A Network based Home surveillance/ monitoring system : Router based Deployment and Network Security

Song, Zixuan

January 2011

Home surveillance/monitoring systems are widely used nowadays. An intelligent surveillance system can provide multiple functions for uses. The assumption underlying this thesis project is that a home surveillance system can help people manage their homes better. The thesis presents two investigations into an intelligent home surveillance system implementation. First we will focus on the development of a router platform, which can manage the cameras connected to an intelligent home surveillance system. Such a system will include at least one router, one or more cameras. Some of these cameras will be connected by wireless links. Each camera will be dynamically allocated an IP address. The system will manage and control the various elements of the home surveillance/monitoring system via the network. Second, we will examine potential network security solutions, and choose a suitable solution. A key result of this thesis project is that SRTP and MIKEY are suitable for use in a home surveillance/monitoring system and together they provide authentication and privacy for the information from the camera (and potentially other information). This privacy is an important aspect of a home surveillance/monitoring system, since improper use of this information could be damaging to the homeowner’s privacy and personal integrity.

Home surveillance/monitoring system

router platform development

network security

SRTP

MIKEY.

Engineering and Technology

Teknik och teknologier

Private Law & Public Space : The Canadian Privacy Torts in an Era of Personal Remote-Surveillance Technology

Thomasen, Kristen

29 June 2022

As increasingly sophisticated personal-use technologies like drones and home surveillance systems become more common, so too will interpersonal privacy conflicts. Given the nature of these new personal-use technologies, privacy conflicts will increasingly occur in public spaces. Tort law is one area of the Canadian legal system that can address interpersonal conflict and rights-infringements between people with no other legal relationship. However, building on a historical association between privacy and private property, the common and statutory law privacy torts in Canada fail to respond to such conflicts, I argue inappropriately. Privacy is an important dimension of public space, and the social interactions and relationships that arise in public spaces. Failing to recognize public space privacy in tort law leads to an overly narrow understanding of privacy, and can be considered contrary to binding precedent that says that the common law should evolve in line with (or at a minimum, not contrary to) Charter values. The Charter values of privacy, substantive equality, and expressive freedom support various reforms to the judicial understanding of the privacy torts in Canada. Privacy, also understood as "private affairs" or "private facts" in tort, should not be predicated on property, and can sometimes take on greater value in public spaces. Privacy interests should be assessed through a normative lens, with a view to the long-term implications of a precedent for both privacy and substantive equality. Courts should assess privacy through a subjective-objective lens that allows for consideration of the lived experiences and expertise of the parties, their relative power, and their relationships. Adopting these principles into the statutory and common law torts would permit tort law to serve as a legal mechanism for addressing interpersonal, technology-mediated privacy conflicts arising in public spaces. This will be a socially valuable development as such conflicts become increasingly common and potentially litigated.

Privacy

Tort Law

Drones

Home Surveillance Systems

Charter Values

Privacy Torts

Hacking commercial IP cameras : Home Surveillance

Georgiev, Hristo, Mustafa, Azad

January 2021

IP cameras have been around for a while and have been a growing part of the IoT scene. There is a variety of IP cameras being used in enterprises and homes with the main reason being for surveillance. This naturally attracts attackers to potentially take control of the camera feeds and or disable them completely. We tested the security of home surveillance cameras in different price categories, ranging from 350 SEK to 800 SEK, to research if the security of the cameras differs depending on the price. In addition, we also focused on two different vendors with the goal of discerning whether they have implemented different security measures. The method used to solve our task was to find and exploit existing vulnerabilities from similar devices and potentially find new ones ourselves. Even though existing vulnerabilities were mostly patched, there was still valuable information in the exploits. This showed that some vendors were aware of existing vulnerabilities and had the drive to patch them. Our work resulted in finding two vulnerabilities in one of the vendor’s cameras, which was disclosed to the affected vendor. The disclosure process resulted in an announcement in the support page[29]. MITRE also confirmed two CVE ID’s from our request, CVE-2021-41503[31] and CVE-2021-41504[32]. Our conclusion is that there are still critical security risks when it comes to the camera’s various features and other IoT devices that are yet to be exposed. / IP-kameror har funnits ett tag och har blivit en del av IoT-scenen. Det finns en mängd olika IP-kameror som används i företag och hem med den främsta anledningen till övervakning. Detta lockar naturligtvis angripare att eventuellt använda kameraflödena eller inaktivera dem helt. Vi testade säkerheten för hemövervakningskameror i olika priskategorier, från 350 SEK till 800 SEK, för att undersöka om kamerans säkerhet skiljer sig åt beroende på pris. Vi fokuserade också på två olika leverantörer med målet att se om de har genomfört olika säkerhetsåtgärder. Metoden som användes för att lösa vår uppgift var att hitta och prova befintliga sårbarheter från liknande enheter och eventuellt hitta nya själva. Även om befintliga sårbarheter var för det mesta lösta så var det fortfarande värdefull information vi kunde ta del av. Detta visar att vissa leverantörer är medvetna om befintliga sårbarheter och har drivet att korrigera dem. Vårt arbete resulterade i att vi hittade två sårbarheter i en av leverantörens kameror, vilket informerades till den berörda leverantören. Avslöjandeprocessen resulterade i ett tillkännagivande på supportsidan[29]. MITRE bekräftade också två CVE IDs från vår begäran, CVE-2021-41503[31] och CVE-2021-41504[32] Vår slutsats är att det fortfarande finns några kritiska säkerhetsrisker avseende kamerornas funktioner och andra IoT-enheter som kan exponeras.

Ethical Hacking

Penetration Testing

IP cameras

IoT

Home Surveillance

Etisk Hackning

Penetrationstestning

IP kameror

IoT

Hemövervakning.

Computer and Information Sciences

Data- och informationsvetenskap