Safeguarding reality: PKI and synthetic media

Impact of generative AI and deepfake on transparency and authenticity of information. The role of PKI and C2PA in combating deepfakes.

In an era defined by rapid advancements in artificial intelligence and machine learning, the rise of generative AI brings forth both awe-inspiring possibilities and concerning challenges. At the forefront of these challenges lies the pervasive threat of deepfakes, synthetic media meticulously crafted to blur the lines between reality and fiction.

Generative AI and deepfake

Generative artificial intelligence (or Generative AI) is a type of artificial intelligence (AI) capable of generating text, images, or other media in response to various inputs and stimuli. Generative AI models learn the patterns (called patterning) and structure of their input data and then generate new data that has similar characteristics but is artificially created.

Deepfakes are synthetic media that have been digitally manipulated to convincingly replace the likeness of one person with the likeness of another person, virtually. While the act of creating a fake has been widely known for a long time, deepfakes use machine learning and artificial intelligence to manipulate or generate visual and audio content that can easily deceive because it looks real.

Look at one of the most famous deepfake generated by artificial intelligence:

The proliferation of deepfakes prompts a crucial question: How do we discern truth from fiction and defend the authenticity of digital information? The answer lies in leveraging innovative solutions such as the Coalition for Content Provenance and Authenticity (C2PA) and Public Key Infrastructure (PKI).

Fortunately, it seems, that we are on a good starting point to protect our reality using combination of image processing methods, metadata, and digital trust consisting of digital certificates and digital signatures.

Watermarks and metadata

There are couple of traditional methods for protecting the media from manipulation and to include additional data that might be helpful for identification of ownership:

  • Digital watermarking provides an alternative solution to ensure tamper-proofing, intellectual property and enhance the security of multimedia documents. Any digital content, such as images, audio and video, and more, can be watermarked.
  • Digital steganography as the counterpart of digital watermarking deals with ways to embed information in multimedia content in such a way that the presence of the information is not easily identifiable (visible) to humans. It is also sometimes referred to as covert communication.
  • Exif (short for Exchangeable image file format) is a specification for the metadata format embedded in files by digital cameras (including smart mobile phones), scanners and other image processing devices or programs, or audio files.

Digital watermarking and steganography emerge as stalwart defences, embedding invisible markers within content to safeguard against tampering and assert ownership. Meanwhile, metadata, including Exif data, provides invaluable insights into the provenance of digital assets, enhancing transparency and accountability.

Content credentials and metadata

Sample content C2PA credentials and metadata.

Digital signatures

A digital signature is a cryptographic technique used to verify the authenticity and integrity of digital data. Digital signatures are mostly created using a combination of public key cryptography and hashing algorithms.

Digital signatures provide a higher level of security and cannot be easily forged or tampered with. They also provide non-repudiation, meaning that the signatory cannot deny having signed the data once it has been digitally signed.

Digital signatures are widely used in various applications, including electronic transactions, secure email communication, and software distribution. They play a crucial role in ensuring the authenticity and integrity of digital information in today's digital world.

In combination with digital certificate that represents digital identity, digital signatures provide a way how to uniquely identify signatory and any subsequent change to the data can be detected.

Three steps to regain trust in digital content




Coalition for Content Provenance and Authenticity

The Coalition for Content Provenance and Authenticity (C2PA) addresses the prevalence of online misinformation through the development of technical standards for certifying the source and history (and origin) of media content.

C2PA unites the efforts of the Adobe Content Authenticity Initiative (CAI), which focuses on systems that provide context and history to digital media, and Project Origin, a Microsoft and BBC-led initiative that addresses misinformation in the digital news ecosystem.

C2PA defines a layered model that begins with the proved provenance of the media and each additional layer provides comprehensive information about the changes that have been made. Eventually, each layer can be digitally signed to protect integrity and provide also non-repudiation.

At the heart of this defence arsenal lies PKI, a cornerstone of digital security. Through the intricate dance of cryptographic techniques and digital signatures, PKI ensures the integrity and authenticity of data, thwarting attempts at forgery and manipulation. By anchoring digital identities to verifiable certificates, PKI establishes a trusted framework for validating information and preserving trust in a digital landscape fraught with uncertainty.

Using the combination of metadata and digital signatures we can verify the authenticity of the information.

C2PA trust model

The C2PA trust model relies on the public key infrastructure. The PKI plays an important role for creating signer's digital identity and to provide consumers reliable way to validate the data and signer's identity in time.

The above model shows, in yellow, green and red, the three entities specified in the trust model, which is concerned with trust in a signer’s identity. In dashed lines, below, is the consumer, who uses the identity of the signer, along with other trust signals, to decide whether the assertions made about an asset are true.

The trust model proposed by C2PA, underscored by PKI principles, empowers consumers to navigate the digital realm with confidence. By scrutinising the identity of signatories and embracing robust verification mechanisms, users can discern fact from fiction, fostering a culture of accountability and transparency.

Trust but verify

With the boom of the various generative AI tools, we can create literally any content that is indistinguishable from the reality. The generative AI also becomes a tool for fraudulent operations, creating deepfakes, and trying to fool users to gain advantage.

In a world where reality hangs precariously in the balance, the imperative to safeguard truth has never been more pressing. Through the collaborative efforts of organisations like C2PA and the steadfast principles of PKI, we forge a path towards a future where authenticity reigns supreme and trust is the currency of the digital age.

As we confront the spectre of deepfakes and synthetic media, let us embrace the mantra of "trust but verify," harnessing the power of technology to uphold the sanctity of reality and preserve the integrity of information for generations to come.