What is Endura signing and how does it work?

Issue

In the Web interface for Sarix cameras, there is an check box for Endura signing, as shown in the figure below:

Product Line

Pelco Cameras, Pelco Video Management

Environment

Endura video management system, all versions

Cause

Not applicable

Resolution

Endura signing is a technology designed to prevent the tampering of video and ensure video authenticity for use in legal proceedings. Only exported video is validated in the Pelco export player when the user clicks on the "Authenticate" button. Live video is not validated.

How it works

Every device in an Endura system has a public and private RSA key. The public key is available to any device on the network that requests it. The private key is kept on the camera or encoder and is not distributed.

With Endura signing enabled, the camera performs the following steps:

  1. The public key of the device is inserted into a UPnP message with the stream parameters.
  2. The sender generates an I-frame.
  3. The sender generates a SHA-256 hash function checksum of the I-frame.
  4. This checksum is encrypted using the sender's RSA private key.
  5. In the UserData section of the I-frame the sender inserts the sender's RSA encrypted checksum.
  6. The message is then sent to the receiver.

The following steps are taken to receive and verify the signed I-frame of encoded video:

  1. The receiver receives the digitally-signed I-frame
  2. The receiver extracts the RSA encrypted checksum from the UserData section of the frame.
  3. The receiver decrypts the checksum obtained from the digitally signed I-Frame using the sender's RSA public key (obtained from the stream parameters UPnP message).
  4. The receiver then generates it's own checksum of the I-frame. It compares this value with the decrypted checksum. If the newly calculated value matches the value of the signed I-frame, the video is validated. If the values are not identical, validation fails.

Only video I-frames are validated. The remaining P-frames are not signed or validated at any point in the system. This does not prevent an unauthorized person viewing the video by "listening" on the network. However it does prevent the replacement, or hijacking, of the authorized stream with an unauthorized and unverified stream.