Fusion stream encryption is a proprietary
technology of Genetec Inc. used to protect the privacy of your video archives. The
Archiver uses a two-level encryption strategy to ensure that only authorized client
machines or users with the proper certificates on smart cards can access your private
data.
What is a fusion stream?
Fusion stream is a proprietary data structure of Genetec
Inc. for streaming multimedia. Each fusion stream is a bundle of data (video, audio, and
metadata) streams and key streams related to a single camera. Fusion streams are
generated on specific client requests. The key streams are included only if the data
streams are encrypted.
Benefits of fusion stream encryption
The benefits of fusion stream encryption are as follows:
- No data captured by Security
Center is stored or
transmitted as plaintext. This means that the privacy of your
data is protected even if you outsource the management of your data center.
- Data streams are encrypted using the US government approved AES 128-bit encryption standard.
- The keys used to encrypt the data streams change every minute, discouraging any kind of
brute-force attack.
- Each data stream is encrypted with a different key stream, reducing the attack
surface.
- The key streams are encrypted using public key encryption,
ensuring that only authorized client machines (with a valid private key) can view the protected data. The private key can be
installed on the machine or accessed from a smart card reader.
- If a private key is compromised (leaked out), you can prevent it from ever being used
again on your system.
- Encryption overhead is kept to a minimum by encrypting the data stream only once.
Redirectors and Auxiliary Archivers do not have to re-encrypt the data.
Limitations
The limitations of fusion stream encryption are as follows:
- Multicast from the video unit is supported only if the unit supports encryption and is
connected through HTTPS.
- Recordings on the edge cannot be encrypted. Turn edge recording off if you want
encryption.
- Video encrypted in version 5.8 and
later cannot be decrypted in version 5.7 and earlier.
- Encrypted video cannot be viewed on Security Center Mobile devices.
- Motion detection by the Archiver is not supported when encryption is on.
- Thumbnails cannot be generated for encrypted video.
- Encryption cannot be added after the video has been archived.
However, you can still encrypt
your exported video files. For more information, see the Security
Center User Guide.
- New encryption keys cannot be added to archived data, which means that authorization to
view archived data cannot be granted to new machines.
- Encryption certificates are only validated for expiration dates. This means that any
certificate you enroll takes effect immediately, regardless of its activation date.
CAUTION: If a certificate
expires it is no longer used for encryption. When there are no valid certificates left,
video recording is stopped.
- Encryption cannot be removed from the video archives.
The workaround is to export your video in ASF
format.
- Encrypted video cannot be exported in legacy G64 format.
When you export encrypted
video in G64x format, the video is exported with encryption. All information necessary
for the decryption of the video are found in the G64x file.
- Encrypted video cannot be recovered if you lose all your private keys.
See Best practices for managing private keys.
