Design of IP Camera Access Control Protocol by Utilizing Hierarchical Group Key

: Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc . This research grouped IP cameras


Introduction
It is the current trend that IP cameras have been substituting closed circuit television (CCTV) in the market of security control which uses CCTV equipment.IP cameras are a kind of network camera.Unlike CCTV models, it enables video surveillance monitoring by a web browser anywhere and anytime through a built-in web server, if it is connected to the Internet or existing network.Accordingly, it can be practically utilized and can be installed more easily, in comparison with existing CCTV models.Furthermore, thy can perform intelligent calculation, too, so that the supply of related apparatuses and services are increasingly being enlarged.Additionally, the installation cost of IP cameras is lower than CCTV [1,2].IP cameras contain a CCTV camera, encoder, and web server with itself so that it can be easily managed even if the IP cameras are dispersedly installed.It can be accessed anywhere and anytime through the web or smartphone in real-time.However, IP cameras have weak points, too, in terms of access authority and user certification for the IP camera web server, or certification of IP cameras which are newly installed on the network [3,4].
First, when an IP camera is installed in a network, sham attacks could be caused by malevolent users because there is no system which certifies whether the newly-installed camera is a proper device or not.Second, delicate video information could be exposed because video data which is multicast to other groups is not encoded.Third, while CCTV has been used in closed environments, IP cameras are synchronized with the network so that not only permitted clients but also not-permitted persons can watch most of video if they have the IP and port information, and basic ID and password [5,6].This is caused by a lack of policy, and is regarded as a severe weakness, too.Moreover, resources of the web server inside the IP camera can be unnecessarily wasted by registering users individually.Thus, cameras must be grouped, cameras which newly join the group must be certified, data which is multicast by the group must be encoded to be transmitted, and user certification and passwords must be encoded [7,8].In addition to that, a method to compose groups hierarchically is required to control access according to user authorities [9,10].

IP Camera System
IP camera systems transmit video on the basis of an IP network, so that it is "open" and its expandability and flexibility is better than CCTV systems.Additionally, it loads a web server inside itself and it enables monitoring through a web browser, so that monitoring is possible anywhere and anytime if the Internet is available.IP camera systems can be composed in a closed way with the network not being exposed outwards.However, when only one IP camera is installed at a distant place or a few cameras are installed to use, invasion detection and blocking systems, which are generalized in general networks, are not composed in IP cameras and they can be vulnerable to packet sniffing and complete survey attacks by encoding and transmitting user passwords in general encoding methods [11][12][13].

Security Requirements of Group Keys Management
Group keys must be managed properly.In order to efficiently manage group keys which are used for the sake of message security in the environment of multipoint communication, not only must the group keys be shared securely with multiple users and be adapted to changes of members due to processes of join and withdrawal of users, but secure group keys which only member users can use must be provided [14,15].Particularly, key renewal, which means to renew the group keys whenever members are changed, is essentially important in management of group keys.In order to deliver messages securely in multipoint communication, the existing network security requirements, such as integrity and confidentiality, are necessary, too [16,17].In order to manage group keys securely, forward and backward secrecy must be considered to provide sercurity according to changes of members."Forward secrecy" means that users who withdraw from the current membership cannot acquire the information of the key which is going to be used for the next group communication by using the information which they used to have."Backward secrecy" means that new users cannot find out a session key which was previously used and cannot decode the previous contents of communication by utilizing the information which they did and will acquire when they join the group.Thus, "group key renewal" is to change the group key with new value to provide forward and backward secrecies in the group keys management method.The group key management method is divided into "centralized", "decentralized", and "distributed" methods, according to necessities of the central server.While the centralized method manages the entire group, the decentralized one manages them by separating whole groups into small, multiple groups.The distributed method does not use the server [18].

Logical Key Hierarchy (LKH)
LKH was proposed to constitute a hierarchical structure on the base of a tree in the process of generating encoded keys and, consequently, to reduce the transmission numbers of key renewal messages in the process of key renewal due to the change of membership.The early setting protocol constitutes a logical hierarchical structure by using the users who joined at the early stage, and delivers to each user the key which is maintained by each user by using the secret key which has been shared in advance.The join protocol in the LKH method adds each user to the tree, and delivers the new keys to other users.Due to the fact that backward secrecy must be considered at this time, the entire keys which need to be delivered to users must be changed.Figure 1 shows the protocol when new members join a group.
In the withdrawal protocol of the LKH method, forward secrecy must be guaranteed, and the key which withdrawing members know must be changed in total.Figure 2 illustrates the protocol when members withdraw from the group.
The LKH has an advantage that it can use the key of the middle node as the key of the partial group by using this logical hierarchical structure [19].

One Way Function Tree (OFT)
The OFT is a one-way function tree to cut the cost of LKH in half.While one key is maintained at each node, like the LKH, the key value of the middle node is calculated by using key values of children nodes as follow: Unlike the LKH method, in the OFT method the number of necessary messages is reduced by half, because the existing users have already known the values of the children nodes of one side.The following Figure 3 shows the structure of one-way function tree [20].

Efficient Large-Group Key (ELK)
The ELK method renews the keys regularly by using the same PRF (pseudo-random function) as MAC (message authentication code), and can process the join without transmission cost when new members join.Although the ELK method maintains each key of each node, respectively, like the LKH and OFT methods, it does not use this key directly.On the contrary, the ELK makes four keys through MAC according to each usage and uses them.When a new member joins the group in the join protocol of the ELK method, the server determines the insertion location of the new member and becomes the brother node of the existing members.The brother node of the new member comes down one stage, and a new parent node is added.The withdrawal process of the ELK applies that of the OFT method.In the withdrawal protocol of the ELK method, when U3 withdraws, its brother node comes up one stage, and the key value which has to be changed (in order to change key values) is renewed by using the children of the right and left sides [21].

Expansion of Diffie-Hellman Protocol
Ingemarsson et al. [22] proposed a group key establishment protocol by expanding the basic Diffie-Hellman protocol to a multipoint protocol.After each user exchanges one-time Diffie-Hellman keys with each other, they exchange double-point Diffie-Hellman again.If the number of participants is n, the users repeat the process n − 1 times and establish the group key.Due to the fact that in this method a man-in-the-middle attack is possible, like the previous Diffie-Hellman protocol, each value must be able to be certified.The cost of this method needs n − 1 rounds, and each user needs an exponentiation calculation of n times.The following Figure 4 shows the group key establishment protocol which was made by expanding the Diffie-Hellman protocol proposed by Ingemarsson et al. [22].

Distributed Group Key Protocol using Logical Key Tree
A distributed LKH method proposed by Perring is as similar as that of the OFT method, in terms of information which each member maintains.The following Figure 6 shows the distributed group key protocol of Perring [25].

Composition of Proposed System
Existing IP cameras contain overall weaknesses, like the absence of management system for access authority and plaintext transmission of passwords.The access control system of the suggested IP camera in this paper has two advantages compared to the existing IP camera system.First, it can control and monitor the system safely by groups using a hierarchical group key.Second, we designed the protocol which could provide mutual authentication between IP camera systems.The overall system configuration is like that shown in Figure 7.An IP camera which wants to join the group requests its join and transmits it to a member which has already joined the group.It is assumed in the above Figure 7 of the system arrangement that each camera has its own predetermined shared value, and its certification is issued by a reliable certification institution.The existing member which receives the join request carries out the camera certification through the certification process and if the certification is successfully verified, the existing member calculates a pre-shared value, the IDs of its own and the new camera, and then generates a session key.Then, the existing member encodes the one-way hash function value, which was generated by using the IDs of the existing members and the hash chain technique into a session key, and transmits it the new member.The new member applies the Diffie-Hellman Key Agreement Method to the existing member's IDs which were transmitted and its own ID, and then generates a group ID.Then, the new member calculates the generated group ID and one-way hash function, generates a group key, and generates a secure channel.The existing member which receives the join request encodes the ID of the new member into the previous group key, and transmits it to other members.Afterwards, each member generates a new group key by using the ID of the new member which has been just transmitted.
If a member requests to join the camera server, the camera server requests the user for the certification and user information again.The user signs the user information, including the group ID which it received at the first registration with its certification, and encodes it into the public key of the camera server and transmits it.The camera server requests the access authority to the camera server, which belongs to the corresponding group ID, by using group ID, which was generated by decoding the transmitted data into its own personal key.Then, the camera server judges the response, which was received from the camera server of the corresponding group, and provides the user with service.The terms and symbols used in the proposed security protocol are shown in Table 1.

Early Group Key Generation Protocol
According to the early group key generation protocol, each camera generates its own ID to generate a group.At this time, the leader of the group (root node of the logical tree structure) generates the one-way hash function value, too. Figure 8 shows the specific procedure of the early group key generation protocol.Step 1. (B→A): In order to compose the early group, the camera B requests a group join to a camera which is going to be a root node.The input formula has a process like Formula (1): Request Group Join (1) Step 2. (A→B): In order to compose the early group, the camera A requests a CID value when it receives a group join request.The input formula has a process like Formula (2): Request CID Step 3. (B→A): The camera B generates its own ID by using a random value and transmits it to group leader A. The formula to generate its own ID has a process like Formula (3): Step 4. (A): The group leader A applies a multiplying operation to the ID of its own, the ID which was transmitted from B, a pre-shared value, and generates a temporary session key.The calculation formula has a process like Formula (4): Step 5. (A→B): The group leader A signs the information, which is necessary to generate a group key, such as an ID of its own, certification, hash value and ID of other members by using its own personal key, and encodes them with the session key, which was generated in Step 4, and transmits them to the camera B. The formula to transmit information for generation of group key has a process like Formula (5): Step 6. (B): The camera B generates a session key with the A's ID which was transmitted from the group leader A, the ID of its own, and pre-shared value.Then it decodes the encoded text.It verifies the signature value with the public key, which was acquired from the certification of A, and verifies whether it is a legitimate member or not.The formula to generate the session key has a process like Formula ( 6) and the formula to decode the encoded text and to verify the signature value has a process like Formulas ( 7) and ( 8): Verify A's signature (8) Step 7. (B→A): The camera B transmits to the group leader A the signature value which was encoded with the ID of its own and the session key in order to verify whether it, itself, is a legitimate member or not.The formula to transmit has a process like Formula (9): Step 8. (A): The group leader A decodes the encoded text which was transmitted from the member B into the session key and verifies the signature value with B's public key, which was acquired from B's certification, and then verifies whether it is a legitimate member or not.Then, the group leader A makes a group ID through a calculation of the IDs of its own, B, and other members, and generates a group key by using the hash value which it, itself, has.The certification formula to decode the encoded text and to verify member B have processes like Formulas (10) and (11), respectively, and the calculation key to generate the group key has a process like Formula (12): Verify C's signature ( 11)

Group Member Withdrawal Protocol
If a withdrawal of member occurs, the group key must be renewed to secure forward secrecy.Thus, the withdrawing member has to request its withdrawal to the group leader and the group leader has to inform other members about the withdrawing member and generates a new group key. Figure 9 shows the specific procedure of the withdrawal protocol.

Join Protocol
If a joining of a new member occurs in the group, the existing group key must be renewed to a new one in order to secure backward secrecy.Therefore, the joining member requests their joining to a group member, then the group member or the group leader which receives the join request has to inform other members about the joining member, and renew the existing key to a new one.Figure 10 shows the specific procedure of the join protocol.
Step 1.A new group member joining the group transmits its group join request message to an existing member.
Step 2. The group member who receives the join request message requests the ID from the joining member.Step 3. The new member who receives the ID request message generates its own ID in the same process as Formula (3) of the early group key generation protocol, and transmits it to the existing member.Step 4. The member which receives the ID of the new member informs other members about the joining of the new member, encodes the ID of the new member with the existing group key, and transmits it.
Step 5.Each member proceeds with the same process as from Step 4 to Step 7 of the early group key generation protocol, and generates a new group key.

User Registration Protocol
According to the user registration protocol, the root node (the leader of the highest level) assigns users with access levels according to the access authority policy, requests users to register at groups of the corresponding level, and registers users.Figure 11 shows the specific procedure of the early user registration protocol.Step 1. (U→A) A user transmits its user registration request message to the group leader of the highest level.Step 2. (A→U) If the group leader of the highest level receives the user registration request message, it requests the user information that wants to register.Step 3. (U→A) The user signs its own certificate and user information with its own private key, encodes it with the public key of the group leader, and transmits it.The formula to encode with the public key and to transmit has a process like Formula ( 13): U's certificate, Epub_A(Sigpri_U(UserInfo)) Step 4. (A): After the highest group leader A decodes its own private key, it verifies the signature value with the certification which was transmitted from the user.After the verification is approved, leader A assigns the access authority according to the access authority policy and requests the group leader of the corresponding level for its group ID.The formula to decode the transmitted message and verify the signature value has a process like Formulas ( 14) and ( 15): Dpri_A(Sigpri_U(UserInfo)) ( 14) Step 5. (A→level_n Group leader): The highest group leader requests the group leader of level_n for the group ID.On receiving the response, the highest group leader encodes the user information with the group key of the corresponding level (the group key of the corresponding level can be calculated by using a hash chain.), and transmits it.The formula to encode the user information and transmit has a process like Formula (16): Step 6.The group leader of the corresponding level registers the user, encodes the user information with the group key, and multicasts it to members of the same group.Step 7. The highest group leader transmits the registration success message, user ID and the group ID of level corresponding to the access authority.

Realization Environment
This realization is an experiment to form a hierarchical group between IP camera devices, to generate a group key, to transmit securely the data which can be multicasted, to control access to IP camera devices according to access authority, to encode user passwords which are transmitted in plain text and, ultimately, to complement access control in the existing IP camera environment and to enforce user passwords.Table 2 shows the realization environment of the proposed system.

Early Group Key Generation Realization
In order to compose the first group, the highest root node (group leader) IP camera generates a hash value which is going to be used for its own ID and hash chain.The following Figure 12 shows a part to generate ID and hash value.In order to compose a group, the highest root node IP camera receives the transmitted ID of other cameras and generates a session key through a calculation of its own ID and pre-shared value.The following Figure 13 shows a part to generate a session key with transmitted ID of other camera.The highest root node IP camera encodes, using AES 128, the information which other cameras need to calculate the group key with the generated session key, and transmits it to other cameras.Figure 14 shows a part to encode by AES 128 and transmit it.Each camera receives a message which is needed to calculate the group key, decodes the session key, acquires information to calculate the group key, calculates the group ID, and generates the group key through a calculation with hash value.Figure 15 shows the calculation of group ID and generation of group key.

Realization of User Access Control According to Access Authority
In order to carry out camera monitoring, clients add cameras, input ID, password, group ID, and access to the camera server.If the access is permitted, clients are provided with monitoring services.The following Figure 16 shows a process to input IP and port of cameras in order to add monitoring cameras, and Figure 17 shows the realization in mobile devices.If the camera server on standby condition receives an access request from a client, it requests ID, password, and the group ID.If the server receives the user information, it verifies the group ID.Then, if the group ID is of a higher level than its own level, the camera server encodes the user information with its own group key and transmits it to the corresponding group leader to request the user confirmation.If the server receives an OK message from the corresponding group leader, it permits the client access and provides service.The following Figure 18 shows the series of the process.

Comparative Analysis
This research analyzes whether the proposed system encodes the multicasting information by using the hierarchical group key, controls access efficiently according to access authority, transmits without deterioration of video quality or not, and proves the efficiency of the proposed system through a comparative analysis of the methods of existing CCTV and IP camera systems and that of the system proposed by this research.

Requirements for Video Surveillance System
The data which is transmitted by the video surveillance system can be divided largely into control data and video data.If some video data is leaked, only the leaked data can be threatening.However, if the control data is leaked, the effect lasts for a long time and a significant problem may occur.Therefore, the access authority to the video surveillance system needs to be enforced.Furthermore, the classification of users who can access the equipment has to be implemented according to the importance of the region which the video surveillance system monitors, and according to the title of accessing user.In addition, if, in order to manage the camera system, a user accesses many cameras which are installed at remote places, a method to certify the remote access users and to securely maintain the generated session key after the certification is necessary.

Analysis of Security and Efficiency
This section conducted an analysis on such items as management policy, access authority, access denial, etc., in the existing video surveillance system separately, and analyzed its efficiency, respectively.The security of the proposed system was analyzed in terms of user certification and password encryption at remote access.Table 3 describes the results of the comparative analysis of CCTV system, proxy server method, and the proposed system.

Conclusions
The purpose of this research was to complement the weaknesses of the existing system and show that it has limitations, which can be caused by the absence of a management system; that, when users log in, the existing system transmits the passwords in plain text so that it is vulnerable to sniffing and complete survey attack; and that anyone can access the IP cameras at remote places due to the absence of an access control system according to access authority.Accordingly, this research proposes a technique which can control the access of users without the access authority, or with a low level, by composing a hierarchical group, generating different group keys according to the class respectively, and so using different groups according to access authority.
The proposed system uses the hash chain technique in order to compose the hierarchical group keys, so that the member of a higher level can access a group of lower class by calculating the group key of the lower level.However, the member of lower level cannot access groups of a higher level because the member of the lower level cannot calculate the hash value of the group of higher level.Additionally, it certifies the legitimacy of joining members of the group by using certification and digital signatures and, therefore, secures the safety against the sham attack.Furthermore, the proposed system was designed to conduct the user certification by using certification and signature when users log in to the IP camera web server, and to encode the password which is transmitted in plain text so that it secures safety against the sniffing attack.
In order to analyze the efficiency and security from the perspective of the management of the proposed system, this research conducted the comparative analysis on such items as management policy, access authority, access denial, and user certification of a CCTV system, existing IP camera system, and the proposed system, respectively.As a result of that analysis, it has been found that the security of the CCTV system is similar to that of the proposed system because CCTV is operated in a closed system.However, the CCTV system has critical limitations in a way that it cannot be accessed from a remote place, and the entire access authorities are concentrated in the central control center, so if the central control center is attacked, the entire surveillance system can be accessed and attacked.On the contrary, the proposed system separates groups hierarchically, controls access according to each group, respectively, and provides services so that even if a part of the system does not work properly, it cannot have any effect on the monitoring service of other camera.
Conclusively, it provides the higher efficiency than any other system.The result of the comparative analysis of the proposed system and the existing IP camera system demonstrates that access control, user certification, and password encryption of the proposed system provide more secure services than those of the existing system.Even though this research realized the access authority system to IP cameras, and thus solved the problems of access control and passwords which are transmitted in plain text, there is still the possibility that the integrity of video information could be damaged.Therefore, it is suggested that more research and analyses are required to encode the video information, to apply appropriate encryption methods according to the importance of video information, consequently to maintain the confidentiality of the video information, and to prevent the deterioration of video quality in the future.

Figure 3 .
Figure 3.The structure of a one-way function tree.

Figure 6 .
Figure 6.Distributed group key protocol of Perring.

Figure 8 .
Figure 8. Early group key generation protocol.

Figure 12 .
Figure 12.Generation of CID and hash value to compose the first group.

Figure 13 .
Figure 13.Generation of session key after receiving ID of other cameras.

Figure 14 .
Figure 14.Encryption and transmission of AES.

Figure 15 .
Figure 15.Generation of group ID and group key.

Figure 16 .
Figure 16.Process of adding cameras.

Table 1 .
The terms and symbols used in the proposed security protocol.

Table 2 .
Realization environment of the proposed system.

Table 3 .
Comparative analysis with existing systems.