Bio: IT Security analyst at ElcomSoft Co.Ltd.
Lecturer at Information Security department of Moscow Sate Technical University n.a. Bauman. Working in Information Security area for more than 10 years. Have experience in making presentations on security and computer forensics subjects.
Topic of Presentation: Forging Canon Original Decision Data
Abstract: Many Canon DSLR cameras (and all mid- and high-end models) can generate authenticity information for images taken with it. This information (called ‘Original Decision Data’) can be later used to detect if the picture is authentic, was it altered, retouched, edited or otherwise forged. It also protects image metadata, most important being GPS timestamp and coordinates.
Original Decision Data is widely used by e.g. news agencies to ensure that photos they get from their sources are genuine and can be relied upon.
The talk will deliver results of in-depth security analysis of Canon’s Original Decision Data feature and show that it is quite possible to break it.
We will start by giving detailed description of how authenticity data is generated and verified, identifying (obvious and not-so-obvious) design and implementation pitfalls. Next, a live demo will be given showing how easy it is to forge authenticity data and make fake image verify as if it were genuine. Finally, we will share some thoughts on how to improve the system and make it more resilient to forging.