[KimDaBa] new feature: IPTC keywords

[Marco Molteni]

Eivind, my friend. I agree 100% with what you say. Did you read
by chance Security Engineering by Ross Anderson? Wonderful book.

marco

On Monday 24 October 2005 08:33, Eivind wrote:
> On Sunday 23 October 2005 22:02, Marco Molteni wrote:
> > My idea was: how to go back to a unique property of film as
> > opposed to digital: the fact that if you don't trust a print you
> > can analyze the negative to see if there are modifications
> > (putting aside the fact that a negative too can be modified).
> >
> > I though that the only way was for the camera to store a list of
> > serial numbers and associated message digest (say MD5 or SHA or
> > whatever).
> >
> > But then I hit a block because the question is: how do you trust
> > the list that comes out of the camera? Did Canon solved this?
>
> Not really. The Canon signed "Digital negatives" essentially work
> like this:
>
> * Each camera comes with an embedded secret cryptographic key
>
> * The corresponding public key is also delivered, aswell as stored
> by Canon, linked to the serial-number of the camera.
>
> * When you tak a photo in raw-mode (asfar as I know only raw images
> can be signed, makes some sense since jpegs are lossy anyway) a
> secure hash of the image-data is computed, and digitally signed
> with the secret key, the resulting signature is stored in the
> raw-file.
>
> Now, this works fairly well, assuming you can be certain that the
> cryptographic implementation is sane and -- crucially -- that the
> secret key really is known only to the innards of this particular
> camera.
>
> But can you really ?
>
> A user that -somehow- managed to extract the key from the camera
> would be able to photoshop "evidence" at will. Canon doesn't talk
> about this possibility -- for obvious reasons.
>
> Canon themselves are also in a position to trivially compile a list
> somewhere containing all the secret keys embedded in cameras. It
> would be monumentally stupid of them to do so, but they are, as far
> as I can see (and I spent some time reading a fair portion of the
> available docs) not even anyway explicitly stating that they don't
> know the secret keys. (even if they *did* state it, how do you know
> it's true ?)
>
> You also have to trust Canons (closed source, not publically
> reviewed, without any certification) cryptographic implementation,
> aswell as various companies delivering parts for Canon.
>
> In short:
>
> You can be fairly sure it'll stop your little sister from modifying
> one of your photos, without you noticiing it. I would *not* feel
> all that sure that Canon are unable to fake "my" photos, nor that
> the NSA can't produce a photoshopped "evidence"-photo that still
> checks out as legitimate.
>
>
> 	Eivind Kjørstad
>
> _______________________________________________
> KimDaBa mailing list
> KimDaBa at mail.kdab.net
> http://mail.kdab.net/mailman/listinfo/kimdaba