One method would be to have a unique key burned into the image sensor by the manufacturer. That key will be in turn used to cryptographically sign the raw signal output from the sensor to verify that the image was indeed generated by that specific sensor.
Now if the image is compressed, this is obviously moot. But for important documentation and the like, it's feasible to store the signed raw signal to confirm that the image was taken by that specific camera. Of course, this depends on the security of the keystore, the trustworthiness of the manufacturer, etc.
> One method would be to have a unique key burned into the image sensor by the manufacturer. That key will be in turn used to cryptographically sign the raw signal output from the sensor to verify that the image was indeed generated by that specific sensor.
This would be horrible for privacy, although somewhat mitigated if the camera program/app discarded the signature by default.
Yeah it would, and ideally it should be possible for the user to choose to include the signature or not in their images. Though I wouldn't be surprised to see this type of tech being the norm in the future, perhaps in a sneaky way like what they did with printers and digital watermarking (https://en.wikipedia.org/wiki/Machine_Identification_Code). We may even see this in other integrated sensors like a MEMS mic with a built-in AD on the silicon.
This isn't doable. Nothing prevents you from gluing or projecting a screen directly into the sensor, after tone mapping the image properly. There is no winning. It wouldn't even be expensive!
Yes, that has been repeatedly pointed out. And yet the industry still did it and your digital cables carrying video aren't going to work properly without the HDCP DRM.
Yeah, but I can get an HDCP-compliant HDMI capture card for 8$ on Aliexpress, so I really don't care and it really doesn't work. You can also buy splitters that happen to disable HDCP.
Or just take-a-picture-of-a-picture. It's possible to do such things much more convincingly than when Trump tweeted out that classified satellite pic in 2019 with a flash visible in the middle of it.
Sure, okay. I was just following what I had thought to be the widely accepted narrative on this, eg:
"CNBC reported that Trump was shown the photo during the briefing. A flash visible in the center of the image suggests Trump or someone else took a photo of the original image — which Hanham says might have been the intelligence briefing slide."
In any case, the point is that with proper staging, you could absolutely take a picture-of-a-picture in a way that would result in the image being marked as genuine and untampered, even accounting for the signing info including a GPS-based time- and position-stamp and including camera details like focal length.
You don't need a centralized authority. Every manufacturer can issue their own keys.
I take a digitally signed photo and tell you "I took the photo with this tamper proof Canon camera, and I can prove it by taking more photos of any subject you ask for and signing them with the same key".
If you worry that I made an authentic-looking counterfeit Canon camera (but you're satisfied I couldn't have extracted the private key from a real one), Canon can confirm that they sold a camera with that key.
But what prevents me from saying I'm a manufacturer of tamper proof gspr cameras, that just happen to generate deepfakes?
Surely there will be enough cheap devices out there that not everyone can be expected to remember the names of venerable manufacturers? I personally have no idea who makes the camera in my phone.
Anyway, the point is moot. The analog hole is still there, you'll just feed the pixels straight from the deep fake generator into the Really Real Tamper Proof Canon's CCD.
Is the video manipulated? Calculate the hash/key, and use a public key lookup for RPi to verify.
To avoid hacking of the key, embed every camera with a unique private key.