Fusion stream encryption is a proprietary technology of Genetec Inc. used to protect the privacy of your video archives. The Archiver uses a two-level encryption strategy to ensure that only authorized client machines can access your private data.
What is a fusion stream?
Fusion stream is a proprietary data structure of Genetec Inc. for streaming multimedia. Each fusion stream is a bundle of data (video, audio, and metadata) streams and key streams related to a single camera. Fusion streams are generated on specific client requests. The key streams are included only if the data streams are encrypted.
Benefits of fusion stream encryption
The benefits of fusion stream encryption are as follows:
- No data captured by Security Center is stored or transmitted as plaintext. This means that the privacy of your data is protected even if you outsource the management of your data center.
- Data streams are encrypted using the US government approved AES 128-bit encryption standard.
- The keys used to encrypt the data streams change every minute, discouraging any kind of brute-force attack.
- Each data stream is encrypted with a different key stream, reducing the attack surface.
- The key streams are encrypted using public key encryption, ensuring that only authorized client machines (with a valid private key installed) can view the encrypted data.
- If a private key is compromised (leaked out), you can prevent it from ever being used again on your system.
- Encryption overhead is kept to a minimum by encrypting the data stream only once. Auxiliary Archivers do not have to re-encrypt the data.
The limitations of fusion stream encryption are as follows:
- Multicast from the camera is disabled when data streams must be encrypted.
- Recordings on the edge cannot be encrypted. Turn edge recording off if you want encryption.
- Encrypted video cannot be viewed with Security Center 5.3 and earlier.
- Encrypted video cannot be viewed on Security Center Mobile devices.
- Software motion detection is not possible when encryption is on.
- Thumbnails cannot be generated for encrypted video.
- Encryption cannot be added after the video has been archived.
However, you can still encrypt your exported video files.
- New encryption keys cannot be added to archived data, which means that authorization to view archived data cannot be granted to new machines.
- Encryption certificates are only validated for expiration dates. This means that any certificate you enroll takes effect immediately, regardless of its activation date.
- Encryption cannot be removed from the video archives.
The workaround is to export your video in ASF format.
- Encrypted video cannot be exported in legacy G64 format.
When you export encrypted video in G64x format, the video is exported with encryption. All the information necessary in order for authorized client machines to decrypt the video are found in the G64x file.
- Encrypted video cannot be recovered if you lose your private keys.