Nikon Image Authentication System Vulnerability
It is hard to underestimate the importance of photographic evidence in today's world. Political, legal and business users rely on images captured with modern digital cameras to base important decisions. The credibility of such evidence thus becomes vital.
The Impact of Fake Photographic Evidence
Some of that evidence has been proven to be a fake. Manipulated images have been used to make false political statements in more than once case. ElcomSoft has published a brief abstract on some of the world's most famous fakes that made impact on public opinion, resulted in terminated careers and loss of reputation.
Digital Image Authentication
Major manufacturers of photographic equipment including Canon and Nikon introduced image authentication systems aimed to streamline the validation of image originality and guarantee that the image appears exactly as captured. A secure digital signature is calculated for each capture immediately after a shot.
The Flaw in Nikon's Implementation
Nikon's implementation of image authentication has a major design weakness. ElcomSoft researchers discovered a flaw in the way the secure image signing key is being handled in camera. The vulnerability allowed the researchers to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images with a fully valid authentication signature. By using the signing key, ElcomSoft has prepared a set of hoax images that successfully pass validation with Nikon Image Authentication Software.
ElcomSoft is providing more information on image authentication background and technical implementation in the «Nikon Image Authentication System: Compromised» blog entry
ElcomSoft made the issue known to Nikon and CERT as a trusted third party. At the time of this writing, ElcomSoft received no response from Nikon.
All past and current digital SLR cameras manufactured by Nikon and supporting Image Authentication are affected, including Nikon D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs.
As a result, any photographic evidence submitted that was captured with an affected camera (as well as any future camera using the same signing key) should not be automatically taken as genuine just because it passes validation with Nikon Image Authentication Software.
Read about the vulnerability in the press:
ElcomSoft has extracted a valid image signing key and used it to sign a set of forged photographs. The following images, while being obvious hoaxes, will be successfully validated as genuine when verified with Nikon Image Authentication Software.
Click on any image for larger [digitally signed] copy.