The benefits of encryption for IP-based security systems

March 14, 2016
Leveraging AES 256 encryption key to protecting today's network surveillance solutions against cyber-attacks

Physical security technology solutions such as IP surveillance and access systems, cloud storage and mobile monitoring and control are accelerating at a rapid pace and are increasingly exposed to cyber-attacks. This presents a real and present danger for private and public facilities, as professional security devices and systems continue to generate and share more data, and are networked on an enterprise level.

Network Security is a Strategic Priority

Organizations are too often painfully reminded - through multi-million dollar losses or the need to comply with regulatory mandates, audit corrections and customer demands - that new levels of security are required to guard against cyber-attacks. This new reality is no longer considered to be optional. In fact, cybersecurity vulnerability is one of the most pressing topics that the physical security industry, among others now face.

One recent attack on the federal government resulted in the theft of information for over 22 million people, another attack on the control room for a dam in a rural suburb of New York further documents that every level of federal, state and municipal government, as well as public and private facilities’ infrastructure and data need to be protected against cyber-attacks. As networked systems continue to capitalize on their extreme efficiency and capabilities, they also open up a whole new potential threat from numerous sources with bad intentions.

Security Essential in Product Design

Imagine the potential threat to private and public facilities by hacking into IP video surveillance systems to reroute data or hacks into IP access systems to turn off alarms and open doors. With organizations becoming more aware of the value of their information and privacy, manufacturers must design better security alongside or within their products to provide users with secure physical and logical security solutions.

The first line of defense to accomplish this is to deploy IP devices and system components with encryption solutions such as the proven 256-bit Advanced Encryption Standard (AES). This end-to-end encryption algorithm secures communication between servers and clients, and supports Hypertext Transfer Protocol (HTTP), which is the foundation for data communication on the Internet. AES 256 is a symmetrical encryption algorithm that has been accepted by the U.S. and Canadian governments as a standard for encrypting transited data and data at rest. Essentially, AES 256 is a block of algorithms that "scrambles" data into unreadable code for transport, then when reconnected at the receiving point, is unscrambled using the same algorithm when the designated permissions are provided. To date, there have not been any confirmed hacks of AES 256 encrypted systems with the exception of faulty implementations.

Data encryption of networked systems and devices is the best way to reduce risks associated with misplaced, lost or stolen data. An IP video surveillance system, for example, has numerous points along its network infrastructure where various devices and related systems are being integrated. These include IP cameras and peripherals such as heaters and infrared lighting, modems, routers, switches which are often deployed remotely, all the way to the head-end where video management systems (VMS) manage these devices along with NVRs and other integrated systems such as access control which are typically now being integrated onto a single platform. Such end-to-end fully integrated video surveillance, access and security solutions represent the best that the security industry has to offer, but can also be turned against the very people, property and assets they are designed to protect when in the hands of the wrong individuals. There is no doubt that these systems need to be encrypted against cyber invasion.

In addition to enhancing physical security, encryption helps reduce legal liabilities from sensitive information residing on misplaced or discarded devices, as well as the risk of common virus attacks. With National Institute of Standards and Technology (NIST) certification, IP devices and servers with AES 256 encryption greatly help to prevent intruders from reconfiguring devices or gaining unauthorized access to stored data.

By incorporating AES 256 encryption into their IP products, manufacturers of surveillance, access and security products can save customers substantial time and money, as well as the cost and inconvenience of adding third-party encryption software to their systems. This secure technology allows security professionals to manage a broad range of equipment locally and remotely with centralized, secure local and remote access capabilities that are efficient and cost effective.

The optimized safety and security of an AES 256 encrypted solution can be best illustrated in municipal-wide surveillance and security applications. The need to protect large venues are areas where masses of individuals frequent, such as stadiums and arenas, and mass transit terminals and stations, represents a new challenge for public and private law enforcement and security management personnel. Networking surveillance and security systems, and providing access to outside authorities provides an invaluable means of protection to help prevent incidents from occurring and to conduct immediate analysis of unfolding situations using real-time video and data. Conversely, such vast integrations need to be bullet-proof against cyber-attacks.

Initially designed to protect sensitive banking information and later adapted by the healthcare industry to enforce HIPAA regulations, AES 256 encryption is compliant with multiple standards, including 256 bit end-to-end encryption of data communications between IP devices and servers. With the integration between a video management system’s open platform and an event streaming engine solution, data from IP cameras, ATMs or cash registers can be correlated to make event searching and tracking fast, easy and secure.

Moving forward, businesses will need to consider incurring additional costs related to network protection as hackers continue to be more focused and persistent with attacks. Fighting back with powerful physical and logical security solutions that employ advanced and proven encryption technologies can help mitigate future risks while actually reducing long-term expenditures.

About the Author

Ken LaMarca | Vice President, Sales and Marketing, OnSSI

Ken LaMarca is vice president of sales and marketing at OnSSI.