No matter what the project, an AV integrator’s directive typically boils down to one thing: enable the crystal-clear flow of information. So it’s not surprising that the topic of encrypted audio can feel a little counterintuitive in a profession that’s dedicated to optimal sharing of sights and sounds.
But the fact is that there are numerous scenarios where an AV project would necessitate the inclusion of encrypted audio. The science of making information secure in the presence of adversarial forces, cryptography makes secure communication possible. A cipher—a.k.a. a code—is employed to encrypt data, audio, or video, ensuring that those elements are meaningless to your enemies unless they hold the secret key that will decrypt them.
Encryption is not a complete confidentiality solution by itself, but it is an essential component of a larger security system. Gathered under the encryption umbrella are a range of security services including confidentiality, integrity, authentication, and non-repudiation.
In the realm of executive conference rooms, huddle spaces, and videoconferencing, an increased learning curve has emerged for the successful implementation of encrypted audio. “There is a new world for AV integrators to be aware of in terms of connecting to networks,” says Josh Siegle, wireless product manager for Shure. “It isn't like the old days where everything was hooked up with analog wires with maybe one or two boxes that would connect to a phone or VoIP network. Now the actual microphones themselves and the audio processing are on the network, IP-addressable, and software configurable.
“That brings in a certain amount of convenience and ability to repeat similar installs that work the same across multiple rooms and multiple venues,” Siegle continued. “But along with that comes the need to protect the devices connected to the network. In the network solutions space, there's a cyber security element, and one way to help protect things in that space is by using some form of encryption.”
When to Protect
According to Paul Zielie, manager, enterprise solutions, Harman Professional Solutions, there are certain projects that will have a propensity for encryption.
“Any corporate or government client should be interested in encrypted audio when the audio transmission extends beyond the known boundary of the room,” he noted. “When you start to go across or between rooms, then audio potentially needs to be protected from undisclosed people. This is especially important because, with the exception of AVB, the tendency is that these audio streams are multicast. In that case, once a stream is on a network, the network forwards it to anyone who subscribes to that multicast address, which theoretically makes it easier to discover. That’s why the gold standard when you're protecting content is to be able to control who can decode it.”
Also important for AV integrators to consider is the various states in which coded audio can live. “There's encryption in transport, in storage, and for access—each one has its own challenges and importance,” explained Bradford Benn, an AV industry veteran with more than 25 years of experience. “One of the ways that encrypted audio has become easier to deploy in AV is that people are aware of it, and the infrastructure is now able to support it. We can place it on a VLAN that's segregated. We can do it through a VPN for a certain quality of audio so that it is truly an encrypted packet, which makes things relatively easy because most of the current audio-over-IP uses current standards."
“Where it's gotten more difficult is that a lot of people make assumptions about what's encrypted and what's not, and the level of security that's actually possible,” added Benn. “For instance, imagine audio is traveling over a digital network: unless you limit the access to some of the control software, once an adversary can get on the network, they can capture the streams and mess with them—listen to or replace them. Certain protocols have a four-digit pin to prevent that, but, not to sound too nefarious, that's under a minute of a script going in and just running all 10,000 combinations and seeing what the results are. People say, ‘Oh, you're being paranoid,’ and my response is, ‘Yes, but if you're talking about a bank with million-dollar discussions, [finding] someone to do that is not a problem.’"
A Stricter Signal Path
In practice, setting up an encrypted audio path entails both fundamentals and finer points. “Typically, it is a two-ended situation where you need to have both the transmitting entity and the receiving entity synced up on the encryption keys,” said Shure’s Siegle. “If you can't do that then you’ve basically stopped any usability of that audio content. In most cases, as encryption implementation goes, it's generally a good idea to stick with a certain manufacturer depending on how complicated, big, or distributed the system is, because you know that manufacturer will support both ends of the operation. It makes it less of an unknown, versus having a couple different brands of devices and then figuring out what it takes to make those two play nice together.”
No matter the pairings and the quality of encryption employed in an installation, Siegle points out that there's a responsibility on the part of the client and/or the integrator to ensure that passwords are changed consistently. As well, firmware must be kept up to date so that solutions like the Shure P300 IntelliMix audio conferencing processor run with the latest protections against code-cracking adversaries.
“As CPU processing gets better, it becomes more viable to crack encryption algorithms,” he says. “Encryption complexity does change over time, and that's one of the reasons why you want to look at the firmware update capability of whatever you're buying, because the chances are within five years or less, a newer, more powerful encryption algorithm will be made available.”
For AV integrators, the ability to confidently offer encrypted audio solutions can reflect a deepened understanding of their clients’ needs, beyond the plugged-in conferencing systems they’ve worked so hard to perfect.
“You have to be privy to the fact that once things are in the network, there's ways to get to them that weren't available on the analog equivalent,” said Siegle. “As [AV integrators] look at a customer they’ve served for years, the type of business they do, and the sensitivity of what they're saying, they can make a recommendation: ‘We understand that you’re doing things with this conference room where you would not want this information to end up where it wasn’t supposed to. What do we need to do for you, the customer, to deliver a solution that helps ensure it only goes where you intend it to go?’”
Another angle to take when collaborating with clients about encryption is to confirm that it’s truly called for at all. “The AV industry has not always accounted for the additional sensitivities of the media as it's moving into business applications, versus general communications applications,” stressed Zielie. “But with the convenience of putting it on the network, suddenly we're creating risk, even if it might not be essential for it to go there. The client hasn’t necessarily thought out the risk/reward for their audio to be on the network.”
“AV integrators can ask, ‘Is it necessary? Is it worth the potential risk?’ I have nothing against there being risk, as long as it's responsibly disclosed to and understood by the people whose content needs to be protected,” concluded Zielie. “They can make that decision if they're properly informed.”