Published on 8 April, 2016
Bosch Security Systems, Inc., Genetec Inc. “Genetec”, and SecureXperts have collaborated in the design and development of an IP video solution that is resilient against unauthorised access, malware, brute force cracking and other exploit techniques. It uses Credentialed High Assurance Video Encryption (CHAVE™) technology to provide highly secure identification and authentication through multi-factor smart card credentials. This makes it ideal for mission critical applications and infrastructure protection.
Secure communication over the Internet
While all Bosch IP cameras use a unique embedded Trusted Platform Module to ensure the highest data security, CHAVE™-enabled cameras add an extra layer of protection that meets Federal Information Processing Standard (FIPS) Publication 140-2 Level 3 certified encryption standards. Using techniques known as Public Key Infrastructure (PKI) and Transport Layer Security (TLS), CHAVE™-enabled cameras allow secure communications over the Internet and other untrusted network connections.
CHAVE™-enabled systems leverage the use of federally mandated trusted smart cards (HSPD-12), and commercially issued smart cards for access to devices and to ensure live and recorded video is only accessible by a defined set of viewers. With support from SecureXperts, a security consulting and engineering firm that serves as the local registration agent for CHAVE™-enabled devices, cameras will ship to users pre-loaded with signed X.509 certificates. These unique certificates are used for authentication to ensure communication between trusted components and encryption to secure data. All cryptographic operations needed for encryption and authentication occur within the camera’s Trusted Platform Module, preventing unauthorised access to the certificate stored within the module.
CHAVE enabled IP cameras
Bosch will offer a range of CHAVE™-enabled IP cameras to fit a wide variety of imaging requirements and environmental conditions, including ruggedised pan-tilt-zoom cameras for extreme conditions, panoramic cameras for 360-degree surveillance, starlight cameras for low light environments, and more. Cameras will also come equipped with Intelligent Video Analytics to alert operators when predefined alarms are triggered, helping to enhance the physical security of critical applications.
To provide customers with a complete IP video solution, the latest version of Genetec’s open-architecture, unified security platform, Security Centre 5.4 is CHAVE™ enabled, supporting the use of smart cards and digital certificates. Users must authenticate with a unique smart card credential in order to gain access to Security Center and video from CHAVE™-enabled Bosch cameras.
“Guidance from the National Institute of Standards and Technology and the U.S. Department of Homeland Security mandate the use of smart cards and multi-factor authentication for mission critical environments,” said Dan Reese, Director, Vertical Market Applications, Bosch Security Systems, Inc. “With our embedded Trusted Platform Module and certificate-based authentication, we have extended smart card technology into our cameras. Through our partnership with SecureXperts, Bosch is offering the first IP security cameras pre-loaded with U.S. federally-trusted PKI certificates. These cameras combined with CHAVE™-enabled Security Centre from Genetec provide an IP video solution that maximises data security for critical applications. It’s a unique, powerful solution for customers concerned with the security of their video data and networks.”
Enhanced security compliance for enterprises
“Genetec is pleased to collaborate with Bosch in our mutual commitment to ‘Security-of-Security’, as we harden our systems to any potential vulnerabilities between edge devices (cameras) and the Genetec Security Centre VMS archiver--which manages, saves, and archives video data,” said Philippe Ouimette. “The new CHAVE™- enabled IP cameras from Bosch will help ensure that the front-end is as secure as the back-end, as video data is captured, managed, moved, and stored. These unmatched levels of authentication, encryption and authorisation will help IT and security departments assure security-of-security compliance," added Ouimette.
Security Center version 5.4 also offers the latest encryption standards such as TLS, AES-128, and RSA, which results in more secure communications between all Security Centre client and server applications. To streamline multi-organisation collaboration, organisations can leverage third-party claims services, including Microsoft Active Directory Federation Services, to manage Security Centre users across organisations and domains.
“SecureXperts has the good fortune to introduce this technology along with Bosch and Genetec to meet current and future cybersecurity technology requirements used in key critical infrastructure protection and mission essential environments,” says Darnell Washington, President/CEO of SecureXperts, Incorporated. “Our emphasis on maintaining highly secure environments for our partners, stakeholders, and clients has evolved into a leading edge technology solution that can provide secure surveillance using local, federated, or cloud hosted environments.”