This still fundamentally suffers from the oracle problem like all blockchains solutions. You can always attack these blockchain solutions at the point where they need to interact with the real world. In this case the camera is the “oracle” and nothing prevents someone from attacking the proposed camera and leveraging it to certify some modified footage. The blockchain doesn’t add anything a public database and digitally signed footage wouldn’t also achieve.
This is a flaw i had considered and never found a solution for. Hence the idea is unfinished.
The only further argument i have is that manipulating camera techniques is as old as film yet it’s the digital tools that are causing the most harm and allow any troll to partake. Staging a scene takes at least some dedication and effort.
If such would be considered on the blockchain than it would also bring in questions all other footage by the same recorder device. “Wallets” from established authors, anonymous or not would have their own reputations of trustworthyness.
This is a very legit concern. But to my understanding, it is possible to make the the camera that’s very hard to crack, by putting security enclave or whatever it is that makes phones hard to unlock, right inside the CCD chip. Even if somebody manages to strip off the top layer, chart out the cryptographic circuit, probe the ROM inside, etc and extract the private key, it should be possible upon finding it to revoke the key to that camera or even the entire model and make it even more painful in further models.
Another concern is of camera being pointed to the screen with a fake image, but I’ve searched and yet to find a convincing shot that doesn’t look like, well, a photo of a screen. But for this concern I think the only counter-measure would be to add photographer and publisher signatures to the mix, so that if anyone is engaging in such practice is caught, their entire library goes untrusted upon revocation. Wouldn’t be completely foolproof, but better than nothing, I guess.
That’s security by obscurity. Given time, an attacker with physical access to the device will get every bit data from it. And yes, you could mark it as compromised, but then there’s nothing stopping the attacker from just buying another camera and stripping the key from that, too. Since they already know how. And yes, you could revoke all the keys from the entire model range, and come up with a different puzzle for the next camera, but the attacker will just crack that one too.
Hiding the key on the camera in such a way that the camera can access it, but nobody else can is impossible. We simply need to accept that a photograph or a video is no longer evidence.
The idea in your second paragraph is good though, and much easier to implement than your first one.
No, it is not security through obscurity. It’s a message signature algorithm, which are used in cryptography all the time.
You’re falling for the classic paradox of security: it has to work for someone. OF COURSE if you get all of the keys and every detail of the process you can crack it. That’s true of ALL CRYPTOGRAPHY. If someone knows everything including the keys, it’s too late for any ‘secure’ device.
No, it is not security through obscurity. It’s a message signature algorithm, which are used in cryptography all the time.
Yes it is. The scheme is that when you take a picture, the camera signs said picture. The key is stored somewhere in the camera. Hence the secrecy of the key hinges on the the attacker not knowing how the camera accesses the key. Once the attacker knows that, they can get the key from the camera. Therefore, security hinges on the secrecy of the camera design/protocol used by the camera to access the key, in addition to the secrecy of the key. Therefore, it is security by obscurity.
For example, you might use it as a trademark registry or to certify a chain of legal evidence. You can validate a presented copy matches the original and what the chain of ownership was. And you can do this without the single point of failure of a nationwide database
That’s the point, a use case where no one has to. It’s only the record of ownership.
And clearly you’d still need to make arrangements to prevent multiple chains of ownership for a copied artifact
NFTs make the mistake of assuming that somehow makes it unique, forgetting you can just copy the original. However these use cases work from the opposite direction: given an accused infringement, does that match?
Consider the current use case for trademark. Someone creates a trademark and registers with an authority. At some point they may renew modify, or sell. After some time, that authority has a database containing the original and a chain of ownership. Blockchain could serve this identically, with the potential advantage of the chain being self contained and distributable
This still fundamentally suffers from the oracle problem like all blockchains solutions. You can always attack these blockchain solutions at the point where they need to interact with the real world. In this case the camera is the “oracle” and nothing prevents someone from attacking the proposed camera and leveraging it to certify some modified footage. The blockchain doesn’t add anything a public database and digitally signed footage wouldn’t also achieve.
This is correct.
This is a flaw i had considered and never found a solution for. Hence the idea is unfinished.
The only further argument i have is that manipulating camera techniques is as old as film yet it’s the digital tools that are causing the most harm and allow any troll to partake. Staging a scene takes at least some dedication and effort.
If such would be considered on the blockchain than it would also bring in questions all other footage by the same recorder device. “Wallets” from established authors, anonymous or not would have their own reputations of trustworthyness.
You don’t have to stage a scene, you can use modern displays, optics, and sensors to inject ‘digital’ strategies into the ‘analog’ approach.
This is a very legit concern. But to my understanding, it is possible to make the the camera that’s very hard to crack, by putting security enclave or whatever it is that makes phones hard to unlock, right inside the CCD chip. Even if somebody manages to strip off the top layer, chart out the cryptographic circuit, probe the ROM inside, etc and extract the private key, it should be possible upon finding it to revoke the key to that camera or even the entire model and make it even more painful in further models.
Another concern is of camera being pointed to the screen with a fake image, but I’ve searched and yet to find a convincing shot that doesn’t look like, well, a photo of a screen. But for this concern I think the only counter-measure would be to add photographer and publisher signatures to the mix, so that if anyone is engaging in such practice is caught, their entire library goes untrusted upon revocation. Wouldn’t be completely foolproof, but better than nothing, I guess.
That’s security by obscurity. Given time, an attacker with physical access to the device will get every bit data from it. And yes, you could mark it as compromised, but then there’s nothing stopping the attacker from just buying another camera and stripping the key from that, too. Since they already know how. And yes, you could revoke all the keys from the entire model range, and come up with a different puzzle for the next camera, but the attacker will just crack that one too.
Hiding the key on the camera in such a way that the camera can access it, but nobody else can is impossible. We simply need to accept that a photograph or a video is no longer evidence.
The idea in your second paragraph is good though, and much easier to implement than your first one.
No, it is not security through obscurity. It’s a message signature algorithm, which are used in cryptography all the time.
You’re falling for the classic paradox of security: it has to work for someone. OF COURSE if you get all of the keys and every detail of the process you can crack it. That’s true of ALL CRYPTOGRAPHY. If someone knows everything including the keys, it’s too late for any ‘secure’ device.
Yes it is. The scheme is that when you take a picture, the camera signs said picture. The key is stored somewhere in the camera. Hence the secrecy of the key hinges on the the attacker not knowing how the camera accesses the key. Once the attacker knows that, they can get the key from the camera. Therefore, security hinges on the secrecy of the camera design/protocol used by the camera to access the key, in addition to the secrecy of the key. Therefore, it is security by obscurity.
There are decentralized oracles. That’s how DAI tracks the price of USD.
The blockchain is distributed.
For example, you might use it as a trademark registry or to certify a chain of legal evidence. You can validate a presented copy matches the original and what the chain of ownership was. And you can do this without the single point of failure of a nationwide database
Who holds and validates the original you’re comparing to?
That’s the point, a use case where no one has to. It’s only the record of ownership.
And clearly you’d still need to make arrangements to prevent multiple chains of ownership for a copied artifact
NFTs make the mistake of assuming that somehow makes it unique, forgetting you can just copy the original. However these use cases work from the opposite direction: given an accused infringement, does that match?
Consider the current use case for trademark. Someone creates a trademark and registers with an authority. At some point they may renew modify, or sell. After some time, that authority has a database containing the original and a chain of ownership. Blockchain could serve this identically, with the potential advantage of the chain being self contained and distributable