Ideas for defeating Anti-Deep-Fakes

Slide 1

Slide 1 text

Ideas for defeating Anti-Deep-Fakes Ren Kimura (@RKX1209) AVTOKYO 2024.11.14 Prepare for the next cyber threat

Slide 2

Slide 2 text

2 whoami Founder & CEO of Ricerca Security, Inc. Product Manager (PdM) Ren Kimura (X: @RKX1209) Interested in : Bizdev and Vulnerability Research (VR)

Slide 3

Slide 3 text

Face Synthesis 3 What is the “Deep Fake” = Techniques to generate fake media (video, image, voice…) Face manipulation techniques for generating fake videos/images. Face Swap Attribute Manipulation Expression Swap

Slide 4

Slide 4 text

Name cosine dist login Admin’s voice 0.0 N/A Text to Speach 0.08 ✔ Another person’s voice 0.69 ☓ 4 DeepFake demo Login_With_Voice_Verification Voice Cloning

Slide 5

Slide 5 text

5 Any perfect verifier exists? Media data movie.mp4 image.jpg voice.wav verifier “Real” “Fake”

Slide 6

Slide 6 text

6 Verification methods Detection Science & Tech Spotlight: Combating Deepfakes (GAO-24-107292) Authentication ● Bit patterns ● Color abnormalities ● Facial/Vocal inconsistencies “Recorded by camera.”

Slide 7

Slide 7 text

7 C2PA (Coalition for Content Provenance and Authenticity) original.jpg ● 2024-09-04 21:00 ● Created: Canon EOS R1 … C2PA meta data c2pa.actions hash function encrypt function encrypted hash Private key in EOS R1

Slide 8

Slide 8 text

8 edited.jpg C2PA meta data c2pa.actions c2pa.ingredients ● original.jpg hash function encrypt function encrypted hash Private key in Adobes account ● 2024-09-10 12:54 ● Edited: Adobe Photoshop ● Actions: Crop, Frame… … Chain of metadata

Slide 9

Slide 9 text

9 Chain of trust original.jpg edited.jpg C2PA metadata “Recorded by Canon EOS R1“ X.509 certificate chain “Edited by Adobe Photoshop“ parent Editor (adobe account)

Slide 10

Slide 10 text

10 C2PA signing by Generative AI services image.webp image.webp C2PA metadata “Created by DALL-E“ X.509 certificate chain “Use original one as an ingredient“ parent

Slide 11

Slide 11 text

11 "Captured with a camera" (~2024.10.15) “I am really at the zoo” https://www.youtube.com/watch?v=gfjgRHtDa38

Slide 12

Slide 12 text

12 Guessing from their official help page. original.mp4 “Recorded by Canon EOS R1“ upload ・・・・ Whitelist “They are cameras” How does it work

Slide 13

Slide 13 text

13 ❌ Generative AI: “No camera” gen_by_sora.mp4 “Created by OpenAIs SORA“ upload C2PA metadata X.509 certificate chain ・・・・ Whitelist “They are cameras” Not matched!

Slide 14

Slide 14 text

14 ✔"Captured with a camera" “Recorded by Canon EOS R1 “ “Edited by Adobe Premiere Pro“ ・・・・ Whitelist “They are cameras” upload Get original mp4 by social engineering, crawling…

Slide 15

Slide 15 text

15 Air gapping scenario edited.mp4 faked.mp4 C2PA metadata “Recorded by Canon EOS R1 “ X.509 certificate chain Record over the air

Slide 16

Slide 16 text

16 ❌ “No camera” edited.mp4 faked.mp4 C2PA metadata “Recorded by Sony α7 IV “ X.509 certificate chain SONY metadata “It may record 2D flattened area“ Record 3d-depth over the air

Slide 17

Slide 17 text

17 My approach:

Slide 18

Slide 18 text

18 Perfect verifier doesn’t exist Media data movie.mp4 image.jpg voice.wav verifier “Real” “Fake”

Slide 19

Slide 19 text

19 What should Blue/White-team do? “A Guide to Preparing and Responding to Deepfake Events” OWASP TOP10 LLM App&GenAI (2024.10)

Slide 20

Slide 20 text

20 What should Blue/White-team do? Financial gain through fraud by impersonation. Impersonation for cyberattacks Job Interview Fraud Mis/Dis/Mal Information

Slide 21

Slide 21 text

21 Conclusion Detection and Authentication methods are not perfect Proposed a new technique to bypass C2PA authentication Defense-in-depth and layered controls are required.

Slide 22

Slide 22 text

No content