Showing posts with label Bandwidth. Show all posts
Showing posts with label Bandwidth. Show all posts

Tuesday, August 13, 2019

Cyber threat into Video Surveillance

Cyber threat into Video Surveillance
Yes we all are known US ban HikVision, Dahua and IPVM media cover full story time by time. Security systems are changing at an ever-increasing pace and are making more use of standard Information Technology (IT) products running over a Local Area Network (LAN) or Wide Area Network (WAN) e.g. across the Internet, where they can be remotely monitored and controlled. As a result of using Internet Protocol (IP), the opportunity has arisen for manufacturers to develop new generations of equipment from control panels, cameras, and door controllers, to fully integrated systems combining fire, access control, CCTV, intruder and building control systems. These “integrated” systems are often called security management systems as they bring together the management of all aspects of an organization’s security.
Closed-circuit television (CCTV) is a TV system in which signals are not publicly distributed, but are monitored, primarily for surveillance and security purposes. CCTV systems rely on strategic placement of cameras and observation of the camera’s input on monitors. As the cameras communicate with monitors and/or video recorders across private coaxial cable runs, or wireless communication links, they gain the designation “closed-circuit” to indicate that access to their content is limited to only those with authorisation to see it. First we need to understand below few things:

What is a network?

In simple terms, a network provides a means of communicating data between two or more computer-like devices. A network can be a LAN and can incorporate a Wireless element of networking (WLAN). Where the network has the need to communicate outside of a single LAN, a WAN is used. A WAN can connect LANs together to communicate with users and computers in other locations. The most well-known example of a WAN is the Internet.
Why use an IP network?
Traditionally, many security systems have been linked to remote monitoring centres using modem type devices connected to a telephone line to exchange information. Using a network introduces many benefits, for example a substantial financial saving compared to dial up solutions. Additionally, the use of a network can improve quality of information and the time required to connect and exchange information.

Digital formats are being chosen by many industries such as music, telephone (voice over IP networks), TV, photography etc. With so many industries making use of IP technology, networks have become extremely robust. As a result, the use of a network can make the exchange of information between a security system and a remote monitoring centre more efficient.
Internet Service Provider (ISP)
The connection between your premises and the monitoring location may use an ISP to provide the service. When choosing an ISP, you should endeavour to establish the level of service being offered. Additionally, it may be prudent to have a second ISP link. The connection between your premises and the ISP is perhaps the weaker link so if you do have concerns, you should investigate an alternate means of communication from your premises into the ISP, i.e. GPRS, GSM (mobile service providers).

Bandwidth
Bandwidth requirements (space on your network to operate) should be discussed with your IT manager. The bandwidth required to operate a CCTV system may be considerable. Your security system provider will be able to advise you on the bandwidth requirements. As a general guide, CCTV systems require considerable bandwidth to send video images over a network whereas access control, intruder alarm systems and visitor management systems that only send small amounts of data, do not require much bandwidth.

Company usage policies
You will also need to consider company policies relating to “what is allowed” to use an existing network. If the nature of your business dictates that the network shall only be used for specific applications, then this may immediately determine that a separate network must be installed for the security system.

Now SSA Integrate company Integrating existing security with IP security solutions. As now common backbone are under TCP/IP. The network of connected sensors, devices, and appliances commonly referred to as the Internet of Things (IoT) has completely changed the way business works. This is as
true of the heavy hauling and freight industry as any other. At any moment, various players in the industry can get a sense of vehicle health, cargo safety, and whether or not any infrastructure is in need of repair.
Some products allow a mixture of analogue and digital security equipment to be combined, and this means that there is not always a need to move completely to an IP based system if an existing security system is in place.
The ‘hybrid’ approach is more common where two or more security sub systems are combined to create an integrated solution. The data in a hybrid system will usually come together at one or more PC’s. Non-IP systems are often connected to a PC using a serial port, whereas IP systems will be connected over the network.

A cyber-attack at targeted points in a country or region’s network could leave it crippled, preventing people from receiving much-needed goods and services. Fortunately, it doesn’t have to be that way.
Now cyberattacks on CCTV systems making news headlines on a weekly basis of late, there is a good deal of concern and uncertainty about how at risk these systems are, as well as why they are being attacked.
In October 2016, 600,000 internet connected cameras, DVR’s, routers and other IoT devices were compromised and used to for a massive Bot Net to launch what was the largest Denial Of Service (DOS) attack the internet had experienced to date.
In 2014, a US ally observed a malicious actor attacking the US State Department computer systems. In response the NSA traced the attacker’s source and infiltrated their computer systems gaining access to their CCTV cameras from where they were able to observe the hackers’ comings and goings.

In the lead up to the 2017 US Presidential inauguration, 65 per cent of the recording servers for the city of Washington CCTV system were infected with ransomware. How did the attack take place? Whilst unknown, it most likely occurred by the same means as other common PC hacks such as infected USB keys, malicious web sites, or phishing attacks.
What was the impact? The system administrators had to wipe the infected systems and reinstall the video management system so it’s entirely possible a good deal of footage was lost, and the system was rendered inoperable for a time.
May, 2018, over 60 Canon cameras in Japan were hacked with “I’m Hacked. bye2” appearing in the camera display text. How did the attack take place? Simple. IP cameras were connected to the internet and were left on default credentials. It appears that the hackers logged into the cameras and changed the on-screen display. What was the impact? Other the defacement of the camera displays and some reputational damage, there doesn’t seem to have been much impact from these attacks.

How did the attack take place? Yet again, devices were left connected to the internet and were left on default credentials. In this case, the attackers developed software that scoured the internet searching for vulnerable devices, which they then took control using their own malicious software.

What lessons can we learn from these attacks?
Don’t connect your devices directly to the Internet. If you need to have a camera or CCTV system be remotely accessible, port forwarding all inbound traffic to your system is just asking to be attacked. Use a VPN, use non-standard network ports, enable 2 factor authentications, or use a remote access service. While these measures won’t guarantee your security, they will certainly make you less of a target for attackers that are scouring the internet for vulnerable systems.
Just because it connects to a bunch of cameras, doesn’t mean that your NVR isn’t a computer. All the cyber security advice that is applicable to traditional IT is just as applicable when said computer is used as part of a CCTV system.

On Aug 13, 2018, The US President has signed the 2019 NDAA into law, banning the use of Dahua and HikVision (and their OEMs) for the US government, for US government-funded contracts and possibly for 'critical infrastructure' and 'national Security’ usage.
US government is effectively blacklisting Dahua and HikVision products, this will have a severe branding and consequentially purchasing impact. Many buyers will be concerned about:
·         What security risks those products pose for them
·         What problems might occur if they want to integrate with public / government systems
·         What future legislation at the state or local level might ban usage of such systems

On Jun 06, 2019 Hanwha Techwin is dropping Huawei Hisilicon from all of their products. Its belongs to China’s origin. Backdoor entry are open on product.

The tightening noose around Chinese technology firms is driven by the Trump administration’s view that China poses an economic, technological and political threat, a stance that country is likely to retaliate against. The two companies prompted concern that they could be employed in espionage, according to people familiar with the matter. Last week, the administration banned Huawei Technologies Co. from purchasing American technology amid similar suspicions of spying capabilities and Chinese laws that could require home-grown firms to hand over information if asked.

Hikvision, which is controlled by the Chinese government and Dahua are leaders in the market for surveillance technology, with cameras that can produce sharp, full-color images in fog and near-total darkness. They also use artificial intelligence to power 3D people-counting cameras and facial recognition systems on a vast scale.

A Chinese firm whose subsidiary has been shortlisted to supply security cameras for the national capital is on a US watch list, with an advisory on threats, including remote hacking and potential backdoor access. 


Concerns have also been raised on the firm being owned by the Chinese government, adding a twist to the controversy over a Delhi government project to install 1.5 lakh CCTV cameras across the city.  Now question is how you Prevent Malware Attacks:
1.   Manage your router: Earlier this year, the FBI recommended that everyone reboot all home routers and small office routers. In a previous blog on the subject, Davis stated that “rebooting will disable the active malware called “VPN Filter" which has infected hundreds of thousands of routers across the Internet, and it will help the FBI assess the extent of the infection.” While this was an isolated incident in time,
2.   Disable UPNP: UPNP will automatically try to forward ports in your router or modem. Normally this would be a good thing. However, if your system automatically forwards the ports, and you leave the credentials defaulted, you may end up with unwanted visitors.
3.   Disable P2P: P2P is used to remotely access a system via a serial number. The possibility of someone hacking into your system using P2P is highly unlikely because the system’s user name, password, and serial number are also required.
4.   Disable SNMP if you are not using it. If you are using SNMP, you should do so temporarily, for tracing and testing purposes only.
5.   Disable Multicast: Multicast is used to share video streams between two recorders. Currently there are no known issues involving Multicast, but if you are not using this feature, you should disable it.
6.   Cameras connected to the POE ports on the back of an NVR are isolated from the outside world and cannot be accessed directly.
7.   Only forward the HTTP and TCP ports that you need to use. Do not forward a huge range of numbers to the device. Do not DMZ the device's IP address.
8.   Protect your computer from vulnerabilities: Clean up your computer by removing old software programs no longer in use, and make sure to install patches regularly. Updating firmware safeguards equipment by patching known vulnerabilities often adds features and sometimes will improve system performance.
9.   Use firewalls and firebreaks (network segmentation): Place devices behind firewalls to protect them from untrusted networks, such as the Internet. And, use network segmentation—splitting a network into separate networks that are isolated, not connected—so a compromise in one part of the network won’t compromise the other (i.e. human resources and finance). This works much like a firebreak, which is a strip of land in a wooded area or forest where the trees have been removed to prevent a fire from spreading.
10. The network your NVR and IP camera resides on should not be the same network as your public computer network. This will prevent any visitors or unwanted guests from getting access to the same network the security system needs in order to function properly.


Some Protection Protocols:

Cyber security procedures for video surveillance devices across the threat spectrum require certain protection protocols.

Weaponizing IP Cameras (Threat High)

Most IP cameras today are manufactured with an open operating system, or basic kernel, that gives no real consideration to data or cybersecurity. For years, people have asked about the security of the video that their system produces; now, people are asking if their IP camera system can be used against them.
Think of an IT administrator who has worked diligently to secure a network, servers and mobile devices who then finds out that the 200 recently installed IP cameras on the edge of that network that are vulnerable to root kits, can be weaponized and used as attack platforms against their own network – and there is no way to monitor them.

This may seem far-fetched, but in Sept. 2016, 1.5 million IP cameras, DVRs and L3 network devices were highjacked in the largest DDOS attack ever seen. So what are the current fundamental considerations that an organization needs to take into consideration before placing an IP camera on their network? 

Protection Protocol:

·         The operating system (OS) on a video device should be a closed OS that runs in limited memory space.
·         Nothing should be able to be written to the device itself with the exception of digitally signed firmware. If the device has the ability to run third-party apps, it can be weaponized.
·         Common ports should be disabled by default. From a vulnerability and pen testing perspective, the more ports that are open, the more opportunity there is to leverage a device or the services on that device.
·         Video devices should utilize HSTS/ HTTP Strict Transport Security if you are going to implement end-to-end security. This protocol helps protect against protocol downgrade attacks, cookie high jacking, as well as forces an HTTPS connection to the device.
·         Consider devices with a built-in “firewall” to prevent dictionary attacks from Botnets.
·         Monitor user accounts and access to the video devices. Most IP cameras are installed with the default user name and password, and if installed on an accessible network, a connection can be established from anywhere in the world. Devices should have a force password feature that also adheres to password policies, such as length and complexity.
·         Monitor a device’s chain of custody. The vendor should have a secure chain of custody during a manufacturing process all the way through to the final sale. If they are not manufactured in a controlled environment, video devices can be tampered with at any time prior to being sold to the customer

Attacking Servers and NVRs (Threat High)

Most VMS servers and NVRs reside on either a Windows operating system or some flavor of Linux. There is an illusion of security that most of us have with regards to OS security, but just take a look at an OS vulnerability chart and that illusion will quickly disappear.
A base unpatched Windows Server 2012 OS has 36 vulnerabilities; a standard Linux distribution has 119. Most vulnerability that machines are subject to are a result of “add-ons” – such as Internet Explorer (242) and Chrome (124). While Windows Server is a more secure platform, it is also a bigger target due to its market share and utilization.

Protection Protocol:

·         As with any machine on a network, it is imperative that the most current updates and patches are applied to video system devices.
·         Ensure a VMS can work within your network policies and environment while a network firewall and anti-virus software are operational.
·         Use hardened password policies, restricted physical and network access, and disable USB ports.

Recorded Video (Data at Rest-Threat Medium)

The two primary purposes of any video system are to act as a deterrent and to be used as admissible evidence in a court of law, if needed. Technically, digital video falls under the scrutiny of the Federal Rules of Evidence (FRE) as it pertains to digital evidence, and authenticity affects admissibility.

Most NVR systems write video in a base file format such as *.AVI,*.G64, *.MKV. If the video drives are accessible via network share, they are subject to tampering.

Protection Protocol:
·         Video, if written in a readable format, should be encrypted to reduce accessibility and the possibility of tampering.
·         Video devices should use some form of hashing as a form of authenticity. Hashing provides the “Data Fixity” of a file and is a form of admissible evidence. Older forms of authenticity, such as water marking can be considered video tampering.
·         The VMS should also provide a way to protect original incident video for any undefined time beyond the system’s retention time in case of prolonged court cases.  

Playback and Export (Data in Use-Threat Medium)
The current biggest threat to recorded video is internal employees posting incident video footage to social media or leaking it to the press. The need to keep recorded video secure is paramount for many reasons. Unrestricted access to recorded video can cause several different types of issues, including legal and HR incidents. 

Protection Protocol:
·         Be sure your VMS provides granular privileges concerning the export, deletion and protection of recorded video.

Streaming Video (Data in Motion-Threat Low)
While the actual threat of streaming video being intercepted and used in some way is low, the knowledge that the data from a specific IP address is video can be used against you. From the aspect of network enumeration, an attacker now knows he has non-PC target(s) that he can try to leverage.

Protection Protocol:
·         Video devices should be able to utilize HTTPS communications, with certificates. This ensures secure end-to-end communications including control channels and video payload.
·         Video devices should be equipped with a Trusted Platform Module (TPM) to securely store certificates utilized in different secure network scenarios such as 802.1x  and Public Key Infrastructure (PKI).
·         Your video devices should have features that provide the ability to disable certain protocols such as ICMP, Telnet, and FTP.

Few Current Development:





3. IPVM Report

Monday, March 19, 2012

Transmission of Camera Video Signals by Cable


A CCTV cable is basically an RG59 coaxial cable that is used to transmit a video signal between your security camera and the DVR (Digital Video Recorder). The RG59 is attached to both the security camera and DVR via a male BNC connector. The female BNC connection on the back of the DVR and security camera allows for these components to attach. The BNC connection creates a locking mechanism that creates a long lasting solid connection.
 
This is not meant to be a textbook on transmission but is intended to remove some of the mystery associated with various methods of transmission. Many approximations and simplifications have been used in writing this guide. This is to make the subject more understandable to those people not familiar with the theories. For general application in the design of CCTV systems it should be more than adequate and at least point the way to the main questions that must be addressed. The manufacturers of transmission equipment will usually be only too keen to help in final design.

 This connection diagram illustrates the many methods of getting a picture from a camera to a monitor. The choice will often be dictated by circumstances on the location of cameras and controls. Often there will be more than one option for types of transmission. In these cases there will possibly be trade offs between quality and security of signal against cost. This diagram could now include transmission by IP networks. 

General Principles
 
Video Signal
The essential components of the video signal are covered in Chapters two and three. Certain aspects that are related to the effective transmission of those signals are repeated in this chapter where it is necessary to save continuous cross-reference.
Synchronizing
The video signal from a TV camera has to provide a variety of information at the monitor for a correct TV picture to be displayed. This information can be divided into: Synchronizing pulses that tell the monitor when to start a line and a field; video information that tells the monitor how bright a particular point in the picture should be; chrominance that tells the monitor what colours a particular part of the picture should be (colour cameras only).
Bandwidth
The composite video output from the average CCTV camera covers a bandwidth ranging from 25Hz to 5MHz. The upper frequency is primarily determined by the resolution of the camera and whether it is monochrome or colour. For every 100 lines of resolution, a bandwidth of 1MHz approximately is required. Therefore, a camera with 600 lines resolution gives out a video signal with a bandwidth of approximately 6MHz. This principle applies to both colour and monochrome cameras. However, colour cameras also have to produce a colour signal (chrominance), as well as a monochrome output (luminance). The chrominance signal is modulated on a 4.43MHz carrier wave in the PAL system therefore a colour signal, regardless of definition, has a bandwidth of at least 5MHz.
Requirements to Produce A Good Quality Picture
From the above it will be obvious that to produce a good quality picture on a monitor, the video signal must be applied to the monitor with little or no distortion of any of its elements, i.e. the time relationship of the various signals and amplitude of these signals. However in CCTV systems, the camera has to be connected to a monitor by a cable or another means, such as Fibre Optic or microwave link. This interconnection requires special equipment to interface the video signal to the transmission medium. In cable transmission, special amplifiers may be required to compensate for the cable losses that are frequency dependent.

Cable Transmission
All cables, no matter what their length or quality, cause attenuation when used for the transmission of video signals, the main problem being related to the wide bandwidth requirements of a video signal. All cables produce a loss of signal that is dependent primarily on the frequency, the higher the frequency, the higher the loss. This means that as a video signal travels along a cable it loses its high frequency components faster than its low frequency components. The result of this is a loss of the fine detail (definition) in the picture.
The human eye is very tolerant of errors of this type; a significant loss of detail is not usually objectionable unless the loss is very large. This is fortunate, as the losses of the high frequency components are very high on the types of cables usually used in CCTV systems. For instance, using the common coaxial cables URM70 or RG59, 50% of the signal at 5MHz is lost in 200 meters of cable. To compensate for these losses, special amplifiers may be used. These provide the ability to amplify selectively the high frequency components of the video signal to overcome the cable losses.
Cable Types
There are two main types of cable used for transmitting video signals, which are: Unbalanced (coaxial) and balanced (twisted pair). The construction of each is shown in diagrams 15.2 and 15.3. An unbalanced signal is one in which the signal level is a voltage referenced to ground. For instance, a video signal from the camera is between 0.3 and 1.0 volts above zero (ground level). The shield is the ground level.
A balanced signal is a video signal that has been converted for transmission along a medium other than coaxial cable. Here the signal voltage is the difference between the voltages in each conductor.
External interference is picked up by all types of cable. Rejection of this interference is effected in different ways. Coaxial cable relies on the centre conductor being well screened by the outer copper braid. There are many types of coaxial cable and care should be taken to select one with a 95% braid. In the case of a twisted pair cable, interference is picked up by both conductors in the same direction equally. The video signal is traveling in opposite directions in the two conductors. The interference can then be balanced out by using the correct type of amplifier. This only responds to the signal difference in the two conductors and is known as a differential amplifier.
Unbalanced (Coaxial) Cables
This type of cable is made in many different types of impedance. In this case impedance is measured between the inner conductor and the outer sheath. 75-Ohm impedance cable is the standard used in CCTV systems. Most video equipment is designed to operate at this impedance. Coaxial cables with an impedance of 75 Ohms are available in many different mechanical formats, including single wire armored and irradiated PVC sheathed cable for direct burial. The cables available range in performance from relatively poor to excellent. Performance is normally measured in high frequency loss per 100 meters. The lower this loss figure, the less the distortion to the video signal. Therefore, higher quality cables should be used when transmitting the signal over long distances.
Another factor that should be considered carefully when selecting coaxial cables is the quality of the cable screen. This, as its name suggests, provides protection from interference for the center core, as once interference enters the cable it is almost impossible to remove. 
Unbalanced Cable

Balanced (Twisted Pair) Cables
In a twisted pair each pair of cables is twisted with a slow twist of about one to two twists per meter. These cables are made in many different types of impedance, 100 to 150 Ohms being the most common. Balanced cables have been used for many years in the largest cable networks in the world. Where the circumstances demand, these have advantages over coaxial cables of similar size. Twisted pair cables are frequently used where there would be an unacceptable loss due to a long run of coaxial cable.

The main advantages are:
1. The ability to reject unwanted interference.
2. Lower losses at high frequencies per unit length.
3. Smaller size.
4. Availability of multipair cables.
5. Lower cost.
Balanced Cable
The advantages must be considered in relation to the cost of the equipment required for this type of transmission. A launch amplifier to convert the video signal is needed at the camera end and an equalizing amplifier to reconstruct the signal at the control end.
Impedance
It is extremely important that the impedance of the signal source, cable, and load are all equal. Any mismatch in these will produce unpleasant and unacceptable effects in the displayed picture. These effects can include the production of ghost images and ringing on sharp edges, also the loss or increase in a discrete section of the frequency band within the video signal.
The impedance of a cable is primarily determined by its physical construction, the thickness of the conductors and the spacing between them being the most important factors. The materials used as insulators within the cable also affect this characteristic. Although the signal currents are very low, the sizes of the conductors within the cable are very important. The higher frequency components of the video signal travel only in the surface layer of the conductors.
Transmission Impedance
For maximum power transfer, the load, cable and source impedance must be equal. If there is any mismatch, some of the signal will not be absorbed by the load. Instead, it will be reflected back along the cable to produce ghost image.

Tips and hints while installing co-axial cable.

1. Use solid core co-axial cable only, not stranded cable. The solid core must have a copper core with copper shield
2. Avoid high voltage cable. A good rule to follow is: for every 100 volts there should be a separation of 1ft between the video cable and power cable.
3. While cabling, avoid areas like electrical equipment or transmitter rooms etc., where EMI interference is expected. This can create all types of interference to the video picture. Co-axial cable is very easily prone to EMI.
4. Minimize cable breaks - Every extra connection in the cable can deteriorate the quality of the video signal. If unavoidable, make sure the insulation is good; otherwise over time the exposed cable can touch the ground causing ground loop currents. It may be difficult or expensive to fix such problems in the future.
5. Avoid sharp bends, which affects the cable impedance causing picture reflection and distortion. This is especially true while getting all the cable into the CCTV monitor rack.
6. Poor BNC connections is the major cause of poor picture quality. Also BNC connectors should be replaced every couple of years and should be part of the system maintenance program.
7. Use metal conduits for high security applications.
8. Use heavy-duty cable for outdoor applications providing better protection against the elements.


Before choosing the CCTV cable for your application put some thought into the location of your power supply and your video recording device to determine if using a Siamese CCTV Cable type or individual cables (separate RG59 and 18/2) best suit your installation. If all your equipment is in one central location then using a Siamese CCTV Cable may provide you with the most professional and cleanest installation. We hope your surveillance system installation is a complete success! Good Luck!


Sunday, August 14, 2011

IP CCTV transmission methods

There are essentially three ways of transmitting video streams over the network from the source to the destination: broadcast, unicast and multicast.

Broadcast
Broadcast is defined as a one-to-all communication between the source and the destinations. In IP video surveillance, the source refers usually to the IP camera and the destination refers to the monitoring station or the recording server. In this case, broadcasting would mean that the IP camera would send the video stream to all monitoring stations and recording servers, but also to any IP devices on the network, even though only a few specific destination sources had actually requested the stream. Typically, this method of transmission is not commonly used in IP video surveillance applications, but can be seen more often in the TV broadcasting industry where TV signals are switched at the destination level.

Unicast
Unicast is defined as a one-to-one communication between the source and the destination. Unicast transmissions are usually done in TCP or UDP and require a direct connection between the source and the destination. In this scenario, the IP camera (source) needs to have the capabilities to accept many concurrent connections when many destinations want to view or record that same video at the same time.
In terms of video streaming in unicast transmission, the IP camera will stream as many copies of the video feed requested by the destinations. In figure 1 below, three copies of the same video stream are sent over the network; one copy for each of the three destinations requesting the stream. If each video stream is 4 Mbps, this transmission will produce 12 Mbps (3x4Mbps) of data on multiple network segments.

As a result, many destinations connected in unicast to a video source can result in high network traffic. In other words, if we imagine a large system with 200 destinations requesting the same video stream, we would end up having 800 Mbps (200x4Mbps) of data travelling over the network, which is realistically unmanageable. Although this method of transmission is widely used over the Internet where most routers are not multicast-enabled, within a corporate LAN, unicast transmission is not necessarily the best practice as it can quickly increase the bandwidth needed for viewing and recording camera streams.

Multicast
In multicast transmission, there is no direct connection between the source and the destinations. The connection to the video stream of the IP camera is done by joining a multicast group, which in simple terms means actually connecting to the multicast IP address of the video stream. So the IP camera only sends a single copy of the video stream to its designated IP address and the destination simply connects to the stream available over the network with no additional overhead on the source. In other words, the destinations share the same video stream. In figure 2 below, the same three destinations requesting the video stream have the same impact on the network as a single destination requesting the stream in unicast and there is no more than 4 Mbps of data travelling on each segment of the network. Even with 200 destinations requesting that video stream, the same amount of data would be travelling on the network.

It is evident at this point that using multicast transmissions in an IP video surveillance application can save a lot of bandwidth, especially in large scale deployments where the number of destinations can grow very quickly.


Bandwidth optimisation for IP CCTV
When it comes to IP video surveillance, it is important to efficiently manage the way video streams are transmitted over the network in order not to overload the available bandwidth. Even though IT infrastructures are built to handle any kind of data, the applications generating traffic over the IP network need to be conducive with the efficient utilization of the network resources in place. To this end, different functionalities and mechanisms are offered by IP video surveillance solution providers to allow optimization of bandwidth and network resources such as:
• Multicasting
• Multistreaming
• Video compression

Even though the capacity and speed of the network are constantly increasing and its associated costs are declining, this is still not a good reason for users to ignore the additional investments and efforts needed to optimise bandwidth management. The amount of data travelling on the network is also still on the rise and therefore, investments in bandwidth optimization are ones that can contribute to a reduction in total cost of ownership, specifically in respect to efficiency gains and maximized resources.

For example, in video surveillance, more and more end-users are requesting cameras with higher picture quality and resolution, often opting for high-definition and megapixel cameras. These types of cameras require much more bandwidth than standard definition cameras. Also, more and more people inside as well as outside an organization’s walls are requesting access to video streams over the network. In the case where a large number of users are simultaneously trying to access a specific video stream, efficient use of network resources can be crucial in avoiding overloaded capacity and entire network crashes.
It is equally important to realize that optimizing the bandwidth on the network does not necessarily go hand in hand with large capital investments, but is more a matter of putting the right solutions in place and leveraging the unique and powerful capabilities of these solutions.

Saturday, August 13, 2011

Which Image Quality is Better

When thinking about maximizing image quality, resolution is usually the first thing that comes to mind. However, resolution is not the only factor that impacts quality. The amount of bandwidth available and used can have a dramatic impact on image quality. In this report, we examine bandwidth and the effect that it has on quality across numerous cameras.
Which Image Quality is Better?
To better understand image quality, let's start by examining two samples of the same scene side by side:
 
Consider two questions:
1. Which camera has higher resolution? A or B?
2. Which camera is better? A or B?
It is pretty obvious that the image from Camera B is better so this should be a simple case.
The reality is that those images are from the same camera at the same resolution and frame rate (720p/30). All that was done to the camera was changing the Constant Bit Rate target from 512 Kb/s to 8 Mb/s.
Factors Impacting Quality:
Even with the same resolution, two common settings impact quality: 
1. Bit Rate: Most cameras can have their bit rate adjusted to specific levels (e.g., 512 Kb/s, 2 Mb/s, 8Mb/s, etc.) 
2. Quantization Level: Most cameras can have the level of compression adjusted (often called a quality or compression setting with options from 1-10 or 0-100)
Typically, these are mutually exclusive. If you lock in bit rate, the camera will automatically adjust the quantization level to not exceed the bandwidth set. Vice versa, if you set the quantization level, the camera will automatically change the bandwidth consumed to make sure the quality / compression always stays at the same level.
Our Test Process
We wanted to better understand how changes in these two factors impact video quality. To do so, we did a series of tests with three HD cameras: the Axis P1344, the Sony CH140 and the Bosch NBN-921.
For the bandwidth tests, we tested each camera at the following levels:
  • 512 Kb/s
  • 1 Mb/s
  • 2 Mb/s
  • 4 Mb/s
  • 8 Mb/s
We did this across a series of scenes to see how quality would vary in different conditions:
  • Daytime Indoors (300 lux)
  • Nighttime Indoors (.5 lux)
  • Daytime Intersection
Finally, we did a similar series of tests varying the quality level of a VBR camera (the Axis across 0, 30, 60 and 100 levels) to better understand changes in quality and bandwidth consumption.

Sunday, February 27, 2011

Capturing Crystal Clear Images With Megapixel Technology

Megapixel surveillance is not a new concept — its applications and benefits are starkly clear. What has changed are smarter cameras, taking advantage of the added pixels and a better understanding of illumination in real life. In the first of a two-part report, A&S examines how smarter megapixel cameras are getting; the second part looks at best practices for optimal performance.

The big picture for megapixel surveillance cameras looks bright, in the wake of the recession. HD and megapixel cameras are expected to make up nearly 30 percent of network camera shipments in 2011, according to IMS Research. By 2015, it is forecast that more than 60 percent of network cameras shipped will be of megapixel resolution.

The resolution increase has a noted effect on the whole surveillance system. While a 2.1-megapixel or 1,080p HD image is six times larger than a D1 image, the additional pixels require a bigger pipe to transmit more data. The infrastructure and storage costs for megapixel are well-documented, with ROI and TCO being used as arguments in favor of bigger pictures. The fate of megapixel is linked to the future of IP networks, with HD forecast to make up most high-resolution cameras compared to megapixel, according to IMS.

Megapixel surveillance requires careful planning, but the benefits of added resolution boost the accuracy of analytics. Edge devices take advantage of faster processors, resulting in smarter use of pixels. Analytics can help reduce bandwidth, as an event will trigger video streaming, rather than constantly sending the same still images over the network. A more distributed architecture puts less strain on networks and makes life easier.

Clarity is the main driver for megapixel. “At the end of the day, you're putting in a security system to protect life and provide evidence in a court of law,” said Stephen Moody, Security Development Manager for ViS Security Solutions, an integrator in Ireland.

Cracking the Code
H.264 is the de facto standard compression for megapixel cameras, due to its efficiency in crunching large data files into smaller ones for transmission and storage. As compression evolved from M-JPEG's stills to MPEG-4 and now to H.264, a variety of profiles yield differences in performance. With 17 profiles in all, three are the most common: baseline, main and high, said Sachin Khanna, PM for CCTV, Bosch Security Systems.

By profile, the baseline is appropriate for video conferencing; the main profile is good for broadcast video; and high profile is most applicable for HD broadcast video. “H.264 requires a fair amount of processing power for encoding and decoding; this may limit the camera's frame rate and dictate the NVR platform to achieve the desired performance,” said Rich Pineau, CTO of Oncam Global.

Most H.264 profiles stem from 2-D applications, with not all profiles being capable of integration. “Even if both cameras are H.264 and the manufacturers are partners, the system could still not work,” said Patrick Lim, Director of Sales and Marketing for Ademco Far East. “The I/O and output are hard to integrate. Some engineers say it's easy to plug and play — there's no such thing.”