> the signature included the depth measured by the autofocus system across the image?
> or a tiny stereo image was included to capture depth?
These systems work by having multiple sensors to use for depth perception, so enterprising hackers write software to create two images, one for each sensor, and put some kind of lens or mirror in front of the camera to direct a different image/screen to each sensor.
The problem is fundamentally that the device is taking unsigned analog attacker-controlled input and then signing it, and is being mass produced. So whatever you're having it do, they put something that generates the same photon pattern in front of the device and you can't fix that with cryptography.
You can probably make it so that a cheap camera needs a few hundred dollars in optical glass or similar, and expensive camera needs a few thousand dollars worth, but it's hard to see how you could make it infeasible to anyone with non-trivial resources and it's also easy to mess up even worse and make it practical even for anyone with a computer and a high resolution screen or two.
> or a mini video in the ten seconds before and after the photo was taken?
Which does what if nothing in the image is expected to be moving, or the thing you're pointing the camera at is a screen rather than a piece of paper?
Also, now to verify the signature on your 50kB image you need a 2MB video? Then by default people won't distribute images that have the ability to be verified.
> and the key is in a tamper proof HSM?
Someone figures out a timing attack on the HSM or similar and now you can extract the keys from every device of that model. Happens over and over, the chances of every device getting this right are essentially zero.
> and the key is deleted the moment the camera detects the case being taken apart?
They get multiple cameras of the same model, take one apart to see how the detection works, then having figured out how it works, take the other one apart without triggering it. Or they extract the key without ever removing the case.
Also, now your phone is going to delete its keys when you remove the case to replace the battery or a cracked screen etc., or if the detection system has a false positive? Then you need some way to transfer new keys to a thing that hasn't got any, which is an even worse attack vector than not deleting the keys to begin with.
It's obviously a loosing battle. You're thinking of elaborate attackers, I'm thinking of your common policeman or scammer. Not great security, but might be able to solve the easyness problem introduced by GenAI.
Out of curiosity, what would be your proposal for identifying GenAI images and videos? Any suggestions?
> or a tiny stereo image was included to capture depth?
These systems work by having multiple sensors to use for depth perception, so enterprising hackers write software to create two images, one for each sensor, and put some kind of lens or mirror in front of the camera to direct a different image/screen to each sensor.
The problem is fundamentally that the device is taking unsigned analog attacker-controlled input and then signing it, and is being mass produced. So whatever you're having it do, they put something that generates the same photon pattern in front of the device and you can't fix that with cryptography.
You can probably make it so that a cheap camera needs a few hundred dollars in optical glass or similar, and expensive camera needs a few thousand dollars worth, but it's hard to see how you could make it infeasible to anyone with non-trivial resources and it's also easy to mess up even worse and make it practical even for anyone with a computer and a high resolution screen or two.
> or a mini video in the ten seconds before and after the photo was taken?
Which does what if nothing in the image is expected to be moving, or the thing you're pointing the camera at is a screen rather than a piece of paper?
Also, now to verify the signature on your 50kB image you need a 2MB video? Then by default people won't distribute images that have the ability to be verified.
> and the key is in a tamper proof HSM?
Someone figures out a timing attack on the HSM or similar and now you can extract the keys from every device of that model. Happens over and over, the chances of every device getting this right are essentially zero.
> and the key is deleted the moment the camera detects the case being taken apart?
They get multiple cameras of the same model, take one apart to see how the detection works, then having figured out how it works, take the other one apart without triggering it. Or they extract the key without ever removing the case.
Also, now your phone is going to delete its keys when you remove the case to replace the battery or a cracked screen etc., or if the detection system has a false positive? Then you need some way to transfer new keys to a thing that hasn't got any, which is an even worse attack vector than not deleting the keys to begin with.