They’re doing something like that I think
drathvedro@lemm.ee 9 months ago
I’ve been saying for a long time now that camera manufacturers should just put encryption circuits right inside the sensors. Of course that wouldn’t protect against pointing the camera at a screen showing a deepfake or someone painstakingly dissolving top layers and tracing out the private key manually, but that’d be enough of the deterrent from forgery. And also media production companies should actually put out all their stuff digitally signed. Like, come on, it’s 2024 and we still don’t have a way to find out if something was filmed or rendered, cut or edited, original or freebooted.
GeneralVincent@lemmy.world 9 months ago
drathvedro@lemm.ee 9 months ago
Oh, they’ve actually been developing that! Thanks for the link, I was totally unaware of C2PA thing. Looks like the ball has been very slowly rolling ever since 2019, but now that the Google is on board (they joined just a couple days ago), it might fairly soon be visible/usable by ordinary users.
Mark my words, though, I’ll bet $100 that everyone’s going to screw it up miserably on their first couple of generations. Camera manufacturers are going to cheap out on electronics, allowing for data substitution somewhere in the data pipeline. Every piece of editing software is going to be cracked at least a few times, allowing for fake edits. And production companies will most definitely leak their signing keys. Maybe even Intel/AMD could screw up again big time. But, maybe in a decade or two, given the pace, we’ll get a stable and secure enough solution to become the default, like SSL currently is.
petrol_sniff_king@lemmy.blahaj.zone 9 months ago
You might find this interesting. www.hackerfactor.com/blog/index.php?/archives/101…
drathvedro@lemm.ee 9 months ago
Oh, so Adobe already screwed it up miserably. Thanks, had a good laugh at it
Natanael@slrpnk.net 9 months ago
Oof.
They need to implement content addressing for “sidecar” signature files (add a hash) both to prevent malleability and to allow independent caches to serve up the metadata for images of interest.
Also, the whole certificate chain and root of trust issues are still there and completely unaddressed. They really should add various recommendations for default use like not trusting anything by default, only showing a signature exists but treating it unvalidated until the keypair owner has been verified. Accepting a signature just because a CA is involved is terrible, and that being a terrible idea is exactly the whole reason who web browsers dropped support for displaying extended validation certificate metadata (because that extra validation by CAs was still not enough).
And signature verification should be mandatory for every piece, dropping old signatures should not be allowed and metadata which isn’t correctly signed shouldn’t be displayed. There’s even schemes for compressing multiple signatures into one smaller signature blob so you can do this while saving space!
hyperhopper@lemmy.world 9 months ago
If you’ve been saying this for a long time please stop. This will solve nothing. It will be trivial to bypass for malicious actors and just hampers normal consumers.
Drewelite@lemmynsfw.com 9 months ago
Thank you, lol. This is what people end up with when they think of the first solution that comes to mind. Often just something that makes life harder for everyone EXCEPT bad actors. This just creates hoops for people following the rules to jump though while giving the impression the problem was solved, when it’s not.
drathvedro@lemm.ee 9 months ago
You must be severely misunderstanding the idea. The idea is not to encrypt it in a way that it’s only unlockable by a secret and hidden key, like DRM or cable TV does, but to do the the reverse - to encrypt it with a key that is unlockable by publicly available and widely shared key, where successful decryption acts as a proof of content authenticity. If you don’t care about authenticity, nothing is stopping you from spreading the decrypted version, so It shouldn’t affect consumers one bit. And I wouldn’t describe “Get a bunch of cameras, rip the sensors out, carefully and repeatedly strip the top layers off and scan using electron microscope until you get to the encryption circuit, repeat enough times to collect enough scans undamaged by the stripping process to then manually piece them together and trace out the entire circuit, then spend a few weeks debugging it in a simulator to work out the encryption key” as “trivial”
hyperhopper@lemmy.world 9 months ago
I think you are misunderstanding things or don’t know shit about cryptography. Why the fuck are y even talking about publicly unlockable encryption, this is a use case for verification like a MAC signature, not any kind of encryption.
And no, your process is wild. The actual answer is just replace the sensor input to the same encryption circuits. That is trivial if you own and have control over your own device. For your scheme to work, personal ownership rights would have to be severely hampered.
Natanael@slrpnk.net 9 months ago
A MAC is symmetric and can thus only be verified by you or somebody who you trust to not misuse or leak the key. Regular digital signatures is what’s needed here
drathvedro@lemm.ee 9 months ago
Calm down. I was just dumbing down public key cryptography for you
This will not work. The encryption circuit has to be right inside the CCD, otherwise it will be bypassed just like TPM before 2.0 - by tampering with unencrypted connection in between the sensor and the encryption chip.
You still don’t understand. It does not hamper with ownership rights or right to repair and you are free to not even use that at all. All this achieves is basically camera manufacturers signing every frame with “Yep, this was filmed with one of our cameras”. You are free to view and even edit the footage as long as you don’t care about this signature. It might not be useful for, say, a movie, but when looking for original, uncut and unedited footage, like, for example, a news report, this’ll be a godsend.