Abstract
Home IP cameras are consistently among the most popular smart home devices and recent news stories about home IP cameras getting hacked frequently have posed serious security and privacy concerns for consumers. In this paper, we propose Ucam, a user-centric, blockchain-based and end-to-end secure home IP camera system. Ucam leverages advanced technologies such as blockchain, end-to-end encryption and trusted computing to address a number of vulnerabilities in the existing solutions. In the Ucam design, we replace traditional username/password based login approach with a one-click, blockchain-based passwordless counterpart and apply the resurrecting duckling security model to secure device binding. In particular, we utilize blockchain extensively to manage device ownership and provide integrity protection for the video clips stored locally or remotely. For coping with privacy, the end-to-end encryption, which is coupled with a user-centric, secure element enhanced key management scheme, is implemented in Ucam. Finally, Ucam employs re-encryption with Intel SGX as well as key refreshing to enable the sharing of encrypted video clips and live streaming videos, respectively. The security analysis and performance evaluation demonstrate that Ucam is able to meet the increasing security and privacy requirements for home IP camera systems with negligible performance overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Avast Security News Team, "What is credential stuffing, and why is my smart security camera vulnerable to it?". https://blog.avast.com/credential-stuffing-and-web-cams, Security News, 4 May 2019
Chen, L.: Recommendation for Key Derivation Using Pseudorandom Functions (Revised), NIST Special Publication 800–108, October 2009
Chen, J., Sun, M., Zhang, K.: Security analysis of device binding for IP-based IoT devices. In: Proceedings of 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE Computer Society, pp. 900–905 (2019)
Costan, V., Devadas, S.: “Intel SGX Explained", IACR Cryptology ePrint Archive, Report 2016/86 (2016)
Dworkin, M.: “Recommendation for Block Cipher Modes of Operation: Methods and Techniques", National Institute of Standards and Technology, NIST Special Publication 800–38A, December 2001
eufy Security Indoor Cam 2K Pan & Tilt. https://www.eufylife.com/products/variant/eufycam-2/T8410121
Haicam End-to-End Encrypted Home Security Camera. https://haicam.tech/
Isidore, C.: Smart camera maker Wyze hit with customer data breach. https://www.cnn.com/2019/12/30/tech/wyze-data-breach/index.html, CNN Business, 30 December 2019
ISO/IEC 7816–4:2013, Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange
McInnis, K.: Consumer Reports letter to connected camera manufacturers to call for raising security and privacy standards. https://advocacy.consumerreports.org/research/consumer-reports-letter-to-connected-camera-manufacturers-to-call-for-raising-security-and-privacy-standards/, Consumer Reports, 13 January 2020
McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP 2013), p. 10. ACM Press (2013)
Merkle, Ralph C.: A digital signature based on a conventional encryption function. In: Pomerance, Carl (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32
Nest Cam Indoor. https://store.google.com/us/product/nest_cam
NXP Semiconductors. EdgeLockTM SE050 Development Kit
Ring Indoor Cam. https://shop.ring.com/products/mini-indoor-security-camera?variant=30258040832089
Standards for Efficient Cryptography. “SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0", Certicom Research (2010)
Stajano, F., Anderson, R.: The resurrecting duckling: security issues for ubiquitous computing. Computer 35, 22–26 (2002). IEEE Computer Society
Sundby, A.: Hacker spoke to baby, hurled obscenities at couple using Nest camera, dad says. https://www.cbsnews.com/news/nest-camera-hacked-hacker-spoke-to-baby-hurled-obscenities-at-couple-using-nest-camera-dad-says/, CBS News, 31 January 2019
Szabo, N.: Smart Contracts: Building Blocks for Digital Markets (1996). http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html
Thomas, K., Moscicki, A.: New research: how effective is basic account hygiene at preventing hijacking, Google Security Blog, 17 May 2019
Vigdor, N.: Somebody’s Watching: Hackers Breach Ring Home Security Cameras. https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html, The New York Times, 15 December 2019
Wyze Cam V2. https://wyze.com/wyze-cam.html
Yaga, D., Mell, P., Roby, N., Scarfone, K.: Blockchain Technology Overview, National Institute of Standards and Technology, Draft NISTIR 8202, January 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Fan, X., Zhong, Z., Chai, Q., Guo, D. (2020). Ucam: A User-Centric, Blockchain-Based and End-to-End Secure Home IP Camera System. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-63095-9_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63094-2
Online ISBN: 978-3-030-63095-9
eBook Packages: Computer ScienceComputer Science (R0)