Most electronic equipment today is run by microprocessors. These systems on a chip (SoC) not only contain the CPU but all the custom hardware used to control specific operating features of the device. In the case of a IP surveillance camera, for instance, the SoC not only controls the image sensor, processes the image and overlays graphics, it also performs advanced real-time compression on the video before delivering it to a remote receiver.
Incorporating all this functionality at the chip level in many different devices had multiple advantages. If not connected to any network, the SoC was largely invisible to the user, and could not be accessed remotely for maintenance or software updates; however, once the technology landscape evolved into the Internet of Things (IoT), the situation changed. If a network connected device has an open API (Application Programming Interface), third-party developers can access the “hidden” software on the chip and creatively manipulate it for other purposes.
With more people tapping into this technology through the network, bugs and limitations are quickly surfacing. Device manufacturers now have to deal with fixing those previously hidden bugs, quickly issuing security updates, and guaranteeing maintenance for a finite number of years.
As the world of IoT expands connectivity between these embedded chipsets, the challenges continue to compound. With open technology and open interfaces, manufacturers and software developers can collaborate more freely. Business owners can reap the benefits of an open platform, integrating multiple technologies and business critical solutions on an enterprise scale. On the other hand, more openness increases the possibility for cyber breaches to occur through linked devices and systems.
For years, the security industry tended not to focus on this cyber vulnerability and associated threats coming into the environments in which they were connected; however, catastrophic breaches where hackers gained access to vast amounts of business and personal data has brought the issue to a head. Users began demanding proof that their providers could protect their data assets from attacks.
Cybersecurity at the Device Level
Today, most manufacturers employ a layered approached to cybersecurity – whereby each layer of software and hardware shields the layer below with additional security features. They use open source building blocks that have been field-proven by millions of other devices. They rely on the collective experience of the whole technology community to improve product quality and fix difficult-to-find issues.
Ultimately, it is the device manufacturer who bears responsibility for hardware security and access to the sensitive data embedded within, such as end-user information, log-in credentials and even network access certificates.
While customizing a secure chip to address this issue would be ideal, the difficulty and extreme expense of doing so puts this possibility beyond the reach of most manufacturers. Instead, they have teamed up with chip vendors to share development efforts and costs as well as drive innovation.
The Mysterious Black Box
It all comes down to trust between the device manufacturer, the chip vendor and the end-user. The chip arrives in a black box bundled with a software development kit (SDK), and some documentation about what the chip will do and how to develop application software for it.
In truth, the chip designer is the only one who completely understands all that the chip can do, what other code might be in the drivers, what access they might have to anything else running on the device – encrypted data, login tokens, network traffic, etc. This lack of knowledge can be especially concerning for anyone using security equipment for business-critical tasks or worried about the leak of sensitive information. This makes it all the more important that device and chip manufacturers do everything they can to earn the trust of their users.
Alternatively, there are a few hardware manufacturers who have opted to invest in their own in-house chip development teams to convert their chip requirements into a mass-production-ready SoC. With 100-percent control of the SoC, they can build in advanced security features all the way down to the chip level that can prevent cyber vulnerabilities.
For example, some chips embed a signed firmware feature that checks all firmware signatures before upgrades are installed to ensure that only authorized firmware is accepted by the device. This gives users confidence that the downloaded firmware is from an official source and not from some malicious party. Another example of enhanced security on a chip is a secure boot feature that only permits signed firmware to boot. This protects the device from malicious firmware installed after leaving factory but before delivery.
With in-house chip creation, all the required software in the chip SDK is available in source code that the device manufacturers compile themselves. This further minimizes the opportunity for external code to create an opening for cyber breaches to occur.
Customized Chipsets for IP Cameras
Most mass-produced chips are designed to be generic and all-purpose. Due to the economy of scale, they are relatively inexpensive to produce and meet the needs of most electronic devices.
The market for specialized chips, on the other hand, is narrower – which raises the cost per unit. For devices like IP cameras, it would be impossible to meet the demands of video surveillance without chipsets customized to the task. These chips make it possible to reduce a camera’s footprint and power consumption while delivering a robust, feature-rich and cyber secure solution to end-users.
The algorithms embedded in the chipset are designed to optimize image usability. They help the camera deliver saturated and realistic colors and sharpen the images of moving objects even in low light or back-lit environments. They increase the camera’s sensitivity to light and extend the range of illumination in cameras with retractable infrared filters.
Other algorithms embedded in the chipset are designed to optimize video compression with a smart codec to lower bandwidth consumption and storage requirements without sacrificing image quality. The algorithms ensure compliance with H.264/H.265 compression standards so that users can export their video to common clients like smartphones, laptops and notebooks.
The SoC Roadmap Moving Forward
Addressing cyber risk is essential if chip vendors and device manufacturers expect users to flourish in the IoT ecosystem. Users need to feel confident that their partners’ core technology – from hardware and software to tool sets – provides the cybersecurity needed to safeguard their operations even as the landscape of cyber threats continues to evolve.
This reinforces the need for greater collaboration between technology partners, application developers, supply chains and the end-user community to ensure that everyone understands the threats and risks to the organization and how to proactively mitigate them.
Fredrik Nilsson is VP of the Americas for Axis Communications, Inc. He is the author of “Intelligent Network Video: Understanding Modern Video Surveillance Systems” published by CRC Press and now in its second edition.Request more info about Axis at www.securityinfowatch.com/10212966.