Canon's Image Verification System Cracked 118
TJNoffy writes "The H Security's H-online reports that 'Hacker Dmitry Sklyarov has succeeded in extracting the secret signing key from numerous digital SLR cameras and has used it to sign modified images which Canon's latest OSK-E3 security kit verifies as legitimate. Canon's Original Data Security System is intended to show whether changes have been made to photographs and to verify date and location information. The system is primarily used for ensuring the integrity of evidence, for reporting accidents and for construction records.'"
What kind of proof was this supposed to be anyway? (Score:5, Insightful)
Re:Cryptography FAIL (Score:5, Insightful)
Anyone who uses a hash, instead of something asymmetric like RSA, for "signing" doesn't know what they are on about. I would have hoped that Canon could afford better programmers.
It doesn't matter; if you can extract the software inside the camera, you can do anything the camera does. It doesn't matter whether they use SHA, RSA, or ROT-13.
The correct solution would be to put the key in a tamper-resistant hardware cryptographic processor, and secure the firmware on the camera against running unverified code. Canon did neither.
The key that can be extracted (Score:5, Insightful)
...is not a secret key.
Re:_much_ police evidence by Canon (Score:4, Insightful)
From what I've seen, usually images are vetted by people, either experts or others being asked by the judge, "Do you swear that these images are authentic?" An affirmative answer to this usually has more weight in our justice system than signatures and certificates, even though it is a lot harder to fake a cryptographic signature than lie under oath. A defense attorney would be rebutted by a prosecutor stating:
"These men swore an oath that this was the authentic image. Versus some random numeric mumbo-jumbo of stuff that can say an image is wrong even when it looks exactly the same to the eye."
If you are lucky, the jury might be clued enough to consider that reasonable doubt. However, most likely the jurors won't be computer savvy. They likely will not know the difference between a PKI system versus a ROT-13 encrypted message and their eyes will glaze over if presented with technical encryption details.
Convincing Joe Sixpack of something takes a different way of thinking than persuading an educated /. person who has a clue about cryptography and knows the difference between actual security versus theater.
Re:Anonymous Coward Fail (Score:5, Insightful)