Access controls on IP based cameras in IoT ecosystem

Muya, Mary Wairimu
Journal Title
Journal ISSN
Volume Title
Strathmore University
Internet of things (IoT) is a concept of connected things that allows embedded devices, sensors and actuators to interconnect and share data thus bridging the gap between physical devices and virtual objects. The concept of IoT started gaining popularity in 2010, with its popularity impressively outgrowing other concepts up to date. The growth of IoT has seen more than 30% companies globally initiating the process of deploying IoT. IoT security has been a challenge due to its nascent market where manufacturers focus much on getting the product to the market rather than building security from start. Internet Protocol (IP) based cameras are among the most popular IoT devices. Governments, corporations to small business and homeowners are using cameras for surveillance among other activities, with their popularity growing due to their ability to collect and transmit data remotely. As cameras are expected to perform sophisticated tasks, it is important to protect the cameras and data they handle.The focus of this dissertation is to come up with an access control solution for IP based cameras, in efforts to reduce vulnerabilities associated with identity and access management. This dissertation adopted Rapid Application Development (RAD) methodology to develop the proposed solution. The methodology provided flexibility in changing requirements and testing the prototype at an early stage to continuously improve the system. Must, Should, Could, Would Not (MoSCoW) method was used to identify and rank requirements in evaluating the gaps that existed in the market, as this dissertation could not address all the vulnerabilities the method helped in picking the vulnerabilities to be handled first.The tested and validated prototype provides a mechanism to restrict factory set authentication credentials, system access lockouts and sending of alerts in cases of suspicious login attempts. The prototype demonstrate how Integrity of camera feeds can be maintained by using a combination of interplanetary file system (IPFS) and Blockchain. The solution also records and stores system logs in immutable format to support forensic investigations
A thesis submitted in partial fulfilment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore University
Internet of Things, Internet Protocol (IP) based cameras, Attack surface--vulnerability, Security Risk