A common misconception about migrating from hardwired AV to AV over IP is that the latter introduces more security risks than traditional AV. With more flexibility and new deployment options, education is the best ally to AV admins. Encryption technologies exist for several aspects of AV-over-IP products, and they address multiple components of AV system design.
Some products provide encryption on the command-and-control signaling to encoder and decoder devices. This offers security against hacking the actions of the boxes—including turning streaming on or off, or switching what source is being displayed. Another security aspect is the ability to encrypt the video streams themselves. This ensures that if the video stream is intercepted, it cannot be simply decoded and viewed.
Digital content protection
When dealing with interoperability, some products provide support for third-party devices using digital key exchanges or encryption. For example, the overwhelming majority of AV customers are concerned with the most straightforward case—which is HDCP. The purpose of High-bandwidth Digital Content Protection (HDCP) is to protect digital copyrighted content as it travels between devices.
For instance, a cable or satellite receiver box, or a media player with HDMI outputs, might play content in HD or 4K that is protected content. Such content is locked and can only be viewed by HDCP-compatible products once they are properly authenticated. There are restrictions on how protected content can be extended, multiplied, altered, or viewed.
Encryption technologies
While some encryption technologies are purpose-built to offer security options to AV professionals, sometimes they are also used to simply reduce openness. Vendors aiming to provide an assured experience to customers might choose to lock down the compatibility of their encoders and decoders to just their own brand as a measure to limit the scope of their quality assurance testing, technical support, and customer care options. This also allows to provide good user experiences to customers for set up and product use.
Top Security Concerns for the AV Industry
Command and control
There are push-button-only products in traditional AV where behaviors such as switching a source can only occur manually on the hardware itself. This is of course secure from remote hacking, but undeniably restricts the convenience and functionality as well.
Most useful AV products, whether they are traditional AV or based on AV over IP, have command-and-control ports that allow for remote control of the behaviors of the boxes, including turning on and off or switching the sources. For example, when a touch panel or AV processor is involved, some form of remote command and control is in use.
The command-and-control layer can be protected with permissions, passwords, and encryption. There is an equivalent responsibility for the command-and-control layer on vendors selling traditional AV as well as those selling AV over IP.
Video and audio content security
Can private assets like streaming camera feeds be intercepted by wrong doers? Of course. But this is true of ANY video or audio feed. Whether the video or audio is in circuit-based form on analog or digital wiring, or whether the video or audio is in packet-based form on IP networks, in both cases, it is possible to hack and access the video and audio feeds.
There is no substitute for knowledge and responsible deployment efforts when it comes to securing video and audio. In fact, some feel that the ability to encrypt packetized video and audio is superior to traditional baseband video if there is a concern that someone might try to hack and snoop the feeds.
Keep in mind that IP security has been around for a long time. Both data and telephone over IP have already gone through multiple generations of constant iterative improvements on this. In addition to information about IP network security and content encryption, there are also many well-established consultants and experts in the security field to assist you—no matter how sophisticated or basic your requirements are.
Network security
How to deploy AV over IP is a question of fit. AV over IP can be deployed on entirely segregated networks that never co-exist with packets of data from an organization’s data network or communications network. Alternatively, existing infrastructures of network cabling and switching are capable of, and already frequently used, for AV-over-IP applications.
AV-over-IP implementations, whether on separate or existing infrastructure, can be done without compromising the IT network security. In many organizations, the ability to use data, communications, and AV together (also known as “convergence”) is a driving force and key benefit for how AV is being re-fitted or newly deployed.
Maximum Value for Video and Audio Assets
There is no question that the IP network expertise from the computer networking world has value in the AV space. Old walls that once existed between AV and IT are melting away. Nevertheless, a strong understanding of AV-over-IP technologies and network requirements is still field-of-expertise focused on one thing only: providing maximum value to customers for their audio and video assets.
Moving away from centralized A/V switching to distributed encoding and decoding, AV over IP puts the emphasis back on the value of the audio-video assets themselves. This is possible because IP allows better distribution of the AV processing capabilities and the ability to easily scale with user needs.
Bringing It All Together
By allowing users more flexible deployments, providing options for using AV assets over greater distances, and letting users to pursue powerful new capabilities that better reflect evolving technology and changing worker habits, the migration towards AV over IP is well under way.
