Researchers Come Up With Foolproof Method to Certify Real Photos
The C2PA software championed by Adobe to verify real photos could be hacked, at least that’s according to researchers from ETH Zurich who have proposed an alternative system.
It’s a new sensor technology that cryptographically signs images, videos, and audio signals within a sensor chip at the exact moment a piece of content is captured.
According to a press release from ETH Zurich in Switzerland, this signature allows for verification that the data genuinely originates from a camera, indicates when it was captured, and ensures that it has not been tampered with.
“If data is signed the moment it is captured, any later manipulation leaves traces,” explains Fernando Cardes, who co-developed the technology.
“To manipulate the data, the chip would have to be physically attacked, requiring a massive technological effort so that the mass generation of manipulated content for social media platforms would be practically impossible.”
This contrasts with the Coalition for Content Provenance and Authenticity’s C2PA standard, which relies on a camera’s main processor to sign photos with a cryptographic seal.
Fast Company explains that camera companies, such as Leica and Sony, that have included C2PA make it work by sending the digital information from the sensor down an internal wire to the camera’s main computer chip. Once the data arrives at the computer chip, it’s then that the processor adds the cryptographic C2PA signature.
But that small commute is a liability. Feasibly, a hacker could intercept the real feed and swap it with a synthetic one. The camera would then stamp the C2PA signature on a piece of inauthentic media. “Would it be hard to do?” asks Fast Company. “Yes. But it is possible.”
The ETH Zurich method avoids that moment of vulnerability since it is the sensor generating the signature, which can then be stored in a publicly accessible, immutable ledger (e.g., a blockchain).
This approach would enable anyone to verify the authenticity of the data in question at any time by comparing the chip’s signature stored in the ledger with the original data and confirming its source.
“As such, it is barely of any relevance whether a person or the technology involved in data processing and transmission is trustworthy,” explains Felix Franke, who co-developed the chip at ETH Zurich and is now a professor at the University of Basel.
“Trust in digital content is eroding. We wanted to create a technology that gives people a way to verify whether something is genuine.”
ETH Zurich says that in principle, “the technology can be incorporated into any type of sensor or camera.” But as Fast Company notes, that would mean an entirely new hardware pipeline.
C2PA has the advantage of being deployed via software and firmware updates, but the ETH Zurich method means camera sensors would have to be redesigned and manufactured.
“We are currently exploring how to reduce costs for camera and sensor manufacturers, should they wish to incorporate the new technology into their chips,” Cardes adds.
Image credits: Header photo licensed via Depositphotos.