Milestone XProtect 2019 R1 introduced Encryption
Best performance. Encrypted end-to-end.
Ensuring the security and integrity of all Milestone installations is our top priority. We want to minimize our customers’ exposure to risk by ensuring our software and hardware is secure by design, secure by default and secure by deployment.
Milestone is committed to providing XProtect users with a great-performing VMS that is durable and highly resistant against cyber threats. The first release of 2019 follows up on that commitment with yet another cyber security tool implemented in XProtect: an SSL/TLS certificate-based encryption of all communication between the Recording Server and the servers and clients connected to it.
This means that any use of data originating in the recording server goes out to components like management, mobile, or event servers. It can also goes out to the management, mobile or smart clients. The data is fully encrypted to guarantee the highest level of security of the servers’ network. Third-party developers are also required to align their solutions with XProtect’s 2019 R1 version of MIP SDK, making all communication between the Recording Server and any integrated solutions just as cybersecure. The encryption is enabled by default in the 2019 R1 installation process, where a notification pane explains the encryption and its implications on all components and solutions communicating with the Recording Server. It is also possible, to complete the installation of the 2019 R1 version without enabling the encryption to complete the certification process at a later time.
Performance Impacts of Encryption In Video Surveillance
The performance impact of encryption on a video surveillance system is heavily dependent on the hardware of the system. To get the best performance with the lowest impact and fewest bottlenecks it is crucial to enable hardware accelerated encryption via AES (Advanced Encryption Standard). The Network Video Recorder must support AES hardware acceleration natively in order to keep encryption from overwhelming the system and dropping frames.
All Arxys Shield | Key NVR’s now support Hardware Accelerated Encryption of AES
Intel® AES New Instructions (Intel® AES-NI) is a new encryption instruction set that improves on the Advanced Encryption Standard (AES) algorithm and accelerates the encryption of data in the newest generation of Intel® Xeon® processor families and the Intel® Core™ processor families.
Comprised of seven new instructions, Intel® AES-NI gives your IT environment faster, more affordable data protection, and greater security; making pervasive encryption feasible in areas where previously it was not.
By implementing some intensive sub-steps of the AES algorithm into the hardware, Intel® AES-NI strengthens and accelerates execution of the AES application.
The seven new instructions comprising Intel® AES-NI accelerate encryption and decryption and improve key generation and matrix manipulation, all while aiding in carry-less multiplication.
This minimizes application performance concerns inherent in traditional cryptographic processing and provides enhanced security by addressing side channel attacks on AES associated with traditional software methods of table look-ups.
Arxys Shield | Key NVR’s Encryption Performance
Even with Arxys’ hardware accelerated encryption utilizing full encryption requires CPU processing time. However implemented correctly and with the right optimizations and driver tuning Arxys was able to deliver impressive results both with light and strong encryption enabled. The tests below show how much performance our activated hardware acceleration features deliver.
With a full 260 cameras running 1090P, 25FPS and with server side video motion detection and metadata collection enabled our Shield | Key R12 was able to achieve an impressively low 68% CPU utilization using strong encryption.
While not every security installation requires strong encryption today, Arxys is committed to staying ahead of security and surveillance requirements and bring the power of hardware acceleration to solve today and tomorrow’s security challenges.
For more information about TLS: https://en.wikipedia.org/wiki/Transport_Layer_Security