Design Principles for Secure AV Systems

Secure AV systems start with smart design. Here are some standards that’ve been around forever but easily apply to modern audiovisual projects.

This article was originally written by Paul Konikowski, and published on Commercial Integrator on March 1, 2019

In my last CI article, we reviewed cyber threats and vulnerabilities in AV systems. Many of the known vulnerabilities, or “vulns” can be fixed with a firmware upgrade, securing your network, and/or enabling passwords; but what else can AV manufacturers, consultants, and integrators do to achieve secure AV systems?

One thing that can be done is to adopt a secure mindset from the get-go when designing secure AV systems, keeping the following design principles in mind.

These principles were outlined by Jerome H. Saltzer and Michael D. Schroeder in an IEEE paper way back in 1975. We will apply those secure design principals to AV systems here.

Economy of mechanism

Keep designs simple, which also means keeping your programming code as small as possible, making it easier to test and analyze. Simpler design means that less can go wrong.

Fail-safe defaults

The default access to a resource should be no access. A good example of something that violates this principle is a wireless router that does not require a password and/or encrypt the traffic by default.

Complete mediation

This means every access to a resource is checked against the access control mechanism, every time, and all attempts to bypass security are prevented.

Open design

“Security by obscurity” does not work. Adapt an open-source attitude so your security does not depend on secrecy. Code and designs should be open for scrutiny by your community. It’s much better to have a friend or colleague find an error, then it is to wait for a bad actor to discover it.

Separation of privilege

Access to rooms, systems, or files should depend on more than one condition. If someone gains access to the AV rack, can they simply access the components using a console cable? Or did you go a step further, and enable passwords, as well as encryption of those passwords?

Least privilege

Users (and programs) should only be given the minimum access rights to complete their tasks. The default access should be none, and then access should be granted as needed, on an individual basis, or based on well-defined roles within the organization. Temporary access can also be granted.

Least common mechanism

This means that one should minimize the amount of mechanisms and/or equipment that is used by more than one user. A good example of this would be a “room PC” in a training room used by multiple instructors. Does each instructor log in with their own credentials?

Psychological acceptability, a.k.a. ease of use

Users will avoid security measures that get in the way of convenience. A physical analogy would be a dead bolt that requires a key on both the outside and the inside. Some people won’t bother locking it from the inside, especially if their key gets stuck in the lock.

Other best practices like layering, isolation, encapsulation, modularity, and auditability should also be kept in mind.

If you enjoyed this article, you might like these related posts on PKaudiovisual:

Identifying Cyber Attacks, Risks, Vulnerabilities in AV Installations

5 Steps to Better Cyber Risk Management

The Best Data Breach Incident Response Plans Require These Steps

 

Advertisements

Acoustical Consultants

Acoustics For Critical Listening Environments

Tavius Aiton, Architectural Acoustics

Guest blogger Tavius Aiton has worked in audio and acoustics for the past decade, from design and sales, to project management. Tavius is owner of Architectural Acoustics in San Jose, CA.

The solution always begins with understanding the problem. Acoustically, client expectations and needs are defined most by the purpose of their space. Obviously, budget and materials finishes factors into the equation as well; but in critical listening environments, acoustics should drive the design and budget.

Acoustics are best handled in the design phase of new construction.  Any critical listening space should first be optimized for shape and size, defined by its intended purpose, speaker orientation and patterns, as well as listening positions. Often, noise must be contained within a space, as well as isolated from outside. Wall, ceiling and floor construction design are important for sound and vibration isolation issues from adjacent spaces.

In rooms with shared walls needing isolation, choosing the proper stud type and configuration are important. Often, more floor space is required as there is greater airspace and less connection points between the walls. Double stud, or staggered stud layouts are often considered along with insulation. Isolation clips can be applied on rails across the studs to further isolation.

CIRCA Art Gallery, photo courtesy of Pinta Acoustics
CIRCA Art Gallery, photo courtesy of Pinta Acoustics

Early incident reflections may be desired in many critical listening spaces, but this needs to be carefully considered, because too much reverberation reduces speech intelligibility and musical clarity.  Ideal reverberation times should be called out by consultants.  Absorptive materials, or porous materials, allowing flow resistance of sound energy, can reduce reflections by frequencies depending upon type of material, thickness and airspace or backing material.

Reflection can be important, especially in larger spaces. Early incident sound reflections can be redirected to listeners prior to the room “coloring” them due to longer reverberation times.  Often, sound energy is redirected specifically based on size, shape, and type of materials placed throughout the room. Diffusion, or even-scattering of sound reflections, can be a necessary consideration in controlling the sound level equality throughout a space and maintain sound integrity.

Critical listening spaces require many considerations.  The earlier an acoustical consultant is brought in on the job, the better.  Often this can avoid acoustical issues that may be difficult, or more challenging, and costly to consider later.  Its also important to have a qualified contractor to implement the consultants design criteria, by properly installing the acoustic treatments, and remaining within budget.

Often budgets include high end equipment, and little to no acoustical treatments.  This is another reason to hire the appropriate consultant from the start: to have all the acoustical requirements laid out and included in your budget.  Ensure the most affective and affordable solutions for your acoustical or noise reduction needs. Make the most of your critical listening space and the investment in time, energy, and capital!

I would be happy to recommend a consultant specific to your needs.

For more information, please contact Tavius Aiton at Tavius.Aiton@gmail.com.