Slashdot Mirror
Canon's Image Verification System Cracked
TJNoffy writes "The H Security's H-online reports that 'Hacker Dmitry Sklyarov has succeeded in extracting the secret signing key from numerous digital SLR cameras and has used it to sign modified images which Canon's latest OSK-E3 security kit verifies as legitimate. Canon's Original Data Security System is intended to show whether changes have been made to photographs and to verify date and location information. The system is primarily used for ensuring the integrity of evidence, for reporting accidents and for construction records.'"
I didn't even know such technology existed!
I thought they just posted it on /b/ asking "reel or phake?"
And they just tallied the number of "Photoshoped" responses versus the total responses.
With TPM chips being cracked previously, after apparently being tamper-proof, even if they implemented it using an algorithm that was suitable for the job (i.e. not use SHA but ECC or RSA) it would still be possible to get the signing key. It's flawed in the same way DRM is flawed, you can't give someone else the key and not give them the key at the same time.
I dream of a nation where a man is not judged by his skin color but by an number assigned by a credit rating agency.
Anyone who uses a hash, instead of something asymmetric like RSA, for "signing" doesn't know what they are on about. I would have hoped that Canon could afford better programmers.
It doesn't matter; if you can extract the software inside the camera, you can do anything the camera does. It doesn't matter whether they use SHA, RSA, or ROT-13.
The correct solution would be to put the key in a tamper-resistant hardware cryptographic processor, and secure the firmware on the camera against running unverified code. Canon did neither.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
It's flawed in the same way DRM is flawed, you can't give someone else the key and not give them the key at the same time.
You also can't give everyone the same key without the cracking of one person's device cracking everybody's device. B-b
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
...is not a secret key.
At the time of his arrest, Dmitry Sklyarov was a 27-year-old Russian citizen, Ph.D. student, cryptographer and father of two small children (a 2-1/2 year old son, and a 3-month-old daughter).
Dmitry helped create the Advanced eBook Processor (AEBPR) software for his Russian employer Elcomsoft. According to the company's website, the software permits eBook owners to translate from Adobe's secure eBook format into the more common Portable Document Format (PDF). The software only works on legitimately purchased eBooks. It has been used by blind people to read otherwise-inaccessible PDF user's manuals, and by people who want to move an eBook from one computer to another (just like anyone can move a music CD from the home player to a portable or car).
Dmitry was arrested July 17, 2001 in Las Vegas, NV, at the behest of Adobe Systems, according to the DOJ complaint, and charged with distributing a product designed to circumvent copyright protection measures (the AEBPR). He was eventually released on $50,000 bail and restricted to California. In December 2001, was permitted to return home to Russia with his family. Charges have not been dropped, and he remains subject to prosecution in the US.
Although Dmitry is home now, the case against Elcomsoft is continuing (to the detriment of the company), Dmitry's actions in Russia are controlled by a US court, and DMCA is still the law (to the detriment of everyone). This site will carry updates as they come...
Source: http://www.freesklyarov.org/ (for those who don't remember 2001's Defcon incident)
|/usr/games/fortune
It's an addon that people have been able to get for Canon products for years. I'm not sure of the exact details, but IIRC it was a system that uses a separate memory card to store information for verifying that the image hasn't been altered. I haven't read anything about it recently, but the point of it was to deal with the problems of using digital cameras for the purposes of recording a crime scene and similar sites.
Nikon may make one, but I'm not aware of it if they do. The addon itself is fairly expensive and really only of interest to a small number of people. From my limited experience photos are often times admitted as evidence with just the assurance that it hasn't been manipulated. I don't endorse that view, I just know that judges do allow it in, not sure how long that's going to last.
I'd still get broken eventually. I'd rather not rely on the camera - instead have it hash the picture, then immediately transmit the hash to five different legal firms. This would add a significent expense, of course - but if people feel they'll have a need to prove in court their photo wasn't tampered with, they should be prepared to pay a premium for a camera that comes equipped with a mobile phone network interface.
What they should have done was have exactly as you stated -- a tamper resistant CPU, akin to smart cards. This would have a private key generated and stored on the chip. Canon would have a certificate that would sign the private keys (so someone couldn't just fake a private key with a hacked camera body.)
This way, if camera "A" got compromised, every other Canon camera out there would still be protected. It appears that the method they used, if one camera got hacked, every one was broken open because they all used the same private key.
That doesn't seem particularly relevant, the main problem here is that everything required to do the signing can be extracted from of the camera.
It's a simple necessity that, regardless of precisely how the signature is generated, all the information required to generate signatures is inside the camera and someone with the desire and resources can pull it out.
I think the only protection would be each camera having a unique key and being constructed in such a fashion so that getting at the crypto information and functionality requires taking the camera apart in a tamper evident and non-reversible fashion.
Then proof would consist of the the signed photos and verification that the corresponding camera is still intact and functional.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
They relied on chains of custody and affidavits by the photographer, that's how.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
From what I've seen, usually images are vetted by people, either experts or others being asked by the judge, "Do you swear that these images are authentic?" An affirmative answer to this usually has more weight in our justice system than signatures and certificates, even though it is a lot harder to fake a cryptographic signature than lie under oath. A defense attorney would be rebutted by a prosecutor stating:
"These men swore an oath that this was the authentic image. Versus some random numeric mumbo-jumbo of stuff that can say an image is wrong even when it looks exactly the same to the eye."
If you are lucky, the jury might be clued enough to consider that reasonable doubt. However, most likely the jurors won't be computer savvy. They likely will not know the difference between a PKI system versus a ROT-13 encrypted message and their eyes will glaze over if presented with technical encryption details.
Convincing Joe Sixpack of something takes a different way of thinking than persuading an educated /. person who has a clue about cryptography and knows the difference between actual security versus theater.
It depends on the smart card. I'd love to see someone extract a private key out of a CAC, for example. There are other smart cards which have been completely compromised, but newer ones made within the past couple years are getting to the point of having decent security.
Nothing is 100% secure, but CACs are good enough for the DoD, and that says something.
Cost? We're talking about D-model Canons. They are breathtakingly expensive and that's just the barrier to entry so that you can use the even more breathtakingly expensive L-series lenses (which is the point of buying into the Canon system.)
-fb Everything not expressly forbidden is now mandatory.
Publish the original picture encrypted with the photographer's PUBLIC key in a public place or file it with 5 different legal firms. Then using an independent set of hardware/software have the photographer retrieve the encrypted copy, decrypt it, print it out with the meta-data in human-readable form and a signed digest in a human-readable form, attach a human-readable affidavit saying "I took this photo at this date and location and the metadata is true and accurate" and have him store that with his files. Have witnesses if it's that important.
You're missing the point. Filing with 5 different legal firms, encrypting it, etc.; all that doesn't help very much. If the point is to establish that a picture is unaltered and the way to get around that is "alter it before sending it to everyone" you haven't done much -- about the only thing you've protected against is people deciding later that they want to alter it, or knowing that they want to alter it but don't yet know how. Those are worthwhile things to protect against, but that still seems like it is locking half of a set of double doors. You still want to lock the other one. (In real life it might be more, say, 95% of the double doors.)
Reducing the trust in a system -- in this case, eliminating the trust of the police photographer -- is probably worthwhile.
Cracking one chip doesn't mean that they all are cracked.
Whilst it is true that future updates might be harder to crack, this doesn't diminish the impact of this particular hack - the image authentication on every Canon EOS camera that has already been sold is now untrustable, and can be challenged in court.
Oh please, they are $3500 cameras. That's mid-range professional equipment, not "breathtakingly expensive" gear.
Yeah, it's a hella-expensive camera to be taking your vacation photos with, but for "breathtakingly expensive" check out some of the $20k medium-format dslr's, or the $40k large-format Hasselblads.
Those are breathtakingly expensive cameras. Hell the first 39mp large-format digital back for Hasselblad's V series was $40,000, and that didn't include the camera body!
A $3500 Canon is expensive, but not breathtakingly so.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller