Hello Fellow Hardware Addicts,
I really wanted to discuss the new Cryptographic Signing Camera Hardware. I’m going to apologize in advance of this long winded post, but I work in the realm of Cybersecurity and have a passion for privacy and cybersecurity. I realize Nikon’s implementation of Image Authentication System was cracked back in 2011. However, I think if implemented correctly this could be a very good thing for proving image authenticity. Move your mind set away from NFT and other current Blockchain “Crypto” thoughts and instead think of Image Authentication Systems as more of Public Key Infrastructure (PKI), Yubikey, or TPM which are all cryptographic software/hardware devices for proving identity.
All of these systems use some sort of Public/Private Key infrastructure to securely prove identification. Yubikeys have been around for a while now and they do not allow the Private Key to escape the device, period. You can generate new private keys on a YubiKey, but you can never VIEW the Private Key. It is a secure method of protecting the private key used to identify yourself. If these cameras have a hardware cryptographic device (HSM or the like) similar to a YubiKey, then it would be incredibly difficult to hack and you would have a secure method of proving image authenticity. I could not find any real details on how Sony implements their Forgery-Proof cryptographic digital signing, but if to activate this feature requires a connection to the internet and the camera plugged into the computer while activating, then I imagine it’s using some form of PKI using Sony as the Certificate Authority (CA).
If this is the case, then the camera would generate a new private key stored in it’s Hardware Cryptographic device, generate a Certificate Signing Request (CSR), then send that CSR off to Sony who would return your Public Certificate that is imported back into the Hardware Cryptographic Device. Now think of your camera using PKI like how most Corporate Email is set up. There’s some public repository of everyone’s Public Keys that anyone can access. When you digitally sign e-mail, a hash of your e-mail message is taken. That hash is then encrypted by your personal private key and sent off with the e-mail to the recipients. If a person receiving this e-mail wants to verify the sender, they use the Sender’s Public Certificate/Key to decrypt the encrypted hash and compare it against a hash of the e-mail message. If they match, then you know that the e-mail is from the Sender and has not been modified because no one else would have that User’s private key.
Same can be done with an image taken from a Camera. As an image is taken, the camera would generate a hash of the image, encrypt the hash with the camera’s/User’s private key, and then store that encrypted packet as part of the image file. Any modification to the photo would alter the hash of the file and would not match the encrypted hash stored with that image file. In this environment, you also couldn’t replace the encrypted hash with one of your own because the Public Certificate was digitally signed by the Certificate Authority using the original User’s information sent as part of the CSR. You would have to either obtain the Certificate Authority’s Private Key or the Camera’s private key to replace the encrypted hash with a believable modified copy.
All of this is making assumptions on how they are performing their encryption and digital signatures. However, it does outline a way to securely perform Image Authenticity. All of this would hinge on the Camera’s Hardware Cryptographic Device never giving up the Private Key, like how YubiKey does it, AND how secure the signing Certificate Authority’s (CA) Private Key is stored. From everything I’m reading, this is not Web3, blockchain, or NFT related at all, and seems like a sincere attempt to tackle the problem of Image Authenticity.
Regards,
David
1 Like