PleasEye 01 / 12
Çankaya University · SENG 491-492

PleasEye

Hardware-anchored digital content authentication. Prove authenticity at the moment of capture, fight deepfakes with cryptography, not detection.

Graduation Project, 2025-2026 Software Engineering
Live 02 / 12
A small experiment

Which one is real?

One was captured by a camera. One was generated by a model. Hit reveal to see which is which.

Video A
Video A drop file at
presentation/assets/fake.mp4
Video B
Video B drop file at
presentation/assets/real.mp4
Detection is a guess PleasEye is a proof
The Problem 03 / 12
The Deepfake Crisis

What you see may not be real.

Generative AI now produces content that is indistinguishable from reality. Detection lags. Trust erodes faster than tools can catch up.

  • 01 Manipulated media at scale AI generates realistic fakes in seconds.
  • 02 Broken trust across industries News, courts, and platforms lose ground truth.
  • 03 Detection always lags Post-hoc analysis can be evaded by next-gen models.
ReactiveAlways one step behind
Solution 04 / 12
Hardware-Rooted Provenance

Sign at capture. Verify anywhere.

Move authenticity from detection to origin. A signed manifest is emitted the instant a frame is captured.

The flow
01 Capture & HashESP32-CAM, SHA-256 of raw frame
02 Sign Privatelydigital signature, on a secure chip
03 Create ManifestHash, timestamp, device ID
04 Anchorwritten to a public, immutable ledger
What we prove
  • ASourcewhich device captured it
  • BIntegritycontent has not been modified
  • CTimewhen the capture occurred
  • DTamper statedevice security at capture
Edge-rootedChain-anchored
Architecture 05 / 12
Three-Layer System

From sensor to public proof, one signed path.

End-to-end architecture, capture device, verification backend, immutable on-chain anchor.

  • FWEmbedded firmwarecapture, hash, sign, encrypt
  • APIVerification backendchecks signatures, blocks replays
  • L1Public ledgersmart contracts, immutable records
ESP32-CAMcapture, sign L1
AES-256-GCMencrypt manifest L2
Express APIverify, replay block L3
Blockchainimmutable proof L4
Edge, Cloud, ChainOne direction
The Capture 06 / 12
A Real Frame

This is what gets signed.

A frame from our actual ESP32-CAM. Modest sensor on purpose, the goal is verifiable provenance, not cinema.

  • DEVESP32-DEV-01capture device identifier
  • SENOV2640 CMOS640 × 480 native
  • SEQ#0042monotonic sequence number
  • SHAa1b2c3d4 … 9f8e7d6ccryptographic fingerprint of the frame
Frame · ESP32-DEV-01 · seq 0042 640 × 480
Real ESP32-CAM capture
signed at capture SHA-256 · a1b2c3…
Tangible Layer 1 outputHashed in firmware
Cryptography 07 / 12
Security by Design

Hash. Sign. Encrypt. Anchor.

Multi-layer cryptographic protection. Deterministic primitives, no AI in the trust path.

01 Image CaptureRaw JPEG, CMOS sensor
02 SHA-256 Hash64-char hex digest
03 ECDSA P-256 SignDER-encoded signature
04 AES-256-GCM Encryptauthenticated + AAD
05 Manifestsigned record of everything above
// manifest.json { "aad": { "protocol_version": "pe-v1", "device_id": "ESP32-DEV-01", "seq": 42, "capture_timestamp": "...", "hash_algorithm": "SHA-256", "image_hash": "A1B2C3...", "tamper_state": "OK" }, "encryption": { "algorithm": "AES-256-GCM", "nonce": "base64...", "tag": "base64..." }, "signature": { "algorithm": "ECDSA-P256", "sig": "base64..." } }
DeterministicVerifiable
Demo 1 drop file at
presentation/assets/demo1.mp4
Demo 2 drop file at
presentation/assets/demo2.mp4
Stack 09 / 12
What We Built It With

The tools, end to end.

Small surface area, standard cryptography, public ledger.

Hardware

  • ESP32-CAMcapture
  • SE050secure element
  • mbedTLScrypto lib

Backend

  • ExpressAPI
  • TypeScripttypes
  • Node cryptoverify

Ledger

  • Suipublic blockchain
  • Movesmart contracts
  • @mysten/suiSDK

Frontend

  • ReactUI
  • Vitebuild
  • Tailwindstyling
One signed pathSensor to ledger
Features 10 / 12
Comprehensive Protection

Defense, by design.

Every layer carries its own guarantee, and a way to detect when it fails.

F1
Hardware Key Storage

Private keys never leave the secure element.

F2
Tamper Detection

Physical sensors trigger key zeroization.

F3
Replay Protection

Sequence numbers prevent duplicates.

F4
Immutable Record

Anchored on a public ledger, can not be edited.

PropertyTraditionalPleasEye
Proves origin at capture
Hardware-backed security
Immutable record
Works without AI
Tamper-resistant
QuietHard
Applications 11 / 12
Real-World Use Cases

Where a frame becomes evidence.

One primitive, provenance at capture, applied across high-stakes domains.

FEED
Authentic Feed
A Pinterest-like gallery surfacing only verified, public media items.
U1, News

Journalism

Verify photos and videos from trusted sources, combat misinformation.

U2, Forensics

Legal Evidence

Cryptographically signed evidence with chain-of-custody.

U3, Verified

Social Media

Authentic-capture badges on public feeds.

U4, Compliance

Medical

Authenticate research images and medical documentation.

One primitiveMany domains
Team 12 / 12
Meet the Creators

Four builders.

Software Engineering students at Çankaya University, building a graduation project on the future of digital trust.

EC
Efe Çelik
Software Engineer
BB
Batuhan Bayazıt
Software Engineer
BC
Barış Cem Bayburtlu
Software Engineer
BA
Burak Aydoğmuş
Software Engineer

Çankaya University

Software Engineering Department

SENG 491-492, 2025-2026

The PleasEye Team
The PleasEye Team 2026
navigate