Day: June 6, 2020

Given the current Covid-19 pandemic, thermal cameras are receiving increasingly more interest. It is a natural idea to utilize a thermal camera to detect elevated body temperatures. Right now, the Internet is full of information on the subject (including brand new companies), but it’s difficult to understand what is real, what is wishful thinking and what is exaggeration. At Eagle Eye Networks we have purchased a number of thermal cameras and have run a series of tests to determine what is practical with today’s technology. This document details some of the testing we have done and some of our conclusions. We do not claim that our testing is comprehensive or perfect, but we hope, that in sharing it, we can help. This document focuses on the application of thermal cameras to read human body temperature. However, it is important to note, that before the Covid-19 pandemic, thermal cameras, at least as it relates to video surveillance, were primarily used for detecting perimeter breaches. This use case does not require the same level of precision that a thermal camera detecting an elevated body temperature requires. Therefore, typical general-purpose thermal cameras in the market have an accuracy of +/- 5 degrees Fahrenheit, which is not accurate enough to detect elevated body temperatures. It’s also important to note that elevated temperature screening is not screening for coronavirus or for any other illness. In fact, some people who have a virus or illness may not have an elevated body temperature. Additionally, the majority of thermal cameras are not approved for medical use or approved by the FDA, but they may be well suited to provide an initial reading to allow appropriate personnel to perform follow up evaluation and potential diagnosis. Executive summary Thermal cameras can be used to detect elevated temperatures in humans under the right conditions. Creating those conditions can be challenging, but it’s not impossible or impractical. Our experience in testing has shown that the preferred solution includes cooperative subjects and limits measurement to a small number of people simultaneously. Given appropriate conditions we have tested cameras and found they consistently report temperatures within +/- 0.7 degrees Fahrenheit of measurements taken with a traditional thermometer. System components There are various systems in the market place; however, most cameras that are connected to a traditional surveillance system include these: Camera – Thermal and Visible Spectrum. Thermal Calibration Unit (blackbody). Recording System/ Video Management System. Local Display Device (optional). Cameras Some of the more advanced thermal cameras are effectively two cameras in a single housing, these are known by several different names – dual spectrum and bi-spectrum are the most common names. The image below (Figure 1) is a dual spectrum camera from Sunell that was designed to resemble a panda bear. This was originally deployed in Chinese schools where children would look at it as they entered. Each camera produces a video stream, the visible spectrum camera works like most typical surveillance cameras. The thermal camera produces an image that is a visual representation of the different temperatures it has detected. These images can be either in grayscale or in color. Most cameras have several visual choices for how to represent the thermal data. The images above (Figure 2) are from a dual spectrum thermal camera connected to the Eagle Eye Cloud VMS. This is a traditional video surveillance dual spectrum thermal camera, not a camera used to detect elevated body temperatures. There are a few things to note about the images. One is that the field of view is different. The visible camera can capture a wider field of view than the thermal camera. The visible camera has two vehicles in the field of view while the thermal camera only has one. The visible camera captures the street at the top of the image, while the thermal camera does not. The difference in camera field of view is quite common. Also, the thermal camera has a much lower resolution. The figures appear more ‘blocky.’ Thermal cameras today are generally much lower resolution than visible spectrum cameras.   Thermal calibration unit A thermal calibration unit, sometimes referred to as a blackbody, is a device that maintains a specific temperature and does not reflect any energy from the surroundings. It is used as a constant point of reference for the thermal camera. Not all thermal cameras require a calibration unit, but many can make use of them if they are present. A calibration unit requires electrical power, but is not wired to the camera or the VMS/ recorder. It is manually set at a prescribed temperature, and the thermal cameras are configured based on that temperature. Thermal calibration units are typically used when more precise temperature readings are required such as in elevated temperature screening. Some suppliers include a thermal calibration unit with the sale of the camera, but most do not. Calibration units are generally not present for most cameras connected to a video surveillance system. Many security industry personnel are not familiar with thermal calibration units or their use. Recording system/ video management system The cameras are generally connected to a recorder. For this discussion we utilized the Eagle Eye Cloud VMS with its enhancements for support of elevated temperature screening. The cameras are connected to an Eagle Eye Bridge. As shown above (figure 2), The Eagle Eye VMS records both the visible spectrum camera as well as the thermal camera. Additionally, Eagle Eye VMS captures the temperature measurement data that the camera generates. This means that the temperature is associated with specific to me, so searches can be performed based on the temperature, time or person. Notifications can be generated if the temperature is outside of a specified range. In other words, if the temperature is too high, a notification can be made. The notifications can be delivered via various methods, but the most common is via email. Typical notifications will have an image of the person, the temperature detected, as well as name and location of the camera that…

  INTRODUCTION Scope and purpose of this white paper The scope of this white paper is the security for embedded electronic systems and IoT systems, which are generally based on programmable microcontrollers. Examples are electronic consumer and industrial devices, IoT sensors, medical devices. The purpose is to stress the fact that although security countermeasures are necessary to protect embedded systems and IoT systems, they are unfortunately not sufficient to avoid surface attacks. Embedded systems and IoT systems are more and more exposed to a wider range of new security threats, and this trend will very probably accelerate. To prevent damages from security attacks, companies are taking measures to protect their assets, including more specifically their software IP. Unfortunately, in ecosystems where the supply chain is getting more complex, it is frequent that the ones deciding the security levels are not the ones that will be accountable for their choices. Even when security measures have been duly selected and implemented, facts are showing that there are still some underlying vulnerabilities. On average, security experts will break security of more than 80% of implementations during their evaluation phase, for multiple reasons: Security attacks are getting easier to set-up, even by players who have limited technical skills and could use tools available on the web. It costs just a few dollars to launch massive DDoS attacks capable of generating up to 300Gb/s. Security countermeasures have their own limitations, and having an overreliance on those countermeasures could lead to potential hidden security risks. Security implementation matters. Technical challenges in implementing security could potentially lead to vulnerabilities exploited by hackers. A good approach is to do a formal security evaluation with security experts. However, before taking this path, it will be efficient and cost effective to have a second view with a deeper dive into security. In most cases, it will highlight some vulnerabilities and will provide useful guidelines to improve the resistance of embedded systems against security attacks. In this whitepaper, we will: Describe the most frequently used security countermeasures. Review the limitations of these countermeasures and explain why a deeper dive is recommended. Share the views from our security experts. The benefit of this deeper dive is to reduce exposure to security attacks without having to reconsider the whole security approach. Security principles Basic principles It is widely accepted that security must rely on 3 basic principles: Security by design (and not after the facts). End to end security (at OT and IT levels). Security all along the product life. The last one is equally important compared to the first two. We observe that several electronic industries are getting conscious about the security by design and end to end security, and are not considering the importance of security all along the product life. For instance, having a secure mechanism for firmware update over the air (OTA) will prevent a lot of security breaches. Deeper dive I t would be great if a simple application of those basic principles will be enough to counter any potential security attack. Facts are showing that even by applying those principles, there are still remaining vulnerabilities exploited by hackers. Embedded systems are all different and have their own specificities; on the other side, security requirements vary considerably depending on market, applications or risk management policies. Considering that security must be scalable, and that no security scheme fits all, we recommend a deeper dive into security to ensure that the security schemes have been implemented in adequation with the system architecture. A strong security scheme which has not been properly implemented is simply useless. We will explain in this white paper the reasons why these basic security principles are necessary and not sufficient. Disclaimer The information in this white paper provides general information and guidance about cybersecurity; it is not intended as legal advice nor should you consider it as such. WHY DOES A DEEPER DIVE INTO SECURITY MAKE SENSE? Security attacks on embedded systems are getting more frequent There are several reasons that could explain why embedded and IoT systems are getting more vulnerable to security attacks: Systems complexity Embedded and IoT systems are becoming more and more complex due to rich, broad and diverse ecosystems which could be interconnected with each other’s. IoT ecosystems are an illustration of this trend; they include a wider range of technologies like sensors, gateways, networks, clouds with many different standards and limited regulations on security. Limited capacities in devices Many embedded and IoT systems are based on programmable microcontrollers with limitations in processing power and memory storage. Several security countermeasures have not been designed based on those limitations. As a result, they require compromising between security and performance, and most of the time the decision is in favor of the last one. Human errors are always possible The development of new technologies is accelerating, and we do not have enough background of previous threats to know enough about failures in protection. This is leading to an increase of human errors in life of a product – at the design stage, at manufacturing stage and during the implementation of security. Time to market and costs Generally, manufacturers shorten the launch time of products, putting higher priorities on volume of sales, and not always considering fundamental security best practices such as security by design. Security is often seen as an additional cost; this is why, in order to reduce costs, manufacturing companies are also limiting or ignoring security features in their devices. The result would be equipment that can never provide adequate protection. Any countermeasure has its own limitations Deciding a security strategy often means making compromises between risk, cost and time – the easier approach is to rely on legacy security mechanisms proposed by silicon and IP vendors, network providers or other third parties in the value chain. The issue with this approach is that there is no ‘one size fits all’ security solution that can protect any embedded system. The characteristics of each system is different and should be considered…