Combating the cyber attack threats in a networked surveillance world
Axis has released a whitepaper covering three specific ways in which a system could be exploited in a surveillance system. The specific threats are firmware tampering, supply-chain tampering, and extraction of private keys, which are often caused by authorized personnel accidentally or deliberately misusing the system.
In particular, the whitepaper looks at some exciting solutions Axis has developed to counter cyber threats in security systems. The first is firmware signing for supply-chain tamper prevention. This is needed because, in theory, any “middle men” coming into contact with a device, for example during transit, could alter the device’s boot partition to allow firmware integrity checks to be bypassed. This means that during a firmware update, compromised firmware could also be installed onto the system. However, by using Axis secure boot process, a device can boot only with authorized firmware. The technology behind the secure boot process consists of an unbroken chain of cryptographically validated software, starting in immutable memory (boot ROM). Being based on the use of signed firmware, secure boot ensures that a device can boot only with authorized firmware.
The second is a trusted platform module (TPM), which provides a set of cryptographic features suitable for protecting information from unauthorized access. The private key is stored in the TPM and never leaves the TPM. Once access to the key has been requested, it is sent to the TPM to be processed before being released, ensuring the secret part of the certificate never leaves the secure environment, even in the event of a security breach.
Although these measures are above and beyond current regulation, it is worth familiarizing yourself with the cyber threats your organization may face.