Nikon Image Authentication System Cracked

Not a lot of details:

ElcomSoft research shows that image metadata and image data are processed independently with a SHA-1 hash function. There are two 160-bit hash values produced, which are later encrypted with a secret (private) key by using an asymmetric RSA-1024 algorithm to create a digital signature. Two 1024-bit (128-byte) signatures are stored in EXIF MakerNote tag 0×0097 (Color Balance).

During validation, Nikon Image Authentication Software calculates two SHA-1 hashes from the same data, and uses the public key to verify the signature by decrypting stored values and comparing the result with newly calculated hash values.

The ultimate vulnerability is that the private (should-be-secret) cryptographic key is handled inappropriately, and can be extracted from camera. After obtaining the private key, it is possible to generate a digital signature value for any image, thus forging the Image Authentication System.

News article.

Canon's system is just as bad, by the way.

Fifteen years ago, I co-authored a paper on the problem. The idea was to use a hash chain to better deal with the possibility of a secret-key compromise.

Posted on May 3, 2011 at 7:54 AM • 25 Comments

Comments

TimMay 3, 2011 8:36 AM

In theory, is this possible to do without security through obscurity? The private key must be accessible to the camera in some way, and if it is, it can be read from a RAM/whatever.

HugoMay 3, 2011 8:50 AM

How bad is a manipulated photo when the story that goes with it is in many cases only one part of the story. Namely, the part from the author's point of view.

It's dangerous to believe every word that's written in newspapers. Just as you must know how to read the articles, you have to know how to see the photos that go with it. A photo is just a small part of the whole picture. A manipulated photo doesn't change that.

kashmarekMay 3, 2011 8:52 AM

If they want secure photos, they should just go back to film. In today's digital age, nobody knows how to deal with that.

Daniel WijkMay 3, 2011 9:39 AM

kashmarek: Photos where just as fake before the digital era.

The photographer always have had multiple ways to cheat.

lazloMay 3, 2011 10:26 AM

With either film or this system, how much harder would it be to take a verified photo of a doctored image?

PaeniteoMay 3, 2011 10:38 AM

@lazlo: "how much harder would it be to take a verified photo of a doctored image?"

I guess one would notice a slight degradation in quality (e.g. minimal distortions or light reflections) that marke the picture as "odd" - particularly since you cannot apply any post-processing beyond that offered by the camera itself.
It would probably easier to fabricate the whole "original" scene in some kind of studio if one really wanted to go down that road.

Andrew PhilipsMay 3, 2011 10:51 AM

Why not create a fake with analog film and digitize it? Similar, but not quite the same as taking a digital (verified) photo of a photo. More plausible process, if we ignore the ubiquity of digital media...

Doesn't all this really go back to the issue of who/what stands as witness to an event? Technology of any sort cannot be interrogated/questioned to determine the veracity of the story. Therefore, it cannot be a witness to the event. Only the person snapping the photo can verify the event (and presence snapping the photo).

GweihirMay 3, 2011 11:01 AM

Solving this problem is generally difficult. You can, after all, always detach the sensor of a camera and feed it any picture you want, possibly with the specific noise-signature of this sensor added. Signature in the sensor is not something that there would be space or time for. Unless you make the camera a full HSM (Hardware Security Module), with the massive negative impact on price, size and energy consumption, nothing really effective can be done. And if the HSM was small and cheap, people would certainly find a way to break it. "Tamper resistance" is still the best you can get and that is likely to stay this way, at least for things that are mass-produced.

SeiranMay 3, 2011 11:50 AM

Isn't this also possible by feeding the data into the camera itself? I imagine one could use some kind of high-resolution display to channel the picture into the lens, without having to tamper with the camera or sensor at all...

This is how film-transfer technology works, isn't it? I think Imagica has something that does this for cinema reels.

somewhat relevant: http://www.schneier.com/blog/archives/2010/12/realistic_masks.html commented here about digital FX & evidence

Clive RobinsonMay 3, 2011 12:22 PM

For those sugesting using a "faked" analog picture and then image it with a digital camera you are not thinking about the problem.

Most sensors in digital cameras are overly sensitive to IR and various filters are added the reduce not eliminate the problem.

Your "faked" analog picture / scene is likley to be missing this IR information and thus it can be spoted simply by taking the camera back to the "scene" and re photographing the real background image.

However if you have the equipment getting a spectral signiture for the entire camera optics (lens, filters, sensor and back end processing such as "amp noise") is not that difficult. Armed with this information and having a known item then spotting something that is fake becomes effectivly a mechanical task.

wumpusMay 3, 2011 12:35 PM

I see two issues. The first is a universal "this photo was taken by a super-duper-gigapixel Nikon (or Canon) mark 3.14, and not photoshoped". This appears to be the claim and as stated above requires that a camera be completely secure (as in impossible to reverse engineer). I have trouble believing that this can be done for any price point that could sell a camera.

A weaker claim would be that "this camera produced the following picture, unmodified". Such a system would only have to be sufficiently secure in that it would be too difficult (for the required level of security) to rebuild a hacked camera to appear unhacked. For purposes of supply court and other evidence, this should be sufficient.

I'm curious how they handle the case of taking a picture of a photoshoped slide projection. My guess is that some sort of single lens 3d effect is used. This likely distorts the original image in ways unacceptable to pro photographers, but still acceptable as evidence. Still, Industrial Light and Magic has done a lot of impressive work that would pass any test (the camera simply recorded what it saw).

Richard Steven HackMay 3, 2011 2:02 PM

Seiran: "I imagine one could use some kind of high-resolution display to channel the picture into the lens, without having to tamper with the camera or sensor at all... This is how film-transfer technology works, isn't it?"

I have a media conversion client that does film transfer. Not being an expert, I don't know how it works in detail, but the impression I get from observing the equipment is that they have a film projector in a cardboard box that seals out light reflections project the film onto a mirror into a digital camera. The frame rate is controlled precisely by software on a PC (we use DodCap - stop motion video capture software) so that the capture is essentially a series of still images to maintain reasonable quality.

They call it "aerial transfer" which according to another Web site means:

"Aerial Image Transfer (Real-time)
(Average Equipment Cost - Standard-def: $5,000, High-def: $7,500)

This method became prominent early this decade as DVD was becoming popular and consumers expected better quality for their transfers. This technique utilizes a special projector which has been modified with a 5 blade shutter to eliminate flicker. The film frame is projected onto a mirror which is enlarged to facilitate a video camera (typically 3CCD) to capture the resultant image through the condenser lens.

The results are usually flicker-free but present blended frames which affects the sharpness of the image."

There is also the frame-by-frame transfer method which my client also uses, defined as:

"Frame-by-Frame Transfer
(Average Equipment Cost - Standard-def: $6,000, High-def: $15,000)

Similar to an aerial transfer, a "frame-by-frame" transfer utilizes a special projector, a condenser lens, a video camera, and a computer. The projector is modified to communicate with a computer which gets instructions to capture each frame of film individually. After each frame of film is captured, the computer compiles all the frames into a progressive video.

The added benefit of this transfer method is that there is no blending of frames normally found in an aerial image (real-time) transfer. The disadvantage of this technique is that it employs a video camera and a condenser lens which does not retain the best traits of film: color, contrast, and sharpness information."

There are higher end methods but the cost is prohibitive for a small company doing mostly consumer film transfer.

Here's a short explanation of how the hardware we use works:
http://www.moviestuff.tv/workprinter8mm_function.html

This is what the hardware looks like:
http://www.moviestuff.tv/transfers.html

anonymousMay 3, 2011 3:08 PM

Speaking of altering analog photographs

http://wondermark.com/true-stuff-the-ethics-of-retouching/ (March 14, 2011)

http://wondermark.com/idealized-portraiture/ (March 17, 2011)

"Before lumping this into 'a problem with our modern world' too fast, though, remember that it was always thus: kings and queens were flattered by their bust-sculptors and portrait-painters, and as soon as photography was invented, there were retouchers. Drawing onto negatives with a pencil to prompt prints to come out lighter, or delicately scratching away emulsion to prompt prints to darken, they removed stray hairs, straightened noses, and erased double chins from the very first."

Dirk PraetMay 3, 2011 5:52 PM

"The ultimate vulnerability is that the private (should-be-secret) cryptographic key is handled inappropriately, and can be extracted from camera"

Isn't this more or less similar to what happened with the PS3 ?

DougMay 3, 2011 8:34 PM

The PS3's problem was that is used the value 4, as determined by a fair dice roll that was guaranteed random, to be the random value.

JoseMay 3, 2011 9:25 PM

Bad by one side, but excellent by the other, due now they will need the moral obligation of giving one better system, and not flawed. ANDRES

gregMay 4, 2011 1:40 AM

@Andrew Philips
I use it all the time. In fact because of CHCK, I won't get a different brand. I love some of the bracketing features, and the turning off the flat field photos.

Dimitris AndrakakisMay 4, 2011 6:03 AM

@Tim :

"In theory, is this possible to do without security through obscurity? The private key must be accessible to the camera in some way, and if it is, it can be read from a RAM/whatever."

I'm not a crypto expert, but can't the camera create a hash using only a public key ? Why does it need to know the private key ?

Steve GeistMay 4, 2011 3:20 PM

@ Richard Steven Hack:
"...they have a film projector in a cardboard box that seals out light reflections project the film onto a mirror into a digital camera. The frame rate is controlled precisely by software on a PC (we use DodCap - stop motion video capture software) so that the capture is essentially a series of still images to maintain reasonable quality."

That used to be called a film chain. Ours also had a pair of carousel slide projectors, and the whole works was controlled with a beam-splitter / mirror that made a heck of a noise when it moved. Anyone in the area could tell what was being used - "WHICK" meant someone pressed the button for slides and "WHUNK!" dropped it out and enabled the film projector.

In addition to the 5-blade shutter and 2-3 pulldown to manage the difference of 24 film frames vs 30 video frames per second, the projector motor was synched to the rest of the studio (aka gen-lock or house synch) so it was possible to cut and mix images from the film chain with the studio cameras and video tape.

cafMay 4, 2011 9:34 PM

@Dimitris Andrakakis: If the camera uses only public information to create the "authentication code", then *anyone else* can recreate the same code.

The entire idea rests on the camera being able to do something that the photoshopper can't - which in practice means that the camera must have access to some data that the photoshopper does not.

David DonahueMay 5, 2011 12:02 PM

Am I missing something here, but why aren't these cameras storing their secret keys on a dedicated TPM capable of doing "sign only" operations?

It should not be reasonably possible to decap the chip to extract the secret key or extract it using software.

With the TPM being populated at manufacture time, then its a simple matter of digitally signing the images with a secret key and verifying them later using the public keys published online by the camera manufacturer.

If more than serial number authentication is needed, then an online registration system could be setup where the camera's secret key signs personal data about the camera owner and adds it to the published public key records.

Why is this so hard?

RobertTMay 6, 2011 12:50 AM

@David Donahue
"It should not be reasonably possible to decap the chip to extract the secret key or extract it using software. "

Would you care to explain how to store any secret on a chip, in such a way that it is impossible for anyone else to recover it?

The processes by which a chips are made are not magical, rather they consist of many layers of photo-lithography and chemical etching along with oxide growth. So any ROM style secret is created somewhere in the process steps. understanding the process will enable you to reverse it and recover the data.

Alternatively the information is written by the permanent storage of charge, or by physical alteration of the device characteristics by some form of Electrical or Thermal over stress.
ALL of these changes can be identified and the stored information can be recovered, its just a matter of time, money and engineering talent and exotic equipment.

There is a new area of research called PUF's (physically unclonable functions) which have the potential to store information secretly. But I don't buy that they are any more secure than a ROM constant, they are just more complex, so if you like it represents "security by complexity"


DavidMay 6, 2011 12:02 PM

RobertT:

It doesn't matter that with extreme effort (note that I earlier said "reasonable effort") it is possible to decap the TPM chip and in a clean room environment probe the several micron sized memory bits and extract the secret key of a single camera.

Doing so requires that have physical possession of the TPM chip / camera. If you had that you could simply have the TPM sign any arbitrary image with the secret key. But thats not the goal of this authentication system and it's not likely a cost-effective an attack against just one camera.

What the signature really attests to is that the holder of the Camera/TPM chip was the involved in the creation of an image. This also includes cases where the image was false such as a picture of a photoshopped image, false timestamps, etc.

With this system, you could not however say that so-and-so took that picture unless you had access to his camera.

I think that is what they're going for here, you can't claim someone else took an image.

There is a vulnerability in that i could strip the signature off somebody's else's image (or any image really) and sign it myself, making it appear I took it. But I don't think thats a solveable problem and as long as you're not trying to prove that case this proposed system would work.

RobertTMay 6, 2011 10:51 PM

@David,
Not sure I understand your logic.
From my reading of the article it said that the forger had physical possession of the Camera and extracted the Private key. With the Private Key and the knowledge of the algorithms a forger can sign a modified picture and still pass the validation test suite.

For a typical non-secure application this private key would just be stored in the configuration Flash, so it would be trivial to read, with simple application update software.

For a more secure application Private Keys will typically be stored in a Fuse or EEprom along with a Lock-bit. The lock-bit prevents reading the memory and reprogramming. Usually there is still a way to enable test mode that gives you access to the Chip internal Scan-path. Using Test-mode features is the most popular way to read the secret internal memory.

Sometimes a simple FIB will allow you to repair the lock bit and directly read the contents of secure memory. Cost about $1500US.


The next step up form these measures is to add a secure microcontroller (various makers include Atmel, Infineon ...)

Depending on the model the difficulty to extract the key from these varies from trivial to very very difficult, unfortunately the cost of the micro's increases with the level if hardware security offered. Companies like Nikon are inclined to ask for the cheapest solution, because product cost constraints make them "willfully blind"

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..