Abstract

Recently, as the utilization of CCTV (closed circuit television) is emerging as an issue, the studies on CCTV are receiving much attention. Accordingly, due to the development of CCTV, CCTV has IP addresses and is connected to network; it is exposed to many threats on the existing web environment. In this paper, steganography is utilized to confirm the Data Masquerading and Data Modification and, in addition, to strengthen the security; the user information is protected based on PKI (public key infrastructure), SN (serial number), and R value (random number) attributed at the time of login and the user authentication protocol to block nonauthorized access of malicious user in network CCTV environment was proposed. This paper should be appropriate for utilization of user infringement-related CCTV where user information protection-related technology is not applied for CCTV in the future.

1. Introduction

Due to networking of CCTV and openness of the internet, the necessity to protect privacy video data and information safety, trust, protection, and concealment is in demand, and as the according application technique, the study on steganography method which inserts confidential information to the transfer media is actively in progress.

The existing web has much vulnerability, and as CCTV was involved with networking, it became a problem that CCTV is exposed to such vulnerability of web. Also, CCTV videos are related to privacy, and if such videos are exposed to unspecified public, it would be a sufficiently sensitive issue.

Recently, there are many problems related to CCTV; the manager does not frequently change the public IP or dynamic IP of network camera, rendering it easy to be exposed outside, and once IP address is leaked, the crack program breaking the password is used to access the administrator account and have the monitoring video leaked at any time. Network monitoring camera, however, has a large data size and sends data through streaming unlike other IT resources; thus it is hard to change the IP address and is easily exposed outside. Due to such issues, it is only a matter of time for the monitoring video to be leaked. Other than that, there is possibility of leakage of CCTV videos due to several threats, and data security must be provided accordingly. Existing studies [117] on CCTV security concentrated on security structure of CCTV network infrastructure, security policy, and utilization under specific environment (crime prevention, etc.). This paper shifts from such general topics to propose a user authentication protocol under network CCTV environment which reinforces CCTV monitoring with steganography and prevents malicious user access. International trends of CCTV security are given in Table 1.

2.1. Network CCTV System

By inserting IP to the existing CCTV, CCTV can be managed individually, and as long as internet is available, remote management and remote monitoring are available. Such network CCTV system is as in Figure 1.

2.2. Problems of Network CCTV Systems

As CCTV gets involved with networking, there are many emerging issues. The number of police protecting the safety of the citizens is increasing every year, but due to the increase in social violent crime occurrences and public order issues, the installation/operation of network-based CCTV systems are expanding nationwide for the purpose of citizen protection and personal security. Particularly, thanks to the advancement of internet technologies, the utilization scope became more diverse from illegal trash dumping to public order/crime prevention to illegal parking/stop, and so forth.

On the other hand, despite the expansion of installation/expansion of CCTV system, relative absence of clear governmental guidelines and reckless introduction with standards are emerging as security issues [18, 19].

The purpose of CCTV in different nations is prevention of major crimes and promotion of public security. Existing analog CCTV devices are changing into network-based digital CCTV with HD screen. The market for network-based CCTV system is growing for operation of integrated control centers. Examples [2022] of security scenarios that can occur in network-based CCTV systems are as follows.Collection of information by CCTV system that uses public IP: as the system is linked to various paths, exposure of IP address as problem that information on the operating system and application used by CCTV system server can be collected with ease. Hackers can use this as a starting point to make different hacking attempts based on information collected from each server.Sniffing and spoofing of sections with security vulnerabilities: since all IP-based CCTV systems communicate via different network devices and servers in a public network, information can be exposed when a section without security infrastructure is hacked.Lack of data safety from nonapplication of encryption on video data: existing analog CCTV and network CDTV with relatively low hardware specifications have a problem in which real-time data cannot be encrypted. This results in easy exposure of data stored in servers.Security vulnerabilities of CCTV control centers: as control centers are always connected to network because they need to manage and control CCTV on a real-time basis, security vulnerabilities of server and control PC can expose ID and password of important administrator accounts. Hacked CCTV systems can be used as a means to attack internal infrastructure and attack route.As shown in the hacking scenarios described above, hacking of important information and exposure of CCTV information have reached a dangerous level of security alert for network CCTV systems resulting in leakage of confidential information of public institutions and corporations, deletion or alteration of important information such as major theft crimes, and unauthorized release of private CCTV information.

3. Video Steganography Application Plan for Network CCTV Monitoring Security

As in Figure 2, the overall system structure diagram shows that when sending the video from the CCTV, the steganography is inserted realtime before being sent to the server, and then the server extracts the steganography from the video again.

This report proposes a method to protect the system by inserting steganography to the real-time video of CCTV monitoring system provided in open source. Figure 3 is the overall data flowchart of this report. This structure is in three different work processes of generation, conversion, and extraction. The generation part generates the video data from CCTV and converts the video data into bits. The conversion part is the LSB process for the bit-converted video data and proposed steganography insertion application. The extraction part is the process of reverse-quantization of data extract by LSB method and generating video data. The proposed steganography input method is as in Figure 4.

Figure 5 shows the application of shift to the corresponding data line by the same rule as in Table 2. For example, the data in Figure 4 shall have the time value of image filmed with CCTV, user name, key value of CCTV, and so forth.

4. User Authentication Protocol to Block Malicious User

Figure 6 is the overall outline diagram of the proposed protocol. In the proposed user registration process, along with the user authentication, the user and related CCTV are synchronized at the same time providing the SN of CCTV, and in user authentication process, this SN and random number attributed to the user are used to strengthen identity authentication, and it is rendered impossible to leak CCTV video by password unlock crack or simple CCTV IP access.

4.1. User Registration Protocol

Figure 7 is the user registration process of the proposed protocol. The proposed user registration protocol is achieved by executing the following procedure.The user sends the network CCTV video service request message to the operation PC of VMS.The operation PC of VMS requests the user information necessary for member subscription.The user requests the user information for member subscription.Response {User Data(Name, Num)}.The corresponding information is, respectively, user’s name and user’s resident registration number.The operation PC of VMS sends the received user information to the identity confirmation agency and requests authentication.Verify User Data confirm {User(Name, Num)}.VMS does not feature an agency to identify the information for the user. Therefore, the operation PC of VMS sends the data received from the user to the identity confirmation agency to request the confirmation of the information for the user.The identity confirmation agency checks the user’s personal information, and if the information is correct, it sends an approval message to the operation PC of VMS, and if not, it sends a rejection message.The operation PC of VMS sends the response message received from the identity confirmation agency to the authentication server.The operation PC of VMS checks the user information with the received message.The authentication server sends the approval message for the user information to the operation PC.The operation PC sends the approval message received from the authentication server to the user.The user encrypts the ID and password to be used with the public key of VMS and sends it to the operation PC of VMS.Send {(ID PW)}.The user sends the ID and password encrypted with the public key of VMS so that the user ID and password can only be decrypted by VMS and it is safe from external attacks such as password speculation attack.The operation PC decrypts the data received from the user with the personal key of VMS to extract ID and password.Transaction {(ID PW)}.The operation PC sends the value hashed to prevent the exposure of user’s ID and password to the authentication server.Send {ID h(PW)}.The authentication server registers the received user information.The authentication server sends the result for the completion of member subscription to the operation PC.The operation PC encrypts the SN value of CCTV necessary for the authentication process with the public key of the user and sends it.Send {(SN)}.The objective of this user registration protocol is to check the user information and obtain SN which is the information needed when requesting service from the network CCTV that the user wants to see.

4.2. User Authentication Protocol

Figure 8 is the proposed user authentication protocol process.

The proposed user authentication protocol is achieved by executing the following procedure.The user makes a service request to the operation PC of VMS.The operation PC checks the member subscription of the user before providing the service, and if the user is a member, it requests the user information and CCTV SN distributed at the time of member subscription.After encrypting the hashed data of user ID, password, and CCTV SN value with the public key of VMS, it is sent to the operation PC.Response {(ID PW h(SN))}.The operation PC decrypts the received data with the personal key of VMS to check the SN value of CCTV and hashes to prevent exposure of user ID and password and sends it to the authentication server.Send {ID h(PW)}.The authentication server checks the received ID and password and generates a single-use value for the corresponding user.The authentication server sends the generated value to the operation PC.The operation PC encrypts the corresponding port number of IP information of CCTV for the SN value and value received from the authentication server together with the public key of the user and sends it to the user.Send {( CCTV_IP P_Num)}.The user decrypts the received data with the personal key of the user to access CCTV. The user connects the data where SN of CCTV is encrypted with the public key of CCTV to the data where the user ID, password, and random number () are encrypted with the public key of VMS and sends it to CCTV.Send {(SN) (ID PW )}.CCTV decrypts the received data with the personal key of CCTV, and if the SN value matches that of the CCTV itself, it sends the data encrypted with the public key of VMS to VMS.Send {(ID PW )}.VMS operation PC decrypts the received data with the personal key of VMS and extracts ID, password, and value.Transaction { (ID PW )}.The operation PC transfers the hash value and random number to the authentication server in order to prevent exposure of ID and password.Send {ID h(PW) }.The authentication server verifies that the received ID, password, and value are the same as those provided by VMS.Verify ID, h(PW), and .Send user authentication message to the operation PC.Operation PC encrypts the user authentication message with the public key of CCTV and sends it to CCTV.Send { (Authentication_data)}.

5. Implementation and Performance Evaluation

Figure 9 shows the VMS Client access of the proposed system. It shows the insertion of SN value and value attributed from the server and the port number, and the server IP is also showing.

The proposed user authentication protocol is used to authenticate the SN acquired by the user when registering the user. In the authentication process, checking SN and comparing information such as value, ID, and password of the corresponding session render it safe from many threats, and by using the PKI-based encryption mechanism, data confidentiality is guaranteed, and by applying hash algorithm to user’s personal information, the personal information is also guaranteed integrity.

Figure 10 shows the photo before and after the insertion of steganography. Through this Figure, it can be shown that there is no visual difference in the video despite the insertion of steganography, and through Figure 11, it is shown that the increase of complexity in data leads to the increase in the strength of encryption.

The safety of the existing network CCTV system environment and the proposed system is as in Table 3.

6. Conclusion and Future Research

In this report, the image checking technique through steganography for security of image transfer process and user authentication protocol to block malicious users in network CCTV environment was proposed. In future, it would be necessary to continue to complement weakness for greater safety against attacks of malicious users and search for a more efficient algorithm and authentication method.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.