Benefit of the hindsight
-
Did we make fun of bitcoin? It was a cool currency for buying drugs on the black market at first.
I made fun of it immediately, despite also recognizing and using its ability to facilitate online purchases of contraband.
-
This is a very legit concern. But to my understanding, it is possible to make the the camera that's very hard to crack, by putting security enclave or whatever it is that makes phones hard to unlock, right inside the CCD chip. Even if somebody manages to strip off the top layer, chart out the cryptographic circuit, probe the ROM inside, etc and extract the private key, it should be possible upon finding it to revoke the key to that camera or even the entire model and make it even more painful in further models.
Another concern is of camera being pointed to the screen with a fake image, but I've searched and yet to find a convincing shot that doesn't look like, well, a photo of a screen. But for this concern I think the only counter-measure would be to add photographer and publisher signatures to the mix, so that if anyone is engaging in such practice is caught, their entire library goes untrusted upon revocation. Wouldn't be completely foolproof, but better than nothing, I guess.
That's security by obscurity. Given time, an attacker with physical access to the device will get every bit data from it. And yes, you could mark it as compromised, but then there's nothing stopping the attacker from just buying another camera and stripping the key from that, too. Since they already know how. And yes, you could revoke all the keys from the entire model range, and come up with a different puzzle for the next camera, but the attacker will just crack that one too.
Hiding the key on the camera in such a way that the camera can access it, but nobody else can is impossible. We simply need to accept that a photograph or a video is no longer evidence.
The idea in your second paragraph is good though, and much easier to implement than your first one.
-
And why do I need a Blockchain for that?
I could host my own ticket shop where tickets are only possible to check in if you have a passport and trading is impossible since it is bound to the person who bought it.
And trading can be made possible with the same platform that sells the tickets
Sure you can, but then we basically create the same situation as with Ticketmasters, all tickets will then eventually flow through your company and you can change policies again and we will end up with the same problems. With a blockchain solution (doesn't have to be blockchain for NFT's though) this platform can be decentralized and self managed, the rules are baked into the protocol, it can only be changed with the majority of voting rights. It basically enables the infrastructure for artists to control ticket sales (and reading at the gate) themselves, without having to use an agency. In your scenario, they would still need an agency.
-
That's security by obscurity. Given time, an attacker with physical access to the device will get every bit data from it. And yes, you could mark it as compromised, but then there's nothing stopping the attacker from just buying another camera and stripping the key from that, too. Since they already know how. And yes, you could revoke all the keys from the entire model range, and come up with a different puzzle for the next camera, but the attacker will just crack that one too.
Hiding the key on the camera in such a way that the camera can access it, but nobody else can is impossible. We simply need to accept that a photograph or a video is no longer evidence.
The idea in your second paragraph is good though, and much easier to implement than your first one.
No, it is not security through obscurity. It's a message signature algorithm, which are used in cryptography all the time.
You're falling for the classic paradox of security: it has to work for someone. OF COURSE if you get all of the keys and every detail of the process you can crack it. That's true of ALL CRYPTOGRAPHY. If someone knows everything including the keys, it's too late for any 'secure' device.
-
The blockchain is distributed.
For example, you might use it as a trademark registry or to certify a chain of legal evidence. You can validate a presented copy matches the original and what the chain of ownership was. And you can do this without the single point of failure of a nationwide database
Who holds and validates the original you're comparing to?
-
No, it is not security through obscurity. It's a message signature algorithm, which are used in cryptography all the time.
You're falling for the classic paradox of security: it has to work for someone. OF COURSE if you get all of the keys and every detail of the process you can crack it. That's true of ALL CRYPTOGRAPHY. If someone knows everything including the keys, it's too late for any 'secure' device.
No, it is not security through obscurity. It’s a message signature algorithm, which are used in cryptography all the time.
Yes it is. The scheme is that when you take a picture, the camera signs said picture. The key is stored somewhere in the camera. Hence the secrecy of the key hinges on the the attacker not knowing how the camera accesses the key. Once the attacker knows that, they can get the key from the camera. Therefore, security hinges on the secrecy of the camera design/protocol used by the camera to access the key, in addition to the secrecy of the key. Therefore, it is security by obscurity.
-
Who holds and validates the original you're comparing to?
That’s the point, a use case where no one has to. It’s only the record of ownership.
And clearly you’d still need to make arrangements to prevent multiple chains of ownership for a copied artifact
NFTs make the mistake of assuming that somehow makes it unique, forgetting you can just copy the original. However these use cases work from the opposite direction: given an accused infringement, does that match?
Consider the current use case for trademark. Someone creates a trademark and registers with an authority. At some point they may renew modify, or sell. After some time, that authority has a database containing the original and a chain of ownership. Blockchain could serve this identically, with the potential advantage of the chain being self contained and distributable
-
That’s the point, a use case where no one has to. It’s only the record of ownership.
And clearly you’d still need to make arrangements to prevent multiple chains of ownership for a copied artifact
NFTs make the mistake of assuming that somehow makes it unique, forgetting you can just copy the original. However these use cases work from the opposite direction: given an accused infringement, does that match?
Consider the current use case for trademark. Someone creates a trademark and registers with an authority. At some point they may renew modify, or sell. After some time, that authority has a database containing the original and a chain of ownership. Blockchain could serve this identically, with the potential advantage of the chain being self contained and distributable
That is not how the chain has worked or could ever work. There is a reason after over fifteen years people are still speculating how blockchain can be useful.
-
No, it is not security through obscurity. It’s a message signature algorithm, which are used in cryptography all the time.
Yes it is. The scheme is that when you take a picture, the camera signs said picture. The key is stored somewhere in the camera. Hence the secrecy of the key hinges on the the attacker not knowing how the camera accesses the key. Once the attacker knows that, they can get the key from the camera. Therefore, security hinges on the secrecy of the camera design/protocol used by the camera to access the key, in addition to the secrecy of the key. Therefore, it is security by obscurity.
And how do they get the camera? You could make the same exact claims about SSH being useless because "if an attacker gets the key, it's over!"
NO SHIT!!
-
And how do they get the camera? You could make the same exact claims about SSH being useless because "if an attacker gets the key, it's over!"
NO SHIT!!
They buy it at a store.