[sigmoid10]

You only need a method of key invalidation and renewal, that's all. Ssl certificates have been facing this problem for years. The threat model is equal to someone infecting millions of devices and then sending back banking data, so it's not like people aren't working on mitigating that stuff.

[sebzim4500]

>Ssl certificates have been facing this problem for years.

That's an entirely different, and much easier problem. In the case of SSL you are not worried about an attacker obtaining a certificate for any host, just the ones you care about. E.g. an attacker getting a certificate for facebook.com would be catastrophic, but an attacker getting a certificate for a website that no one uses would be a non-issue.

For the case of avoiding deepfakes, you need to avoid the attacker extracting a key from any of the millions of cameras that are sold every year.

[lifeisstillgood]

Surely the threat model remains the same. being able to forge photos from a camera held by the LAPD forensics lab, or Reuters would be more "damaging" than having my camera hardware key.

I think there is scope for a simple self regulation here to start us off. I would love to see Reuters or the BBC start to publish their raw footage with the hashes. It is a question of starting the ball rolling

[foobar33333]

Not really because this is being proposed as a solution to solve people using fake photos on dating apps which means it has to work on every single consumer device to actually work.

[uuidgen]

Every camera will have a unique key so a single key leaked is still no issue. It's easy to maintain a blacklist - similarly how CRLs work.

[xrendan]

Yes, but you need to detect the fakes before you can ban them. An adversary could just rotate camera keys before they're even detected.

[sigmoid10]

You just need to couple the keys to something tangible. But the truth is that every system can by bypassed if you spend enough effort. The only question is when it becomes enough hassle so that it doesn't disrupt ordinary people's lives. Not even facebook cared about enforcing https until someone made a browser plugin that let everyone steal cookies.

[foobar33333]

So now we are essentially bricking the devices of real users? Without doing anything meaningful to real attackers who just grab the next key out of their list of 10 million stolen from insecure androids.

[uuidgen]

What? No. The signature needs to be added by the image sensor as it gathers data.

It shouldn't be easy to extract it and that's it. It's even less difficult than keeping the DVD/Blueray keys secure because each device has a separate key, so if a line of devices gets compromised easily it's easy to spot.

Then you put a legal framework around what can be presented by media, the requirement for signature collection and so. And one of problems with photo/video authenticity is essentially solved.