ABSTRACT
Video surveillance enabled by Internet of Things (IoT) devices, such as smart cameras, has become a popular set of applications recently with the trend of adopting IoT in multimedia signal processing and smart home use cases. Despite its intelligence and convenience, the video motion detection module deployed on the IoT devices poses security challenges due to the sensitive nature of the captured surveillance video and the motion detection operation. In this paper, we investigate the security vulnerabilities of IoT video surveillance from the hardware system point of view. We first develop a proof-of-concept prototype demonstrating video replay attacks, in which the compromised surveillance device hides the chosen suspicious motion by overwriting the corresponding frames with pre-recorded normal frames under the control of the attacker. To address the security concerns, we develop a hardware-based IoT security framework that creates a trusted execution environment and physically isolates the security sensitive components, such as the motion detection module, from the rest of the system. We implement the security framework on an ARM system on chip (SoC). Our evaluations on the real hardware reveal superior security and low performance/power overhead in IoT video surveillance applications.
- ARM Security Technology: Building a Secure System using TrustZone Technology. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html.Google Scholar
- Intel Software Guard Extensions. https://software.intel.com/en-us/isa-extensions/intel-sgx.Google Scholar
- Nest Cam Spec Sheet. https://content.abt.com/documents/73396/NC2100ES-specs.pdf.Google Scholar
- Ring Video Doorbell. https://ring.com/.Google Scholar
- 2016. iOS Security Guide. https://www.apple.com/business/docs/iOS_Security_Guide.pdf.Google Scholar
- Mamoona Asghar and Mohammad Ghanbari. 2011. Cryptographic keys management for H. 264 scalable coded video security. In Information Security and Cryptology (ISCISC), 2011 8th International ISC Conference on. 83--86.Google ScholarCross Ref
- Ahmed M. Azab, Kirk Swidowski, Rohan Bhutkar, Jia Ma, Wenbo Shen, Ruowen Wang, and Peng Ning. 2016. SKEE: A Lightweight Secure Kernel-level Execution Environment for ARM. In The Network and Distributed System Security Symposium (NDSS).Google Scholar
- Mainak Banga and Michael S. Hsiao. 2010. A region based approach for the identification of hardware Trojans. In IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). 40--47. Google ScholarDigital Library
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In USENIX Symposium on Operating Systems Design and Implementation (OSDI). 267--283. Google ScholarDigital Library
- Gedare Bloom, Bhagirath Narahari, and Rahul Simha. 2009. OS support for detecting Trojan circuit attacks. In IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). 100--103. Google ScholarDigital Library
- Stefan Brenner, Colin Wulf, and Rüdiger Kapitza. 2014. Running ZooKeeper coordination services in untrusted clouds. In USENIX Conference on Hot Topics in System Dependability (HotDep). 2--2. Google ScholarDigital Library
- Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In USENIX Security Symposium.Google ScholarDigital Library
- Prithula Dhungel, Xiaojun Hei, Keith W. Ross, and Nitesh Saxena. 2007. The pollution attack in P2P live video streaming: Measurement results and defenses. In Workshop on Peer-to-peer streaming and IP-TV. 323--328. Google ScholarDigital Library
- Jeremy Dubeuf, David Hély, and Ramesh Karri. 2013. Run-time detection of hardware Trojans: The processor protection unit. In IEEE European Test Symposium (ETS). 1--6.Google ScholarCross Ref
- Andrew Ferraiuolo, Xuehui Zhang, and Mark Tehranipoor. 2012. Experimental analysis of a ring oscillator network for hardware Trojan detection in a 90nm ASIC. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 37--42. Google ScholarDigital Library
- Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, and Christiano Giuffrida. 2017. ASLR on the line: Practical cache attacks on the MMU. In Network and Distributed System Security Symposium (NDSS).Google ScholarCross Ref
- Yier Jin and Yiorgos Makris. 2008. Hardware Trojan detection using path delay fingerprint. In IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). 51--57. Google ScholarDigital Library
- Narjes Jomaa, David Nowak, Gilles Grimaud, and Samuel Hym. 2016. Formal proof of dynamic memory isolation based on MMU. In International Symposium on Theoretical Aspects of Software Engineering (TASE). 73--80.Google ScholarCross Ref
- Konstantinos Koukos, Alberto Ros, Erik Hagersten, and Stefanos Kaxiras. 2016. Building heterogeneous unified virtual memories (UVMs) without the overhead. ACM Transactions on Architecture and Code Optimization (TACO) 13, 1 (2016), 1. Google ScholarDigital Library
- Chung-Hsin Liu and Chun-Lin Lo. 2009. The analysis of DDoS attack for the video transmission. In Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human. 394--399. Google ScholarDigital Library
- Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. Using ARM TrustZone to build a trusted language runtime for mobile applications. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 67--80. Google ScholarDigital Library
- Jared Schmitz, Jason Loew, Jesse Elwell, Dmitry Ponomarev, and Nael AbuGhazaleh. 2011. TPM-SIM: a framework for performance evaluation of trusted platform modules. In Design Automation Conference (DAC). 236--241. Google ScholarDigital Library
- Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In IEEE Symposium on Security and Privacy. 38--54. Google ScholarDigital Library
- Prabira Kumar Sethy, Kamal Pradhan, and Santi Kumari Behera. 2016. A security enhanced approach for video steganography using K-Means clustering and direct mapping. In International Conference on Automatic Control and Dynamic Optimization Techniques (ICACDOT). 618--622.Google ScholarCross Ref
- Jianxiong Shao, Yu Qin, Dengguo Feng, and Weijin Wang. 2015. Formal analysis of enhanced authorization in the TPM 2.0. In ACM Symposium on Information, Computer and Communications Security (ASIA CCS). 273--284. Google ScholarDigital Library
- Shikha Sharma and Devendra Somwanshi. 2016. A DWT based attack resistant video steganography. In International Conference on Information and Communication Technology for Competitive Strategies. 116. Google ScholarDigital Library
- Matthew Simpson, Bhuvan Middha, and Rajeev Barua. 2005. Segment protection for embedded systems using run-time checks. In International Conference on Compilers, Architectures and Synthesis for Embedded Systems. 66--77. Google ScholarDigital Library
- E. Srikanth. 2014. Zynq-7000 AP SoC low power techniques part 2 - Measuring ZC702 power using TI Fusion Power Designer tech tip. http://www.wiki.xilinx.com/Zynq-7000+AP+SoC+Low+Power+Techniques+part+2+-+Measuring+ZC702+Power+using+TI+Fusion+Power+Designer+Tech+Tip.Google Scholar
- Chris Stauffer and W. Eric L. Grimson. 1999. Adaptive background mixture models for real-time tracking. In Computer Vision and Pattern Recognition, 1999. IEEE Computer Society Conference on., Vol. 2. 246--252.Google ScholarCross Ref
- He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing. 2015. TrustOTP: Transforming smartphones into secure one-time password tokens. In ACM Conference on Computer and Communications Security (CCS). 976--988. Google ScholarDigital Library
- Viswanathan Swaminathan and Sayaan Mitra. 2012. A partial encryption scheme for AVC video. In IEEE International Conference on Emerging Signal Processing Applications (ESPA). 1--4.Google ScholarCross Ref
- Viswanathan Swaminathan and Sheng Wei. 2013. Offline protected video playback on heterogeneous platforms. In IEEE International Conference on Multimedia and Expo Workshops (ICME). 1--4.Google ScholarCross Ref
- Mark Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. In IEEE Design & Test of Computers. 10--25. Google ScholarDigital Library
- Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2013. Steal this movie: Automatically bypassing DRM protection in streaming media services. In USENIX Security Symposium. Google ScholarDigital Library
- Sheng Wei, Saro Meguerdichian, and Miodrag Potkonjak. 2010. Gate-level characterization: Foundations and hardware security applications. In Design Automation Conference (DAC). 222--227. Google ScholarDigital Library
- Sheng Wei, James B. Wendt, Ani Nahapetian, and Miodrag Potkonjak. 2014. Reverse engineering and prevention techniques for physical unclonable functions using side channels. In Design Automation Conference (DAC). 1--6. Google ScholarDigital Library
- Francis Wolff, Chris Papachristou, Swarup Bhunia, and Rajat S. Chakraborty. 2008. Towards Trojan-free Trusted ICs: Problem analysis and detection scheme. In Design, Automation and Test in Europe (DATE). 1362--1365. Google ScholarDigital Library
- Xilinx Inc. 2014. Programming ARM TrustZone Architecture on the Xilinx Zynq-7000 All Programmable SoC. In UG1019 (v1.0).Google Scholar
- Yan Zhai, Lichao Yin, Jeffrey Chase, Thomas Ristenpart, and Michael Swift. 2016. CQSTR: Securing cross-tenant applications with cloud containers. In ACM Symposium on Cloud Computing (SoCC). 223--236. Google ScholarDigital Library
- Dawei Zhang, Zhen Han, and Guangwen Yan. 2010. A portable TPM based on USB key. In ACM conference on Computer and Communications Security (CCS). 750--752. Google ScholarDigital Library
- Xuehui Zhang, Andrew Ferraiuolo, and Mohammad Tehranipoor. 2013. Detection of Trojans using a combined ring oscillator network and off-chip transient power analysis. ACM Journal on Emerging Technologies in Computing Systems 9, 3, Article 25 (2013), 25:1--25:20 pages. Google ScholarDigital Library
Index Terms
- Towards the Security of Motion Detection-based Video Surveillance on IoT Devices
Recommendations
Protecting IoT devices from security attacks using effective decision-making strategy of appropriate features
AbstractThe term "Internet of things (IoT)” refers to a network in which data from all connected devices may be gathered, analyzed, and modified as per requirements to offer new services. IoT devices require a constant Internet connection to exchange ...
IoT Security & Privacy: Threats and Challenges
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and SecurityThe era of the Internet of Things (IoT) has already started and it will profoundly change our way of life. While IoT provides us many valuable benefits, IoT also exposes us to many different types of security threats in our daily life. Before the advent ...
Data Security and risks for IoT in intercommunicating objects
BDCA'17: Proceedings of the 2nd international Conference on Big Data, Cloud and ApplicationsNowadays Internet of Things" (IoT) codes are passive entities that encode information, The goal of this work is to give explicit interconnections between IoT specifications and interpreting IoT codes and information's in order to exchange information to ...
Comments