Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Ideas for defeating Anti-Deep-Fakes
Search
Ren Kimura
November 14, 2024
Programming
0
52
Ideas for defeating Anti-Deep-Fakes
[email protected]
Ren Kimura
November 14, 2024
Tweet
Share
More Decks by Ren Kimura
See All by Ren Kimura
セキュリティベンチャーのリスク管理
rkx1209
0
98
ファジング+トリアージ技術を用いた脆弱性解析自動化
rkx1209
0
98
Introduction to Fuzzing
rkx1209
6
4.2k
ARM TrustZone エクスプロイト入門
rkx1209
7
8.1k
The Game is Over. Nintendo switch has been totally compromised
rkx1209
9
5.1k
インサイドNintendo Switch
rkx1209
18
13k
More efficient remote debugging with Thin Hypervisor
rkx1209
3
2.5k
Reverse Debugging with radare2
rkx1209
6
1.9k
カーネルエクスプロイトによるシステム権限奪取
rkx1209
13
7.8k
Other Decks in Programming
See All in Programming
おやつのお供はお決まりですか?@WWDC25 Recap -Japan-\(region).swift
shingangan
0
140
すべてのコンテキストを、 ユーザー価値に変える
applism118
4
1.4k
Result型で“失敗”を型にするPHPコードの書き方
kajitack
5
980
はじめてのWeb API体験 ー 飲食店検索アプリを作ろうー
akinko_0915
0
130
AI コーディングエージェントの時代へ:JetBrains が描く開発の未来
masaruhr
1
200
PostgreSQLのRow Level SecurityをPHPのORMで扱う Eloquent vs Doctrine #phpcon #track2
77web
2
560
AI駆動のマルチエージェントによる業務フロー自動化の設計と実践
h_okkah
0
210
Git Sync を超える!OSS で実現する CDK Pull 型デプロイ / Deploying CDK with PipeCD in Pull-style
tkikuc
4
240
ご注文の差分はこちらですか? 〜 AWS CDK のいろいろな差分検出と安全なデプロイ
konokenj
3
470
Goで作る、開発・CI環境
sin392
0
260
猫と暮らす Google Nest Cam生活🐈 / WebRTC with Google Nest Cam
yutailang0119
0
160
なぜ適用するか、移行して理解するClean Architecture 〜構造を超えて設計を継承する〜 / Why Apply, Migrate and Understand Clean Architecture - Inherit Design Beyond Structure
seike460
PRO
3
790
Featured
See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
YesSQL, Process and Tooling at Scale
rocio
173
14k
We Have a Design System, Now What?
morganepeng
53
7.7k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
How GitHub (no longer) Works
holman
314
140k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
The Language of Interfaces
destraynor
158
25k
It's Worth the Effort
3n
185
28k
Transcript
Ideas for defeating Anti-Deep-Fakes Ren Kimura (@RKX1209) AVTOKYO 2024.11.14 Prepare
for the next cyber threat
2 whoami Founder & CEO of Ricerca Security, Inc. Product
Manager (PdM) Ren Kimura (X: @RKX1209) Interested in : Bizdev and Vulnerability Research (VR)
Face Synthesis 3 What is the “Deep Fake” = Techniques
to generate fake media (video, image, voice…) Face manipulation techniques for generating fake videos/images. Face Swap Attribute Manipulation Expression Swap
Name cosine dist login Admin’s voice 0.0 N/A Text to
Speach 0.08 ✔ Another person’s voice 0.69 ☓ 4 DeepFake demo Login_With_Voice_Verification Voice Cloning
5 Any perfect verifier exists? Media data movie.mp4 image.jpg voice.wav
verifier “Real” “Fake”
6 Verification methods Detection Science & Tech Spotlight: Combating Deepfakes
(GAO-24-107292) Authentication • Bit patterns • Color abnormalities • Facial/Vocal inconsistencies “Recorded by camera.”
7 C2PA (Coalition for Content Provenance and Authenticity) original.jpg •
2024-09-04 21:00 • Created: Canon EOS R1 … C2PA meta data c2pa.actions hash function encrypt function encrypted hash Private key in EOS R1
8 edited.jpg C2PA meta data c2pa.actions c2pa.ingredients • original.jpg hash
function encrypt function encrypted hash Private key in Adobes account • 2024-09-10 12:54 • Edited: Adobe Photoshop • Actions: Crop, Frame… … Chain of metadata
9 Chain of trust original.jpg edited.jpg C2PA metadata “Recorded by
Canon EOS R1“ X.509 certificate chain “Edited by Adobe Photoshop“ parent Editor (adobe account)
10 C2PA signing by Generative AI services image.webp image.webp C2PA
metadata “Created by DALL-E“ X.509 certificate chain “Use original one as an ingredient“ parent
11 "Captured with a camera" (~2024.10.15) “I am really at
the zoo” https://www.youtube.com/watch?v=gfjgRHtDa38
12 Guessing from their official help page. original.mp4 “Recorded by
Canon EOS R1“ upload ・・・・ Whitelist “They are cameras” How does it work
13 ❌ Generative AI: “No camera” gen_by_sora.mp4 “Created by OpenAIs
SORA“ upload C2PA metadata X.509 certificate chain ・・・・ Whitelist “They are cameras” Not matched!
14 ✔"Captured with a camera" “Recorded by Canon EOS R1
“ “Edited by Adobe Premiere Pro“ ・・・・ Whitelist “They are cameras” upload Get original mp4 by social engineering, crawling…
15 Air gapping scenario edited.mp4 faked.mp4 C2PA metadata “Recorded by
Canon EOS R1 “ X.509 certificate chain Record over the air
16 ❌ “No camera” edited.mp4 faked.mp4 C2PA metadata “Recorded by
Sony α7 IV “ X.509 certificate chain SONY metadata “It may record 2D flattened area“ Record 3d-depth over the air
17 My approach:
18 Perfect verifier doesn’t exist Media data movie.mp4 image.jpg voice.wav
verifier “Real” “Fake”
19 What should Blue/White-team do? “A Guide to Preparing and
Responding to Deepfake Events” OWASP TOP10 LLM App&GenAI (2024.10)
20 What should Blue/White-team do? Financial gain through fraud by
impersonation. Impersonation for cyberattacks Job Interview Fraud Mis/Dis/Mal Information
21 Conclusion Detection and Authentication methods are not perfect Proposed
a new technique to bypass C2PA authentication Defense-in-depth and layered controls are required.
None