Johns Hopkins Physics Lab System Detects Digital Video Tampering
Sunder
sunder at sunder.net
Tue Sep 30 08:30:51 PDT 2003
And what stops an attacker from taking that digital video, stripping off
the RSA(?) signatures (I'll assume it's just signed), editing it, creating
another, random, one time private key, "destroying" that private key after
resigning it, and offering it up as unedited?!?!?!?!
They've either obviously not relesed all the details about this method,
since you have no way to validate that the presented public key was
created by their camcorder. So how would you prove that something came
from a particular camera? Do you cripple the private key somehow to be
able to identify it? Do you sign it twice? If you do, then a more
permanent private key lives in the camcorder and can be extracted to also
produce fake keys, etc...
Either that, or this gets a nice wonderful SNAKE OIL INSIDE sticker
slapped on it. :)
Even more obvious: What stops an attacker from taking the camcorder apart,
disconnecting the CCD output, then hooking up an unsigned edited video
signal to it, and recording as a signed video?
IMHO, it has an aroma rich with viperidae lipids.
----------------------Kaos-Keraunos-Kybernetos---------------------------
+ ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\
\|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/
/|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/
+ v + : The look on Sadam's face - priceless!
--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------
On Mon, 29 Sep 2003, R. A. Hettinga wrote:
> Of course, if it's is just signed-frame video, "prior art" doesn't begin to describe this.
>
> Cheers,
> RAH
> ------
>
> <http://www.sciencedaily.com/releases/2003/09/030929054614.htm>
>
> Science Daily
>
> Source :��
> Johns Hopkins University
>
> Date :��
> 2003-09-29
>
<SNIP>
> One key, called a "private" key, is used to generate the signatures and is destroyed when the recording is complete. The second, a "public" key, is used for verification. To provide additional accountability, a second set of keys is generated that identifies the postal inspector who made the recording. This set of keys is embedded in a secure physical token that the inspector inserts into the system to activate the taping session. The token also signs the Digital Video Authenticator's public key, ensuring that the public key released with the video signatures was created by the inspector and can be trusted.
<SNIP>
More information about the cypherpunks-legacy
mailing list