←back to thread

Show HN: Open-source private home security camera system (end-to-end encryption)

(github.com)

551 points arrdalan | 1 comments | 30 Nov 24 22:13 UTC | HN request time: 0.211s | source

I needed a security camera inside my house, one that would send motion notifications to my smartphone and would allow me to livestream remotely. However, I could not find one that I could trust due to privacy concerns. Many of them upload the plaintext of videos to their servers and none is fully open-source as far as I know. Therefore, I decided to use my spare time to build one from scratch. Called Privastead (as in Private Homestead), it uses OpenMLS for end-to-end encryption (between the camera local hub and the smartphone) and is mostly implemented in Rust (except for part of the Android app that is implemented in Kotlin). The system is functional now and I've been using it in my own house for the past couple of weeks.

Based on some of the discussions I've seen online, it seems like there are other users who are also concerned with the privacy implications of home security cameras. Therefore, I decided to open source my solution for everyone to use. If you need a privacy-preserving home security camera, please give it a try and provide feedback. Note that trying out the system requires you to have a supported IP camera, a local machine connected to the IP camera, a server, and an Android smartphone. I have put together detailed instructions on setting up the system, which I hope makes it easier for others to get the system up and running.

In addition, consider contributing to the project. The prototype currently has a lot of limitations: mainly that it has only been tested with one IP camera, only allows the use of one camera, and only supports Android. I'll continue to improve the prototype as time permits, but progress will be much faster if there are other contributors as well.

Show context

scotty79 ◴[01 Dec 24 01:43 UTC] No.42285475[source]▶

>>42284412 (OP) #

Does the hub possess ability to delete recording from the server? I understand that hub being compromised is not a part of your threat model but I'm curious if you can preserve the recordings in case it was taken over.

replies(1): >>42285787 #

1. arrdalan ◴[01 Dec 24 02:54 UTC] No.42285787[source]▶

The hub keeps a video until it is received by the app. The hub has a component called the delivery monitor, which processes acks from the app and keeps track of the delivery status of each video. It resends the videos when needed to ensure delivery. Once the app acks receipt of a video, the hub deletes it. The app then keeps all the videos until the user explicitly deletes them. (I've been thinking of a feature that automatically deletes all videos in the app that are older than a threshold, but haven't implemented it yet.)

The server is untrusted and does not have access to the plaintext of videos. It only receives the ciphertext (encrypted video) and notifies the app to download them. When the app fetches a video, the server deletes the ciphertext (in order to be memory efficient).

Yes, the hub is part of the Trusted Computing Base (TCB). That means that we trust it. If the attacker compromises it and takes full control of the hub, then the attacker has unfettered access to the IP camera.

That being said, if the attacker only manages to take a snapshot of the keys used by the hub for encryption (and nothing more), then the forward secrecy and post-compromise security aspects of MLS comes to our rescue. They ensure that the attacker can only decrypt some of the messages (at most a full video depending on what keys are compromised), but nothing before and after that.