Why AV Media Encryption is Essential
Audinate’s Product Marketing Manager, Audio, Greg Kopchinski, outlines why media encryption matters on AVoIP networks.
28 August 2024
Text:/ Greg Kopchinksi
Cybersecurity is crucial to protect sensitive information from cyber threats such as hacking, data breaches, ransomware, and identity theft. As cyber threats evolve, robust cybersecurity practices are essential to defend against increasingly sophisticated attacks and to maintain a secure online environment.
It’s essential to recognise that robust cyber security comprises several aspects, including user authentication, firewalls, network segmentation, transaction logging (traceability), and more. Encryption is an important piece of the security hierarchy, but all facets of network security are vital to protect private information from being exposed.
AV SECURITY DRIVERS
While many companies are self-motivated to protect their digital assets, governmental cyber regulations have recently been introduced to protect user data. For example, the European Cyber Resilience Act is a legislative proposal to bolster the cybersecurity of digital products and services across the European Union. The act mandates that digital products must meet baseline security requirements, including secure software development practices, vulnerability handling, regular security updates, and ensuring the integrity and confidentiality of data. Moreover, new directives and regulations will apply to connected AV equipment as AVoIP systems evolve and converge with traditional corporate IT networks.
AV equipment security must be considered at multiple levels, including device, network, and media protection. Device security involves aspects like secure booting, secure firmware updates, operating system patches, and device locking to protect from digital or physical breaches. Network-level security includes user authentication, network segmentation to safeguard access to authorised resources, and event logging if an issue occurs to help troubleshoot and prevent reoccurrence. Media protection rounds out AV system security with end-to-end encryption of any network-transmitted information, whether data, control signals, audio, or video.
WHAT’S INVOLVED
End-to-end media encryption is a network transport method where the content is encrypted on the sending device and only decrypted on the receiving device. Media encryption is crucial for AVoIP networks that transport sensitive information, such as in finance, healthcare, and government agencies, to protect the encrypted content from eavesdropping or unauthorised access. For example, encrypting audio captured by an AoIP conference room microphone and decrypting it at the networked loudspeaker or conference system prevents the audio from being intelligible if it is purposely or maliciously routed to another network device.
A proven and trusted encryption method is AES-256 (Advanced Encryption Standard with a 256-bit key), a highly secure symmetric encryption algorithm that uses a 256-bit key to encrypt and decrypt data. This key size provides a high level of security and is considered robust against brute-force attacks, where an attacker tries all possible keys until finding the correct one. It is widely used across various applications due to its strong security properties and efficiency.
Interoperability and, by extension, encryption between different manufacturers can be very challenging. A classic fix for both interoperability and encryption challenges is the manufacturer-specific ecosystem or ‘walled garden’ approach — a single-brand universe of products. The main advantage of this ecosystem is that the products work well together, like so many building blocks. However, the obvious downside is that the complete solution is limited to that one brand and the available options, which may not be well-suited to every installation.
Integrating secure AV equipment with encryption between two or more manufacturers can make key management exceptionally challenging. The encryption keys are critical to the process — they’re the secret decoder rings. AES-256 uses the same key for both encryption and decryption, which must be kept secret to maintain the security of the encrypted data. In a multi-manufacturer AV system, identifying the ‘key master’ and synchronising keys is problematic at best, with many solutions requiring manual key management and synchronisation.
An alternate solution for multi-manufacturer interoperability and encoding is having a third party develop a fully supported, end-to-end interoperability and encryption solution like Dante. Third-party solutions take the problem of key management out of the hands of manufacturers. Keys — like passwords — must be updated regularly to maintain security, and manually updating them can be time-consuming and subject to human error. With manufacturer-agnostic third-party solutions, keys can be updated or ‘rolled’ on demand and automatically deployed to endpoints through a central control platform rather than undertaking the more convoluted process of individually updating endpoints.
WHAT THE FUTURE LOOKS LIKE
Today’s network-enabled AV endpoints are IT endpoints and should be treated as such. Any equipment on the network must be secure, and a plan must be established for maintaining its security through ongoing vulnerability testing and timely firmware/software updates against vulnerabilities or new security threats.
Manufacturers and integrators must adhere to emerging regulations, so more end-to-end encrypted solutions will likely be required in the near future. That said, not every system needs encryption, so the most robust outcome will likely include encryption capabilities in products that can be enabled through a network management system on a device-by-device basis. Media encryption will be crucial for securing and safeguarding information shared in meeting rooms with the next generation of AVoIP installations.
RESPONSES