GitHub - jcalvinowens/sdvr: An experimental video stream aggregator

jcalvinowens / sdvr Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

An experimental video stream aggregator

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
util		util
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README		README
common.c		common.c
common.h		common.h
crypto.c		crypto.c
crypto.h		crypto.h
inet.c		inet.c
inet.h		inet.h
internal.h		internal.h
output.h		output.h
prec.cpp		prec.cpp
proto.h		proto.h
psdl.cpp		psdl.cpp
rc5.c		rc5.c
rc5.h		rc5.h
ring.h		ring.h
sdvrc.c		sdvrc.c
sdvrd.c		sdvrd.c
tests.c		tests.c
v4l2.c		v4l2.c
v4l2.h		v4l2.h

Repository files navigation

sdvr: An experimental video stream aggregator
=============================================

SDVR is an open source system to aggregate the output from remote cameras, and
run arbitrary code against every frame in real time. The goal of the project is
to scale to both huge numbers of cameras, and huge numbers of local video data
consumers per camera.

SDVR is intended to be "secure by default": servers and clients mutually
authenticate each other using persistent ECDSA keys (like SSH), and all data
exchanged is encrypted. No user configuration is required, it "just works".

SDVR supports streaming video over TCP, UDP, and raw ethernet frames.

Proof of concept over localhost with your webcam:

	$ sudo apt install make gcc g++
	$ sudo apt install libnacl-dev libavcodec-dev libsdl2-dev liburcu-dev
	$ make -j -s
	$ ./sdvrd &
	$ ./psdl &
	$ ./sdvrc

To use the raw ethernet support, specify the inbound interface on the server:

	$ sudo ./sdvrd -i enp7s0

...and provide both the outbound interface and destination MAC on the client:

	$ sudo ./sdvrc -u -d 80:61:5f:08:b2:ba -o enxac7f3ee6b3be

This is still a work in progress, and parts of it are very messy.

Design
------

SDVR has three pieces: the client, the daemon, and the consumer(s).

The clients run on the systems with the camera(s) attached. Currently, only
V4L2 on Linux is supported, with broader support being a long term goal if this
project gains any traction.

The daemon recieves the data, decrypts it, and makes it available to consumers
locklessly via ring buffers in /dev/shm. The daemon doesn't know or care how
many consumers there are: it just buffers the data. A theoretically unlimited
number of consumers can consume a given data stream out of the same shared
memory in real time.

Currently, output.h defines the C++ interface, which decodes the video. Two
small proofs of concept derive it: psdl.cpp, which uses libsdl2 to render each
connected video stream in its own window; and prec.cpp, which writes it to disk.

Protocol
--------

The primary motivation for the novel protocol was to provide encryption and
mutual authentication in a more user friendly way than SSL/TLS. Eventually, it
will probably make sense to use a more standard container format for the video
data itself.

The video is not padded: for compressed formats, it is important to understand
that this leaks information about the video stream.

Cryptography
------------

The security model is inspired by OpenSSH: cameras and servers use persistent
ECDSA keys to authenticate each other. No configuration is necessary: just like
SSH, the keys are remembered after the first connection, and all subsequent
connections will be protected against MITM attacks.

The key exchange and authenticated encryption are implemented using Curve25519
and xsalsa20/AESPoly1305 primitives from the NaCl library by Daniel J Bernstein.
The implementation provides perfect forward security.

Keydata is stored in ~/.sdvr/ for both servers and clients. Servers and clients
can run on the same machine (over localhost), the filenames do not conflict.