Hello,

I'm working on a small project, and I'd like to explore some options. Suppose I have two headless linux boxes. The first box (we'll call it "Box-A") has a video camera attached that can be reached as /dev/video0 - it's basically a DIY security camera running linux (OpenWRT) on a small router board. Box-B is an archive board with motion capture software and a large disk storage space. What choices do I have to securely stream a live video feed from Box-A to Box-B on the same LAN? And how to configure each box to prevent attackers from interfering?

The rough goals are:
- Continuously stream video over LAN from Box-A (server) to Box-B (client/archiver)
- Allow only authenticated access to Box-A video feed - Box-B must authenticate before Box-A grants access
- Allow access from other authenticated devices i.e. a linux/windows desktop PC can view the stream live in a browser or VLC
- Disallow unauthenticated access to the video stream
- Prevent passive attackers from sniffing and watching the video stream (should be encrypted)
- Prevent active attackers from MITM-ing the stream and possibly feeding a modified stream to Box-B.

I've found some streaming server tools like mjpg-streamer, gstreamer, ffmpeg, vlc, but I'm not sure, if they offer much security. For example mjpg-streamer only has plain username/password authentication, but no encryption.


Thoughts?

You should pass the video stream through secure ip tunneling.