Although Mike Tyson would have been funnier with a Hello Kitty tattoo. Even better, a Hello Kitty with a ear chomped off.
Russian encryption specialist ElcomSoft has discovered flaws in Nikon's systems for ensuring that images have not been tampered with. The flaw in Nikon's Image Authentication System creates a means to produce forged pictures that would successfully pass validation checks. The security weakness uncovered by ElcomSoft revolves …
I'd imagine in this situation it's bloody impossible. Given people have access to the device that contains the signing key it's only a matter of time before they extract it. A bit like blu-ray players needing to be able to decrypt the data on a disk to play it meaning that everyone potentially has access to a key.
> Finally, there’s this photograph of George W. Bush holding a book the wrong way up during a school visit. This was a famous and amusing hoax at the time, while in fact the image was forged
In the documentary "Fahrenheit 9/11", it shows Bush picking up the book the wrong-way-round and then rotating it ...
I was amused by Elcomsofts (still a Russian company?) choice of 'famous fakes'. Especially since none of them could have been proved as being doctored as they predate the signing tech. But then you look at them and realise they are a 'Pro-Security' selection, designed to sell Elcomsoft's hackin and crackin abilities to security services, little more.
Better selection here:
(If you are a big Palin fan don't view this unless you have some privacy and a cold shower available)
That having the camera sign the produce is an interesting idea in theory, but now that it's been cracked it's an even more practical highlight of a rather widespread security problem. This is in fact a rather fundamental problem as it makes a lie out of any and all assurances that anything (signed photos, ssl secured websites, anything banking, anything government) at all is "secure".
It's not so much the privacy angle (the key has to be unique to be useful, creating another potential information leak), but how much you can trust things that claim to be trustworthy. That signing thing is "hard" innit? Lots of well proven math and all that? Except that with the private keys compromisable the fake becomes indistinguishable from the real thing. There really is no recovery from that.
Moreover, it just became that much harder to use because everyone needing to trust those images as genuine must understand that this verification thing with its shiny blinking label saying all is well means exactly nothing. And is thus --unless you know it is useless-- far worse than useless.
The problem with implementing this sort of thing is that you can't just slap on a bit of crypto. You have to design in the features you want from the start and then do a lot of destructive and invasive testing to see if it'll stand up to all that. That makes an extremely hard economic case for "niceties" such as a consumer device that adds a bit of signing as a nice-to-have feature. That pretty much means that if you're not prepared to go all the way you're better off not adding the feature at all, yes.
This should be obvious to anyone who understands crypto to any extent, yes, but apparently plenty people haven't realised it.
Then you don't just rely on the camera's watermark. You also watermark the image with something of your own choosing: preferably using a more-robust key algorithm. That way, even if the camera's watermark can be faked, yours is much less likely to be faked at the same time.
Use a internet connected camera (these days: your mobile phone) that immediately tweets a SHA1 sum when the photo is taken, the actual image is withheld in order to hawk it round the publishers. The sha1 sum should be secure enough to prevent any subsequent tampering with the raw image.
- For non-commercial photography you don't even need a checksum, stuff that is published instantly gives some protection against being duped by removing the opportunities for the image to be manipulated.
For breaking events it would, at least, greatly increase the costs of a fake since you'd need to have a talented crew ready to process stuff very quickly in order to make the publication of the checksum agree with the general timings of the event. Or you would need preprepared fakes.
I'm not saying such a system works for any other scenario then breaking news events.. but it is probably pretty effective, especially with disasters and conflicts, simply due to the physical limitations it places on creating effective fakes.
I see. Exactly how would that ensure that the image stored on the microfilm wasn't fiddled with prior to its storage?
Also, given the two scenarios of a fire in a roomfull of microfilm and a fire in a roomfull of digital storage media, which one's most likely to have retrievable backup copies somewhere else?
Since you'll never be able to find the same backup drive using the same backup standards, nor the original restore software with its original OS. And even if you find all this, the DRM server used to protect the backups has been decommissioned when the cloud provider went bankrupt.
Actually, microfilm might have some chance of escaping fire as opposed to digital media escaping all those adverse conditions.
It's not as if chemical film negatives are secure if someone really wanted to 'forge' a picture. My grandfather used to have his own dark room and imaging equipment. It starts by having film and developing chemicals of the same stock and being exceptionally talented with a lot of time on one's hands.
It's the availability of the hardware and then the software to enable the forging that makes the digital negative more of a problem. It's too easy for some knob to piggy back off the talent of someone else because far more people have computers then a dark room and far more people can download a piece of software than obtain the correct film stock and chemicals.
Biting the hand that feeds IT © 1998–2021