Axis network products offer a variety of built-in cybersecurity features to counter different types of cyber-attacks, effectively battle vulnerabilities, and prevent unauthorized access to your system. From detecting firmware tampering to preventing device replacement, these features safeguard your system and help reduce the risk of digital attacks.
Authenticated by Axis
How do you know your system is communicating with an authorized Axis device and that the video captured by the device hasn’t been tampered with? Following the latest international standard for secure device identity (IEEE 802.1AR), the Axis Edge Vault security component enable automatic and secure identification of new devices during installation. It also simplifies authorization of Axis products on your network. Axis Edge Vault protects the Axis device ID, a collection of certificates including a digitally signed version of the globally unique serial number of your Axis device.
For added trust and assurance, signed video adds a cryptographic checksum into each video frame which is then signed by the Axis device ID. This allows video to be traced back to the Axis camera from where it originated, so it’s possible to verify that the footage hasn’t been tampered with after it left the camera.
Signed video is available for compatible cameras with firmware 10.11, and video recordings can be verified using AXIS File Player.
Used in selected Axis products, the Trusted Platform Module (TPM) is a standalone hardware component that ensures cryptographic keys and certificates are safe and secure, even in the event of a security breach. All private keys are stored within the TPM and all cryptographic operations requiring the private key are sent to the TPM for processing. It’s not possible to modify anything inside the TPM, so the secret part of the certificate is always safeguarded. The TPM in Axis products is certificated to meet the requirements of FIPS 140-2 level 2 and includes role-based operator authentication and tamper evidence.
Attackers may try to deceive system owners into installing altered firmware which may include malicious code. Signed firmware prevents this. You can verify the integrity of the firmware before you install new devices or upgrade existing ones. Axis firmware is signed using a digital signature. This process is based on the RSA public-key encryption method, where the public key is embedded in the Axis device and the private key is stored in a safe and secure location at Axis. Devices with signed firmware can validate the firmware before allowing installation. This guarantees that the firmware is indeed from Axis and hasn’t been compromised.
Signed firmware is included in all devices running firmware version 9.20, and certain Axis devices using firmware version 8.40.
Based on the use of signed firmware, secure boot acts as a gatekeeper for your surveillance system. This functionality ensures unauthenticated, tampered code is blocked and rejected during the boot process before it can attack or infect your system. Furthermore, Axis signed firmware allows you to safely restore the device to its default factory state, and secure boot will guarantee it’s completely free of malware after a factory default.