In the course of increasing digitization, sensitive data is also frequently exchanged in applications of audio visual system integrator. Manufacturers of network technology rely on cryptography to protect them.
Protecting important information from unauthorized access is just as important in the digital age as defending against hacker attacks and data theft. For service providers in the AV area, the highest possible security is at stake: On the one hand, internal programs, processes and applications must be effectively secured against leaks of all kinds, and on the other hand, customer data must also be protected, both during direct use, for example at a conference, but also generally if the commissioning company continues to work independently with acquired AV technology. The encryption of the data plays a central role. In the best case scenario, a hacker who accesses data cannot do anything with the material obtained despite this “success” because it remains an unreadable data salad for him.
Encryption systems should guarantee three aspects for daily use: 1) the confidentiality of the data with access only for authorized persons, 2) no undocumented changes to the data during transmission or storage, 3) sender and recipient mutually confirm the starting point and destination of the data.
Cryptography with a past
The encryption of messages and messages is an ancient technique that was used in ancient times. So-called symmetrical systems were used for a long time, in which the sequence of characters was rearranged by transposition or characters were replaced by others. The same key is used for the sender and receiver in the digital area, which must therefore be strictly protected. This includes, for example, the Advanced Encryption Standard (AES), with the help of which WLAN routers, VoIP telephony and many file encryptions work as standard today. Keys with a length of 256 bits have so far been considered secure against brute force attacks by powerful computers.
Another method, asymmetric encryption by public key infrastructure (PKI), uses two keys: a public one, accessible to everyone, and a private one, which must be kept secret as far as possible. A data packet protected with a public key can only be made readable again with a private key and vice versa. A common field of application is digital signatures with which the sender and recipient can ensure the authenticity of messages.
Random number generators
Random number generators play a major role in cryptography. Because every key is generated with a specific sequence of numbers. If the attacker knows the result, he can still crack the longest key without any problems. The generation of really random sequences of numbers is therefore essential for the functioning of the system. The problem is that these are ways computers were not designed to do. Every computer should always produce the same result when entering certain data: 1 + 1 always equals 2. But how is a computer supposed to produce “coincidence”? A computer usually uses several sources for this purpose. Ideally, these are physical processes that cannot be reproduced. Measured values obtained from these processes come from e.g. B. of voltage fluctuations in semiconductors, With the large number of elements built into the computer, there is a wide spread here. In the same way, time differences between actions in a computer can be measured, e.g. latencies in the hard disk rotation or the time sequence of mouse and keyboard inputs. Basically, it is important to use as large a number of random sources as possible.
Correctly guessing all the data from such a random pool is practically impossible, even for the most experienced attacker. Purely software-based random number generators are therefore not considered secure enough and are referred to as pseudo random number generators. Edward Snowden’s revelations in 2013 revealed how the NSA had made sure that the random number generators installed in most computers were coiffed. A generator could only produce 256 random numbers; this enabled the NSA to quickly crack keys generated on this basis. If such back doors are installed, even the longest key is of no use.
Network security
Safety concepts always have to be developed and adapted for the specific application, there is no always valid universal method. Depending on the purpose, one or more protection goals are pursued. Users of AV system integrator are naturally interested in encryption at the network level as a security measure, with which the network transfer layer is equipped with cryptography elements. In the OSI reference model (Open Systems Interconnection) layers 3 and 4 are defined as network transmission layers. The encryption takes place above the data layer, but below the application level. The transfer layers handle the connection and routing between the end devices.
The network encryption is based on existing network services and application software and works independently of other encryption processes used. In the best case scenario, a smooth workflow is guaranteed for the end user, the encryption on the network level is completely transparent for him or not even noticeable. The data is only encrypted during transmission. At the sender and recipient, the data appear unencrypted in plain text.
The network encryption is implemented using IPSec (Internet Protocol Security), a framework for protocol sets from IETF (Internet Engineering Task Force) standards. When used together, they form a framework for private communication over IP networks. IPSec uses the existing network architecture. This concept is very user-friendly because applications and programs do not have to be changed and the user does not have to adapt. The encrypted data packets look like unencrypted ones and are easily routed through any IP network.
The practice
In the field of conference technology, there are a number of providers who not only rely on operational security for their products, but also on the protection of the data transported in the network. The wireless ADN conference system from audio specialist Sennheiser is protected with 128-bit AES encryption. This should prevent unwanted overhearing of confidential meetings behind closed doors. The wireless conference systems of audio video system integrators from StriveAV in the current generation of devices, Quinta, do a similar thing. With the MCW-D 50 system, the manufacturer promises security in signal transmission compared to other wireless applications. The 128-bit encryption should also ensure security against eavesdropping in mobile use. The control unit can encrypt the data channel to the microphone units in security mode.
The Microflex Complete conference system from Shure also includes 128-bit AES encryption to keep session content confidential. The manufacturer offers its system for conferences of governments, authorities and supervisory boards. The Sennheiser SpeechLine Digital Wireless wireless microphone (especially for speech applications) is also tap-proof thanks to 256-bit AES encryption.
For its Dicentis wireless conference system, Bosch provides secure WiFi transmission via WPA2 encryption. All signals within the Dicentis system are thus protected by a secure standard encryption method that is used by mobile devices to protect against eavesdropping. Since the system uses standard WiFi, it can adapt as the WPA2 standards evolve.
Since not only voice signals are processed and transmitted in the conference area, but also images, graphics and video clips, large amounts of data have to be processed and encrypted in some cases. This is where Barco’s Clickshare system comes in, and security was also considered in the presentation solution. The transmitted data is end-to-end encrypted so that no unauthorized person can gain access to sensitive data. Registration management and a configurable, three-level security system are also included.
The “AV over IP” system NVX from Crestron also offers a whole range of security features. In addition to the standard AES encryption for the protection of audio and video data, the 802.1x authentication ensures every single device in the network. Asymmetric PKI authentication allows cryptographic authentication of individual devices and thus a secure key exchange, which is the prerequisite for effective AES encryption. Atlona’s “AV over IP” OmniStream system also provides numerous security mechanisms.
End of cryptography by quantum computers?
The next big leap in development in terms of effective data encryption is eagerly awaited by some and feared by others: quantum computers. As little as they are likely to be suitable for conventional computer tasks such as word processing, they can still take on important supplementary tasks. One of them is the breaking down of numbers into individual factors, the prerequisite for cracking encryption. Depending on the key strength, classic computers would need years to millions of years for this, whereas quantum computers can – in theory – complete such tasks in a short time.
But scientists are already working on new encryption algorithms that are no longer based on the decomposition of sequences of numbers. In the meantime, the end of data security is not to be expected.