Slashdot Mirror

← Back to Stories (view on slashdot.org)

Digital Camera Image Verification

Posted by michael on from the signed-sealed-and-delivered dept.

Polo writes "While reading dpreview, I noticed that among several new products, Canon has announced a Digital Image Verification Kit to prove that an image taken by a particular camera has not been modified. It's disturbing to think about the conditions that would allow digital images to be accepted in a courtroom. I guess one defense would be to figure out how to 'verify' a photo of shark attack..."

19 of 255 comments (clear)

  1. It's called MD5 (?) by Shakrai · · Score: 4, Interesting

    The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.

    So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.

    Two or three questions I suppose:

    The article states that they are pursing ISO 15408 certification (evaluation criteria for IT security). Do they have to open up any source code to obtain that certification?

    What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

    In the mostly-serious-but-with-a-little-sarcasm dept -- does this take into account rotating the images if the camera doesn't automatically do it when you take a portrait vs a landscape? ;)

    All in all I suppose it's a neat idea -- hope it actually works before somebody is on trial for his life though...

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
    1. Re:It's called MD5 (?) by Anonymous Coward · · Score: 1, Interesting
      What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

      One possibility is that the SM (secure mobile) card reader/writer has an embeded private key.

      The generated code would be based on key + contents, rather than just the key.

    2. Re:It's called MD5 (?) by jdbarillari · · Score: 5, Interesting
      So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.

      [snip]

      What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

      Obviously, just storing the checksum of the image in the EXIF headers (or somewhere else) won't work -- you could just modify the image and calculate a new checksum. One variant on that scheme that would work (reasonably well) would be the following: each camera would be assigned a RSA private key. Canon would keep a record of which key was assigned to which camera (by associating it with the camera's serial number). The private key would be stored in a tamper-resistant chip on the camera's logic board. The camera could then digitally sign all of the images it captures. If the camera saved both its serial number and the digital signature in the EXIF headers of each image (or the JPEG comments, or whatever), a third party who wanted to verify the image could go to the Canon website, get the public key for that serial number, and verify the digitial signature.

      The weak point is in the 'tamperproof' chip -- research on smart cards has shown that virtually any so-called 'tamperproof' security system can be cracked. A court could demand to see one's camera (to ascertain that it had not been altered), but some smartcard attacks (such as those based on timing or power consumption) don't even need to modify the card to get at the key -- some of these attacks might translate to cameras, as well. It would be possible to provide pretty good image verification with this system. But a determined attacker could break it.

  2. Not just court rooms by evn · · Score: 4, Interesting

    I'm willing to be that one of the first customers for this software is the tabloid newspapers/magazines. They pay small fortunes of photos of celebrities in their most intimate and private moments and without a way to verify digital photographs they could be duped of millions of dollars.

  3. 2D autocorrelation... by dargaud · · Score: 4, Interesting
    I've been wrestling with the idea of writing an image modification detector. The idea is that when you modify an image, you copy one part into another part (using the clone brush of Photoshop or such).

    By doing an autocorrelation of the image, you can detect parts that have been copied, but the mathematical part is not that easy, particularly if there are uniform noiseless areas (sky).

    I can still deal with 1D autocorrelation, but in 2D my maths skills are rusty...

    --
    Non-Linux Penguins ?
  4. Don't re-invent the wheel by Anonymous Coward · · Score: 2, Interesting
    You know the world is full of free, robust, debugged and utterily trustworthy code for such operations.

    You don't have to re-invent the wheel.

  5. Digital Images and ghosts by paddlebot · · Score: 4, Interesting

    This is a funny article on why you shouldn't use your digital camera when trying to detect / prove the existance of ghosts. No not like a bad flat screen playing Quake, but like Casper the Friendly.

    He seems real serious about it too....

  6. Wrong audience .... by Anonymous Coward · · Score: 2, Interesting

    This is mostly for the use of Law Enforcement, where the cops have to prove the photos taken as evidence, haven't been tampered with....

  7. Could there be a way around this? Hmmm by rufusdufus · · Score: 3, Interesting

    What if you had a different piece of hardware other than the camera that can write to the memory card? I wonder...can you buy those off the shelf today?

  8. The security lies in the key... by stienman · · Score: 2, Interesting

    How it works

    The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.

    So the upshot is that they use a memory card which has some additional security functionality. This additional functionality can only be accessed by the card reader and the camera.

    The the crackers simply need to break that functionality or bypass it. This could be accomplished by breaking the camera's firmware (or the card reader) and changing it, or sitting between the USB reader and the computer (software or hardware wise) and changing the data as it goes along. Alternately it woud not be impossible to modify the camera so it gets the image from a computer instead of an image sensor.

    The ultimate, however, would be to break the protocol and keys between the reader and card or camera and card. Hopefully they are using a good encryption algorithm with fully secured sessions and a long key. I'd hate to see this broken in less than a few months time.

    -Adam

  9. Re:Courtroom. by Polo · · Score: 3, Interesting

    From this review of the new eos-1d mark ii:
    • An optional ($749) accessory Data Verification Kit DVK-E2 will permit verification of original untampered image data, allowing the EOS-1D Mark II to be used in legal proceedings and other applications where the ability to confirm that images haven't been altered in any way is crucial.

  10. Re:Canon by Shakrai · · Score: 2, Interesting
    None of the high end digital SLR cameras use NiMH batteries. Regular NiMH batteries run out of juice way too quickly. Using the Canon lithium ion packs you can get hundreds of shots with 1 battery. Also, unlike NiMH, lithiums don't lose like 10% of their charge daily.

    You completely missed the point of my statement -- in our setting, a small business with several dozen cameras of different models (old models that still worked that were discontinued, needed more functionality, etc) it would be very stupid to have a camera with a propriety battery or memory card. I can swap batteries or CF cards with any camera in our office -- and the CF cards are easily readable on any machine with a $20 reader -- without the need to install drivers and completely OS independent. I can also toss them into our laptops (again without drivers) using PCMCIA adaptors. Name another format that offers all of those advantages.

    I would also question the 10% of their charge daily. I used to be quite the digitial photography buff back in the day but nowadays I only use my (personal) digicam every few weeks. I have picked up my digicam (a Casio QV-3500X) after having it sit idle (with the batteries in it no less -- so assume there is a small draw on them to maintain the clock/camera settings) for over two months and proceeded to take 40-50 pictures using the LCD the entire time. My four AA NiMH batts lasted the entire time. With a fully charged set loaded fresh I can take 200+ pictures (again using the LCD the whole time) without problems.

    When we use them at the office we typically only wind up recharging them once every three weeks or so -- and we take dozens of pictures daily.

    Granted li-ion is a better technology overall (I love my extended run-time li-ion batt for my cell phone) but NiMH still has a place and until they figure out a way to put li-ion technology into standard battery sizes (AA/AAA) I'll stick with my NiMH batts for my digicams/CD-players. In the worst case scenario if my NiMH batts die and I don't have a spare set (like that's ever going to happen) I can always buy AAs at any store in the world and toss them into my product -- try that with your propriety formats that only exist to make the manufacturer more money.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  11. What about SECURE photography? by Speare · · Score: 4, Interesting

    I would love to see the firmware write all photographs to the CompactFlash already encrypted to my public key. Of course, that would mean you'd have to (1) forego viewing the images on the LCD, or (2) require the private key and allow entering some kind of text phrase or biometrical key.

    It's not like I engage in some sort of espionage or porn market, but I want to see more publically available data devices support cradle-to-grave security.

    --
    [ .sig file not found ]
  12. Re:Courtroom. by pixas · · Score: 3, Interesting

    What if the fotage is from a automated security camera and there is no human photographer to testify?

  13. Re:won't work by Corpsesarecute · · Score: 2, Interesting

    Sounds like a dare to me. A Slashdoter race for it anyone?

  14. As an attorney.. by JANYAtty. · · Score: 2, Interesting

    I would point out that there was a noted case where someone took pictures with a reduced scale ruler to make a crack or pothole look that much bigger. The picture was all original but already manipulated.... Ultimately I think I would go with affidavits (this is a true, accurate and unmodified picture of what it purports to be) containing a print in b&w on the affidavit as well as an md5 checksum of the pic file or files if I was attaching a cdrom or floppy. There are issues here about submitting info this way which I wont go into, but this may be appropriate in certain situations. And btway- I really like my canon a300. CF, AA batteries, 3.2meg.. no zoom function though, and a little large.

    --
    I dont do meaning of life questions.
  15. Camera fingerprinting by Anonymous Coward · · Score: 1, Interesting

    Try this sometime: set the auto timer on your camera, push the shutter button, then drop it into a drawer and close it. Wait for it to snap in total darkness, then pull it out and extract the picture. Now look for any pixels that aren't black.

    My camera has one that's permanently stuck to purple in the same place in every shot. You have to look really closely when that region is bright, but it's always there. There are a few others which are a bit darker but are also always there.

    Using this kind of logic and with access to a suspect camera, you could probably establish who shot a picture within a reasonable doubt. I mean, what are the odds of a specific set of LCD anomalies repeating on a different camera?

    1. Re:Camera fingerprinting by wotevah · · Score: 2, Interesting

      The problem is, that kind of noise will only appear in areas with low exposure (due to the gain control which amplifies the noise). When the sensor is getting sufficient light, the noise becomes less pronounced to invisible.

  16. Re:won't work by Trejkaz · · Score: 2, Interesting

    ElGamal signing keys aren't even used by anyone. You use RSA or DSA for signing, and ElGamal for encryption. ElGamal encryption keys haven't been compromised yet.

    --
    Karma: It's all a bunch of tree-huggin' hippy crap!