So whatever way the camera output is being signed, what’s stopping you from signing an altered video with a similar private key and then saying “you can all trust that my video is real because I have the private key for it.”
The doubters will have to concede that the video did indeed come from you because it pairs with your key, but why would anyone trust that the key came from the camera step instead of coming from the editing step?
Mate, digital cinema uses this encryption /decryption method for KDMs.
The keys are tied into multiple physical hardware ids, many of which (such as player/.projector ) are also married cryptographically. Any deviation along a massive chain and you get no content.
Those playback keys are produced from DKDMs that are insanely tightly controlled. The DKDM production itself even more so.
And that’s just to play a movie. This is proven tech, decades old. You’re not gonna break it with premiere.
But how would one simple member of the audience easily determine if this whole chain of events is valid, when they don’t even get how it works or what to look out for?
You’d have to have a public key of trusted sources that people automatically check with their browser, but all the steps in between need to be trusted too. I can imagine it is too much of a hassle for most.
But then again, that has always been the case for most.
You, the end user, don’t have access to your camera’s private key. Only the camera IC does. When your phone / SD card first receives the image/video it’s already been signed by the hardware.
You can enter the camera as evidence, and prove that it has been used for other footage. Each camera should have a unique key to be effective.
So if you create a new key, it won’t match the one on am existing camera. If you steal the key, then once that’s discovered, the camera should generate a new one.
But if you don’t actually check the physical camera and prove that key for yourself, then it can easily be faked by generating a key that is not coming from the camera and is used for the “proof” video and the fake video.
So whatever way the camera output is being signed, what’s stopping you from signing an altered video with a similar private key and then saying “you can all trust that my video is real because I have the private key for it.”
The doubters will have to concede that the video did indeed come from you because it pairs with your key, but why would anyone trust that the key came from the camera step instead of coming from the editing step?
Mate, digital cinema uses this encryption /decryption method for KDMs.
The keys are tied into multiple physical hardware ids, many of which (such as player/.projector ) are also married cryptographically. Any deviation along a massive chain and you get no content.
Those playback keys are produced from DKDMs that are insanely tightly controlled. The DKDM production itself even more so.
And that’s just to play a movie. This is proven tech, decades old. You’re not gonna break it with premiere.
But how would one simple member of the audience easily determine if this whole chain of events is valid, when they don’t even get how it works or what to look out for?
You’d have to have a public key of trusted sources that people automatically check with their browser, but all the steps in between need to be trusted too. I can imagine it is too much of a hassle for most.
But then again, that has always been the case for most.
…what audience?
You, the end user, don’t have access to your camera’s private key. Only the camera IC does. When your phone / SD card first receives the image/video it’s already been signed by the hardware.
You can enter the camera as evidence, and prove that it has been used for other footage. Each camera should have a unique key to be effective.
So if you create a new key, it won’t match the one on am existing camera. If you steal the key, then once that’s discovered, the camera should generate a new one.
But if you don’t actually check the physical camera and prove that key for yourself, then it can easily be faked by generating a key that is not coming from the camera and is used for the “proof” video and the fake video.