Content Credentials (CAI)

Started by Mario, September 25, 2024, 05:00:42 PM

Previous topic - Next topic

Mario

You might have heard about the Content Credentials (CAI) initiative and Adobe's and other's related C2PA project.
The gist of this is to provide a way to tell that an image has not been fiddled with after the time the original creator, camera or other device has signed it.

This is very important for press and other photographers who need a way to certify and prove that an image was created by them (and not modified afterwards or created by an AI from scratch).

For IMatch, this creates two challenges:

IMatch should have a way to check that an image has a CAI certificate embedded and that this certificate is valid (meaning the image has not been modified).
So I wrote an IMatch app (thanks to the app ecosystem!) that can do exactly that. Using libraries provided by the C2PA and a bit of IMWS magic, this was fairly straightforward.

Here is how it looks with an OK and a manipulated image (from the CAI test set).

Image1.jpg Image2.jpg

A bit more polishing and I have that covered. "Support for CAI" will tick another box in the IMatch 2025 press release.

The second challenge is much harder.

Every modification of an image (e.g. writing back metadata) requires updating the embedded certificate, adding another "step" to it and signing that with a certificate. Else the certificate becomes invalid and the image is flagged.

ExifTool cannot do that and probably never will. There is no code for Perl that can do this at this time.
IMatch can currently not do this either. I'm looking into this.

The C2PA has currently only "beta" implementations for the Rust and JavaScript. And a pre-alpha version in C, currently only for MacOs. Everything is still a moving target and the specs and implementation changes frequently.

Each user must provide his/her own certificate (or a corporate certificate) and these cost a lot of money, several hundred dollars per year. Certificates must be kept securely, on a hardware device or similar.

I've just went through all that while renewing the Authenticate certificate I use to sign the IMatch installers.
The process is a lot more complex and the prices have doubled. I have to pay about 250 US$ per year now for my certificate. Sigh :(

So, for now, IMatch will allow you to check for and validate CAI certificates. And, maybe, in a while, also will update existing certificates when metadata is written, if possible.

While I worked my way through the loooong (committee!) technical specs, I wondered about some things.
E.g. how CAI / C2PA will validate certificates. There is no chain like with SSL certificates for web servers or Authenticode certificates used to sign software. All this is marked as TBD in the tech docs and currently totally unsafe.

A security researcher / hacker proved how easy it is to manipulate existing images or sign AI-generated images with a certificate from Microsoft :D

This caused a lot of stir on the CAI site, who apparently did not think this through and is currently probably 80% marketing and 20% technical development 8)  Very polished web sites, but the certificate architecture is broken and actually useless to certify anything.

If you want to read why CAI is broken and how easily it can be fooled, read the security hackers blog post.

philburton

Quote from: Mario on September 25, 2024, 05:00:42 PMYou might have heard about the Content Credentials (CAI) initiative and Adobe's and other's related C2PA project.
The gist of this is to provide a way to tell that an image has not been fiddled with after the time the original creator, camera or other device has signed it.

This is very important for press and other photographers who need a way to certify and prove that an image was created by them (and not modified afterwards or created by an AI from scratch).

For IMatch, this creates two challenges:

IMatch should have a way to check that an image has a CAI certificate embedded and that this certificate is valid (meaning the image has not been modified).
So I wrote an IMatch app (thanks to the app ecosystem!) that can do exactly that. Using libraries provided by the C2PA and a bit of IMWS magic, this was fairly straightforward.

Here is how it looks with an OK and a manipulated image (from the CAI test set).

Image1.jpg Image2.jpg

A bit more polishing and I have that covered. "Support for CAI" will tick another box in the IMatch 2025 press release.

The second challenge is much harder.

Every modification of an image (e.g. writing back metadata) requires updating the embedded certificate, adding another "step" to it and signing that with a certificate. Else the certificate becomes invalid and the image is flagged.

ExifTool cannot do that and probably never will. There is no code for Perl that can do this at this time.
IMatch can currently not do this either. I'm looking into this.

The C2PA has currently only "beta" implementations for the Rust and JavaScript. And a pre-alpha version in C, currently only for MacOs. Everything is still a moving target and the specs and implementation changes frequently.

Each user must provide his/her own certificate (or a corporate certificate) and these cost a lot of money, several hundred dollars per year. Certificates must be kept securely, on a hardware device or similar.

I've just went through all that while renewing the Authenticate certificate I use to sign the IMatch installers.
The process is a lot more complex and the prices have doubled. I have to pay about 250 US$ per year now for my certificate. Sigh :(

So, for now, IMatch will allow you to check for and validate CAI certificates. And, maybe, in a while, also will update existing certificates when metadata is written, if possible.

While I worked my way through the loooong (committee!) technical specs, I wondered about some things.
E.g. how CAI / C2PA will validate certificates. There is no chain like with SSL certificates for web servers or Authenticode certificates used to sign software. All this is marked as TBD in the tech docs and currently totally unsafe.

A security researcher / hacker proved how easy it is to manipulate existing images or sign AI-generated images with a certificate from Microsoft :D

This caused a lot of stir on the CAI site, who apparently did not think this through and is currently probably 80% marketing and 20% technical development 8)  Very polished web sites, but the certificate architecture is broken and actually useless to certify anything.

If you want to read why CAI is broken and how easily it can be fooled, read the security hackers blog post.

Mario,

I was gobsmacked when I read the link above.  A good part of my career (I'm now retired) was in information security as software product manager, and I had a lot of experience working with public key cryptography and authentication.  The mistakes and omissions described in this link should not have been made by any competent engineer with experience in this area.  Not having a link to a root Certificate authority is simply inexcusable!!! This standard is worse than useless, because people who aren't aware of these issues would have a false sense of confidence,

As a former product manager, I often did marketing work, but I usually had an engineer review anything I wrote that had technical information, even though I was sometimes told that my technical knowledge was better than most product managers. (I was the rare product manager who earned a technical certification called CISSP, for security engineers and technicians.)  However, I also knew product managers without that awareness of the limits of their technical knowledge.

I'm surprised that people at Adobe haven't tried to withdraw C2PA until it is truly ready.

Mario

QuoteI'm surprised that people at Adobe haven't tried to withdraw C2PA until it is truly ready.

I think it's what called a "Schnellschuss" here in Germany.
The entire industry was spooked by AI and fake photos. And so the big vendors and industry bodies tried to come up with something quick. And then plastered 80% of marketing on top of a half-finished spec and tech.

The app I will ship with IMatch works, within the limitations and TBD's and 'will change later' and 'YTBD''s in the technical documents. It's a good idea, but Adobe and others need to put a lot of work into CAI and CSPA before it can really work.

I, as a small developer, am now forced to pay 250US$ per year for a certificate that basically says "I'm me" and that I have to renew every year (or every 3 years with a small rebate) just in order to "sign" the installers I create for IMatch - to prevent browsers and Windows from spooking users with scary warnings about "unknown and potentially harmful" software during download and installation.

On the other hand, 90% of all SPAM bots signing up to this community use Google gmail,com emails. Microsoft managed to get one of their top-level security keys for their Azure server environments stolen, giving access to everything to the attackers and opening the kingdom to their enemies. A lazy and untested CloudStrike update renders hundreds of thousands of Windows computers unusable. And Adobe and their peers manage to make CAI insecure, useless and insecure by design.