back to article Nikon image authentication system cracked

Russian encryption specialist ElcomSoft has discovered flaws in Nikon's systems for ensuring that images have not been tampered with. The flaw in Nikon's Image Authentication System creates a means to produce forged pictures that would successfully pass validation checks. The security weakness uncovered by ElcomSoft revolves …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Funny pics

    Although Mike Tyson would have been funnier with a Hello Kitty tattoo. Even better, a Hello Kitty with a ear chomped off.

  2. Jan-Erik Finnberg

    Holistic security is hard

    All-encompassing security is, like, reALLY hard. Like imagine the hardest technical feat you've done successfully. Then multiply that by 10. It's even harder than that.

    1. It wasnt me
      Thumb Up

      Ahh.....

      But my difficulty dial goes up to 11. I just tried it, and although quite difficult, it is possible.

      On an aside, what on earth are you talking about ?

    2. Mark 65

      Re:Holistic security is hard

      I'd imagine in this situation it's bloody impossible. Given people have access to the device that contains the signing key it's only a matter of time before they extract it. A bit like blu-ray players needing to be able to decrypt the data on a disk to play it meaning that everyone potentially has access to a key.

  3. Anonymous Coward
    Anonymous Coward

    A question - pardon my ignorance

    is the key the same across all cameras or does each camera have a different key?

    and if the latter, does this mean a faked keyed image is linked to a camera that didn't take the picture (IYSWIM) ?

  4. Adam Trickett
    Black Helicopters

    While security is hard, companies do keep failing miserably

    While I do not doubt that it's hard to do security properly, lots of companies delude themselves that they know how to do it and then make an utter "balls up"...

    1. Anonymous Coward
      Anonymous Coward

      Totally Agree

      Like claiming their encryption is 'Military Grade' and then refusing to tell you the algorithm

      1. Anonymous Coward
        Boffin

        Military Grade

        They may be working on the principle that ROT13 was military grade - just for the Roman Army at the time of Julius Caesar...

        1. Mayhem

          Shouldn't that be ROT-XI?

          Given the Romans only had 23 letters in classical times, and K was barely used.

          We could probably argue for ROT-X immediately before Julius Caesar, they only had 21 letters up til then until they got Y & Z from the Greeks after the conquest in 146BC.

          1. Just Thinking

            Incredible

            They fought a war to get letters Y and Z?

          2. Woodgar

            re: Shouldn't that be ROT-XI?

            "they only had 21 letters up til then until they got Y & Z from the Greeks after the conquest in 146BC"

            They conquered the Greeks, and all they got were two lousy letters.

            1. Cunningly Linguistic
              Paris Hilton

              You should see what letters they got...

              ...when they defeated the Gauls!

            2. Mark 65

              @Woodgar

              "They conquered the Greeks, and all they got were two lousy letters."

              Could have been worse - they could have picked up their Government debt.

  5. Anonymous Coward
    Alien

    Bush image forged

    > Finally, there’s this photograph of George W. Bush holding a book the wrong way up during a school visit. This was a famous and amusing hoax at the time, while in fact the image was forged

    In the documentary "Fahrenheit 9/11", it shows Bush picking up the book the wrong-way-round and then rotating it ...

    http://blog.crackpassword.com/2011/04/nikon-image-authentication-system-compromised/

    1. Anonymous Coward
      Black Helicopters

      Re: Documentary

      Wow, you called "Farenheit 9/11" a documentary with a straight face - that is, I'm assuming that is a strait face for an alien...

      1. TimNevins
        Thumb Up

        You're right

        How on earth can it be called a documentary with all that fiction about steel buildings collapsing due to fire, or the lead hijacker's passport surviving the entire collapse intact and on top of the debris.

        Richard Gage would be proud of you.

        1. Sarah Bee (Written by Reg staff)

          Re: You're right

          Oh my God! I NEVER THOUGHT OF THAT BEFORE. SHIT. EVERYTHING I BELIEVE IS WRONG etc

    2. Owen Carter
      Troll

      Humm. unamerican photography

      I was amused by Elcomsofts (still a Russian company?) choice of 'famous fakes'. Especially since none of them could have been proved as being doctored as they predate the signing tech. But then you look at them and realise they are a 'Pro-Security' selection, designed to sell Elcomsoft's hackin and crackin abilities to security services, little more.

      Better selection here:

      http://www.cracked.com/article/118_the-15-most-shameless-fake-photos-ever-passed-off-as-real/

      or

      http://politicalhumor.about.com/od/sarahpalin/ig/Sarah-Palin-Pictures/Hot-Sarah-Palin-Photos.htm

      (If you are a big Palin fan don't view this unless you have some privacy and a cold shower available)

      1. Anonymous Coward
        Anonymous Coward

        Love the "See More About:" links for that second example

        "right-wing nutjobs"

  6. Anonymous Coward
    Anonymous Coward

    Fun fun fun.

    That having the camera sign the produce is an interesting idea in theory, but now that it's been cracked it's an even more practical highlight of a rather widespread security problem. This is in fact a rather fundamental problem as it makes a lie out of any and all assurances that anything (signed photos, ssl secured websites, anything banking, anything government) at all is "secure".

    It's not so much the privacy angle (the key has to be unique to be useful, creating another potential information leak), but how much you can trust things that claim to be trustworthy. That signing thing is "hard" innit? Lots of well proven math and all that? Except that with the private keys compromisable the fake becomes indistinguishable from the real thing. There really is no recovery from that.

    Moreover, it just became that much harder to use because everyone needing to trust those images as genuine must understand that this verification thing with its shiny blinking label saying all is well means exactly nothing. And is thus --unless you know it is useless-- far worse than useless.

    The problem with implementing this sort of thing is that you can't just slap on a bit of crypto. You have to design in the features you want from the start and then do a lot of destructive and invasive testing to see if it'll stand up to all that. That makes an extremely hard economic case for "niceties" such as a consumer device that adds a bit of signing as a nice-to-have feature. That pretty much means that if you're not prepared to go all the way you're better off not adding the feature at all, yes.

    This should be obvious to anyone who understands crypto to any extent, yes, but apparently plenty people haven't realised it.

    1. Charles 9

      Independent watermarking.

      Then you don't just rely on the camera's watermark. You also watermark the image with something of your own choosing: preferably using a more-robust key algorithm. That way, even if the camera's watermark can be faked, yours is much less likely to be faked at the same time.

      1. Woodgar

        re:Independent watermarking

        But isn't the whole point to this that the raw data is watermarked at the moment in time the image is taken, and before any processing can be done?

        If you are adding your own watermark, what's to stop you making alterations to the data prior to applying it?

    2. Owen Carter
      Big Brother

      How about immediate publication for news related photos.

      Use a internet connected camera (these days: your mobile phone) that immediately tweets a SHA1 sum when the photo is taken, the actual image is withheld in order to hawk it round the publishers. The sha1 sum should be secure enough to prevent any subsequent tampering with the raw image.

      - For non-commercial photography you don't even need a checksum, stuff that is published instantly gives some protection against being duped by removing the opportunities for the image to be manipulated.

      For breaking events it would, at least, greatly increase the costs of a fake since you'd need to have a talented crew ready to process stuff very quickly in order to make the publication of the checksum agree with the general timings of the event. Or you would need preprepared fakes.

      I'm not saying such a system works for any other scenario then breaking news events.. but it is probably pretty effective, especially with disasters and conflicts, simply due to the physical limitations it places on creating effective fakes.

  7. Anonymous Coward
    Anonymous Coward

    Microfilm...

    is an answer in some areas like document archiving. Yes, people do still use it and it lasts for eons.

    Only problem is finding companies that do it.

    1. TeeCee Gold badge
      FAIL

      Re: Microfilm...

      I see. Exactly how would that ensure that the image stored on the microfilm wasn't fiddled with prior to its storage?

      Also, given the two scenarios of a fire in a roomfull of microfilm and a fire in a roomfull of digital storage media, which one's most likely to have retrievable backup copies somewhere else?

      1. Anonymous Coward
        Coat

        None of them after a few decades

        Since you'll never be able to find the same backup drive using the same backup standards, nor the original restore software with its original OS. And even if you find all this, the DRM server used to protect the backups has been decommissioned when the cloud provider went bankrupt.

        Actually, microfilm might have some chance of escaping fire as opposed to digital media escaping all those adverse conditions.

    2. Anonymous Coward
      Anonymous Coward

      Microfilm is the answer

      But what is the question?

    3. Dagg Silver badge
      Thumb Down

      lasts for eons...

      No it doesn't, it is extremely delicate and must be kept in a temperature and humidity controlled environment and it is possible to damage it when you read it.

  8. Anonymous Coward
    Anonymous Coward

    Chemical film

    It's not as if chemical film negatives are secure if someone really wanted to 'forge' a picture. My grandfather used to have his own dark room and imaging equipment. It starts by having film and developing chemicals of the same stock and being exceptionally talented with a lot of time on one's hands.

    It's the availability of the hardware and then the software to enable the forging that makes the digital negative more of a problem. It's too easy for some knob to piggy back off the talent of someone else because far more people have computers then a dark room and far more people can download a piece of software than obtain the correct film stock and chemicals.

    1. Displacement Activity

      Forging negatives?

      Uhh... how do you do this? With a microscope and a teensy pipette that applies silver halide particles? Good luck. You forge prints, not negatives.

      1. SirTainleyBarking
        Pirate

        In ye olde days

        This would be possible if you were using a large format negative.

        When you use something that's 4x5 , 10x8 for instance (Thats inches not mm or cm) it can be done by hand,

  9. Yet Another Anonymous coward Silver badge

    @Independent watermarking.

    But how do you prove that you didn't manipulate the image between downloading it from the camera and watermarking it?

  10. Yet Another Anonymous coward Silver badge

    @Chemical film

    It's a lot harder to fake the original negative, especially if you have the entire film - it's easy to detect layers of copies from the grain and you can do microscopic analysis of lens aberrations to see that an image was re-shot on a different lens.

This topic is closed for new posts.