Russian encryption specialist ElcomSoft has discovered flaws in Nikon's systems for ensuring that images have not been tampered with. The flaw in Nikon's Image Authentication System creates a means to produce forged pictures that would successfully pass validation checks. The security weakness uncovered by ElcomSoft revolves …
Although Mike Tyson would have been funnier with a Hello Kitty tattoo. Even better, a Hello Kitty with a ear chomped off.
Holistic security is hard
All-encompassing security is, like, reALLY hard. Like imagine the hardest technical feat you've done successfully. Then multiply that by 10. It's even harder than that.
But my difficulty dial goes up to 11. I just tried it, and although quite difficult, it is possible.
On an aside, what on earth are you talking about ?
Re:Holistic security is hard
I'd imagine in this situation it's bloody impossible. Given people have access to the device that contains the signing key it's only a matter of time before they extract it. A bit like blu-ray players needing to be able to decrypt the data on a disk to play it meaning that everyone potentially has access to a key.
A question - pardon my ignorance
is the key the same across all cameras or does each camera have a different key?
and if the latter, does this mean a faked keyed image is linked to a camera that didn't take the picture (IYSWIM) ?
While security is hard, companies do keep failing miserably
While I do not doubt that it's hard to do security properly, lots of companies delude themselves that they know how to do it and then make an utter "balls up"...
Like claiming their encryption is 'Military Grade' and then refusing to tell you the algorithm
They may be working on the principle that ROT13 was military grade - just for the Roman Army at the time of Julius Caesar...
Shouldn't that be ROT-XI?
Given the Romans only had 23 letters in classical times, and K was barely used.
We could probably argue for ROT-X immediately before Julius Caesar, they only had 21 letters up til then until they got Y & Z from the Greeks after the conquest in 146BC.
They fought a war to get letters Y and Z?
re: Shouldn't that be ROT-XI?
"they only had 21 letters up til then until they got Y & Z from the Greeks after the conquest in 146BC"
They conquered the Greeks, and all they got were two lousy letters.
You should see what letters they got...
...when they defeated the Gauls!
"They conquered the Greeks, and all they got were two lousy letters."
Could have been worse - they could have picked up their Government debt.
Bush image forged
> Finally, there’s this photograph of George W. Bush holding a book the wrong way up during a school visit. This was a famous and amusing hoax at the time, while in fact the image was forged
In the documentary "Fahrenheit 9/11", it shows Bush picking up the book the wrong-way-round and then rotating it ...
Wow, you called "Farenheit 9/11" a documentary with a straight face - that is, I'm assuming that is a strait face for an alien...
How on earth can it be called a documentary with all that fiction about steel buildings collapsing due to fire, or the lead hijacker's passport surviving the entire collapse intact and on top of the debris.
Richard Gage would be proud of you.
Re: You're right
Oh my God! I NEVER THOUGHT OF THAT BEFORE. SHIT. EVERYTHING I BELIEVE IS WRONG etc
Humm. unamerican photography
I was amused by Elcomsofts (still a Russian company?) choice of 'famous fakes'. Especially since none of them could have been proved as being doctored as they predate the signing tech. But then you look at them and realise they are a 'Pro-Security' selection, designed to sell Elcomsoft's hackin and crackin abilities to security services, little more.
Better selection here:
(If you are a big Palin fan don't view this unless you have some privacy and a cold shower available)
Love the "See More About:" links for that second example
Fun fun fun.
That having the camera sign the produce is an interesting idea in theory, but now that it's been cracked it's an even more practical highlight of a rather widespread security problem. This is in fact a rather fundamental problem as it makes a lie out of any and all assurances that anything (signed photos, ssl secured websites, anything banking, anything government) at all is "secure".
It's not so much the privacy angle (the key has to be unique to be useful, creating another potential information leak), but how much you can trust things that claim to be trustworthy. That signing thing is "hard" innit? Lots of well proven math and all that? Except that with the private keys compromisable the fake becomes indistinguishable from the real thing. There really is no recovery from that.
Moreover, it just became that much harder to use because everyone needing to trust those images as genuine must understand that this verification thing with its shiny blinking label saying all is well means exactly nothing. And is thus --unless you know it is useless-- far worse than useless.
The problem with implementing this sort of thing is that you can't just slap on a bit of crypto. You have to design in the features you want from the start and then do a lot of destructive and invasive testing to see if it'll stand up to all that. That makes an extremely hard economic case for "niceties" such as a consumer device that adds a bit of signing as a nice-to-have feature. That pretty much means that if you're not prepared to go all the way you're better off not adding the feature at all, yes.
This should be obvious to anyone who understands crypto to any extent, yes, but apparently plenty people haven't realised it.
Then you don't just rely on the camera's watermark. You also watermark the image with something of your own choosing: preferably using a more-robust key algorithm. That way, even if the camera's watermark can be faked, yours is much less likely to be faked at the same time.
But isn't the whole point to this that the raw data is watermarked at the moment in time the image is taken, and before any processing can be done?
If you are adding your own watermark, what's to stop you making alterations to the data prior to applying it?
How about immediate publication for news related photos.
Use a internet connected camera (these days: your mobile phone) that immediately tweets a SHA1 sum when the photo is taken, the actual image is withheld in order to hawk it round the publishers. The sha1 sum should be secure enough to prevent any subsequent tampering with the raw image.
- For non-commercial photography you don't even need a checksum, stuff that is published instantly gives some protection against being duped by removing the opportunities for the image to be manipulated.
For breaking events it would, at least, greatly increase the costs of a fake since you'd need to have a talented crew ready to process stuff very quickly in order to make the publication of the checksum agree with the general timings of the event. Or you would need preprepared fakes.
I'm not saying such a system works for any other scenario then breaking news events.. but it is probably pretty effective, especially with disasters and conflicts, simply due to the physical limitations it places on creating effective fakes.
is an answer in some areas like document archiving. Yes, people do still use it and it lasts for eons.
Only problem is finding companies that do it.
I see. Exactly how would that ensure that the image stored on the microfilm wasn't fiddled with prior to its storage?
Also, given the two scenarios of a fire in a roomfull of microfilm and a fire in a roomfull of digital storage media, which one's most likely to have retrievable backup copies somewhere else?
Microfilm is the answer
But what is the question?
None of them after a few decades
Since you'll never be able to find the same backup drive using the same backup standards, nor the original restore software with its original OS. And even if you find all this, the DRM server used to protect the backups has been decommissioned when the cloud provider went bankrupt.
Actually, microfilm might have some chance of escaping fire as opposed to digital media escaping all those adverse conditions.
lasts for eons...
No it doesn't, it is extremely delicate and must be kept in a temperature and humidity controlled environment and it is possible to damage it when you read it.
It's not as if chemical film negatives are secure if someone really wanted to 'forge' a picture. My grandfather used to have his own dark room and imaging equipment. It starts by having film and developing chemicals of the same stock and being exceptionally talented with a lot of time on one's hands.
It's the availability of the hardware and then the software to enable the forging that makes the digital negative more of a problem. It's too easy for some knob to piggy back off the talent of someone else because far more people have computers then a dark room and far more people can download a piece of software than obtain the correct film stock and chemicals.
Uhh... how do you do this? With a microscope and a teensy pipette that applies silver halide particles? Good luck. You forge prints, not negatives.
In ye olde days
This would be possible if you were using a large format negative.
When you use something that's 4x5 , 10x8 for instance (Thats inches not mm or cm) it can be done by hand,
But how do you prove that you didn't manipulate the image between downloading it from the camera and watermarking it?
It's a lot harder to fake the original negative, especially if you have the entire film - it's easy to detect layers of copies from the grain and you can do microscopic analysis of lens aberrations to see that an image was re-shot on a different lens.