ** * ********* *** ******** ******** **** ***** **** come ** ****. * ** *******.

John Honovich

IPVM | In reply to Undisclosed Manufacturer #1 | 02/15/17 02:16pm

****, * *** *** * ** **** ******* *** *** cost ** ****** **** *** *********** ** *****, ** *** may ***** **** **** ********** ;)

Eddie Perry

02/15/17 02:27pm

*****'* ******* *************** *** *** **** ***-* ***** * **********, and ***********-***** ****** **** *** *********** ** ********/******** *****. ** is *** **** ******** ** *** ***** ** **** ************ claims *** **** **********, ***** ***** ** ******** ** ********* that **** ** **** ***** ************, ** ** ***** ********* the **** ** ****** ** *********** ******** *** *******/********. *********** the ******* ** ***** **** * ****/**** ***** ***** ** valuable ** ********-****** *********, **** ** **** *** *** **** to **** *** ******** ********** ************

********* *** ********* ******* ** **** **** ***** **** *****-* or ********* ** *** *** ******* ******* ****** *** ***** with *** *** **-*****.

******* *** ***** ***** ** *** *** ******** ******** **** the **** ****** *** *** ***** *** * ***** ****** really *** **** *** ****** ** *** **** ************* ** my **** *** ****** ** *'** **** **** ******** **** i *** *****.

Thumbnail brk1

Brian Karas

IPVM | In reply to Eddie Perry | 02/15/17 02:58pm

**** ***-* *** * ****** ** **********, * ***** *** most *****, * ***** *** **** ******.

********* ***** **** ***-* ***** * ** ***** ******* ****** release.** ******* **** **** ******* ** *** ***** ******* *******, *** ******* * ****.

*** ********* ******* **** **** ***** **** *** ***** ***** options, *** ***** ******* **** ******* *** * ***** ***, 5MP *** ******, *** **** *********.

Undisclosed End User #2

02/15/17 08:45am

**** ** *** **** **********, *'* **** ** *** *** camera ************* ******* ************ (***** ** ***** **** *** ***) when *** ****** ** ****** ***-** ******** ******* * ************ number. **** ***** ******* *** ****** ************* ********** ** *** often * ***** ** *** ***. ** ********** ** ****** to *** *******.

Thumbnail profile pic

Ethan Ace

IPVM | In reply to Undisclosed End User #2 | 02/15/17 04:52pm

* ***** **** **** *********. * ********** **** *****, ******, and ********* **** ***** **** ******* ****, *** * ******* only ********* ****** ****** ** ** **** ** ****** **** to *** ****** (*** * ******* ****'* **** ********** **** iVMS, *** * *****'* *******). ******* *** ******* ** ****, but ******* ************, *** **** ****** **** ** ***** **.

**** ***** ** ********* ******* ** ****:

*** ****** ***** ** *** *** ************* ******* ****** ***** detection ** ***. ** ***** ***** ** *** ****** ******* tries ** ***** **** * ***** ********, *** ******* *** VMSes, ******** ** *********** ********, ** ***?

John Honovich

IPVM | In reply to Undisclosed End User #2 | 02/15/17 05:33pm

*'* **** ** *** *** ****** ************* ******* ************ (***** or ***** **** *** ***) **** *** ****** ** ****** log-in ******** ******* * ************ ******.

*******:****: **% ** ***** *** *** *** ************'* ************** *** **** **** *** ******* ****.

Thumbnail image

Jon Dillabaugh

Pro Focus LLC | In reply to Undisclosed End User #2 | 02/16/17 01:35am

**** ********* *******, ****** **** *** ******* ******* ** **** lock ** ******* ***** ******* *** *** **** *** ***** you ** *** ****** ***** *******. ****** ** **** **** any ****** ***.

Thumbnail profile pic

Ethan Ace

IPVM | In reply to Jon Dillabaugh | 02/16/17 01:55am

******* ** ******* ** * ********* ****** *****'* **** *** stream ***********, **** *** *** *********. * **** ****** **** with ***** *** *'** **** *** **** ** ***** *****. It ***** **** ********* ** *** ***, ******.

******, **** ** ** *** ******** **** **** *** ****** offline, **** ************ **** **** **** *** **'* *******. **** you're **** ************* *** **'* ******* **********. ******** ******* * discrete ***** ***** ** **********.

Undisclosed End User #2

In reply to Ethan Ace | 02/16/17 04:47pm

* ** ****** **** ****** ************* *** ******* ****... ** an *** **** *** ****** ********* ** * ********** ***** video ************ ****** - * **** ** ****** ********** ********* based **** *** ******'* *****-******** ********.. *** ***** ***** **** be ******* **** *** ****** ** ****** ** ***** ** SDK **** **** * *** **** ****** ***** ******** ***** as * ***** ************** ** **** ****** ************* *** ** a ****** *** **** ***, ******* ******* ***. * ***'* think * ** ***** ** ****....

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed End User #2 | 02/16/17 05:08pm

*******, ***** *** ***** *****-******** ******** *** ***** ************? **-***** analytics, ****** ***********, ****** ***********, ******** ***?

Undisclosed End User #2

In reply to Brian Karas | 02/16/17 05:33pm

*****, *** **, *** ******** **** *** ****** *** **** to ***** *** *** ******** ** *** ********* ******* ************. That ***** ****, * ** * *** *** ** *** Smart ****** *** ******** **** ******* *** ****** ********** ***.

** ** *******, **** * ********* ******* ********** - ****** features **** ******* ************ ** ****** ** *** ******** ** your ***** ************ ****** ** * ****** ******** (***** ****** which *** ******* *********** ***) .

******* **** *** ******** - * ** ******* *** * 4K **** **** ***** ** ** , ** ********* **** dynamic *****, **** *** ***** ***********, ******** * ***** ***** and ******** ***-** ******* ************ - ** * ****** *** too **** :) ??

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed End User #2 | 02/16/17 06:11pm

* ***'* ***** *** *** ****** *** *** **** ** the ***** ** ******* * ******* ********** **** ** ***********. I ***** *** ********* *** ************* ** **** ** ** often * ****-*** **** **** *********** *********. ************ **** *****-******** features ***** ********* **** **** *** ** *******. ***** **** delay ** **** * *******, ***** ** ** * ****, hard ** ***.

* ***** **** ********* **** ** **** ** ***** *** cyber ******** ************ ***** ** **** ********* **** "****** *****" like ********* ** *****(**) ****** (******** ** ****** **** *** other ****** ******** *** ** *** **** ******** *********, * company **** ** *** *.*** ***** ***** ** ****** *** working ** **** *****).

Undisclosed End User #2

In reply to Brian Karas | 02/17/17 04:04pm

* ***** **** **** *** *** ****** - *** ****** being ***** ** **** **** ******* ********* **** **** ****** security ********. ** **** ***** * **** **** ************ ***** add **** ***** **** *** ** *** ******** ******** ** using *********** ***** ************** ***.

Undisclosed Integrator #3

02/16/17 09:19am

"*** ****** ** ******** ** **** ****** ** *** ********, so **** *** ******* *** ********* ******* *** *********** ********* to ****** *** ***** *** ***** *****. ********* ** *****, the ******** ****** *********** ** *** ** *****, **** *** security-minded ********** *************, ** *** ******* ********* ******* **** ******** access *** ****** ******/************** ********."

**** ** ***** * ******* *******. ** ******* ** ** security ******* ****** ** **** ********* ** *** ********. ********** not *** ****** ************** ********.

******* ***** * **** **** **** ****** **** *** **** one **** *** * *****/******** ***** *** *** *** ***** to *** ******. ***** *** ** ****** ** ******, ** your ****** ** ********** *****.

** *** **** ** ******* ** *** ********, *** ***'* the **** *** ***** ********** *** **** *** ******** *********** reader, ****** ************* ****** *** ** ********* *** *** ** Android, * **** *** ****** **** **** *******.

Thumbnail photo

Michael Archer

In reply to Undisclosed Integrator #3 | 02/16/17 11:53pm

** ** *** **** *** ** ******? ** *** ********* a ****** ** * ****** **** *** *** ***** ** touch ** **** **** ******* *****!

**** ********* *** ** *** ********* ** **.****** ** *** does *** ******* *** *****, ****** ***** ***** ****.

** *** ** **** * ****** *** *** * *********** cost **** ******* ******?

*. ****** *** * ********* ******, *** ******** ** **** is * ** **** *****. *********.

*. ******* ****** ***** ** ******, ******** ***** *** ** direct.

*. ****** ** ***** ***** ** **** ** **** ************* / ******** ********** ****.

*. ********* *** *** *********** ***** ***, ***** **** **** after * **** **** ***** * ******* **** *** ******, for **** ****** **** ** **** ************* ******** ** **** from ***** (******* ** **** **** * ****** ****** ** a ****** **********) ****** *** *** ****** *** ****** **** the ****** ** ** **** * **** ** *** *********** generation. (*** ***** ******** ***** ** **** *** ** *** the *****)

*. **** ******** *** ****** **** *** ****** ******** *************, close *** *********.

*. ***** *** *** *** * ****** ****** / ******* codes ******, **** **** *** ** ****** ** *** ********, this ***** ** ***** *****.

*. ****** ********* **'* *** ********, ** **** ******* *********** of *** *** ** ******** * ********.

*.****/**** *** ** *** **** ***** ** ****** ** ******** at ***** **** ***** **** **** **** *******.

*. ****: ** ************ ******** *** *** ** ****** ***** software ****, ** **** *** **** *** *********. ******** *** certificate *** **** ********* ** *** ******** ****, ** **** as **** ** ********.

*. **** *********** **** ******** ******** ** ** ********, *** allow ***** - ****** (*** ** ** ********) ** **** a *** ***-***** ** *** *********** ***** *** ****** ** added.

* ******** ******** *** ** ******** ** ***** *** ** we ***'* **** **** ********.

**. ************ ******* ***** **** ****** ** ****** ****, *** even ******* *** **** ********.

**. ****** **** **** *** ******* ** ************* **** *** generated ***********.

***** ** **** ** **** *** ******* *** *** ******** certificate **********, *** ******** ********** ********* ***. * ******'openssl **** -****** **' gives you a lovely password nobody would be able to guess.

Undisclosed Integrator #3

In reply to Michael Archer | 02/20/17 03:58pm

**, * ***** ******* ** ** *** *** ******:

***** ** *** *** ******** ********* ***** ***** **** ** a ****** ******** ** *** ****** ** *** ******** * PIN.

Thumbnail 201511 baud sgpp

Baudouin Genouville

In reply to Undisclosed Integrator #3 | 03/17/17 04:56am

******* ***** * **** **** **** ****** **** *** **** one **** *** * *****/******** ***** *** *** *** ***** to *** ******. ***** *** ** ****** ** ******, ** your ****** ** ********** *****.

** *** *****!

***** *** ******* **** **** *********** *******, ** ** *** have *** ***********, **** ***** *** ****** **** ******* ** well

=>*****://**.*************.***/**/********/********************/***************/****************/**********************

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on VMS

Verkada, Silicon Valley VSaaS Startup, Targets Enterprise on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested on Oct 18, 2017
Axis faced significant product shortages over the summer. Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...
Top Problems Searching Surveillance Video (Statistics) on Oct 13, 2017
When crimes, accidents or incidents happen, the video surveillance system is a key component in finding out and proving what actually...
Exacq M Series Low Cost NVR Tested on Oct 12, 2017
With recent cyber security issues hitting NVRs and cameras from low cost leaders Dahua and Hikvision, users are increasingly seeking alternatives...
Hanwha 20MP Multi-Imager Tested (PNM-9081VQ) on Oct 09, 2017
Hanwhwa has introduced the latest in their multi-imager camera line, the PNM-9081VQ, a Wisenet 5 20MP model with four repositionable 5MP camera...
Exporting Video Surveillance Tutorial on Oct 05, 2017
Exporting video surveillance is important when incidents or crimes occur. However, there are multiple ways to export video which have their pros...
ASIS Show 2017 Final Report on Sep 27, 2017
ASIS is in Dallas for 2017 and this is our final show report (compare to our 2016 ASIS show report). When walking in, one is greeted with Dahua's...
Hanwha Launches Wave VMS on Sep 27, 2017
Hanwha Techwin has been teasing the launch of a new VMS: But what is it? Did they develop their own or? And how will this impact their...
Avigilon 'Blue' Cloud Entry Examined on Sep 19, 2017
Avigilon is moving to the cloud. The company announced their Avigilon Blue platform, designed to be a web-managed surveillance system, utilizing...
Genetec Launches Community Connect Examined on Sep 14, 2017
Genetec has done best in large-scale, enterprise systems and relatively worse in smaller systems such as SMB. Now, Genetec is launching...

Most Recent Industry Reports

Anixter End User Sales Troubles on Oct 23, 2017
End user sales have and continue to be a major problem for Anixter's physical security business. Every year, according to various Anixter people,...
Assa Abloy Acquires August on Oct 23, 2017
The mega access control manufacturer, Assa Abbloy, has acquired one of the most well funded access control startups, smart lock...
Axis Q3 2017 Financial Results on Oct 23, 2017
A big issue for Axis this past quarter was their product shortage. Despite that, new Q3 numbers for Axis show solid financial results. In this...
Cisco Falling - Favorite Network Switches 2017 on Oct 20, 2017
1 major manufacturer fell and 1 outsider manufacturer gained as integrator favorites for network switches from more than 140 votes / explanations...
Uniview Recorder Backdoor Examined on Oct 20, 2017
A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...
Hikvision Access Control Tested on Oct 19, 2017
Hikvision aggressive pricing and marketing combined with generally reliable hardware and free software has made them a major player in video...
Verkada, Silicon Valley VSaaS Startup, Targets Enterprise on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Exacq Unbreaks Avigilon Integration on Oct 18, 2017
For nearly 4 years, Exacq had broken and effectively blocked use with Avigilon cameras, as IPVM reported in January 2014. Now, Exacq has...
Search More Important Than Live Monitoring - Statistics on Oct 18, 2017
Search is overall more important than live monitoring to integrators, according to new IPVM statistics.  The key themes found in integrator...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested on Oct 18, 2017
Axis faced significant product shortages over the summer. Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact