specs icon indicating copy to clipboard operation
specs copied to clipboard

Published 20 hours ago verified publisher icon onvif

Media signing specification

Open svefredrik opened this issue 3 years ago • 1 comments

Add media signing specification

This specification defines how media from ONVIF devices is signed to give a guarantee that the media has not been manipulated since it was transmitted from the device.

svefredrik avatar Oct 04 '22 12:10 svefredrik

Planned work: Review Informative vs Normative language and move the segments accordingly. Address the currently open 24 comments

axelks avatar Oct 14 '22 06:10 axelks

SEI frames are optional in the media stream. If the man in the middle removes SEI frames, how client identifies device sends the signed media or not?

venki5685 avatar Nov 08 '22 14:11 venki5685

"This document is then signed (hashed and encrypted) to produce a signature as signature = encrypt(h(document)) and together with the document itself is added to the stream in a SEI, that is, SEI = document + signature." Is the signature is encrypted? If yes, with out private key how client will decrypt the encrypted signature? How private key is shared to the client from the device?

If the signature is not encrypted, man in middle can replace certificate & public key, re-compute hash of NULLs using his own private key and then re-add SEI frames back to the media stream.

venki5685 avatar Nov 08 '22 14:11 venki5685

is there any indication to the client form the device media stream was signed since SEI frames are optional and it is possible for the attacker to remove it during the transmission.

venki5685 avatar Nov 08 '22 14:11 venki5685

is there any indication to the client form the device media stream was signed since SEI frames are optional and it is possible for the attacker to remove it during the transmission.

Out of scope. We don't intend to detect this type of manipulation.

svefredrik avatar Nov 09 '22 11:11 svefredrik

SEI frames are optional in the media stream. If the man in the middle removes SEI frames, how client identifies device sends the signed media or not?

Out of scope

svefredrik avatar Nov 09 '22 11:11 svefredrik

Many kind thanks for working through my comments and questions it was most appreciated. I hope you found them functionally constructive 👍

kieran242 avatar Nov 09 '22 13:11 kieran242

"This document is then signed (hashed and encrypted) to produce a signature as signature = encrypt(h(document)) and together with the document itself is added to the stream in a SEI, that is, SEI = document + signature." Is the signature is encrypted? If yes, with out private key how client will decrypt the encrypted signature? How private key is shared to the client from the device?

If the signature is not encrypted, man in middle can replace certificate & public key, re-compute hash of NULLs using his own private key and then re-add SEI frames back to the media stream.

Yes it's by definition encrypted.

svefredrik avatar Nov 10 '22 09:11 svefredrik

"This document is then signed (hashed and encrypted) to produce a signature as signature = encrypt(h(document)) and together with the document itself is added to the stream in a SEI, that is, SEI = document + signature." Is the signature is encrypted? If yes, with out private key how client will decrypt the encrypted signature? How private key is shared to the client from the device?

If the signature is not encrypted, man in middle can replace certificate & public key, re-compute hash of NULLs using his own private key and then re-add SEI frames back to the media stream.

Yes it's by definition encrypted.

A man in the middle can always replace certificate & public key and then compute a new signature, but in this case the player should not trust the certificate anymore.

fschuetz04 avatar Nov 10 '22 10:11 fschuetz04

do we have capability flag for the client to know whether the device supports media signing or not? is it possible for the client to enable/disable media signing from the device if the client is facing jitter or packet loss issues in the network? Is it possible for the client to know what signature algorithms device can support for media signing and how client can choose one of the supported device signing algorithms using ONVIF interface?

venki5685 avatar Nov 13 '22 18:11 venki5685

do we have capability flag for the client to know whether the device supports media signing or not? is it possible for the client to enable/disable media signing from the device if the client is facing jitter or packet loss issues in the network? Is it possible for the client to know what signature algorithms device can support for media signing and how client can choose one of the supported device signing algorithms using ONVIF interface?

I have added enabling/disabling of media signing in the Media2 spec. The signing algorithm is not configurable right now. Is that needed?

svefredrik avatar Feb 15 '23 09:02 svefredrik

Please use #372 for comments. This PR had to be closed due to moving the branch to onvif.org

HansBusch avatar Nov 15 '23 14:11 HansBusch