1. bookVolume 2022 (2022): Edizione 2 (April 2022)
Dettagli della rivista
License
Formato
Rivista
eISSN
2299-0984
Prima pubblicazione
16 Apr 2015
Frequenza di pubblicazione
4 volte all'anno
Lingue
Inglese
access type Accesso libero

Building a Privacy-Preserving Smart Camera System

Pubblicato online: 03 Mar 2022
Volume & Edizione: Volume 2022 (2022) - Edizione 2 (April 2022)
Pagine: 25 - 46
Ricevuto: 31 Aug 2021
Accettato: 16 Dec 2021
Dettagli della rivista
License
Formato
Rivista
eISSN
2299-0984
Prima pubblicazione
16 Apr 2015
Frequenza di pubblicazione
4 volte all'anno
Lingue
Inglese
Abstract

Millions of consumers depend on smart camera systems to remotely monitor their homes and businesses. However, the architecture and design of popular commercial systems require users to relinquish control of their data to untrusted third parties, such as service providers (e.g., the cloud). Third parties therefore can (and in some instances have) access the video footage without the users’ knowledge or consent—violating the core tenet of user privacy. In this paper, we present CaCTUs, a privacy-preserving smart Camera system Controlled Totally by Users. CaCTUs returns control to the user; the root of trust begins with the user and is maintained through a series of cryptographic protocols, designed to support popular features, such as sharing, deleting, and viewing videos live. We show that the system can support live streaming with a latency of 2 s at a frame rate of 10 fps and a resolution of 480 p. In so doing, we demonstrate that it is feasible to implement a performant smart-camera system that leverages the convenience of a cloud-based model while retaining the ability to control access to (private) data.

Keywords

[1] V. K. Adhikari et al. Measurement study of Netflix, Hulu, and a tale of three CDNs. IEEE/ACM Transactions on Networking, 23 (2014)(6):1984–1997.10.1109/TNET.2014.2354262 Search in Google Scholar

[2] R. Alharbi and D. Aspinall. An IoT analysis framework: An investigation of IoT smart cameras’ vulnerabilities. In: Living in the Internet of Things: Cybersecurity of the IoT - 2018, pages 1–10 (2018). 10.1049/cp.2018.0047. Search in Google Scholar

[3] J. G. Apostolopoulos, W.-t. Tan, and S. J. Wee. Video streaming: Concepts, algorithms, and systems. HP Laboratories, report HPL-2002-260, (2002). Search in Google Scholar

[4] Arlo. Arlo - Investor Relations (2021). URL: https://investor.arlo.com/ir-home/default.aspx. Last Accessed: 2021-04-06. Search in Google Scholar

[5] S. Biddle. For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching Too. The Intercept, (2019). URL: https://theintercept.com/2019/01/10/amazon-ring-security-camera/. Last Accessed: 2020-09-08. Search in Google Scholar

[6] E. D. P. Board. Guidelines 3/2019 on processing of personal data through video devices (2019). URL: https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201903_videosurveillance.pdf. Last Accessed: 2021-04-19. Search in Google Scholar

[7] T. Brewster. Smart Home Surveillance: Governments Tell Google’s Nest To Hand Over Data 300 Times. Forbes, (2018). URL: https://www.forbes.com/sites/thomasbrewster/2018/10/13/smart-home-surveillance-governments-tell-googles-nest-to-hand-over-data-300-times/. Last Accessed: 2020-09-08. Search in Google Scholar

[8] L. Bridges. Amazon’s Ring is the largest civilian surveillance network the US has ever seen | Lauren Bridges. The Guardian, (2021). URL: http://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us. Last Accessed: 2021-05-18. Search in Google Scholar

[9] D. Cameron. Amazon Is Marketing Face Recognition to Police Departments Partnered With Ring: Report. Gizmodo, (2019). URL: https://gizmodo.com/amazon-is-marketing-face-recognition-to-police-departme-1839073749. Last Accessed: 2020-09-08. Search in Google Scholar

[10] D. Cameron and D. Mehrotra. Ring’s Hidden Data Let Us Map Amazon’s Sprawling Home Surveillance Network. Gizmodo, (2019). URL: https://gizmodo.com/ring-s-hidden-data-let-us-map-amazons-sprawling-home-su-1840312279. Last Accessed: 2020-01-13. Search in Google Scholar

[11] A. Chattopadhyay and T. E. Boult. PrivacyCam: a Privacy Preserving Camera Using uCLinux on the Blackfin DSP. In: 2007 IEEE Conference on Computer Vision and Pattern Recognition, pages 1–8 (2007). 10.1109/CVPR.2007.383413. Search in Google Scholar

[12] C. Cimpanu. Hackers keep dumping Ring credentials online ’for the giggles’. ZDNet, (2019). URL: https://www.zdnet.com/article/hackers-keep-dumping-ring-credentials-online-for-the-giggles/. Last Accessed: 2020-01-13. Search in Google Scholar

[13] D. Deahl. Ring let employees watch customer videos, claim reports. The Verge, (2019). URL: https://www.theverge.com/2019/1/10/18177305/ring-employees-unencrypted-customer-video-amazon. Last Accessed: 2020-09-08. Search in Google Scholar

[14] W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22 (1976)(6):644–654. 10.1109/TIT.1976.1055638.10.1109/TIT.1976.1055638 Search in Google Scholar

[15] B. Dirks et al. Video for Linux Two API Specification (2009). URL: https://www.linuxtv.org/downloads/legacy/video4linux/API/V4L2_API/spec-single/v4l2.html. Last Accessed: 2021-03-21. Search in Google Scholar

[16] K. Florance. About Netflix - How Netflix Works With ISPs Around the Globe to Deliver a Great Viewing Experience. About Netflix, (2016). URL: https://about.netflix.com/en/news/how-netflix-works-with-isps-around-the-globe-to-deliver-a-great-viewing-experience. Last Accessed: 2021-05-28. Search in Google Scholar

[17] Y. Flores. Bad Neighbors? How Amazon’s Ring Video Surveillance Could be Undermining Fourth Amendment Protections (2020). URL: https://www.californialawreview.org/amazon-ring-undermining-fourth-amendment/. Last Accessed: 2021-05-18. Search in Google Scholar

[18] R. Gennaro and P. Rohatgi. How to Sign Digital Streams. Information and Computation, 165 (2001)(1):100–116. 10.1006/inco.2000.2916.10.1006/inco.2000.2916 Search in Google Scholar

[19] A. Greenberg. Two Cases’ Lessons: If Cops Don’t Know What You Encrypted, They Can’t Make You Decrypt It (2021). URL: https://www.forbes.com/sites/andygreenberg/2012/02/24/two-cases-lessons-if-cops-dont-know-what-you-encrypted-they-cant-make-you-decrypt-it/. Last Accessed: 2021-08-02. Search in Google Scholar

[20] M. Guariglia and M. Maas. LAPD Requested Ring Footage of Black Lives Matter Protests. Electronic Frontier Foundation, (2021). URL: https://www.eff.org/deeplinks/2021/02/lapd-requested-ring-footage-black-lives-matter-protests. Last Accessed: 2021-05-11. Search in Google Scholar

[21] I. Haider and B. Rinner. Private Space Monitoring with SoC-Based Smart Cameras. In: 2017 IEEE 14th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), pages 19–27 (2017). 10.1109/MASS.2017.15. Search in Google Scholar

[22] J. Herrman. Who’s Watching Your Porch? The New York Times, (2020). URL: https://www.nytimes.com/2020/01/19/style/ring-video-doorbell-home-security.html. Last Accessed: 2021-04-06. Search in Google Scholar

[23] B. Huseman. Huseman reply to Wyden, Markey, Van Hollen, Coons, Peters letter about Ring’s Data Security Practices (2020). URL: https://regmedia.co.uk/2020/01/08/ringsenateresponse.pdf. Last Accessed: 2021-04-06. Search in Google Scholar

[24] J. Katz and Y. Lindell. Introduction to Modern Cryptography, Second Edition (2014). Chapman & Hall/CRC.10.1201/b17668 Search in Google Scholar

[25] C. Keck. Amazon’s Ring Security Cameras May Have Let Employees Spy on Customers: Report. Gizmodo, (2019). URL: https://gizmodo.com/amazons-ring-security-cameras-may-have-let-employees-sp-1831658669. Last Accessed: 2020-09-08. Search in Google Scholar

[26] P. Kietzmann, L. Boeckmann, L. Lanzieri, T. C. Schmidt, and M. Wählisch. A Performance Study of Crypto-Hardware in the Low-end IoT. In: Proceedings of the 2021 International Conference on Embedded Wireless Systems and Networks, pages 79–90 (2021). 10.5555/3451271.3451279. Search in Google Scholar

[27] P. Kocher. Complexity and the challenges of securing SoCs. In: 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC), pages 328–331 (2011).10.1145/2024724.2024803 Search in Google Scholar

[28] R. Kraus. Ring watched your kids trick or treat and then bragged about it. Mashable, (2019). URL: https://mashable.com/article/ring-halloween-surveillance/. Last Accessed: 2021-05-11. Search in Google Scholar

[29] D. Kravets. Indefinite prison for suspect who won’t decrypt hard drives, feds say. Ars Technica, (2016). URL: https://arstechnica.com/tech-policy/2016/05/feds-say-suspect-should-rot-in-prison-for-refusing-to-decrypt-drives/. Last Accessed: 2021-05-31. Search in Google Scholar

[30] C. Lecher. Ring reportedly outed camera owners to police with a heat map. The Verge, (2019). URL: https://www.theverge.com/2019/12/3/20993814/ring-user-location-heat-map-police-privacy-tool-camera-owners. Last Accessed: 2020-09-08. Search in Google Scholar

[31] C. S. Legislature. TITLE 1.81.5. California Consumer Privacy Act of 2018 [1798.100 - 1798.199.100] (2018). Search in Google Scholar

[32] C. S. Legislature. The California Privacy Rights Act of 2020 (2020). Search in Google Scholar

[33] J. McCune, A. Perrig, and M. Reiter. Seeing-is-believing: using camera phones for human-verifiable authentication. In: 2005 IEEE Symposium on Security and Privacy (S P’05), pages 110–124 (2005). 10.1109/SP.2005.19. Search in Google Scholar

[34] A. Ng. Amazon’s Ring wanted to use 911 calls to activate its video doorbells. CNET, (2019). URL: https://www.cnet.com/home/smart-home/amazons-ring-wanted-to-use-911-calls-to-activate-its-video-doorbells/. Last Accessed: 2021-05-18. Search in Google Scholar

[35] A. Ng. Ring let police view map of video doorbell installations for over a year. CNET, (2019). URL: https://www.cnet.com/news/ring-gave-police-a-street-level-view-of-where-video-doorbells-were-for-over-a-year/. Last Accessed: 2020-01-13. Search in Google Scholar

[36] J. Nielsen. Why You Only Need to Test with 5 Users. URL: https://www.nngroup.com/articles/why-you-only-need-to-test-with-5-users/. Last Accessed: 2021-08-30. Search in Google Scholar

[37] J. Nielsen and T. K. Landauer. A mathematical model of the finding of usability problems (1993). 10.1145/169059.169166. Search in Google Scholar

[38] H. of Commons of Canada. Bill C-11 (First Reading) (2020). Search in Google Scholar

[39] E. Parliament and C. of the European Union. ePrivacy Directive - Directive 2009/136/EC (2009). Search in Google Scholar

[40] E. Parliament and C. of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) (2016). Search in Google Scholar

[41] K. Paul. Amazon’s doorbell camera Ring is working with police – and controlling what they say. The Guardian, (2019). URL: https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor. Last Accessed: 2020-01-13. Search in Google Scholar

[42] T. C. Project. Guidelines for public video surveillance - A guide to protecting communities and preserving civil liberties (2007). URL: https://archive.constitutionproject.org/pdf/Video_Surveillance_Guidelines_Report_w_Model_Legislation4.pdf. Last Accessed: 2021-04-19. Search in Google Scholar

[43] Ring. Ring Video Doorbells Get 15+ Million Dings This Halloween and Capture Cute Costumes and Fun Pranks. The Ring Blog, (2019). URL: https://blog.ring.com/neighborhood-stories/ring-video-doorbells-get-15-million-dings-this-halloween-and-capture-cute-costumes-and-fun-pranks/. Last Accessed: 2021-05-18. Search in Google Scholar

[44] Ring. Active Agency Map (2021). URL: https://www.google.com/maps/d/viewer?mid=1eYVDPh5itXq5acDT9b0BVeQwmESBa4cB. Last Accessed: 2021-05-18. Search in Google Scholar

[45] R. L. Rivest, A. Shamir, and L. M. Adleman. Cryptographic communications system and method (1983). URL: https://patents.google.com/patent/US4405829/en. Last Accessed: 2021-08-18. Search in Google Scholar

[46] L. Ropek. A Home Security Worker Hacked Into Surveillance Systems to Watch People Have Sex. Gizmodo, (2021). URL: https://gizmodo.com/a-home-security-worker-hacked-into-surveillance-systems-1846111569. Last Accessed: 2021-01-23. Search in Google Scholar

[47] H. Salah, S. Zimmermann, and J. A. Cabrera G. Chapter 5 - Content distribution (2020). https://doi.org/10.1016/B978-0-12-820488-7.00016-5.10.1016/B978-0-12-820488-7.00016-5 Search in Google Scholar

[48] G. Scorletti. Traitement du Signal (2016). URL: https://cel.archives-ouvertes.fr/cel-00673929. Last Accessed: 2021-05-11 (Lecture material in French). Search in Google Scholar

[49] S. Ullah, B. Rinner, and L. Marcenaro. Smart cameras with onboard signcryption for securing IoT applications. In: 2017 Global Internet of Things Summit (GIoTS), pages 1–6 (2017). 10.1109/GIOTS.2017.8016279. Search in Google Scholar

[50] T. Winkler and B. Rinner. TrustCAM: Security and Privacy-Protection for an Embedded Smart Camera Based on Trusted Computing. In: 2010 7th IEEE International Con Conference on Advanced Video and Signal Based Surveillance, pages 593–600 (2010). 10.1109/AVSS.2010.38. Search in Google Scholar

[51] T. Winkler and B. Rinner. Secure embedded visual sensing in end-user applications with TrustEYE.M4. In: 2015 IEEE Tenth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pages 1–6 (2015). 10.1109/ISSNIP.2015.7106934. Search in Google Scholar

[52] R. Wyden, C. Van Hollen, E. Markey, C. Coons, and G. Peters. Wyden, Markey, Van Hollen, Coons, Peters Question Ring’s Data Security Practices (2019). URL: https://www.wyden.senate.gov/news/press-releases/wyden-markey-van-hollen-coons-peters-question-rings-data-security-practices. Last Accessed: 2021-04-06. Search in Google Scholar

[53] Wyze. Wyze Cam - Our Story (2018). URL: https://wyze.com/our-story. Last Accessed: 2021-04-06. Search in Google Scholar

[54] H. Yu, J. Lim, K. Kim, and S.-B. Lee. Pinto: Enabling Video Privacy for Commodity IoT Cameras. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1089–1101 (2018). 10.1145/3243734.3243830. Search in Google Scholar

Articoli consigliati da Trend MD

Pianifica la tua conferenza remota con Sciendo