Professional Documents
Culture Documents
Network surveillance, (Gary T. Marx, 1988), pertains to the process of monitoring and
capturing data traffic within computer networks for purposes such as analysis, control, or
security. It encompasses intercepting, gathering, and scrutinizing network communications,
including emails, instant messages, web browsing activities, file transfers, and various data
types transmitted across a network. Marx defines this contemporary surveillance as the "use
of technical means to extract or generate personal data, which can be derived from
individuals or their contexts" (Marx, 2002). He posits that, in the context of traditional
surveillance, sending data was more challenging, but in modern surveillance, it has become
more accessible. Some argue that the Internet has evolved in recent years towards a
foundation of sharing, communication, and collaboration. (Tapscott and Williams, 2007),
web 2.0 ushers in "a novel economic democracy in which all of us play a leading role Manuel
Castells describes social media and web 2.0 as platforms that facilitate mass self-
communication, where individuals establish their own networks for communication,
ultimately empowering themselves (Castells, 2009). According to Clay Shirky, a key feature
of web 2.0 is the significant enhancement of our capacity to share, collaborate, and
1
collectively take action (Shirky, 2008). Axel Bruns identifies the emergence of "prod usage"
as the central characteristic of web 2.0, representing the blending of both user and producer
roles in a seamless way (Bruns, 2008). Henry Jenkins perceives a culture of active
participation on web 2.0, while Mark Deuze discusses the interactive, globally
interconnected, and increasingly participatory nature of new media within the context of web
2.0 (Jenkins, 2008; Deuze, 2007).
2
1.5 Scope of the study
The project cut across a lot of areas. The major areas we will be looking into for the
purpose of this project are;
Sensor integration: investigate the integration of various sensors, including motion detectors,
door/window sensors and environmental sensors into the surveillance network
CHAPTER TWO
3
LITRETURE REVIEW
2.1 Network Security
Network security stands as a paramount aspect within the realm of network
technology. In the contemporary landscape, an array of techniques is being employed to
bolster network security, encompassing encryption, authentication, firewalls, physical
isolation, intrusion detection, and more. This section delves into these methods, evaluating
their relevance to our specific issue. In numerous scenarios, the cameras are connected to the
router through Wi-Fi links, necessitating a thorough examination of the security associated
with these links, both at the physical (radio frequency - RF) and the link layer, (Emmanouil
K. 2010). Moreover, when all links are wireless, a home surveillance system bears
similarities to a wireless sensor network. These commonalities are illuminated by the
description provided by Bosman, Lukkien, and Verhoeven regarding wireless sensor
networks: "The concept of wireless sensor networks entails deploying networks of cost-
effective and 'smart' sensors to collect data from an environment or support highly
decentralized applications" (Remi. et al., 2009) Wireless sensor networks offer users the
advantage of eliminating the need for wired communication installations. Consequently, we
will assess the security aspects of wireless sensor networks (WSNs) to draw correlations
between the challenges and solutions proposed for WSNs and potential solutions that can be
adapted to our particular issue. To establish these analogies, we will regard the cameras as
sensors. There are several motivations for exploring parallels between our issue and WSNs.
Firstly, the security of WSNs has been extensively researched, (Droms R, 1997), and these
networks necessitate self-organization. Additionally, the examination of WSNs is justified
because the cameras may not continually transmit data to the server, but rather transmit data
on demand or when triggered, mirroring the behavior of sensors in a WSN. Finally, our
analysis will extend to multimedia transmission since the surveillance system may be
required to send a video stream when the cameras are operational, either in a continuous
mode or in response to specific triggering events. After researching these relevant domains,
we aim to identify a suitable solution that can be integrated into our system, in line with
findings presented by (Lamping et al. 2011).
4
failures and the decommissioning of previously integrated devices. These prerequisites
underscore the need for a dynamic mechanism to discover new devices as they are introduced
to the network. Following the device discovery process, a user must have the means to
specify whether the device, whose identity necessitates authentication, should be granted
authorization to utilize the network's services. Once a device is authenticated and authorized,
the subsequent steps involve assigning an IP address and configuring it appropriately.
Additionally, comprehensive management of all devices that have received IP addresses
becomes essential. This management encompasses configuration, control, and the exchange
of IP packets to and from the device, in accordance with insights provided by (Zongyi S.
2010). To safeguard these devices from unauthorized control, it is imperative to examine how
devices can authenticate and authorize communication with the router and server, as well as
how the router can effectively block traffic from potential attackers to prevent it from
reaching the cameras
5
public key must be transmitted to the router through an out-of-band mechanism, alongside the
node's MAC address. It is crucial to note that relying solely on the MAC address as an
identifier is insecure, as it could be susceptible to an intruder hijacking another device's MAC
address. However, by stipulating that the device must also possess the correct private or
shared key, we can thwart an imposter's attempts to successfully assume the identity of a
specific node. Unfortunately, in the event that an intruder physically seizes the node, there is
a potential risk that the intruder could gain access to the secret key and other confidential
information associated with the node's identity.
6
intentionally launch a collision attack to create collisions at the link layer. Similarly, an
attacker can continuously transmit frames, effectively consuming a significant portion of the
link's capacity, causing resource exhaustion. While we might consider limiting the data rate
of nodes to impede an internal attacker, a determined internal attacker can send frames with
each of the identities they have compromised, essentially masquerading as multiple legitimate
nodes and using the combined data rates of all these nodes.
Numerous attacks targeting the network layer exist, including spoofed routing
information, selective forwarding, sinkhole, Sybil, wormhole, HELLO flooding attack, and
acknowledgement spoofing, as reported by (Karlof. et al., 2003). However, these attacks may
not be relevant in our context if we confine our network topology to a single-hop Wi-Fi
network. This implies that all communication occurs directly between the router and other
nodes. Given the necessity for low-cost wireless routers or Wi-Fi access points to cater to the
home market, if a specific camera is out of range, we assume the introduction of an additional
wireless router or Wi-Fi access point to maintain a single wireless hop topology. It's
important to note that there may be multiple hops within the fixed LAN within the home, but
there will only be a single hop over a wireless link, which constitutes the sole wireless hop
within the home network. Furthermore, there may be a wide area wireless network link
connecting the home to the internet, but if used, this link is presumed to operate over a 3G
network. As a result, the frequency spectrum will be licensed to the 3G operator, and the
security of this link will be managed through the 3G security mechanisms.
The transport layer is responsible for transmitting data from the application layer. In
scenarios where UDP packets are utilized to carry real-time protocol (RTP) data, as discussed
by (Schulzrinne. et al, 2003), we can employ secure RTP (SRTP), as described by (Baugher.
et al, 2004), or another method to encrypt the traffic. Furthermore, SRTP can offer
authentication for each individual RTP packet. For TCP traffic, we can introduce transport
layer security (TLS), as outlined in (Dierks. et al, 2008) to ensure the confidentiality of the
data. When TLS is used in combination with public key cryptography, it becomes feasible to
implement mutual authentication for the devices engaged in a TCP session. TCP is
susceptible to SYN flood attacks, which is why it may be preferable to consider a more
contemporary transport protocol, such as the Stream Control Transmission Protocol (SCTP),
7
as introduced by (Stewart R. 2007). SCTP is designed to prevent the creation of states that
make SYN attacks possible. Resynchronization of a TCP session can disrupt an existing
connection by preventing hosts from exchanging data. The solution to this challenge involves
authenticating all packets exchanged between hosts, as noted by (Yong. et al, 2006).
2.3 Authentication
Typically, authentication is a prerequisite for a device to join a wireless network, as it
serves as an effective measure to ensure network security by keeping non-authenticated nodes
out. In this thesis, we operate under the assumption that cameras and routers should
autonomously organize their network, eliminating the need for users to input a key for each
device joining the network. Consequently, it is essential for cameras to undergo automatic
authentication before being allowed to connect to the router.
Wireless Sensor Networks (WSN) represent a common network authentication
setting. This involves two primary authentication methods: peer-to-peer authentication and
broadcast authentication. In peer-to-peer authentication, participating nodes are authenticated
before communication, establishing a secure channel between them for data transmission.
Conversely, broadcast authentication requires nodes to authenticate the origin of received
broadcast messages to conserve network resources. Within WSNs, two widely used protocols
for node authentication are SNEP and μTESLA. SNEP ensures data confidentiality, integrity,
timeliness, and two-party data authorization by sharing global keys. On the other hand,
μTESLA functions as an authenticated broadcast protocol (Yong. et al., 2006). The base
station generates a message authentication code for each packet using a secret key. The
receiving node can verify the packet's authenticity after a certain delay, at which point the
base station discloses the secret key. The base station broadcasts the key to all nodes,
ensuring its safety during transit. As μTESLA is not an immediate authentication protocol
and places trust solely in the base station, it is suitable only for authenticating base station
broadcasts. In comparison to Wireless Sensor Networks (WSN), Gardio system nodes do not
require intercommunication. Therefore, the router and camera can employ peer-to-peer
communication. When cameras transmit their media stream to the router, they require a
protocol ensuring security, authentication, and integrity. Secure Real-time Transport Protocol
(SRTP) (Baugher M et al., 2004) can offer data security, authentication, message integrity,
and protection against certain types of attacks. Cameras can append a message authentication
code to their packets using SRTP, allowing the router to validate packet authenticity from
authorized cameras.
8
2.4 Cryptography
Several encryption algorithms can be applied, falling into three main categories:
secret key cryptography (symmetric cryptography), public key cryptography (asymmetric
cryptography), and signed hash algorithms. Secret key cryptography employs a single key for
both encryption and decryption, while public key cryptography utilizes a public key for
encryption and a private key for decryption. Symmetric and asymmetric cryptography have
been extensively discussed (Charlie K et al., 1995). Symmetric key cryptography and hash
algorithms generally require fewer computational resources compared to public key
algorithms (Yong W. et al., 2006).Recent studies suggest that asymmetric cryptography can
be employed in wireless sensor networks (WSNs) by selecting suitable algorithms, but it
remains relatively costly for WSNs. Currently, AES, DES, RC5, and IDEA are among the
most popular secret key cryptography algorithms in network security, while Elliptic Curve
Cryptography (ECC) and RSA are commonly used for asymmetric cryptography. SHA-1 and
MD5 stand out as widely used hash algorithms in WSNs.Choosing an appropriate algorithm
is a crucial aspect of our proposed solution for a home surveillance and monitoring system.
Although we have assumed that all nodes will be connected to the power mains, eliminating
electrical power constraints, computational time or resource availability might still pose
limitations.
9
In a single key management scheme, all nodes share a single symmetric key,
representing the simplest form of key management. An example is Tiny Sec (Arkko J et al.,
2004), designed by researchers at the University of California at Berkeley, which utilizes a
single global key for encrypting and authenticating traffic. While a single key scheme is
highly efficient and supports basic network functions, its drawback lies in compromised
system security if the key is revealed. On the other hand, multiple key management schemes,
such as Security Protocols for Sensor Networks (SPINS) (Adrian P. et al., 2014), offer
enhanced security by having different nodes use distinct keys. Even if one node is
compromised, the overall system security is not immediately jeopardized. SPINS
incorporates two security modules, SNEP and μTESLA. A random key distribution scheme
mitigates risk during key delivery by having each node randomly store keys from a key pool.
This ensures a probability threshold for two nodes sharing the same key. Meanwhile, a pre-
shared key distribution scheme facilitates communication between two nodes or between a
node and a base station by sharing a single key. For our topology, which includes a router, we
propose utilizing it to handle all key management functions in the multiple key management
schemes. Key management protocols are tailored for different systems based on their
operational patterns.
2.7.1 Router
11
A router serves the purpose of connecting networks by receiving internet protocol (IP)
packets and determining whether to forward the packet and, if so, to which interface it should
be directed. Operating at the network layer, routers can go beyond basic functions and
support deep packet inspection, allowing filtering based on higher layer protocols and even
packet contents. Additionally, routers may offer other services such as address allocation and
firewall services. In our thesis project, we introduced specialized functions into the router to
facilitate the integration of IP cameras, aiming to establish a network-based video
surveillance system. Our design and implementation were centred on Linux routers due to
their flexibility, stability, expandability, adaptability, cost-effectiveness, and ease of
administration compared to alternative routers. Furthermore, Linux routers offer investment
protection by allowing the addition of features over time, as highlighted by Tony (Mancill,
2000). However, it's essential to note that the capacity to add functionality may be
constrained by available memory and processor resources, as discussed in the master's thesis
by (Emmanouil K, 2010).
2.7.2 Modem
Modem stands for ‘MOdulator DEModulator’. It refers to a device used for
conversion between analog signals and digital bits. We know computers store and process
data in terms of 0s and 1s. However, to transmit data from a sender to a receiver, or while
browsing the internet, digital data are converted to an analog signal and the medium (be it
free-space or a physical media) carries the signal to the receiver. There are modems
connected to both the source and destination nodes. The modem at the sender’s end acts as a
modulator that converts the digital data into analog signals. The modem at the receiver’s end
acts as a demodulator that converts the analog signals into digital data for the destination
node to understand. Figure 10.8 shows connectivity using a modem.
2.7.3 Repeater
Data are carried in the form of signals over the cable. These signals can travel a
specified distance (usually about 100 m). Signals lose their strength beyond this limit and
become weak. In such conditions, original signals need to be regenerated.
A repeater is an analog device that works with signals on the cables to which it is connected.
The weakened signal appearing on the cable is regenerated and put back on the cable by a
repeater.
2.7.4 Hub
12
An Ethernet hub is a network device used to connect different devices through wires.
Data arriving on any of the lines are sent out on all the others. The limitation of Hub is that if
data from two devices come at the same time, they will collide.
2.7.5 Switches
A switch is a networking device (Figure 10.12) that plays a central role in a Local
Area Network (LAN). Like a hub, a network switch is used to connect multiple computers or
communicating devices. When data arrives, the switch extracts the destination address from
the data packet and looks it up in a table to see where to send the packet. Thus, it sends
signals to only selected devices instead of sending to all. It can forward multiple packets at
the same time. A switch does not forward the signals which are noisy or corrupted. It drops
such signals and asks the sender to resend it. Ethernet switches are common in homes/offices
to connect multiple devices thus creating LANs or to access the Internet.
13
"over the air" interface that utilizes radio frequency technology for data transmission between
a wireless client and a base station, as well as direct communication among wireless clients
(Reynolds 2003). Wi-Fi encompasses a range of radio protocols, including 802.11a, 802.11b,
and 802.11g. Among them, 802.11b is the most widely used wireless networking protocol,
employing Direct Sequence Spread Spectrum modulation in the ISM band from 2.412 to
2.484GHz (Zheng 2009). This protocol offers a maximum speed of 11Mbps with a usable
throughput of up to 5Mbps. 802.11a, an IEEE-approved protocol, utilizes Orthogonal
Frequency Division Multiplexing (OFDM) modulation, achieving a maximum data rate of
54Mbps. It operates in the relatively unused ISM band between 5.745 and 5.805GHz.
However, Zheng (2009) notes that the use of this spectrum portion is prohibited in most
countries, including the USA. 802.11g is emerging as the standard wireless networking
protocol, becoming a common feature in laptops and many handheld devices (Singh 2009).
This protocol uses the same ISM band as 802.11b (2.412 to 2.484GHz) but employs the
OFDM modulation scheme. With a maximum data rate of 54Mbps, 802.11g is backward
compatible with the popular 802.11b protocol.
2.8.3 Wi-MAX
WiMAX, short for Worldwide Interoperability for Microwave Access, represents a popular
form of broadband wireless access designed for rapid local connectivity to networks.
Standardized as IEEE 802.16 (Zheng 2009), WiMAX technology typically covers a range of
1-6 miles, but it can extend up to a maximum of 30 miles, categorizing it as a Metropolitan
Area Network (MAN). This specification has proven highly successful in delivering internet
access and broadband services through wireless communication systems. WiMAX boasts a
high capacity, making it efficient for data transmission, offering speeds of up to 70Mbps to a
single subscriber station. The original WiMAX physical layer protocol is engineered to
propagate signals within the frequency range of 10-66 GHz, enabling both line-of-sight
coverage and optimal non-line-of-sight coverage.
15
Fig 2.2 Personal Area Network
2.9.3 Metropolitan Area Network
Metropolitan Area Network (MAN) is an extended form of LAN which covers a
larger geographical area like a city or a town. Data transfer rate in MAN also ranges in Mbps,
but it is considerably less as compared to LAN. Cable TV network or cable based broadband
internet services are examples of MAN. This kind of network can be extended up to 30-40
km. Sometimes, many LANs are connected together to form MAN
CHAPTER THREE
17
METHODOLOGY/SYSTEM ANALYSIS AND DESIGN
3.1 Research Methodology
Research methodology has many research dimensions and methods. This section
contains the methods on development of Security information management system (SIMS),
an approach that will help in keeping records of security data. Some of the key features and
functionalities in SIMS/SIEM system are; Video/image data collection, real-time monitoring
and alerting and incident response ETC.
18
3.4.6 System Attributes
i. Reliability
The ability of the application to provide the desired functionalities, meaning the
application will work properly in each condition.
ii. Portability
Portability means the application is able to transfer from one platform to another with
ease. This is made possible using Bootstrap and MaterialUI which enables the web
application to be used on any platform and any device
iii. Maintenance
The application is maintainable, which means errors or bugs in the application can
easily be fixed.
iv. Security
Proper measures have been taken on the system to enable data security, and to protect
the application from external threats. Security features such as Firebase authentication
v. Usability
The amount of time and efforts required for the user to learn how the application
works is less as modern technologies have been used to suite the current times.
3.4.7 System Overview
3.4.8 User Characteristics
The users who will be using this application:
Client
i. Login to the system
ii. Monitoring of surveillance videos
iii. incident management
iv. threat analysis
v. Reporting and documentation
Admin
i. System configuration
ii. User management
iii. Data management
iv. System maintenance and update
19
v. Security monitoring
vi. System auditing and reporting
Login
Authenticate user
Generate report
Manage security
policies
Take actions
Log out
20
This diagram describes the simplest representation of the interaction with the system that
show the relationship between the user and the different use cases the user is involved.
3.5 Coding/Implementation
Implementation of the Security information management system was done on this stage using
the system specification. The result of this stage is a combination of the various component
built according to pre-defined coding standards and debugged, tested and integrated to satisfy
the system architecture requirement.
Admin
21
Manage user Manage system
account configuration and
settings
22
Figure 3.4 Use case diagram for client
Security information
management system
23
Database
management system
Security information
dashboard
3.8 Documentation
Manuals and report based on security information management system were obtained and
studied and a lot of information concerning the system to be produced was obtained.
24
3.9 Security Surveillance System based on IP
Fig shows a typical network security surveillance system with various terminals. A
camera is one of the many types of sensors that can be use. The communication link
can be wired and also wireless
25
CHAPTER FOUR
4.1 SYSTEM DESIGN
In this chapter, we delve into the design considerations for our Network-Based Security
Surveillance System. Building upon the requirements outlined in the previous chapters, the
System Design phase aims to provide a comprehensive architecture that fulfills the system's
objectives.
Security System
First name
Last Name
Sex
LGA
Occupation
Marital
Status
Religion
Town
L.G. A
State
Statement
26
Security System
CAM 2
CAM 1
CAM 3 CAM 2
CAM 3 CAM 3
27
This outputs specification deals with the output forms of the new system. The system that is
designed has two forms of outputs his include the client output design (that is the complaints)
and the staff output form that is made for the staff administration and management.
<= || =>
28
START
START
PASSWORD
PASSWORD
CORRECT
CORRECT
INTRODUCTORY SCREEN
MENU
MENU
COMPLIANT
FINDINGS EDIT
ACCUSED
INVESTIGATION DELETE
WITNESS
EXIT EXIT
FINDINGS
29
4.3 SYSTEM FLOWCHART
30
START
ENTER PASSWORD
IF CORRECT
NO
YES
OPTION =1 NO
ADD
RECORD
OPTION =2 NO
UPDATE
RECORDS
OPTION =3 NO
EDIT
RECORDS
OPTION =4 YES
STOP
31
4.4 DATABASE DESIGN
4.4.1 TABLES AND ENTITIES
The database schema is designed to accommodate the system's data
requirements. Entities include user profiles, device configurations, and
logs. Relationships between tables are established to maintain data
consistency and integrity.
FIELD NO NAME VARIABL TYPE WIDTH DEC
NM
1. Name Character 15
AD
2. Address Character 20
3. Age AG Character 3
4. Sex SE Character 8
5. Occupation OC Character 15
MS
6. Marital Character 8
Status
7. RE Character 12
Religion
8. Town TW Character 12
FIELD NAME FIELD TYPE WIDTH
9. L.G. A LG Character 12
11 Statement SM Character 10
Address character xxxxx
(a) (b)
Simulation modeling: (a) visualization of a system−level simulation of a surveillance camera system (red circles
mark camera locations, sectors indicate coverage areas, and rectangles represent pedestrians) and ( b) various
parameters of a surveillance camera and a target object.
The model follows a systematic approach, starting with the surveillance camera area
modeling. Subsequently, the targets, which could be pedestrians or other monitored entities,
33
are modeled. We also consider various factors such as roads and intersections while modeling
the local environment. Finally, we assess the surveillance system’s performance to determine
its performance.
To realize the above scenario for public safety services, a precise calculation of the
appropriate number and density of surveillance cameras, as well as the technical
characteristics of the cameras, is required in advance, taking into account the features of the
area and the object to be detected in the real world.
Meanwhile, due to the development of deep learning and image processing technology,
the technology to recognize specific objects or situations through surveillance cameras has
already reached a high level. Still, existing research on real-time surveillance camera
operation systems has only considered a few CCTV cameras or has focused on the efficient
placement of cameras. The application environment is limited to indoor or building interior
spaces. It is challenging to design a system that operates many surveillance cameras in real
time because there is no established method to evaluate the performance of a wide range of
surveillance cameras with different physical characteristics.
For this reason, in this paper, as part of a digital twin world that mimics the real world, as
shown in Figure 1, we implement a system-level simulator by modeling the surveillance
performance of surveillance cameras, detection targets, and the local environment and devise
several performance metrics to measure the detection performance and quality of the system
to evaluate the performance of the system according to the physical characteristics of
surveillance cameras.
34
That is, we aim to evaluate a surveillance system which consists of a vast number of
surveillance cameras. The surveillance area is determined by two-dimensional planes
(horizontal and vertical), indicating whether the target object falls within the surveillance
camera’s coverage. The surveillance resolution is represented by the precision level shown on
the display, which shows the target’s length per pixel in both the horizontal and vertical
aspects. To determine the two surveillance indices, we consider several factors, such as the
installed location, viewing angle, sensor format, focal length, and more.
The simulation results can provide valuable insights into the surveillance system’s
performance to optimize the system’s design and improve its effectiveness. We can identify
the weaknesses and strengths of the surveillance system and make necessary improvements to
ensure better public safety. Our simulation approach can assist in decision making for
installing surveillance systems and can be used to evaluate different surveillance system
designs.
Our simulation models offer a viable means of evaluating urban surveillance camera
system performance, in line with the research objective of assessing system
performance and identifying the factors that influence it.
The model simulates a surveillance area using different camera-related configurations
and evaluates the system’s performance based on target detection and quality.
35
Through the definition of the surveillance area and consideration of various camera
parameters, the simulation model ascertains whether moving objects fall within the
surveillance camera’s scope of application, thereby providing insight into the
system’s operational efficiency.
A comprehensive insight into surveillance system performance is obtained from
simulation results, enabling optimization of design and functionality. Moreover, the
simulation approach can aid public safety improvements by supporting decision
making regarding the installation of surveillance systems and the evaluation of
various system designs.
Meanwhile, our simulations can be extended to model real-world surveillance camera
system behavior, generating data in diverse environments and conditions. This feature
facilitates data collection for learning artificial intelligence models and verifying their
performance in varied settings. Additionally, data can be collected in a simulated
environment, reducing the time and cost required for data collection in an actual
environment.
The fundamental approach taken to implement our system-level simulator involves defining
classes that configure the surveillance camera, pedestrians, and the environment. Each class
is responsible for generating a predetermined number of instances of surveillance cameras
and pedestrians. These entities are then placed on an environment created through the
employment of the environment class. This holistic approach enables conducting a
comprehensive, system-level simulation of a surveillance camera system. Figure 3 illustrates
the architecture of the developed simulation, demonstrating its core structure and
components. The main simulation revolves around the utilization of classes that meticulously
define the attributes and functionalities of key elements, namely surveillance cameras,
pedestrians, and the environment.
36
Figure Simulator structure of surveillance camera systems.
To start, the Surveillance Camera Class plays a pivotal role in the simulation. This class
encapsulates the intricate details of surveillance cameras, encompassing their crucial
characteristics and behaviors:
The Position property indicates the precise coordinates of each surveillance camera
within the simulated environment.
Properties like Sensor Width, Sensor Height, and Focal Length contribute to
configuring the camera’s sensor, dictating its capture dimensions and focus
capabilities.
Viewing Angles in both Horizontal and Vertical domains are also integral properties,
determining the extent of the camera’s observable field.
The trio of Maximum Surveillance Distance, Blinded Surveillance Distance, and
Effective Surveillance Distance properties together outline the range within which the
camera operates, accounting for its maximum reach, potential obstructions, and
optimal monitoring capability.
Lastly, the class defines the Surveillance Area in the Horizontal and Vertical domains,
reflecting the actual coverage area based on sensor dimensions, viewing angles, and
distances.
Moving on, the Pedestrian Class is another crucial element of the simulation:
37
Within this class, the Position property manages the specific coordinates of each
pedestrian object in the environment.
The class also incorporates a Mobility Model, encapsulating details like the
pedestrian’s moving direction and speed as well as their intended destination.
Lastly, the Environment Class encapsulates foundational aspects of the simulated
environment:
It includes attributes like Map Size, which indicates the number of lanes, intervals,
and the lane width, defining the scope and structure of the environment.
Vector Values for Roads store critical information about the road network’s layout
and characteristics.
This class accounts for Intersection Areas, pivotal sections where roads cross each
other.
Additionally, it encompasses details about the Initial Positions of Cameras and
Pedestrians, setting the stage for the simulation’s starting conditions.
Collectively, these classes constitute the backbone of the simulation, as described
below, enabling the accurate representation and interaction of surveillance cameras,
pedestrians, and the environment. By utilizing these meticulously designed classes,
the simulation effectively mirrors physical world scenarios and facilitates
comprehensive analysis.
Initialization and Configuration: To ensure consistent randomness, it is imperative to
set the random seed. This should be done prior to configuring the surveillance
cameras, which involves determining their positions and properties. Additionally,
parameters for pedestrians, including their initial positions and behavior, should be set
up. Finally, the road layout should be configured, defining lanes, intersections, and
dimensions.
Main Simulation: The execution of the simulation loop is the core of the simulator,
and as such, it must be executed seamlessly. Continuously updating the positions of
moving pedestrians based on their behavior is necessary. It is also imperative to
monitor the pedestrians’ interactions with the environment and cameras. The system’s
performance should be measured by tracking detection successes, failures, and spatial
resolution.
Visualization: Visualizing the surveillance cameras’ coverage areas and positions is
crucial, as is displaying the movements of pedestrians within the simulation
38
environment. The road layout should be rendered, showing the lanes and
intersections.
Post-Processing: Saving and storing the simulation results, which include data on
pedestrian paths, camera detections, and system performance, are essential.
Furthermore, options to print or export the simulation outcomes for further analysis
and reporting should be provided.
CHAPTER FIVE
SUMMARY, RECOMMENDATION, AND CONCLUSION
5.1 SUMMARY
Routing is one of the most important parts of the infrastructure that keeps a network
running, and as such, it is it is absolutely critical to take the necessary measures to secure it.
There are different ways routing can be compromised, from the injection of illegitimate
updates to DOS specially designed to disrupt routing. Attacks may target the router devices,
the peering sessions, and/or the routing information. Fortunately, protocols like BGP, IS-IS,
OSPF, EIGRP and RIPv2 provide a set of tools that help secure the routing infrastructure.
This section provides the guidelines for using such tools.
The router's primary functions are to learn and propagate route information, and ultimately to
forward packets via the most appropriate paths. Successful attacks against routers are that
able affect or disrupt one or more of those primary functions by compromising the router
itself, its peering sessions, and/or the routing information.
Routers are subject to the same sort of attacks designed to compromise hosts and servers,
such as password cracking, privilege escalation, buffer overflows, and even social
engineering. Most of the best practices in this document help mitigate and even prevent some
of those threats.
39
Finally, routing can also be compromised by the injection of false route information, and by
the modification or removal of legitimate route information. Route information can be
injected or altered by many means, ranging from the insertion of individual false route
updates to the installation of bogus routers into the routing infrastructure. Potential denial of
service conditions may result from intentional loops or black-holes for particular destinations.
Attackers may also attempt to redirect traffic along insecure paths to intercept and modify
user's data, or simply to circumvent security controls. This section also includes a collection
of best practices designed to prevent the compromising of routing information.
5.2 RECOMMENDATION
I recommend that MAU technic should install security surveillance system within the school
premises for extensive security system and all commissions, agencies and departments in
Nigeria to deploy VPN in connecting their various offices across the country to bring about a
turnaround and improve service delivery most especially the NBTE.
Secondly, recommend further research in SSL VPN can be integrated with IPsec VPN to
provide more effective business environment for both Enterprise organization Small and
Medium Business (SMB)
This great research is recommended to individuals who are involved in one business
transaction or the other, that they continue to fulfill their motives by making profit through
NETWORK SECURITY.
5.3 CONCLUSION
40
In any access control model, the entities that can perform actions in the system are called
subjects, and the entities representing resources to which access may need to be controlled
are called objects (see also Access Control Matrix). Subjects and objects should both be
considered as software entities, rather than as human users: any human user can only have an
effect on the system via the software entities that they control. Although some systems equate
subjects with user IDs, so that all processes started by a user by default have the same
authority, this level of control is not fine-grained enough to satisfy the principle of least
privilege, and arguably is responsible for the prevalence of malware in such systems (see
computer insecurity written by john Kay).
In some models, for example the object-capability model, any software entity can potentially
act as both a subject and object.
Access control models used by current systems tend to fall into one of two classes: those
based on capabilities and those based on access control lists (ACLs). In a capability-based
model, holding an unforgivable reference or capability to an object provides access to the
object (roughly analogous to how possession of your house key grants you access to your
house); access is conveyed to another party by transmitting such a capability over a secure
channel. In an ACL-based model, a subject's access to an object depends on whether its
identity is on a list associated with the object (roughly analogous to how a bouncer at a
private party would check your ID to see if your name is on the guest list); access is conveyed
by editing the list. (Different ACL systems have a variety of different conventions regarding
who or what is responsible for editing the list and how it is edited.)
Both capability-based and ACL-based models have mechanisms to allow access rights to be
granted to all members of a group of subjects (often the group is itself modeled as a subject).
Access control systems provide the essential services of identification and authentication
(I&A), authorization, and accountability where:
Identification and authentication determine who can log on to a system, and the association of
users with the software subjects that they are able to control as a result of logging in;
Accountability identifies what a subject (or all subjects associated with a user) did.
41
REFERENCE
Anderson, A.C. (2006). Cryptography and network security. New York: A Bantam
Press.
Applied cryptography. (2001). Computer security. U.S.A: CRC Press.
Apostolou, B. (2000). Internal fraud Investigation. Louis Avenue: Institute of
Internal Auditor’s Publication.
A.C.F.E. (2002). Report on fraud Occurrence. http: www.wikipedia.com .
Boyle, L., & Panko, H. (2009). Corporate Computer Security. America: Bank
Of Settlement.
Bishop, A.A. (2011). Threats Security. France: Art and Science.
Bytes (2011). Security tool. http://www. Securebytes.com
Chukwu, L.C. (2010). Securing and Investigation. Owerri: Benson
Publication.
Casey, E. (2010). Handbook of Investigation. U.S.A: Academic Press
Publication.
Chandelle, V. (2001). Anomaly detection. India: University of
Minnesota Publication.
Howard, L., & Leblanc, K. (2002). Writing Secure code. U.S.A: Editing
42
Microsoft Press.
John, J. (2001). A Triennial Central Bank survey. London: Bank for
International Settlements.
Simmons, A. (December 2010). Ontology for Network Security Attack.
Lecture note in Computer science.
Solomon, P.O. (November 2000). Encrypting Messages. Russia: Encrypting
Messages Centre.
Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J. D. Tygar, SPINS:
Security Protocols for Sensor Networks, Department of Electrical Engineering and
Computer Sciences, University of California, Berkeley.
Bruns, Axel. 2008. Blogs, Wikipedia, second life, and beyond: From production to prod
usage.
New York: Peter Lang.
C. Karlof and D. Wagner, Secure Routing in Wireless Sensor Networks: Attacks and
Countermeasures, Proc. First IEEE International Workshop on. Sensor Network
Protocols and Applications, May 2003, pp. 113–27.
Castells, Manuel. 2001. The Internet galaxy. Oxford: Oxford University Press. . 2009.
Communication power. Oxford: Oxford University Press.
Deuze, Mark. 2007. Media work. Cambridge: Polity.. 2008. Corporate appropriation of
Participatory culture. In Participation and media production, ed. Nico Carpentier and
Benjamin de Cleen, 27–40.Newcastle: Cambridge Scholars.
Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security: private
Communication in a public world. Second edition. Prentice Hall, 1995, ISBN
0130614661.
H. Chan, A. Perrig, and D. Song, Random Key pre-distribution for Sensor Networks. In
43
proceeding of the IEEE Computer Society Symposium on Security and Privacy.
IEEE, Piscataway, NJ, USA, 2003, pp. 197-213.
H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, RTP: A Transport Protocol for
Real-
Time Applications, Internet Request for Comments, ISSN 2070-1721, RFC 3550,
RFC Editor, July 2003, Updated by RFCs 5506, 5761,
http://www.rfc-editor.org/rfc/rfc3550.txt
J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, MIKEY: Multimedia
Internet
Keying, Ericsson Research, RFC 3830, RFC Editor, August2004,
http://tools.ietf.org/html/rfc3830.
Jenkins, Henry. 2008. Convergence culture. New York: New York University Press.
T. Dierks and E. Rescorla, the Transport Layer Security (TLS) Protocol Version 1.2, Internet
Request for Comments, ISSN 2070-1721, RFC 5246, RFC Editor, August
2008,Updated by RFCs 5746, 5878, http://www.rfc-editor.org/rfc/rfc5246.txt
Tapscott, Don and Anthony D. Williams. 2006. Wikinomics: How mass collaboration
changes
everything. London: Penguin.
Ulf Lamping, Richard Sharpe, and Ed Warnicke, Wireshark Network Analyzer - User's
Guide,
36347 for Wireshark 1.5, 2011, (last accessed 2011.03.25),
http://www.wireshark.org/docs/wsug_html_chunked/
Yong Wang and Gahan Attebury. A Survey of Security Issues in Wireless Sensor Networks,
IEEE Communications Surveys & Tutorials • 2nd Quarter 2006.
Zheng, P 2009, Wireless Networking Complete, Morgan Kaufmann, Boston.
Zongyi Sun, Master’s Thesis, Adaptive Motion Detection Algorithm For Family Security
Surveillance System, School of Information and Communication Technology, Royal
Institute of Technology (KTH), Stockholm, Sweden, October 2010, TRITA-ICT-EX-
2010:295.
Appendix
# Global variables
captured_packets = 0
scan_results = None
45
def capture_traffic(iface):
global captured_packets
def packet_callback(packet):
nonlocal captured_packets
captured_packets += 1
# Update GUI with captured packet count
packet_count_label.config(text=f"Packets Captured: {captured_packets}")
# Analyze packet data and identify suspicious patterns
# (implement logic here)
sniff(iface=iface, prn=packet_callback)
def scan_host():
global scan_results
# Prompt user for host IP address
host_ip = input("Enter host IP address: ")
# Use nmap or other tool to scan for open ports and services
# (replace with actual scanning implementation)
scan_results = f"Port 22: open\nPort 80: open\nPort 443: open"
# Update GUI with scan results
scan_text.delete("1.0", tk.END)
scan_text.insert(tk.INSERT, scan_results)
def main():
# Initialize Tkinter window
root = tk.Tk()
root.title("Network Security Surveillance System")
46
scan_button = tk.Button(main_frame, text="Scan", command=scan_host)
scan_text = tk.Text(main_frame, height=10, width=30)
# Layout elements
packet_count_label.grid(row=0, column=0)
capture_button.grid(row=1, column=0)
scan_label.grid(row=2, column=0)
scan_button.grid(row=3, column=0)
scan_text.grid(row=2, column=1, rowspan=2)
if __name__ == "__main__":
main()
47