The Deepfake Headache: Are PKI & Digital Signatures the Panacea?

While the world still debates the benefits of AI (Artificial Intelligence) and its application across all realms of life, little is debated on the flipside of AI, especially in the context of authenticity. With the advent of AI, ‘Deepfakes’ have significantly penetrated a plethora of areas, such as human Identity, culture, news, photography, privacy, politics and more. This influence seems to have come at a cost, in terms of authenticity, veracity and importantly reputational damage.

What exactly is “Deepfake”?

AI-generated synthetic media—encompassing images, videos, and audio—mimic real content convincingly, but are entirely fabricated. They have been employed at scale to disseminate false information, generate misinformation, sow confusion on critical issues, and facilitate unethical activities. The damages caused by deepfake AI are significant.

Due to the easy access to AI tools, malicious actors can use a type of machine learning known as deep learning. This technology trains neural networks to create fake media by learning from existing images and videos of the target.

Most people are not fully aware about how advanced deepfake technology has become or how easy it is to use. It’s not just for technical experts or criminals. Anyone can find deepfake software online and make a believable imitation of someone else in just a few minutes.

Whom Do You ‘Trust’? – The Impact of Deepfakes

Identity, security and trust is a massive concern. With low barrier access to AI tools, AI-based threats will be relentless. For instance, the use of deepfakes in politics has been relentless to create fake news, manipulate public opinion, voters and to potentially influence election outcomes. There have been instances of deepfakes being used to create synthetic, computer-generated imitations of political figures, to spread false or misleading content.

As some of the major countries (India, USA, and many others) head to the elections in 2024, the looming threat of deepfakes is only going to get worse. The potential impact of deepfakes on elections has raised concerns about voter manipulation, erosion of public trust, and the spread of false information. The use of deepfakes in political campaigns has prompted calls for regulatory measures to address the threat posed by AI-generated media to the integrity of the political process.

In recent events, a British multinational design and engineering company was the target of a deepfake scam that led to one of its Hong Kong employees paying out $25 million to fraudsters where fake voices and images were used.

According to McKinsey data from 2022, losses due to cybercrime are estimated to reach two trillion USD by 2024.

Source: McKinsey

With rapidly evolving AI technology, the process of creating deepfake proofs of identity is becoming easier than ever. The concerns about AI-enabled risks in crypto have triggered some prominent industry executives to speak out on the matter.

Can Digital Signatures and PKI Be the Panacea?

Digital signatures and Public Key Infrastructure (PKI) can potentially play a vital role in defending against deepfakes by verifying the authenticity and veracity of digital content. Deepfakes are essentially digital manipulations, which can compromise digital trust by merging real and fake elements. To counter this, PKI-generated encrypted timestamps can act as digital watermarks, in a way, confirming the content’s authenticity at the moment it was captured. These encrypted watermarks can securely timestamp the content, preventing any tampering and perhaps offer a dependable way to identify genuine records from deepfakes.

Set up a secure, scalable and compliant cloud-based PKI with AVX ONE PKIaaS

Digital signatures function as undeniable evidence of the author’s digital identity and the authenticity of the communication. Created using cryptographic techniques supported by PKI, they help maintain the integrity of files and data by enabling users to verify the authenticity of the content. In the context of deepfakes, digital signatures and certificates are used to verify the authenticity of data by linking a signature to a specific originator. Verifying a digital signature involves checking both the signature’s validity and the certificate that ties it to the originator. Supported by PKI, a framework for managing digital identities and cryptographic keys, this process ensures the content’s authenticity and prevents the forging of digital signatures.

How Leading Camera Manufacturers Combat Deepfakes with Digital Signatures

In recent developments, top camera manufacturers like Nikon, Sony, and Canon recently announced a joint initiative to include digital signatures (as a global standard) in images taken straight from their high-end cameras. According to Nikkei Asia, the signatures will integrate key metadata like date, time, GPS location, and photographer details, cryptographically certifying the digital origin of each photo similar to embedding watermarks in “real” photographs instead.

As a global standard, these digital signatures are built to withstand editing and tampering techniques, offering a reliable method to distinguish real photographs from AI-generated deepfakes. They are tamper-resistant and ensure the authenticity and integrity of digital images, helping to prevent the spread of deepfakes. A common feature among these solutions is the strong assurance from firms that their digital signatures are tamper-resistant and impervious to editing, providing an extra layer of protection.

Building Trust Through PKI and CP2A to Combat Fake Identities

Fighting misinformation demands involvement from all parties in the system and the development of common, transparent standards enabling users to trace and assess content origin. Identifying the source of online content is pivotal for building trust and credibility.

In a major milestone, C2PA announced its partnership with Google to increase trust and transparency online aimed at increasing transparency to billions of interactions with online content thus playing a critical role in shaping the future of the C2PA technical standards.

Overall, C2PA aims to protect digital media by enhancing transparency, traceability, and trust in content attribution and authenticity. C2PA (Content Consumption and Provenance Authority) is an open standard allowing creators, publishers and consumers the ability to trace the origin of different types of media.

PKI provides a framework for verifying the identity of content creators and distributors, ensuring trust and authenticity in digital media. By leveraging PKI’s trust model, C2PA standards promote the adoption of secure and verifiable practices for content attribution and provenance across digital media platforms.

Building Trust with PKI:

  • Verification: A trusted authority, such as a certificate authority (CA), verifies the signer’s identity.
  • Key Generation: The CA issues a public-private key pair to the signer. The public key is shared openly, while the private key remains confidential.
  • Signing Content: The signer uses their private key to sign the digital document, creating a unique “fingerprint.”
  • Verification: Anyone can use the signer’s public key to verify the signature. If it matches the fingerprint, it confirms the document hasn’t been altered.

Certificate Lifecycle Management with Visibility, Control and Insights – All in One Place

Benefits of Using Digital Signatures and PKI

Digital signatures and PKI provide a robust framework for secure, efficient, and trustworthy digital interactions.

  • Authenticity: Ensures that the content is from the stated source and has not been altered.
  • Non-repudiation: Prevents the signer from later denying their signature on the document, content or code.
  • Increased Trust: Provides a clear and verifiable audit trail for digital content.
  • Combat Deepfakes: Verifies the source and authenticity of video and audio content, making it more difficult to distribute deepfakes.

PKI supports encryption techniques, enabling secure communication channels for exchanging sensitive information related to content attribution and provenance within the C2PA ecosystem. PKI-based digital certificates are utilized to verify the authenticity of content attribution metadata embedded within digital media, establishing trust in the information’s origin and integrity.

By incorporating PKI-based encrypted timestamps into digital content, organizations can tackle the core issue of digital trust erosion caused by deepfakes. This approach helps restore trust in digital records, ensuring that every photo, video, or audio recording carries an unmistakable mark of authenticity.

Conclusion

The power of AI can be offensive and defensive both. Securing data from deepfake-based fraud is crucial in light of the evolving landscape of highly deceptive cybercrime, fueled by the fusion of computing prowess and Trojan horse psychological manipulation. As deepfakes continue to grow in prominence, their own reputation is growing, too. It is imperative that security teams and businesses alike keep in mind that deepfakes may be used against them to cause huge financial Losses and reputational damage.

The need of the hour is a comprehensive strategy that includes the latest cybersecurity technology, education, and robust governance policies. It is also important for companies to collaborate with authorities and other organizations to strengthen defenses against information manipulation. Cybersecurity organizations must take a more holistic view of security, and recognize just how broad the threat of deepfakes is. The hope is that – identity, trust and verification – mechanisms would reduce the spread of possibly harmful deepfake media; and come up with a strategy to invest in technologies to neutralize this attack vector.

To learn more about PKI and digital certificate best practices and use cases for enterprise organizations, talk to us today.

Tags

  • Certificate authority
  • deepfake AI
  • Digital Certificates
  • Digital Identity
  • Digital signatures
  • PKI

About the Author

Karthik Kannan

VP Product & Consulting | MSSP & GSI Partnerships

VP - Product Management at AppViewX heading Automation and Low Code Suite. Oversee product lifecycle: vision > concept > ideation > design > launch.

More From the Author →

Related Articles

The Entrust Distrust Deadline is Closing In. Are you Prepared?

| 4 Min Read

AI in Cybersecurity – “Moving forward Together” and Amping Up the Remediation Game

| 6 Min Read

Don’t Let an Expired Certificate Cause Critical Downtime. Prevent Outages with a Smart CLM

| 8 Min Read