NorthSec 2024

Christian Paquin

I’m cryptography and security engineer at Microsoft Research where I aim to bring new research innovations closer to reality. My work focuses lately on privacy-preserving identity, post-quantum cryptography, and content origin and authentication (especially surrounding the work of the C2PA in which I’m a member of the technical working group). Prior to joining Microsoft I was a crypto developer at Zero Knowledge Systems developing a TOR-precursor mixnet and the Chief Security Engineer at Credentica.

The speaker's profile picture

Sessions

05-17
10:00
30min
Real or fake? Tools to fight online disinformation
Christian Paquin

It is quite challenging to verify the origin of online content. In this era of disinformation exacerbated by ever-evolving AI tools, the creation of seemingly authentic fake accounts and content can be quite dangerous, with risks ranging from harming one’s reputation to damaging society as a whole.
Fortunately, content provenance technologies are emerging to fight this problem. The Coalition for Content Provenance and Authenticity (C2PA) is the leading effort allowing creators to cryptographically sign their digital assets and record subsequent edits helping consumers to confirm their origin and authenticity while keeping an auditable history of the data transformations. It has been adopted by leading technology providers (Microsoft, Google, Meta), camera manufacturers (Sony, Nikon), image/video editors (Adobe), generative AI companies (OpenAI, Midjourney), and news organizations (BBC, CBC/Radio-Canada, New York Times). C2PA is also at the forefront of the fight against election disinformation, and was one of two technologies mentioned in the recent AI Elections accord signed at the Munich security conference.
In this presentation, I’ll describe the C2PA use cases, specifications, and the lifecycle of a protected digital asset (such as images, videos, and audio clips) from their creation, to their modifications and validation. I’ll present open-source tools/SDKs that anyone can use to create and verify protected content or integrate this functionality in their applications and services.
I’ll also present the Cross-Platform Origin of Content (XPOC) framework allowing content owners to create authoritative lists of their social media accounts and content, addressing a slightly different provenance problem. I’ll give a demonstration of the open-source tools allowing anyone to self-host and verify XPOC manifests.

Human in the Middle
Ville-Marie
05-17
11:30
30min
Human in the Middle Q&A
Christian Paquin, Patricia Gagnon-Renaud, W. Garrett Myler, Octavia Hexe

Q&A Discussion for the Human in the Middle block.

Human in the Middle
Ville-Marie