01 September 2022

BFG004: verified recording

With sophisticated computer models now able to generate convincing but fake sounds, photos, and videos, it is valuable to be able to guarantee that a digital file was recorded directly from the physical world. This is a scheme for doing so that uses techniques from public-key cryptography.

Each recording device has a unique public/private key pair. The only copy of the private key is stored on the device and unreadable. The device’s hardware is designed to capture sound, photo, or video, as well as the time and location of the recording. It hashes the recorded file, concatenates the time and location, then signs the result using its private key. The hardware must be tamper-proof, destroying the private key in case of modification, to prevent key-extraction attacks and confused-deputy attacks. The public key is stored on the device in an accessible manner, and an easy-to-use version such as a QR code or digital file is provided to the user when they purchase the device.
Device manufacturers have their own unique public/private key pairs and function like certificate authorities. In other words, manufacturers’ public keys are well-known and easily discoverable by anyone. Each device’s public key is signed by the manufacturer’s private key to prove its legitimacy. Revocation of signed device public keys is possible using existing public-key-infrastructure techniques.
To publish a verifiable recording, the device is first used as normal. The resulting digital recording file, as well as the signed metadata file that contains the corresponding hash, timestamp, and location, can then be transferred off of the device. The recording file, the metadata file, and the device’s public key are published together.
To verify a published recording, the published device public key is first checked to confirm that it has been signed by a legitimate manufacturer’s private key. Next, the published signed metadata file is checked to confirm that it has been signed by the device’s private key. The provided recording file then is hashed, and the result is compared against the hash value in the signed metadata file. If the hash values match, then the recording is verified to have been produced directly by the device and otherwise unmodified. Finally, the timestamp and location in the signed metadata file are checked to determine whether the recording likely captured a real physical phenomenon.
This scheme could be combined with existing public-key infrastructure systems such as PGP to add an additional layer of credibility to the published recording by making the identity of the recorder verifiable. However, a verified recorder identity alone does not imply anything about the integrity of the recording itself.

The processes of publishing and verifying recordings can be automated in a way that makes them trivial for users without compromising the scheme’s security.

It is possible to use this kind of device to capture a verified recording of some faked input. This is a fundamental problem for any kind of verified recording scheme. For example, an audio recorder might be used to record a computer-generated voice being played through speakers. However, the tamper-proof timestamp and location data make it it challenging to create believable verified fakes in this way.

This scheme requires trusting the manufacturers of recording devices as well as the manufacturing process. These trust assumptions can’t be avoided, and they mean that a sufficiently powerful adversary could subvert the system. However, it is robust enough to facilitate verified recordings in practice.