Security and privacy protection aspects of CCTV systems:

September 28th, 2019

Closed-circuit television (CCTV) is a TV system in which signals are not publicly distributed, but are monitored, primarily for surveillance and security purposes. CCTV systems rely on strategic placement of cameras and observation of the camera’s input on monitors. As the cameras communicate with monitors and/or video recorders across private coaxial cable runs, or wireless communication links, they gain the designation “closed-circuit” to indicate that access to their content is limited to only those with authorization to see it.

The effectiveness of video surveillance technology is continuously improving, and it has already established itself as a vital security tool for the police, private companies and many public sector organisations.. An effective CCTV system contributes to the detection and prevention of crime, as well as protecting towns, cities and transport networks from the threat of terrorism.

Advances in CCTV technologies are especially from analog CCTV cameras to internet protocol (IP) ones which certainly improves the safety and security that CCTV systems provide, but also increases information security and privacy concerns. Having in mind that the new EU privacy protection regulation, General Data Protection Regulation (GDPR), will be applied from 25th May 2018, information security and privacy protection concerns of CCTV systems are being recognized.

Applications of CCTV systems for security:

There are three primary ways to use CCTV systems:

  • As  a deterrent;
  • For forensic purposes; and
  • As an interactive device.

Originally, CCTV surveillance systems were simply a deterrent. The notion that “Big Brother” was watching was often enough to keep people from misbehaving.

On the other hand, as recording and storing technologies and software, such as video analytics, have become more efficient, CCTV systems have evolved into a forensic surveillance tool, enabling the collection of evidence after an event has taken place.

Finally, as CCTV surveillance systems become more easily integrated with monitoring devices, alarm systems and access control devices, a third use of CCTV is related to help security personnel to identify and interrupt security breaches as they’re occurring, or even before they take place.

CCTV systems are commonly used for a variety of purposes:

  • Maintaining perimeter security in medium- to highly-secure areas and installations;
  • Observing the behavior of incarcerated inmates and potentially dangerous patients in medical facilities;
  • Traffic monitoring;
  • Overseeing locations that would be hazardous to humans, for example, highly radioactive or toxic industrial environments;
  • Building and grounds security;
  • Obtaining a visual record of activities in situations where it is necessary to maintain proper security or access controls, for example, in a diamond cutting or sorting operation, banks, casinos, or airports;
  • Home security;
  • Public transportation;
  • Crime prevention;
  • Business surveillance;
  • School protection;
  • Body worn;
  • Sporting events;
  • Monitor employees; 
  • CCTV for Open Data purposes.

We should have surveillance cameras in public places because they ensure public safety. Rarely will anyone attempt to harm anyone else when they know their actions are being recorded on camera. Cameras keep the public and their personal property safe.

The police can identify criminals through recordings on camera. Through surveillance cameras, the police can both prevent crimes from happening and can quickly solve criminal cases with material evidence.

Surveillance cameras protect against property theft and vandalism. It is very difficult for criminals to get away with stealing if there are cameras in operation. Therefore, the thief will often get caught. Surveillance cameras will catch the thief before, or during, the process of committing the crime.

Cameras, through video analytics, now have a zoom feature, allowing the camera to reveal someone’s identity, which can be beneficial to crime prevention when used in the correct way. As a result, the criminal can be apprehended quickly. For instance, in abduction cases a video would be a great way of tracking down a person quickly, and may even prevent a death.

In industrial plants, CCTV equipment may be used to observe parts of the process from a central control room, for example when the environment is not suitable for humans. CCTV systems may operate continuously, or only as required to monitor a particular event. A more advanced form of CCTV utilises digital video recorders (DVRs), providing recordings for many years potentially, with a variety of quality and performance options and extra features, such as motion detection and email alerts. More recently, decentralized IP cameras, some equipped with megapixel sensors, support recording directly to network-attached storage devices, or internal flash for stand-alone operation.

Advances in CCTV Technologies:

CCTV surveillance systems have made tremendous technological progress in the last decade, not only in individual capabilities, but also in the ability to interact with other security technology.

The following advances are:

  • Video content analysis (VCA)
  • High definition (HD) CCTV;
  • Sophisticated motion detection algorithms;
  • Wide dynamic range;
  • Internet of Things (IoT);
  • Cloud technology;
  • Big Data;
  • Video management systems (VMS); and
  • Wireless technology.
  • Video content analysis
  • A key area where CCTV is rapidly developing is that of VCA. This impressive technology is already contributing to the security of a range of high-level facilities, such as city centers, transport facilities, and utilities. The costs of the technology are falling and the capability increasing to the extent that it is becoming a cost effective option for commercial premises.

VCA:

VCA is the automatic analysis of CCTV images in camera or centrally, utilizing advanced algorithms to create useful information about the content. Generally, these systems need a static background and, consequently, tend to operate with fixed cameras or pan, tilt, zoom (PTZ) cameras at set positions, as they are looking to identify changes or movement at a particular scene. The scope of VCA is considerable and can be used in the detection of intruders, abandoned packages, wrongly parked vehicles or as a means of counting people.

One particular area that VCA can be especially effective is around the perimeter of a site. Securing a perimeter can be seen as one of the most crucial steps in any security plan. An early detection of a threat also means that there is more time and space available to formulate the necessary response, potentially preventing an intrusion all together.

One of the solutions is to hold CCTV information securely in the Cloud, with access limited to authorised personnel. There is no longer a physical DVR; data is sent directly and securely from the cameras to the Cloud. Such systems can not only provide an overview of all visual data collected by the CCTV cameras connected to it, but also complete control over access to that data, which is encrypted from end-to-end and can be viewed using a standard computer, tablet or smartphone, via secure browser technology. They can also only record CCTV data when needed and can automatically delete it when it is no longer required.

 

Biometric authentication for mobile computing applications:

September 21st, 2019

The development of mobile communication:

The internet and other technological advances have certainly changed the way we do things today. Even the most mundane things can now be accomplished through various ways and means, which have a lot to do with technology. Just look at customer behavior, particularly on how they shop and where they shop, and you will see a marked difference from the time before the internet and e-commerce came about in mobile computing applications.

For a while, e-commerce has been a major catchphrase in business. E-commerce, also known as electronic commerce, was about trading products and services via the internet and other computer networks and electronic systems. These activities include, but are not limited to, banking, insurance, advertising and warehousing. Even transportation transactions were also completed using e-commerce. Basically, e-commerce was broadly referred to as conducting business on the internet.

The evolution of how we transact did not stop there.

 The development of M-commerce:

The increasing usage of mobile and telecommunication devices acted as another precursor to change, and that change led to the rise of mobile commerce, also known as m-commerce.

The simplest way to describe mobile commerce would be the buying and selling of products – or the conduct of commercial transactions and activities – through telecommunication and other mobile devices that run or operate on wireless network technologies.

It is safe to say that m-commerce is an upgraded version of e-commerce. In fact, m-commerce has been defined as the conduct of e-commerce activities using mobile or cellular devices. If business transactions involve the use of wireless telecommunication networks, then it is highly likely to fall under m-commerce.

While terminologies such as internet banking, electronic money transfers and online shopping were very exciting and phenomenal-in the past decade, what excites consumers now is mobile banking, money transfer via mobile and mobile bookings among many others.

Biometric process:

Biometric systems depend on some separate processes: enrollment, live capture, template extraction and comparison. The purpose of enrollment is to gather and store biometric samples beside creating numerical templates for any future comparisons. By storing the raw samples, new replacement templates can be generated in the event that a new or updated comparison algorithm is presented to the system.

Template extraction needs signal processing of the raw biometric samples  to yield a numerical template. Templates are typically generated and stored upon enrollment to secure processing time upon upcoming comparisons. Comparison of two biometric templates applies algorithmic computations to measure their likeness. At comparison level, a match score is allocated. If it is above a specified threshold, the templates are considered a match.

For better recognition rate, multiple samples for each individual are gathered through registration. At the verification step, similar set of features which have been extracted through enrollment process are extracted from the input samples scanned or recorded using input devices, to form the feature vectors. Verification is 1 to 1 matching. Within verification, the individual claims his or her identity which is confirmed by comparing these feature vectors by the feature vectors of the individual which he or she claimed to be. If the matching rate crosses the threshold then the system will validate the individual as authentic user, or the individual will be rejected.

Security Issues in Mobile Computing Applications:

The mobile computing is the communication between computing devices without a physical connection between them through wireless networks, which mean there are some of new mobile security issues that are originated from wireless security issues. The security issues and threats of mobile computing can be divided into two categories: security issues that related to transmission of information over wireless networks, and the issues that related to information and data residing on mobile devices.

  • Wireless Security Issues:

The security issues that related of wireless networks are happened by intercepted of their radio signals by hacker, and by non-management of its network entirely by user because most of wireless networks are dependent on other private networks which managed by others, so the user has less control of security procedures.

  • Denial of Service:

It’s one of common attacks of all kinds of networks and specially in wireless network, which mean the prevent of users from using network services by sending large amounts of unneeded data or connection requests to the communication server by an attacker which cause slow network and therefore the users cannot benefit from the use of its service .

  • Traffic Analysis:

It’s identifying and monitoring the communicating between users through listening to traffic flowing in the wireless channel, in order to access to private information of users that can be badly used by attacker .

  • Eavesdropping:

The attacker can be log on to the wireless network and get access to sensitive data, this happens if the wireless networks was not enough secure and also the information was not encrypted.

  • Session Interception and Messages Modification:

Its interception the session and modify transmitted data in this session by the attacker through scenario which called: man-in-the-middle which inserts the attacker’s host between sender and receiver host .

  • Spoofing:

The attacker is impersonating an authorized account of another user to access sensitive data and unauthorised services.

  • Captured and Re transmitted Messages:

Its can get some of network services to attacker by get unauthorized access through capture a total message and replay it with some modifications to the same destination or another.

 

Security Techniques And Requirement:

There are a number of security requirements which valid with security issues relating to distributed systems, such as identification and authentication of trusted people by using authentication mechanisms like passwords, cryptographic techniques, access control by using information and rules of access control, information confidentiality by using mechanisms of confidentiality like encryption, information integrity by using integrity mechanisms those provide a verification of integrity checks and availability and prevention of denial of service. Security requirements which related to traditional computing, but with mobile computing the security requirements have become highly important, especially with regard to data security. One of the most important security measures is maintaining of the latest update of network or mobile elements and their software. There are different security requirements and techniques which valid for both mobile devices and networks, some of them include:

  • Encryption:

If there is an important information that stored in a mobile device, it should be encrypt this information to save it from unauthorized access by external party or in case if a mobile is stolen. It also contributes to the security aspects of confidentiality and integrity.

  • Standards:

It should ensure that the mobile devices are protected and have a set of requirements like: locking, backups, antivirus software, and a strong password protection

  • Network Access Control (NAC) solutions:

This is a system used to check which mobile devices trying to connect to the network, that’s provide protection of the network from any infections or malicious code that may damage of mobile devices .

  • Control Access:

Control access to functions of mobile computing systems depending on the current location of the user, and there are already some security models which identifies some functions to certain user to use these functions.

  • Application Sand boxing:

When creating mobile applications, it determined declarative permissions which will not be changed at run time of application, these permissions can be improve to the security aspect of mobile devices by isolation and control of application from accessing to the system or interact with other applications that may be infected by malware code and virus, it also contributes to determine of resources that may be shared.

 

They have been reviewing some of the security requirements for mobile computing, which included: Encryption, Standards, Network Access Control, Control access to functions depending on location of user, Application Sand boxing, and Memory Randomization are also the integral part of mobile computing applications.