io_crypt - encrypt your photos while you shoot them

Started by g3gg0, February 02, 2014, 12:36:25 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

DeafEyeJedi

5D3.113 | 5D3.123 | EOSM.203 | 7D.203 | 70D.112 | 100D.101 | EOSM2.* | 50D.109

stiefel40k

Quote from: g3gg0 on December 31, 2016, 03:09:34 AM
with ChaCha20 i get ~4.5 - 4.8 MiB/s
with XTEA its ~0.8 MiB/s
with LFSR it was ~20MiB/s (iirc)

Could you somewhere share your code with ChaCha20? I would like to check it out, because we (my friend and I) are doing a project where we would like to implement exactly this feature for magic lantern (with Poly1305).

Thanks in advance!
Regards,
Stiefel

g3gg0

well, i don't think i kept it somewhere.
but it was quite simple to integrate.
i used the implementation from insanecoder (http://chacha20.insanecoding.org/)
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

stiefel40k

So we tried to get up and running the io_crypt module, but we encountered some problems with the decryption.

(Our "specs":
Camera: 600D
Platform build: https://builds.magiclantern.fm/jenkins/job/600D.102/387/artifact/platform/600D.102/magiclantern-Nightly.2017Mar12.600D102.zip
io_crypt build: https://builds.magiclantern.fm/jenkins/job/io_crypt/2/artifact/modules/io_crypt/io_crypt.mo)

The encryption seems to be working, however we have some difficulties with the decryption. The camera itself can't decrypt the images in preview mode either. Regardless of what mode (RSA or PWD) we use. We have the same issue on a PC. Either we get a CR2 file which is just green or we get a JPG with various errors. One example: https://drive.google.com/drive/folders/0B6HUB6hIMVcRLWJubVZTNUxhOW8 I also included the Private key, for testing purposes.

Can somebody give us a hint what we are doing wrong? I also include the decrypt-executable which we use. (It was built by ourselves. See the drive link.)

Thanks in advance!

g3gg0

hi stiefel,
what were the exact settings you used?

i found the patch i used to add ChaCha20 support.
the file is a .patch, just renamed to .txt as the forum didnt allow this extension.
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

bpv5P

Hi g3gg0, thanks for the work.
Have yourself implemented the crypto primitives? I didn't read the thread but, if that's the case, wouldn't be good to use something like libsodium[1] to do it?
Also, deniable encryption is a good idea. For example, you set two passwords, one for the real photos, other for a bunch of meaningless photos. So, if I'm a photojournalist working in some protest and authorities come telling me to show the pictures I can just put the fake password and be safe, kinda like the old Rubberhose file system.
Steganography could be a good project too... just exposing some ideas.



[1] https://libsodium.org

g3gg0

to get proper encryption in camera, it requires *fast* algorithms and seamless integration.
first point was to figure out the capabilities and how to integrate encryption.

the latter point was already mentioned and is a good addition.
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

stiefel40k

Hi g3gg0,

Quote from: g3gg0 on April 08, 2017, 10:48:50 PM
what were the exact settings you used?

The easiest way to show the exact options, we made a video about it: https://youtu.be/VwA3yAJTVY8 (you might have to wait, depending on when you check it out, because I just uploaded it, and it might take some time for youtube to process it).

Quote from: g3gg0 on April 08, 2017, 10:48:50 PM

i found the patch i used to add ChaCha20 support.
the file is a .patch, just renamed to .txt as the forum didnt allow this extension.

Thanks for it! It is very nice of you!

bpv5P

Hey @g3gg0 , check this out:
https://github.com/boyska/chdkripto

Seems interesting. It seems to use Curve25519 (as it's listed on IANIX page).
Also, for benchmarks:
https://bench.cr.yp.to/supercop.html

The research on in-camera encryption seems really interesting for forensics and could have a real impact as evidence for legal judgements.
Do you know if default Canon CR2 provide a reliable timestamp? If not, would ML silent_pic be able to write a DNG with encrypted timestamps?
Just some ideas.

g3gg0

hi bpv5P,

the encryption causes writing speed to go drastically down.
a simple repeaing XOR key which is not even halway safe, causes a drop in write speed by factor 2 or so?
so any real cipher makes life really hard :(

possible - but practical?
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

bpv5P

Quote from: g3gg0 on August 08, 2017, 04:58:01 PM
hi bpv5P,

the encryption causes writing speed to go drastically down.
a simple repeaing XOR key which is not even halway safe, causes a drop in write speed by factor 2 or so?
so any real cipher makes life really hard :(

possible - but practical?

Yeah, I don't know the solution. 
Here's another idea: get the camera "MAC address" (I don't know if it's called that way on such devices), and encrypt the DNG metadata using it. It could be useful for legal usage, so you can autheticate the image. RAW image alone is used today as legal evidence, but it can be easily edited with the right tools, preserving metadata.

Although the idea above could be useful for some people, it will not be worth for journalists, for example, since anyone could see and delete the picture.
Another solution could be use homomorphic encryption on Wifi cameras:
https://tfhe.github.io/tfhe/

Or maybe to encrypt the whole filesystem with Chacha20, that's a faster algorithm than most of the ciphers...

I don't understand all of these concepts, though, I'm just leaving some links in case you have time and will to research...

signalfa

this plugin is about 80% of the way there when it comes to solving some big real-world problems... consider the following:

1. The journalist

After taking some photos of a protest, a journalist is detained by the police. They want the journalist's photos so they can prosecute the demonstrators, prosecute the journalist, or (more probably) both.

The journalist gives them his camera, but warns, "the photos are encrypted, so it won't be much use to you."

"What do you mean, encrypted?" the police ask. "What's the password? Tell us the password or we'll lock you up."

"I don't have the password," the journalist replies. "I can't decrypt the photos after I take them. The decryption key is with my editor in Paris. I take the photos, upload the encrypted photos to our server, and then my editor decrypts, edits, and publishes them. Am I free to go?"

Setting this up is easy: the publication's tech department supplies the journalist with a plain-text config file containing the public key and other settings. The journalist copies the config file to all of his memory cards. The camera firmware automatically recognises the config file and encrypts the photos as specified.

(Writing a user-friendly GUI to generate the config and handle decryption of photos should be easy, but can wait until the basic functionality is in place.

Similarly, verifying the key is correct by generating a key-fingerprint-image and displaying it on screen when the camera is turned on may also be worth doing... later.)

2. The forensic investigator

Before taking photos of a crime scene, the investigator generates a new time-stamped public-private key pair using a menu in the camera. The camera stores the private (signing) key in memory -- it's never written to the memory card and can't easily be extracted.

Instead, the camera writes the public (verification) key to the memory card, along with signed metadata about when and how the key-pair was generated. (camera serial number, etc)

Then, every time the camera takes a photo, it writes a cryptographic signature for the entire data file to the memory card. Using the public key (which was written to the card), anyone can verify a given digital image was taken by that camera at that time, and hasn't been modified since.

## Suggestions for implementation

There are a couple of things that would be helpful to make it the last 20% of the way:

- Implement real encryption: For people who need encryption or signing, performance is a secondary concern. Being able to gawk at your photos on the camera is also not so important if being able to do so puts your life and/or freedom at risk. (on-camera decryption is very much of secondary importance and could be implemented later)

- Use established cryptography instead of DIY: Implementing "real" encryption isn't hard. Compact, efficient cryptosystems (like Filo Sottile's `age` /  `rage` ecosystem) are widely available and offer good flexibility. They've also been reviewed for vulnerabilities and errors -- that's not true of anything we might come up with.

- Modularize the encryption: As soon as this sees any real-world use, encryption experts are going to look at it and point out ways we can do it better. Maybe next year someone will discover a crucial flaw in the fabric of reality and we will have to switch to some kind of Super Post-Quantum Isogenic-Singularity algorithm. Either way, the more modular and decoupled the encryption/signing code is from everything else, the easier it will be to implement these inevitable fixes.

- Make the interface conceptually simple and based on established standards... then add newbie-friendly sugar later. Putting an encryption key on the memory card (or reading a verification key from that card) is very basic. Editing a TOML or INI file by hand is also easy. Later on, it's easy to write a user-friendly GUI wrapper which generates the key, writes the config file... and then once the photos are taken, decrypts the photos.

names_are_hard

Hello, and welcome to Magic Lantern :)

You are replying to a five year old thread - if you want encryption functionality in the way you've described, you're probably going to have to implement it yourself.  We can help show you how to do that if you'd like.

Skinny

Actually I thought about this feature :)
I crossed the border recently, and was interrogated. Nothing serious and luckily they didn't check my camera. There were some videos where I say things against our fascist government :) So if you could for example encrypt video in camera, after filming.. even if it is slow. It could be useful.

Maybe even the option to hide videos from camera (like change file extension) so they won't play - can already help in many cases.
Or a password for the camera, with "wrong" password which will trigger a card format, hehe

elenhil

You're like those PGP etc. users: you just don't get it that using certain technologies is a red flag that will get you into trouble. They (PGP etc, can't say anything against this proposed plugin) are developed precisely for you to advertise the fact that you've something to hide. Pro tip: learn about anti strong encryption laws in whatever 'non-fascist' country you end up in. Will likely save you a lot of legal troubles, too.

P.S. You got screened at the airport and got spooked, right? Now, what would've happened if your camera WAS checked containing encrypted material? You would've been regarded legitimately suspect, detained, and given a proper Israeli-grade (just an example of a country taking its security very seriously) interrogation. A several days-long one, I'd wager.

Skinny

Maybe.. good point. Then it is better to just hide everything if possible.

I am not that experienced with this whole.. thing. For example in my case, they just took me to the special room like the ones you usually see in the movies.. with fences everywhere and locking doors. Asked a lot of questions for ~30 minutes. I knew it was only for psychological pressure because I heard other guys stories. But the whole bus was waiting for me, and I was afraid that it will leave.. but luckily, the driver understood the situation and other people were also supportive :)