research-article

Analyzing the Security and Privacy of Cloud-based Video Surveillance Systems

Authors:

Johannes Obermaier,

Martin HutleAuthors Info & Claims

IoTPTS '16: Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security

Pages 22 - 28

https://doi.org/10.1145/2899007.2899008

Published: 30 May 2016 Publication History

Get Access

Abstract

In the area of the Internet of Things, cloud-based camera surveillance systems are ubiquitously available for industrial and private environments. However, the sensitive nature of the surveillance use case imposes high requirements on privacy/confidentiality, authenticity, and availability of such systems. In this work, we investigate how currently available mass-market camera systems comply with these requirements. Considering two attacker models, we test the cameras for weaknesses and analyze for their implications. We reverse-engineered the security implementation and discovered several vulnerabilities in every tested system. These weaknesses impair the users' privacy and, as a consequence, may also damage the camera system manufacturer's reputation. We demonstrate how an attacker can exploit these vulnerabilities to blackmail users and companies by denial-of-service attacks, injecting forged video streams, and by eavesdropping private video data - even without physical access to the device. Our analysis shows that current systems lack in practice the necessary care when implementing security for IoT devices.

References

[1]

A. Costin, J. Zaddach, A. Francillon, D. Balzarotti, and S. Antipolis. A large-scale analysis of the security of embedded firmwares. In USENIX Security Symposium, 2014.

Digital Library

Google Scholar

[2]

Deloitte & Technische Universität München. Ready for Takeoff? Smart Home aus Konsumentensicht. http://www.connected-living.org/content/4-information/5-downloads/4-studien/5-ready-for-takeoff/deloitte-smart-home-consumer-survey-20150701.pdf, July 2015.

Google Scholar

[3]

GfK. Smart home beats wearables for impact on lives, say consumers. http://www.gfk.com/fileadmin/user_upload/dyna_content_import/2015-11-24_press_releases/data/Documents/Press-Releases/2015/2015-11-11_smart-home_press-release_global.pdf, November 2015.

Google Scholar

[4]

M. Green. Attack of the week: FREAK (or 'factoring the NSA for fun and profit'). http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html, Mar. 2015.

Google Scholar

[5]

P. Kocher, R. Lee, G. McGraw, and A. Raghunathan. Security as a new dimension in embedded system design. In Proceedings of the 41st Annual Design Automation Conference, DAC '04, pages 753--760, New York, NY, USA, 2004. ACM. Moderator-Ravi, Srivaths.

Digital Library

Google Scholar

[6]

N. Serpanos and A. Papalambrou. Security and privacy in distributed smart cameras. Proceedings of the IEEE, 96(10):1678--1687, 2008.

Google Scholar

[7]

H. Vagts and J. Beyerer. Security and privacy challenges in modern surveillance systems. In Proceedings of the Future Security Research Conference, pages 94--116, 2009.

Google Scholar

[8]

T. Winkler and B. Rinner. Security and privacy protection in visual sensor networks: A survey. ACM Computing Surveys (CSUR), 47(1):2, 2014.

Digital Library

Google Scholar

[9]

T. Winkler and B. Rinner. Secure embedded visual sensing in end-user applications with trusteye. m4. In Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, pages 1--6. IEEE, 2015.

Google Scholar

Cited By

View all

Goeman VDe Ruck DCordemans TLapon JNaessens VDoupé AMilburn A(2024)Reverse engineering the Eufy ecosystemProceedings of the 18th USENIX Conference on Offensive Technologies10.5555/3696933.3696944(133-147)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696933.3696944
Windl MLeusmann JSchmidt AFeger SMayer SKelley PKapadia A(2024)Privacy communication patterns for domestic robotsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696906(121-138)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696906
Windl MSchlegel MMayer S(2024)Exploring Users' Mental Models and Privacy Concerns During Interconnected InteractionsProceedings of the ACM on Human-Computer Interaction10.1145/36765048:MHCI(1-23)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676504
Show More Cited By

Index Terms

Analyzing the Security and Privacy of Cloud-based Video Surveillance Systems

Recommendations

Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations
TrustED '16: Proceedings of the 6th International Workshop on Trustworthy Embedded Devices

Video surveillance, closed-circuit TV and IP-camera systems became virtually omnipresent and indispensable for many organizations, businesses, and users. Their main purpose is to provide physical security, increase safety, and prevent crime. They also ...
Providing destructive privacy and scalability in RFID systems using PUFs

Internet of Things (IoT) emerges as a global network in which any things (including humans and the real world things) having unique identifier can communicate each other. The RFID system has very important role in the IoT system for solving the ...
Security and privacy of internet of medical things: A contemporary review in the age of surveillance, botnets, and adversarial ML
Abstract
Internet of Medical Things (IoMT) supports traditional healthcare systems by providing enhanced scalability, efficiency, reliability, and accuracy of healthcare services. It enables the development of smart hardware as well as software ...

Comments

Information & Contributors

Information

Published In

IoTPTS '16: Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security

May 2016

54 pages

ISBN:9781450342834

DOI:10.1145/2899007

Program Chairs:
Richard Chow
Intel Corporation, USA
,
Gokay Saldamli
HPE Security - Data Security, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30, 2016

Xi'an, China

Acceptance Rates

IoTPTS '16 Paper Acceptance Rate 6 of 12 submissions, 50%;

Overall Acceptance Rate 16 of 39 submissions, 41%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

59
Total Citations
View Citations
920
Total Downloads

Downloads (Last 12 months)58
Downloads (Last 6 weeks)5

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Goeman VDe Ruck DCordemans TLapon JNaessens VDoupé AMilburn A(2024)Reverse engineering the Eufy ecosystemProceedings of the 18th USENIX Conference on Offensive Technologies10.5555/3696933.3696944(133-147)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696933.3696944
Windl MLeusmann JSchmidt AFeger SMayer SKelley PKapadia A(2024)Privacy communication patterns for domestic robotsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696906(121-138)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696906
Windl MSchlegel MMayer S(2024)Exploring Users' Mental Models and Privacy Concerns During Interconnected InteractionsProceedings of the ACM on Human-Computer Interaction10.1145/36765048:MHCI(1-23)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676504
Shalawadi SGetschmann Cvan Berkel NEchtler F(2024)Manual, Hybrid, and Automatic Privacy Covers for Smart Home CamerasProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661569(3453-3470)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661569
Windl MFeger S(2024)Designing Interactive Privacy Labels for Advanced Smart Home Device Configuration OptionsProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661527(3372-3388)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661527
Tejaswi BMannan MYoussef A(2024)Security Weaknesses in IoT Management PlatformsIEEE Internet of Things Journal10.1109/JIOT.2023.328975411:1(1572-1588)Online publication date: 1-Jan-2024
https://doi.org/10.1109/JIOT.2023.3289754
Ghani AUllah Jan SAshraf Chaudhry SAhmad RKim D(2024)MCDH-SLKAP: Modified Computational Diffie-Hellman-Based Secure and Lightweight Key Agreement Protocol for Decentralized Edge Computing NetworksIEEE Access10.1109/ACCESS.2024.345992512(133923-133936)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3459925
Jabbari AFung C(2024)A Privacy-Preserving Surveillance Video Sharing Scheme: Storage, Authentication, and Joint RetrievalJournal of Network and Systems Management10.1007/s10922-024-09879-933:1Online publication date: 25-Nov-2024
https://doi.org/10.1007/s10922-024-09879-9
Yunus NZamri MYusof N(2024)Development of a Motion Activated Security Cam for Monitoring ApplicationsApplied Problems Solved by Information Technology and Software10.1007/978-3-031-47727-0_1(1-8)Online publication date: 1-Jan-2024
https://doi.org/10.1007/978-3-031-47727-0_1
Nagothu DPoredi NChen Y(2023)Evolution of Attacks on Intelligent Surveillance Systems and Effective Detection TechniquesIntelligent Video Surveillance - New Perspectives10.5772/intechopen.105958Online publication date: 8-Feb-2023
https://doi.org/10.5772/intechopen.105958
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations

Providing destructive privacy and scalability in RFID systems using PUFs

Security and privacy of internet of medical things: A contemporary review in the age of surveillance, botnets, and adversarial ML

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations