Introduction
We have designed and developed a cost-efficient, cloud-connected video platform for surveillance cameras and smart home devices. This entails creating a streaming service capable of handling unstructured media data at scale, addressing challenges such as buffering, latency, dropped connections, and data storage issues often encountered in video streaming from smart home devices.
To meet these requirements, we have chosen to leverage serverless computing. Serverless computing eliminates the need for provisioning servers, offering benefits such as automatic scaling, cost optimization based on actual usage, built-in fault tolerance, and high availability. This approach promotes agility, reduces operational complexity, and accelerates time-to-market.
Cost considerations were essential in our product. We have evaluated the expenses associated with managing servers, storage, and network hardware required for high-bandwidth, low-latency network performance. By avoiding the procurement, installation, and maintenance of hardware, we can redirect our resources toward developing innovative applications and enhancing the user experience.
We also integrated Amazon Kinesis Video Streams, a fully managed AWS service, into our solution. This service securely streams media for storage, analytics, and playback without the need to provision servers. It eliminates the complexities of managing WebRTC-related cloud infrastructure, such as signaling servers and media relay servers, making it an ideal choice for our project, especially when combined with AWS IoT for connected products.
To optimize costs further, we have implemented data rate reduction techniques such as compression and dynamic bitrates and frame rate adjustments in our video streams. This approach helps control the overall cost of using Kinesis Video Streams.
Additionally, we have focused on minimizing data egress costs, which can scale with the number of cameras and users. By using Kinesis Video Streams with WebRTC and peer-to-peer connections, we can eliminate data egress costs, as the media traffic is transmitted directly between peers. In cases where direct connections are not feasible due to network restrictions, a relay server (TURN) provided by Kinesis Video Streams is utilized, incurring charges based on streaming minutes and data transfer out.
Proposed Architecture
AWS Kinesis feed is passed to splunk by using a Splunk app for AWS. Splunk Enterprise Security provides us with Adaptive Response Framework. Splunk Enterprise also has a SOAR framework which provides us with automated responses based on the alerts triggered by Splunk Monitoring.
Beyond streaming video, our architecture encompasses the administration and control of smart cameras. This includes provisioning, configuration, security, and maintenance to ensure the proper functioning of these devices. We achieve this by onboarding smart cameras to AWS using AWS IoT Core, which establishes a secure connection based on the MQTT protocol.
Authentication
Security is paramount in our architecture, and we rely on X.509 certificates to authorize cameras to access AWS services. AWS IoT Core generates and registers individual certificates for each device at scale. During provisioning, an AWS Lambda function verifies the cameras accessing the services by reading a database table containing device information.
In our architecture, Amazon DynamoDB, a serverless key-value database service, is used to verify identities and store user and device data. This integration ensures real-time processing and analysis of IoT data with low-latency performance.
Communication
For client-side communication, we implement a serverless authentication and authorization pattern. Amazon Cognito manages user directories and provides access tokens to verify users and authorize access to backend services and surveillance cameras. Amazon API Gateway handles access token verification and allows authenticated users to proxy requests from the client to backend services.
The backend services in our architecture are built using AWS Lambda, enabling on-demand code execution. Lambda functions read from the manufacturer database to verify devices and associate user accounts with cameras. These functions also request session credentials using AWS Identity and Access Management (IAM) to access the signaling channel of the camera on Kinesis Video Streams, ensuring client isolation.
Security Risk Management
Addressing these security concerns with SPLUNK is crucial for safeguarding a network from potential vulnerabilities and threats. Insecure network services, such as outdated protocols or open ports, are identified and secured to prevent unauthorized access. Regular security updates and patches are identified and implemented to mitigate the risk posed by a lack of security updates. The use of insecure components, whether in hardware or software, are avoided, and rigorous vetting of third-party products is made essential. Secure data transfer protocols and encryption are employed to protect sensitive information during transmission. Effective device management, including regular monitoring and access control using SPLUNK which helps us to prevent unauthorized devices from compromising network security. Lastly, it’s vital to change insecure default settings on devices and systems to minimize the risk of exploitation. Combining these measures can significantly enhance the overall security posture of a network.
Summary and Conclusion
Our aim is to create a scalable, cost-efficient, and secure video streaming platform for surveillance cameras and smart home devices by leveraging serverless computing, Amazon Kinesis Video Streams, AWS IoT Core, and other AWS services. This architecture ensures optimal performance and cost-effectiveness while addressing the complexities of video streaming in a smart home environment.
Zigron stands at the forefront of technology, continuously striving to provide innovative solutions that merge cost-effectiveness with robust functionality. Our endeavor in designing a secure video surveillance platform for smart homes, powered by AWS and complemented by Splunk, exemplifies our commitment to excellence. This synergy of technologies, molded by Zigron’s expertise, offers an unparalleled blend of efficiency, security, and innovation.
Dive into the future of smart home surveillance with Zigron. As your trusted technology partner, we’re here to guide your enterprise towards achieving its technology ambitions. Interested in exploring our suite of solutions further or seeking consultation for your next big project? Reach out to us at sales@zigron.com or call us at +1-412-478-6588. Let’s shape the future, together.