Contact Us 
Partner Login White Papers Home
Understanding Authentication
This document provides an introduction to the new authentication process provided with Control Center 2.4. When IndigoVision 8000 MPEG-4 video is exported from an IndigoVision NVR the video is protected using a highly secure and well-known process such that any subsequent tampering, malicious or accidental, of the video can be detected. Using the IndigoVision File Player, which is provided along with Control Center 2.4, it is possible to authenticate the exported clip at any time to determine whether any such tampering has occurred.
Contents
1 BACKGROUND
This document provides an introduction to the new authentication process provided with Control Center 2.4. When IndigoVision 8000 MPEG-4 video is exported from an IndigoVision NVR the video is protected using a highly secure and well-known process such that any subsequent tampering, malicious or accidental, of the video can be detected. Using the IndigoVision File Player, which is provided along with Control Center 2.4, it is possible to authenticate the exported clip at any time to determine whether any such tampering has occurred. Figure 1 shows the basic scenario.
Protection of content is important to ensure that vital information, such the time and date of an incident, the duration of video clip, the identity of an intruder, a licence plate or any other vital information, is accurately preserved for evidential purposes.
The process of protecting exported video clips employed by IndigoVision uses a dual layer encryption system comprising of both digital signature and watermarking technology. The use of digital signatures offers strong cryptography, using industry-standard public key encryption techniques, to secure the video data. The digital signature is then “hidden” within the video itself using an IndigoVision watermarking technique. Thus the strongly encrypted digital signature, used to verify the authenticity of the exported video data, is not even visible when viewing the video in a standard video player, nor when the actual raw bytes of data are directly examined.
The first section of this document explains in broad terms the process of embedding the digital signature into the video, with brief descriptions of public key encryption, digital signatures and watermarking. The second section describes the process of verifying the authenticity of an exported clip.
Figure 1: Export and authenticate
1.1 Content protection
As previously mentioned protecting content is vital for evidential purposes, and there are many ways and reasons, malicious and accidental, that an exported clip can be modified in an insecure environment. For example,
- A file can be shortened in duration to remove incriminating evidence
- A file may be imported into a 3rd-party editor and video modified to obfuscate, for example, identities of people or licence plates
- The internal time associated with the video in the file may be altered to give the impression the video was recorded at a different time
- Frames, or segments, of video may be removed or re-ordered
- Individual video pixels may altered in the file
- Video corruption through faulty file storage
The authentication process employed by IndigoVision, and described in this document, will detect all of the issues described above.
2 Exporting
When video is exported from an IndigoVision NVR it is protected, by default, using public key encryption to form a digital signature for the exported video. This digital signature is then watermarked onto the video itself, and as such the exported file is termed digitally signed. These terms are described in more detail in the following sections. The process of determining whether a digitally signed video file has been modified, since it was exported, is covered in the next section.
2.1 Public key encryption
Public key encryption is a modern and standard method for encrypting digital data used in a wide range of applications, such as protecting your private bank details, Internet transactions, and secure computer communication, and not just for protecting video content.
A key is basically a very long string of binary digits typically containing over 1000bits. Public key encryption uses two such related keys: a private key and a public key. The private key is used to encrypt the data to be protected and is kept totally secret. The second half of the key pair, the public key, can be used to unlock the data. The point is that with the public key it is possible to see the data but it is not possible to modify the encrypted data without the private key.
There are several methods for generating these special private-public key pairs but the most popular is known as RSA, after its creators Rivest, Shamir and Adleman.
2.2 Digital signatures
In order to digitally sign a file, all the data file, in this case the video, which is to be protected, is passed through what is known as a hashing function. This hashing function produces a large checksum value for the file, which is then encrypted using the private key, as described in the previous section.
A number of different hashing functions are used by digital signature technologies, of which the two most popular are MD5 and SHA-1. IndigoVision uses an SHA-1 hashing function as it is cited as the more robust, combined with a 1024-bit RSA public-private key pair, which is scrambled within the IndigoVision software.
Digital signatures rely on the near-impossible possibility of modifying a video file such that the hashing function will produce the same checksum as the unmodified file. For example with SHA-1 there are the order of 2160 potential checksums! Even modifying a single bit of the video file will change the output from the hashing function.
2.3 Watermarking
Watermarking is the process of adding information to the actual video content itself. Often the addition of a watermark is designed such that this, potentially secret, information can be extracted from the video at a later date. A watermark may be designed to be visible, for example for copyrighting, or invisible, for content protection or secret communication.
Watermarking is the more traditional approach to protecting video content and has been used extensively in the analog video domain. However, its applicability to the protection of digital video is less justifiable as digital techniques, such as public key encryption, are far more powerful, secure, faster to compute and simply more suited.
In the IndigoVision process watermarking is used to hide the digital signature of a file within the video itself, such that the hidden signature is totally imperceptible to the human eye. This adds a further level of security and confidence that the video cannot be compromised.
3 Authentication
Once exported the video is cannot be modified in any way without detection by the authentication software. This authentication software is included in the IndigoVision File Player. Authentication is the process of verifying whether a clip has been modified since it was exported.
Once an exported clip is loaded into the File Player the user is provided with an option to authenticate the clip. This is shown in Figure 2.
Figure 2: Playing an exported clip
Once the user has clicked on the “?” symbol the authentication software extracts the watermark from the video, and using the public key will decrypt the watermark data to determine the video SHA-1 checksum. The authentication software then computes the SHA-1 checksum of the clip that has been loaded. If this recomputed checksum agrees with the decrypted checksum, derived from the watermark, then the clip is deemed to valid and unmodified. An example of a valid file is shown in Figure 3.
Figure 3: Clip has been verified as valid
Figure 4 shows a situation where the video has been clearly modified since exporting, and the authentication software has detected this modification.
Figure 4: Clip has been tampered
References
[1] FIPS PUB 180-1: Secure Hash Standard, April 1995.
[2] RFC 1321 - The MD5 Message-Digest Algorithm
