Friday, August 12, 2005

Speed camera fines in doubt

As reported by Slashdot...

"The integrity of all speed camera offences has been thrown into serious doubt and it appears that the RTA is unable to prove any contested speed camera matter because of a lack of admissible evidence," Mr Miralis said.

The case revolved around the integrity of a mathematical MD5 algorithm published on each picture and used as a security measure to prove pictures have not been doctored after they have been taken.

Mr Miralis argued that the RTA had to prove the algorithm it used was accurate and could not be tampered with. He said: "It is our understanding that since speed cameras were introduced approximately 15 years ago on NSW roads, not one single speed camera photograph has been capable of proving an offence."


MD5 is a message digest algorithm that is widely used to generate unique identifiers for any kind of file. Basically a file undergoes a mathematical process and the output is a string of numbers that is equivalent to the file's fingerprints. Only problem is like real fingerprints, there's a chance, however remote, that 2 persons may share the same fingerprints. When this happens, a hash collision is said to exist.

Due to increased computing power, it is now feasible for a malicious person to generate identical MD5 hash checksums for 2 completely different files.

Here's an example:

Lockheed Martin test page
Boeing test page

Two companies in direct competition with each other. But sharing the same MD5 hash checksums.

If you're running Mac OS X, you can verify this for yourself by entering the following commands.

$curl -sS "http://www.doxpara.com/t1.html" | openssl md5
$curl -sS "http://www.doxpara.com/t2.html" | openssl md5


This is the MD5 hash checksum of both files:

c0f3adb824590b40944614268e627421


The astute observer will say it's apparent that the CONTENTS of the files are different, which is true. However, the lawyer's case rests on the fact that the speed cameras themselves lack authentication and non-repudiation facilities, which means that there is no mechanism to be absolutely certain the pictures came from the camera and haven't been doctored before the hash was applied.

Link

1 comment:

zeenie said...

Way cool. Fast cars, long roads, here i come....