Comment by sveme
18 hours ago
Why police (and media) cameras aren‘t forced to use camera hardware signing, aka content credentials, is beyond me.
18 hours ago
Why police (and media) cameras aren‘t forced to use camera hardware signing, aka content credentials, is beyond me.
It's because they're a scam. Point the camera at a forged image with a higher resolution than the camera sensor and it will make a signed copy of the unsigned forgery.
That's before getting into the practical problems with securing the keys. Every camera by every manufacturer has keys in it and the attacker only needs one key from one camera, and they get to choose the model? Creating something premised on needing to trust something with such a high probability of being compromised is worse than nothing, because it allows the ensuing forgeries a mechanism to pass themselves off as "signed" "real" images.
But what about if:
…the signature included the depth measured by the autofocus system across the image?
…or a tiny stereo image was included to capture depth?
…or a mini video in the ten seconds before and after the photo was taken?
…and the key is in a tamper proof HSM?
…and the key is deleted the moment the camera detects the case being taken apart?
I know that it is a losing battle to try to build such hardware when offline attackers have essentially infinite time to dismantle even the most elaborate systems — no such thing as an un breakable safe, only how long it takes to break into it, etc — but I feel these are valid counter measures, are they not?
I agree. Yes, these are not foolproof, but damn does it make it harder. It means that a random lone wolf using some random AI is not going to find it easy.
I would add a few more measures:
* Keys are regenerated for each device in the charging dock and are only valid until next recharge or a timeout.
* There is a sign-out process for the cameras that ties them to the operator.
* Police officers have no control over when the camera is recording, the camera instead controls this.
* Lower resolution data is streamed and synced to a cloud in real time, along with interesting data such as GPS, local BT/WiFi devices, etc.
As for privacy, British police are using more and more evasive camera technology out in public spaces, it's about time they were forced to wear it themselves. I want even the pencil pushers in the offices to be forced to wear it.
But also what about .. Even now there is a range of forensic tech that can be used to statistically indicate if an image has been doctored, or generated, wouldnt't adding more and more real world data to the capture increase the bar for doctoring, so that only attackers with infinite resources can do it? At least it would stop Bobby Rotten from doing it.
1 reply →
The more guarantees you put in place the more people believe the system is infallible and the more valuable the exploit becomes.
If "signed" photos were treated as incontrovertible truth, then you'll just have people 3d printing hyper realistic masks or something.
The general population does not understand technology sufficiently well to set it up correctly, regulate it or use it correctly. Until we educate our population more on technology we will always be in this state.
it's a feature, not a bug