Comment by AnthonyMouse
14 hours ago
It's because they're a scam. Point the camera at a forged image with a higher resolution than the camera sensor and it will make a signed copy of the unsigned forgery.
That's before getting into the practical problems with securing the keys. Every camera by every manufacturer has keys in it and the attacker only needs one key from one camera, and they get to choose the model? Creating something premised on needing to trust something with such a high probability of being compromised is worse than nothing, because it allows the ensuing forgeries a mechanism to pass themselves off as "signed" "real" images.
But what about if:
…the signature included the depth measured by the autofocus system across the image?
…or a tiny stereo image was included to capture depth?
…or a mini video in the ten seconds before and after the photo was taken?
…and the key is in a tamper proof HSM?
…and the key is deleted the moment the camera detects the case being taken apart?
I know that it is a losing battle to try to build such hardware when offline attackers have essentially infinite time to dismantle even the most elaborate systems — no such thing as an un breakable safe, only how long it takes to break into it, etc — but I feel these are valid counter measures, are they not?
I agree. Yes, these are not foolproof, but damn does it make it harder. It means that a random lone wolf using some random AI is not going to find it easy.
I would add a few more measures:
* Keys are regenerated for each device in the charging dock and are only valid until next recharge or a timeout.
* There is a sign-out process for the cameras that ties them to the operator.
* Police officers have no control over when the camera is recording, the camera instead controls this.
* Lower resolution data is streamed and synced to a cloud in real time, along with interesting data such as GPS, local BT/WiFi devices, etc.
As for privacy, British police are using more and more evasive camera technology out in public spaces, it's about time they were forced to wear it themselves. I want even the pencil pushers in the offices to be forced to wear it.
But also what about .. Even now there is a range of forensic tech that can be used to statistically indicate if an image has been doctored, or generated, wouldnt't adding more and more real world data to the capture increase the bar for doctoring, so that only attackers with infinite resources can do it? At least it would stop Bobby Rotten from doing it.
I’ve done a short deep dive on this, for some cases that possibly would have went court. The tools we have today don’t reliable indicate if an image was doctored necessarily. Most open available scoring and tools like VAAS, DIRE, and Sherloq are decent today. Figuring out if an image that has been doctored, especially with solid proof, is only reliable if the image has metadata to prove it. If they export it to another format or screen capture it and the metadata is lost, it is purely still a guessing game.
The more guarantees you put in place the more people believe the system is infallible and the more valuable the exploit becomes.
If "signed" photos were treated as incontrovertible truth, then you'll just have people 3d printing hyper realistic masks or something.