Canon's Image Verification System Cracked

TJNoffy writes "The H Security's H-online reports that 'Hacker Dmitry Sklyarov has succeeded in extracting the secret signing key from numerous digital SLR cameras and has used it to sign modified images which Canon's latest OSK-E3 security kit verifies as legitimate. Canon's Original Data Security System is intended to show whether changes have been made to photographs and to verify date and location information. The system is primarily used for ensuring the integrity of evidence, for reporting accidents and for construction records.'"

What kind of proof was this supposed to be anyway?

[igreaterthanu]

With TPM chips being cracked previously, after apparently being tamper-proof, even if they implemented it using an algorithm that was suitable for the job (i.e. not use SHA but ECC or RSA) it would still be possible to get the signing key. It's flawed in the same way DRM is flawed, you can't give someone else the key and not give them the key at the same time.

Re:Cryptography FAIL

[Myria]

Anyone who uses a hash, instead of something asymmetric like RSA, for "signing" doesn't know what they are on about. I would have hoped that Canon could afford better programmers.

It doesn't matter; if you can extract the software inside the camera, you can do anything the camera does. It doesn't matter whether they use SHA, RSA, or ROT-13.

The correct solution would be to put the key in a tamper-resistant hardware cryptographic processor, and secure the firmware on the camera against running unverified code. Canon did neither.

The key that can be extracted

[blair1q]

...is not a secret key.

Re:Anonymous Coward Fail

[pclminion]

No matter how you design the camera the system is not secure. The entire concept is, in fact, impossible to implement. All I need to do is take a picture, retouch it however I want, then project it back into the camera using a high-quality lens system.