this post was submitted on 11 Feb 2024
641 points (97.9% liked)

Technology

76364 readers
1334 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes::Biden's AI advisor Ben Buchanan said a method of clearly verifying White House releases is "in the works."

you are viewing a single comment's thread
view the rest of the comments
[–] CyberSeeker@discuss.tchncs.de 177 points 2 years ago (3 children)

Digital signature as a means of non repudiation is exactly the way this should be done. Any official docs or releases should be signed and easily verifiable by any public official.

[–] mods_are_assholes@lemmy.world 83 points 2 years ago (1 children)

Maybe deepfakes are enough of a scare that this becomes standard practice, and protects encryption from getting government backdoors.

[–] RVGamer06@sh.itjust.works 57 points 2 years ago (1 children)
[–] mods_are_assholes@lemmy.world 22 points 2 years ago (1 children)

Hey, congresscritters didn't give a shit about robocalls till they were the ones getting robocalled.

We had a do not call list within a year and a half.

That's the secret, make it affect them personally.

[–] Daft_ish@lemmy.world 3 points 2 years ago (2 children)

Doesn't that prove that government officials lack empathy? We see it again and again but still we keep putting these unfeeling bastards in charge.

load more comments (2 replies)
[–] otter@lemmy.ca 17 points 2 years ago (8 children)

Would someone have a high level overview or ELI5 of what this would look like, especially for the average user. Would we need special apps to verify it? How would it work for stuff posted to social media

linking an article is also ok :)

[–] AbouBenAdhem@lemmy.world 24 points 2 years ago* (last edited 2 years ago) (2 children)

Depending on the implementation, there are two cryptographic functions that might be used (perhaps in conjunction):

  • Cryptographic hash: An arbitrary amount of data (like a video file) is used to create a “hash”—a shorter, (effectively) unique text string. Anyone can run the file through the same function to see if it produces the same hash; if even a single bit of the file is changed, the hash will be completely different and you’ll know the data was altered.

  • Public key cryptography: A pair of keys are created, one of which can only encrypt data (but can’t decrypt its own output), and the other, “public” key can only decrypt data that was encrypted by the first key. Users (like the White House) can post their public key on their website; then if a subsequent message purporting to come from that user can be decrypted using their public key, it proves it came from them.

[–] Serinus@lemmy.world 9 points 2 years ago (2 children)

a shorter, (effectively) unique text string

A note on this. There are other videos that will hash to the same value as a legitimate video. Finding one that is coherent is extraordinarily difficult. Maybe a state actor could do it?

But for practical purposes, it'll do the job. Hell, if a doctored video with the same hash comes out, the White House could just say no, we punished this one, and that alone would be remarkable.

[–] AbouBenAdhem@lemmy.world 8 points 2 years ago* (last edited 2 years ago) (4 children)

Finding one that is coherent is extraordinarily difficult.

You’d need to find one that was not just coherent, but that looked convincing and differed in a way that was useful to you—and that likely wouldn’t be guaranteed, even theoretically.

[–] Natanael@slrpnk.net 2 points 2 years ago

Pigeon hole principle says it does for any file substantially longer than the hash value length, but it's going to be hard to find

load more comments (3 replies)
[–] CyberSeeker@discuss.tchncs.de 3 points 2 years ago (1 children)

There are other videos that will hash to the same value

This concept is known as ‘collision’ in cryptography. While technically true for weaker key sizes, there are entire fields of mathematics dedicated to probably ensuring collisions are cosmically unlikely. MD5 and SHA-1 have a small enough key space for collisions to be intentionally generated in a reasonable timeframe, which is why they have been deprecated for several years.

To my knowledge, SHA-2 with sufficiently large key size (2048) is still okay within the scope of modern computing, but beyond that, you’ll want to use Dilithium or Kyber CRYSTALS for quantum resistance.

[–] Natanael@slrpnk.net 3 points 2 years ago (1 children)

SHA family and MD5 do not have keys. SHA1 and MD5 are insecure due to structural weaknesses in the algorithm.

Also, 2048 bits apply to RSA asymmetric keypairs, but SHA1 is 160 bits with similarly sized internal state and SHA256 is as the name says 256 bits.

ECC is a public key algorithm which can have 256 bit keys.

Dilithium is indeed a post quantum digital signature algorithm, which would replace ECC and RSA. But you'd use it WITH a SHA256 hash (or SHA3).

[–] CyberSeeker@discuss.tchncs.de 1 points 2 years ago

Good catch, and appreciate the additional info!

[–] Natanael@slrpnk.net 2 points 2 years ago

Public key cryptography would involve signatures, not encryption, here.

[–] AtHeartEngineer@lemmy.world 12 points 2 years ago (3 children)

The best way this could be handled is a green check mark near the video that you could click on it and it would give you all the meta data of the video (location, time, source, etc) with a digital signature (what would look like a random string of text) that you could click on and your browser would show you the chain of trust, where the signature came from, that it's valid, probably the manufacturer of the equipment it was recorded on, etc.

[–] ulterno@lemmy.kde.social 7 points 2 years ago (1 children)

Just make sure the check mark is outside the video.

[–] Natanael@slrpnk.net 3 points 2 years ago

Browser controlled modal.

[–] wizardbeard@lemmy.dbzer0.com 4 points 2 years ago (2 children)

The issue is making that green check mark hard to fake for bad actors. Https works because it is verified by the browser itself, outside the display area of the page. Unless all sites begin relying on a media player packed into the browser itself, if the verification even appears to be part of the webpage, it could be faked.

[–] brbposting@sh.itjust.works 4 points 2 years ago

Hope verification gets built in to operating systems as compromised applications present a risk too.

But I’m sure a crook would build a MAGA Verifier since you can’t trust liberal Apple/Microsoft technology.

[–] dejected_warp_core@lemmy.world 2 points 2 years ago* (last edited 2 years ago) (1 children)

The only thing that comes to mind is something that forces interactivity outside the browser display area; out of the reach of Javascript and CSS. Something that would work for both mobile and desktop would be a toolbar icon that is a target for drag-and-drop. Drag the movie or image to the "verify this" target, and you get a dialogue or notification outside the display area. As a bonus, it can double for verifying TLS on hyperlinks while we're at it.

Edit: a toolbar icon that's draggable to the image/movie/link should also work the same. Probably easier for mobile users too.

[–] Natanael@slrpnk.net 2 points 2 years ago* (last edited 2 years ago) (1 children)

If you set the download manager icon in the browser as permanently visible, then dragging it there could trigger the verification to also run if the metadata is detected, and to then also show whichever metadata it could verify.

[–] dejected_warp_core@lemmy.world 1 points 2 years ago

That's a tad obscure, but makes it much easier to code up a prototype. I like it.

[–] Natanael@slrpnk.net 2 points 2 years ago (1 children)

Do not show a checkmark by default! This is why cryptographers kept telling browsers to de-emphasize the lock icon on TLS (HTTPS) websites. You want to display the claimed author and if you're able to verify keypair authenticity too or not.

[–] AtHeartEngineer@lemmy.world 1 points 2 years ago (2 children)

Fair point, I agree with this. There should probably be another icon in the browser that shows if all, some, or none of the media on a page has signatures that can be validated. Though that gets messy as well, because what is "media"? Things can be displayed in a web canvas or SVG that appears to be a regular image, when in reality it's rendered on the fly.

Security and cryptography UX is hard. Good point, thanks for bringing that up! Btw, this is kind of my field.

load more comments (2 replies)
[–] pupbiru@aussie.zone 6 points 2 years ago* (last edited 2 years ago) (1 children)

it would potentially be associated with a law that states that you must not misrepresent a “verified” UI element like a check mark etc, and whilst they could technically add a verified mark wherever they like, the law would prevent that - at least for US companies

it may work in the same way as hardware certifications - i believe that HDMI has a certification standard that cables and devices must be manufactured to certain specifications to bear the HDMI logo, and the HDMI logo is trademarked so using it without permission is illegal… it doesn’t stop cheap knock offs, but it means if you buy things in stores in most US-aligned countries that bear the HDMI mark, they’re going to work

[–] LodeMike@lemmy.today 8 points 2 years ago* (last edited 2 years ago) (2 children)

There’s already some kind of legal structure for what you’re talking about: trademark. It’s called “I’m Joe Biden and I approve this message.”

If you’re talking about HDCP you can break that with an HDMI splitter so IDK.

[–] captain_aggravated@sh.itjust.works 8 points 2 years ago (2 children)

Relying on trademark law to combat deepfake disinformation campaigns has the same energy as "Murder is already illegal, we don't need gun control."

[–] pupbiru@aussie.zone 2 points 2 years ago

kinda… trademark law and copyright is pretty tightly controlled on the big social media platforms, and really that’s the target here

[–] pupbiru@aussie.zone 4 points 2 years ago* (last edited 2 years ago) (2 children)

TLDR: trademark law yes, combined with a cryptographic signature in the video metadata… if a platform sees and verifies the signature, they are required to put the verified logo prominently around the video

i’m not talking about HDCP no. i’m talking about the certification process for HDMI, USB, etc

(random site that i know nothing about): https://www.pacroban.com/en-au/blogs/news/hdmi-certifications-what-they-mean-and-why-they-matter

you’re right; that’s trademark law. basically you’re only allowed to put the HDMI logo on products that are certified as HDMI compatible, which has specifications on the manufacturing quality of cables etc

in this case, you’d only be able to put the verified logo next to videos that are cryptographically signed in the metadata as originating from the whitehouse (or probably better, some federal election authority who signs any campaign videos as certified/legitimate: in australia we have the AEC - australian electoral commission - a federal body that runs our federal elections and investigations election issues, etc)

now this of course wouldn’t work for sites outside of US control, but it would at least slow the flow of deepfakes on facebook, instagram, tiktok, the platform formerly known as twitter… assuming they implemented it, and assuming the govt enforced it

[–] brbposting@sh.itjust.works 1 points 2 years ago (1 children)

Once an original video is cryptographically signed, could future uploads be automatically verified based on pixels plus audio? Could allow for commentary to clip the original.

Might need some kind of minimum length restriction to prevent deceptive editing which simply (but carefully) scrambles original footage.

[–] pupbiru@aussie.zone 3 points 2 years ago

not really… signing is only possible on exact copies (like byte exact; not even “the same image” but the same image, formatted the same, without being resized, etc)… there are things called perceptual hashes, and ways of checking if images are similar, but cryptography wouldn’t really help there

[–] General_Effort@lemmy.world 5 points 2 years ago* (last edited 2 years ago) (1 children)

For the average end-user, it would look like "https". You would not have to know anything about the technical background. Your browser or other media player would display a little icon showing that the media is verified by some trusted institution and you could learn more with a click.

In practice, I see some challenges. You could already go to the source via https, EG whitehouse.gov, and verify it that way. An additional benefit exists only if you can verify media that have been re-uploaded elsewhere. Now the user needs to check that the media was not just signed by someone (EG whitehouse.gov. ru), but if it was really signed by the right institution.

[–] TheKingBee@lemmy.world 3 points 2 years ago (2 children)

As someone points out above, this just gives them the power to not authenticate real videos that make them look bad...

[–] General_Effort@lemmy.world 2 points 2 years ago

Videos by third parties, like Trump's pussy grabber clip, would obviously have to be signed by them. After having thought about it, I believe this is a non-starter.

It just won't be as good as https. Such a signing scheme only makes sense if the media is shared away from the original website. That means you can't just take a quick look at the address bar to make sure you are not getting phished. That doesn't work if it could be any news agency. You have to make sure that the signer is really a trusted agency and not some scammy lookalike. That takes too much care for casual use, which defeats the purpose.

Also, news agencies don't have much of an incentive to allow sharing their media. Any cryptographic signature would only make sense for them if directs users to their site, where they can make money. Maybe the potential for more clicks - basically a kind of clickable watermark on media - could make this take off.

[–] dejected_warp_core@lemmy.world 2 points 2 years ago

I honestly feel strategies like this should be mitigated by technically savvy journalism, or even citizen journalism. 3rd parties can sign and redistribute media in the public domain, vouching for their origin. While that doesn't cover all the unsigned copies in existence, it provides a foothold for more sophisticated verification mechanisms like a "tineye" style search for media origin.

[–] Starbuck@lemmy.world 3 points 2 years ago (1 children)

Adobe is actually one of the leading actors in this field, take a look at the Content Authenticity Initiative (https://contentauthenticity.org/)

Like the other person said, it’s based on cryptographic hashing and signing. Basically the standard would embed metadata into the image.

[–] Cocodapuf@lemmy.world 2 points 2 years ago

It needs some kind of handler, but we mostly have those in place. A web browser could be the handler for instance. A web browser has the green dot on the upper left, telling you a page is secure, that https is on and valid. This could work like that, the browser can verify the video and display a green or red dot in the corner, the user could just mouse over it/tap on it to see who it's verified to be from. But it's up to the user to mouse over it and check if it says whitehouse.gov or dr-evil-mwahahaha.biz

load more comments (2 replies)
[–] pupbiru@aussie.zone 7 points 2 years ago (9 children)

i wouldn’t say signature exactly, because that ensures that a video hasn’t been altered in any way: no re-encoded, resized, cropped, trimmed, etc… platforms almost always do some of these things to videos, even if it’s not noticeable to the end-user

there are perceptual hashes, but i’m not sure if they work in a way that covers all those things or if they’re secure hashes. i would assume not

perhaps platforms would read the metadata in a video for a signature and have to serve the video entirely unaltered if it’s there?

[–] thantik@lemmy.world 11 points 2 years ago* (last edited 2 years ago) (1 children)

You don't need to bother with cryptographically verifying downstream videos, only the source video needs to be able to be cryptographically verified. That way you have an unedited, untampered cut that can be verified to be factually accurate to the broadcast.

The White House could serve the video themselves if they so wanted to. Just use something similar to PGP for signature validation and voila. Studios can still do all the editing, cutting, etc - it shouldn't be up to the end user to do the footwork on this, just for the studios to provide a kind of 'chain of custody' - they can point to the original verification video for anyone to compare to; in order to make sure alterations are things such as simple cuts, and not anything more than that.

[–] pupbiru@aussie.zone 4 points 2 years ago* (last edited 2 years ago)

you don’t even need to cryptographically verify in that case because you already have a trusted authority: the whitehouse… of the video is on the whitehouse website, it’s trusted with no cryptography needed

the technical solutions only come into play when you’re trying to modify the video and still accurately show that it’s sourced from something verifiable

heck you could even have a standard where if a video adds a signature to itself, editing software will add the signature of the original, a canonical immutable link to the file, and timestamps for any cuts to the video… that way you (and by you i mean anyone; likely hidden from the user) can load up a video and be able to link to the canonical version to verify

in this case, verification using ML would actually be much easier because you (servers) just download the canonical video, cut it as per the metadata, and compare what’s there to what’s in the current video

[–] AbouBenAdhem@lemmy.world 3 points 2 years ago (1 children)

Rather that using a hash of the video data, you could just include within the video the timestamp of when it was originally posted, encrypted with the White House’s private key.

[–] Natanael@slrpnk.net 1 points 2 years ago (1 children)

That doesn't prove that the data outside the timestamp is unmodified

[–] AbouBenAdhem@lemmy.world 1 points 2 years ago* (last edited 2 years ago) (1 children)

It does if you can also verify the date of the file, because the modified file will be newer than the timestamp. An immutable record of when the file was first posted (on, say, YouTube) lets you verify which version is the source.

[–] Natanael@slrpnk.net 1 points 2 years ago

No it does not because you can cut out the timestamp and put it into anything if the timestamp doesn't encode anything about the frame contents.

It is always possible to backdate file edits.

Sure, public digital timestamping services exists, but most people will not check. Also once again, an older timestamp can simply be cut out of one file and posted into another file.

You absolutely must embedd something which identifies what the media file is, which can be used to verify ALL of the contents with cryptographic signatures. This may additionally refer to a verifiable timestamp at some timestamping service.

load more comments (7 replies)