In December 2021, Axis announced an open source project for video authentication, providing a reference design for a video authentication and verification method that can be adopted by the whole industry. The reference design is based on the addition of a cryptographic checksum to the video, which is then signed by the unique device ID, proving that the video has not been edited since being captured by the camera. We caught up with Stefan Lundberg, Senior Expert Engineer at Axis, and Sebastian Hultqvist, Global Product Manager for AXIS OS, to find out how the reference design has been received, and how Axis is implementing it in our own cameras as signed video.
Addressing an industry-wide issue
“There’s a saying: “a rising tide lifts all boats”. Sometimes, doing things that benefit the entire industry also benefit the individual people – or companies – within it. That was very much the philosophy behind the open source project,” explains Stefan Lundberg, Senior Expert Engineer at Axis. “The authentication and verification of video surveillance is so fundamental to our sector, that we felt sharing the reference design for use by every manufacturer was the obvious decision.”
Axis has always had an open approach. Our camera platform is based on open standards, and through the AXIS Camera Application Platform (ACAP) and community of partners around the world, innovation is brought to the benefit of customers more quickly and effectively. Providing an open source reference design (the software libraries together with documentation from the video authentication project are available on GitHub), takes this spirit of openness to another level.
Lundberg expands on the importance of an industry-wide approach to video authentication: “The key word is trust. It’s essential that everyone has 100% trust that video surveillance captured can be verified as an authentic view of the scene. Security personnel, investigating officers, judges and juries and, of course, citizens themselves, must all trust in video surveillance. Any doubts have the potential to undermine its value.”
Authentication at the point of capture
In simple terms, the video authentication and verification method detailed in our framework adds a cryptographic checksum to the video, which is then signed by the unique device ID, supplying proof that the video has not been edited since it left the camera. Signing the video at the earliest possible point and linking this to the specific device, means that this is maintained throughout the entire chain of custody, without the need to involve any additional verification, whether human or digital.
Since its announcement, the approach has been positively received throughout the industry, as Sebastian Hultqvist, Global Product Manager for AXIS OS, explains: “Signing video within the camera itself rather than later in video processing is seen as a real positive in our approach, entirely removing any question that video might have been edited since capture. The simplicity of having a manufacturer key allows us to embed everything needed for verification within the video stream when the video is stored and viewed, online or offline. We’ve had positive feedback on the approach from law enforcement agencies, governments, security researchers, VMS partners and other manufacturers of video surveillance equipment.”
Signed video in Axis cameras
While the framework for the authentication and verification method is available to anyone within the security sector, it will also be implemented within our own portfolio of cameras as signed video.
Within Axis cameras, signed video uses the Axis Edge Vault hardware component, one of the key security features built into our products. Axis Edge Vault is a secure cryptographic compute module which can be used for cryptographic operations on securely stored certificates. The component provides tamper-protected storage, enabling each device to protect its secrets and establishing a foundation for safe implementation of more advanced security features.
Axis Edge Vault protects the unique Axis device ID, a collection of certificates including a digitally signed version of the globally unique serial number of the Axis device. It also securely stores sensitive data and provides for secure execution of applications, and offers secure device authentication using the standardized method IEEE 802.1AR.
“Any manufacturer implementing the framework will need to ensure that the video signing takes place inside their own tamper-resistant hardware, which for us means Axis Edge Vault. This is essential: an irrefutable and secure link between the video signing and a specific device is central to the solution’s ease of use, which we feel is vital for widespread adoption,” expands Lundberg.
Strengthening video surveillance as evidence
Stepping back to look at the bigger picture, Hultqvist concludes: “Central to video surveillance’s role in public safety and security is its ability to be used as evidence. Whether in criminal investigations or claims by citizens and employees against public bodies and businesses, it’s vital that the authenticity of video surveillance can be presented without question: any doubt, however small, will be used to undermine the relevance of video evidence. We believe that signed video – and other manufacturers’ implementations based on the framework – is the most effective way to verify the authenticity of video throughout the chain of custody.”
More information about cybersecurity and authentication features in Axis products can be found in our whitepaper.
