Spotlight on InfoComm 2019


Design Principles for Secure AV Systems

Secure AV systems start with smart design. Here are some standards that’ve been around forever but easily apply to modern audiovisual projects.

Paul Konikowski Leave a Comment
Design Principles for Secure AV Systems

AV integrators need to be tapped into their customers’ concerns about cybersecurity.

In my last CI article, we reviewed cyber threats and vulnerabilities in AV systems. Many of the known vulnerabilities, or “vulns” can be fixed with a firmware upgrade, securing your network, and/or enabling passwords; but what else can AV manufacturers, consultants, and integrators do to achieve secure AV systems?

One thing that can be done is to adopt a secure mindset from the get-go when designing secure AV systems, keeping the following design principles in mind.

These principles were outlined by Jerome H. Saltzer and Michael D. Schroeder in an IEEE paper way back in 1975. We will apply those secure design principals to AV systems here.

Economy of mechanism

Keep designs simple, which also means keeping your programming code as small as possible, making it easier to test and analyze. Simpler design means that less can go wrong.

Fail-safe defaults

The default access to a resource should be no access. A good example of something that violates this principle is a wireless router that does not require a password and/or encrypt the traffic by default.

Complete mediation

This means every access to a resource is checked against the access control mechanism, every time, and all attempts to bypass security are prevented.

Open design

“Security by obscurity” does not work. Adapt an open-source attitude so your security does not depend on secrecy. Code and designs should be open for scrutiny by your community. It’s much better to have a friend or colleague find an error, then it is to wait for a bad actor to discover it

Separation of privilege

Access to rooms, systems, or files should depend on more than one condition. If someone gains access to the AV rack, can they simply access the components using a console cable? Or did you go a step further, and enable passwords, as well as encryption of those passwords?

Least privilege

Users (and programs) should only be given the minimum access rights to complete their tasks. The default access should be none, and then access should be granted as needed, on an individual basis, or based on well-defined roles within the organization. Temporary access can also be granted.

Least common mechanism

This means that one should minimize the amount of mechanisms and/or equipment that is used by more than one user. A good example of this would be a “room PC” in a training room used by multiple instructors. Does each instructor log in with their own credentials?

Psychological acceptability, a.k.a. ease of use

Users will avoid security measures that get in the way of convenience. A physical analogy would be a dead bolt that requires a key on both the outside and the inside. Some people won’t bother locking it from the inside, especially if their key gets stuck in the lock.

Read Next: How Upselling Security to Existing Customers Can Build Relationships: 3 Critical Steps

Other best practices like layering, isolation, encapsulation, modularity, and auditability should also be kept in mind.

About the Author

Contact:

Paul Konikowski, CTS-D, is an independent freelance consultant who currently designs and coordinates audiovisual installations for military bases. Paul earned his Bachelor of Science in Computer Engineering from the Georgia Institute of Technology (Georgia Tech). He has recently completed Harvard University’s online shortcourse entitled “Cybersecurity: Managing Risk in The Information Age”, and is now pursuing a Master of Science degree in Cybersecurity at Georgia Tech. He can be reached via Twitter at @PKaudiovisual or via email pkav.info@gmail.com.

Commercial Integrator Magazine

Read More Articles Like This… With A FREE Subscription

Commercial Integrator is dedicated to addressing the technological and business needs of professional integrators who serve the small and midsize business market. Whether you design, sell, service, or install… work on offices, churches, hospitals, schools or restaurants, Commercial Integrator is the dedicated resource you need.

Comments

  • I appreciate your attention to referencing the sources of these ideas. Indeed, Jerry Saltzer and I spent many weeks tracking attributions back as far as we could. (See the references and the footnotes in our paper that you cite.) And, as we had the audacity to tag them “principles”, it is gratifying some are still discussed. I was a graduate student at the time and Saltzer was my thesis advisor. With this paper he dumped me big time into the rigor required to write a computer science paper that could stand the test of time.

  • Paul Konikowski says:

    Thank you for your comment, Mr. Schroeder, and for your contributions to this topic. There has been a lot of security talk lately in the audiovisual industry, oftentimes about setting standards, but my understanding is that standards are meant to be enforced, which could prove difficult. Avixa has released “Recommended Practices for Security in Networked AV Systems”.
    https://www.avixa.org/about-avixa/who-we-are/press-room/2018/07/16/avixa-releases-recommended-practices-for-security-in-networked-av-systems
    Others have put out guides on network configuration. I think it is important to address the design phase using these principles you set forth in your paper. I can only delve so deep in an online magazine article, but we have to start somewhere, and referencing papers like yours gives the readers an opporitunity to read more.

  • Tavius Aiton says:

    I like these established principles for considering secure stems in audiovisual integration. I also couldn’t help but think about how many user issues can be avoided using this methodology, especially with those who want to tinker with things and try to do their own in-house integration after the fact.

Leave a Reply

Your email address will not be published. Required fields are marked *