Re: Johns Hopkins Physics Lab System Detects Digital Video Tampering

And what stops an attacker from taking that digital video, stripping off the RSA(?) signatures (I'll assume it's just signed), editing it, creating another, random, one time private key, "destroying" that private key after resigning it, and offering it up as unedited?!?!?!?! They've either obviously not relesed all the details about this method, since you have no way to validate that the presented public key was created by their camcorder. So how would you prove that something came from a particular camera? Do you cripple the private key somehow to be able to identify it? Do you sign it twice? If you do, then a more permanent private key lives in the camcorder and can be extracted to also produce fake keys, etc... Either that, or this gets a nice wonderful SNAKE OIL INSIDE sticker slapped on it. :) Even more obvious: What stops an attacker from taking the camcorder apart, disconnecting the CCD output, then hooking up an unsigned edited video signal to it, and recording as a signed video? IMHO, it has an aroma rich with viperidae lipids. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Mon, 29 Sep 2003, R. A. Hettinga wrote:

Of course, if it's is just signed-frame video, "prior art" doesn't begin to describe this.

Cheers, RAH ------

<http://www.sciencedaily.com/releases/2003/09/030929054614.htm>

Science Daily

Source : Johns Hopkins University

Date : 2003-09-29

<SNIP>

One key, called a "private" key, is used to generate the signatures and is destroyed when the recording is complete. The second, a "public" key, is used for verification. To provide additional accountability, a second set of keys is generated that identifies the postal inspector who made the recording. This set of keys is embedded in a secure physical token that the inspector inserts into the system to activate the taping session. The token also signs the Digital Video Authenticator's public key, ensuring that the public key released with the video signatures was created by the inspector and can be trusted.

<SNIP>