Closed IPTV Eliminates Camera Spoofing

JH
John Honovich
Published Nov 19, 2010 00:00 AM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

As part of Dedicated Micros's roll-out of Closed IPTV, they have released an in-depth 16 page presentation [link no longer available] that explains how their approach eliminates camera spoofing in IP camera systems.  In this note, we examine the approach and the potential value (or lack thereof).

The risk that Dedicated Micros sees is that "the security guard has to know that the picture that he's seeing really is the picture on the camera on the end of the cable in his vault and not coming from somewhere else." In the presentation, they raised the concern that with IP cameras "people would be able to download standard tools off the internet to intercept video on the fly and substitute images."

To stop this, Dedicated Micros has "developed a solution that [they] refer to as 'deterministic' ... [they] are absolutely confident that the images that we are receiving we can determine not just where they came from but how they got to us and whether or not they've been interfered with on the way."

The specific implementation consists of IP cameras with secret keys preloaded (from DM), an enhanced IP switch (from DM) and a DVR/NVR that can exchange keys and poll cameras (from DM).

From a technology perspective, we believe that this would essentially eliminate the specific low level issues that DM mentions - MAC address spoofing, needing to certify each camera individually, etc.

We see two primary problems:

  1. Is this an important risk for end users? We think this is literally and figuratively security theater. Camera spoofing (for analog or IP) seems to be a relatively low risk/concern for most security managers.
  2. If this is an issue, it's equally as problematic (or worse) for analog cameras. In the movies (where this most often happens), you can cut the coax cable and connect a laptop or portable DVD player to stream looping video (far technically simpler than the corresponding IP hack). You can never 'determine' that an analog camera feed is authentic but that's not a barrier for analog. Why it should become one for IP cameras is questionable.