Encrypted storing video while recording

Discussions related to the 1.36.x series of ZoneMinder
Post Reply
olanorman
Posts: 4
Joined: Mon May 16, 2022 12:01 pm

Encrypted storing video while recording

Post by olanorman »

Hi, is it possible to store video while recording and make it encrypted, maybe in sections intervals. If i use PIR sensor or similar motion recognition on camera I can start an interval of, lets say 5 seconds and store it encrypted. Then i can film everything and store it at longer intervals, only when motion is detected its shorter intervals?

I would like computer to run zoneminder and be locked so if some1 gets physicall access to the computer they will not be able to delete the videofiles. They can offcourse steal the computer and run away or damage it, but then I know they have been there. I would be able to Store it on a cloud or something, but then if they have access to my powerline they can turn off my internet b4 breaking in. Do you know about such encryption on linux and 2fa solutions? Would it work with the integrated LUKS for example?

Im looking into yubikey 5 and would like to use this for 2fa login to ubuntu or similar distros and also use 2fa for accessing encrypted drives.
User avatar
Andyrh
Posts: 243
Joined: Sat Oct 28, 2017 3:55 am

Re: Encrypted storing video while recording

Post by Andyrh »

You need to break your request into pieces and meet each one. This will make the it easier to reach the solution.

Encryption at rest is not what most people think it is. You can encrypt a file system, but that FS will be read/write while the system is up after you enter some credentials. This means if someone logs on they will be able to see the FS, otherwise Zoneminder would also not be able to see the FS and do it's job. However should someone take the system they will not be able to power on and get your data.

An off-site copy of the last X days is a good idea, but as you said it is defeatable. A UPS will help with this.
Andy
o||||o

Ubuntu 22.04
ZM 1.36.33
E5-1650-v4 Xeon
16 GB RAM
6 cameras -> 54 FPS modect
olanorman
Posts: 4
Joined: Mon May 16, 2022 12:01 pm

Re: Encrypted storing video while recording

Post by olanorman »

Ok, so if I have 2fa login to ubuntu, they will not be able to log in with some sort of safe mode like in windows. Because in windows if you have 2fa on the local account login you can bypass the 2fa login by starting windows in safe mode, then it is only the bitlocker password protecting you. Will it help if I have 2fa on LUKS encryption? I have understood that there is some sort of safe mode login with linux aswell, but im not sure how it works.

If they are not able to log in, can they open the computer and access the files in the harddrive without turning of the computer? If they snap the harddrive out while it is running, will LUKS encryption protect the files and will the ongoing videorecording be stored on the drive?
User avatar
Andyrh
Posts: 243
Joined: Sat Oct 28, 2017 3:55 am

Re: Encrypted storing video while recording

Post by Andyrh »

I am not very familiar with Linux options, I deal with enterprise arrays, same concept, different methods.
If the drive is encrypted and you have to authenticate to unlock the drive, then the data is as safe of the authentication. I would not expect a safe mode type boot to be able to unlock the drive without authenticating.
Data protection is a layered thing, as you add layers you increase the protection. In many cases the first layer stops most attacks. Also consider your data is safe once it costs more to get than it is worth.

Once you have the first protection added, try to beat it. That will teach you more than anything else.
Andy
o||||o

Ubuntu 22.04
ZM 1.36.33
E5-1650-v4 Xeon
16 GB RAM
6 cameras -> 54 FPS modect
olanorman
Posts: 4
Joined: Mon May 16, 2022 12:01 pm

Re: Encrypted storing video while recording

Post by olanorman »

Ok, what is your thoughts about pulling out the harddrive while computer is running, can it ruin the computer? Do you think the video that is recording will be stored on the drive and encrypted?

Does zoneminder support storing videos locally on the computer, it looks like it has to be online to work properly?
User avatar
Andyrh
Posts: 243
Joined: Sat Oct 28, 2017 3:55 am

Re: Encrypted storing video while recording

Post by Andyrh »

Hot plugging hardware that supports it is safe. However unplugging from a live system has risk to the data if the system is not ready. I would advise to not hot remove any device ZM is using. ZM does not have the required code for this type of action.

If the system is writing to an encrypted FS, the data is encrypted before the data is written.

Your last line is confusing to me. ZM prefers writing local, mine is only local.
Andy
o||||o

Ubuntu 22.04
ZM 1.36.33
E5-1650-v4 Xeon
16 GB RAM
6 cameras -> 54 FPS modect
olanorman
Posts: 4
Joined: Mon May 16, 2022 12:01 pm

Re: Encrypted storing video while recording

Post by olanorman »

Andyrh wrote: Mon May 16, 2022 5:04 pm ZM does not have the required code for this type of action.
Wouldn't it be possible to make a lot of shorter videoclips. Then each videoclip will be stored continuously after each other. Then only the last videoclip that is still recording would potentially be missing from harddrive when removed while running, theoretically. They would also be encrypted, impossible to delete? Or is it possible to delete selected files when encrypted using LUKS for example? I would also add extra feature if motion is captured with shorter intervals between storing the clips continuously. Maybe something like this is possible? Different types of intervals?
User avatar
Andyrh
Posts: 243
Joined: Sat Oct 28, 2017 3:55 am

Re: Encrypted storing video while recording

Post by Andyrh »

You are wanting to do something ZM is not made to do. If you remove the primary storage, ZM will not be able to save anything else.

If you are recording, the video is broken into segments, 5 minutes I think is the default. Mocord does motion detection on a recorded stream.

Encryption only protects the data from being read. If I have hands on your HD and I want the data gone, it will be gone. I will not be able to read the encrypted data or selectively delete data.

Why would you want to remove a drive from a running system?
Andy
o||||o

Ubuntu 22.04
ZM 1.36.33
E5-1650-v4 Xeon
16 GB RAM
6 cameras -> 54 FPS modect
mikb
Posts: 586
Joined: Mon Mar 25, 2013 12:34 pm

Re: Encrypted storing video while recording

Post by mikb »

olanorman wrote: Mon May 16, 2022 7:33 pm
Andyrh wrote: Mon May 16, 2022 5:04 pm ZM does not have the required code for this type of action.
Then only the last videoclip that is still recording would potentially be missing from harddrive when removed while running, theoretically. They would also be encrypted, impossible to delete?
I use LUKS and LVM under Linux. It would not occur to me, in any sane way, to pull a hard drive out of a running system ... I want my data intact, thank you.

"Theoretically ..." your entire filesystem could be wiped out by stunts like that, and recovery from that (given the encryption layer) is likely to be far harder.

Encrypted files are not impossible to delete. Yes, another party will not be able to mount the drive and access the data in the usual "rm thefile.mp4" way, (without LUKS and your passphrase) but to delete the data is simple, remove the drive from the computer, and smash it with a hammer. Or "cat /dev/zero > /dev/sdX" and sit back and watch ... brute force or technology, your data is gone.

Leave Zoneminder to what it does. If you want encryption, use LUKS, dmcrypt etc. to create encrypted partitions or whole-disks or RAID arrays and put a filesystem on that, and let Zoneminder write to that oblivious to the encryption etc.
User avatar
iconnor
Posts: 2880
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Re: Encrypted storing video while recording

Post by iconnor »

As an aside to the encryption thing....

I have been thinking about digitally signing the files for the purpose of authenticity. Just thoughts though, and not difficult to implement.
User avatar
Andyrh
Posts: 243
Joined: Sat Oct 28, 2017 3:55 am

Re: Encrypted storing video while recording

Post by Andyrh »

Proof the video is not altered might help someone in court someday considering how it is getting easier to fake video.
Andy
o||||o

Ubuntu 22.04
ZM 1.36.33
E5-1650-v4 Xeon
16 GB RAM
6 cameras -> 54 FPS modect
Post Reply