Digital Camera Image Verification

Polo writes "While reading dpreview, I noticed that among several new products, Canon has announced a Digital Image Verification Kit to prove that an image taken by a particular camera has not been modified. It's disturbing to think about the conditions that would allow digital images to be accepted in a courtroom. I guess one defense would be to figure out how to 'verify' a photo of shark attack..."

It's called MD5 (?)

[Shakrai]

The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.

So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.

Two or three questions I suppose:

The article states that they are pursing ISO 15408 certification (evaluation criteria for IT security). Do they have to open up any source code to obtain that certification?

What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

In the mostly-serious-but-with-a-little-sarcasm dept -- does this take into account rotating the images if the camera doesn't automatically do it when you take a portrait vs a landscape? ;)

All in all I suppose it's a neat idea -- hope it actually works before somebody is on trial for his life though...

Re:It's called MD5 (?)

[jdbarillari]

So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.

[snip]

What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

Obviously, just storing the checksum of the image in the EXIF headers (or somewhere else) won't work -- you could just modify the image and calculate a new checksum. One variant on that scheme that would work (reasonably well) would be the following: each camera would be assigned a RSA private key. Canon would keep a record of which key was assigned to which camera (by associating it with the camera's serial number). The private key would be stored in a tamper-resistant chip on the camera's logic board. The camera could then digitally sign all of the images it captures. If the camera saved both its serial number and the digital signature in the EXIF headers of each image (or the JPEG comments, or whatever), a third party who wanted to verify the image could go to the Canon website, get the public key for that serial number, and verify the digitial signature.

The weak point is in the 'tamperproof' chip -- research on smart cards has shown that virtually any so-called 'tamperproof' security system can be cracked. A court could demand to see one's camera (to ascertain that it had not been altered), but some smartcard attacks (such as those based on timing or power consumption) don't even need to modify the card to get at the key -- some of these attacks might translate to cameras, as well. It would be possible to provide pretty good image verification with this system. But a determined attacker could break it.

Not just court rooms

[evn]

I'm willing to be that one of the first customers for this software is the tabloid newspapers/magazines. They pay small fortunes of photos of celebrities in their most intimate and private moments and without a way to verify digital photographs they could be duped of millions of dollars.

2D autocorrelation...

[dargaud]

I've been wrestling with the idea of writing an image modification detector. The idea is that when you modify an image, you copy one part into another part (using the clone brush of Photoshop or such).

By doing an autocorrelation of the image, you can detect parts that have been copied, but the mathematical part is not that easy, particularly if there are uniform noiseless areas (sky).

I can still deal with 1D autocorrelation, but in 2D my maths skills are rusty...

Digital Images and ghosts

[paddlebot]

This is a funny article on why you shouldn't use your digital camera when trying to detect / prove the existance of ghosts. No not like a bad flat screen playing Quake, but like Casper the Friendly.

He seems real serious about it too....

Could there be a way around this? Hmmm

[rufusdufus]

What if you had a different piece of hardware other than the camera that can write to the memory card? I wonder...can you buy those off the shelf today?

Re:Courtroom.

[Polo]

From this review of the new eos-1d mark ii:

• An optional ($749) accessory Data Verification Kit DVK-E2 will permit verification of original untampered image data, allowing the EOS-1D Mark II to be used in legal proceedings and other applications where the ability to confirm that images haven't been altered in any way is crucial.

What about SECURE photography?

[Speare]

I would love to see the firmware write all photographs to the CompactFlash already encrypted to my public key. Of course, that would mean you'd have to (1) forego viewing the images on the LCD, or (2) require the private key and allow entering some kind of text phrase or biometrical key.

It's not like I engage in some sort of espionage or porn market, but I want to see more publically available data devices support cradle-to-grave security.

Re:Courtroom.

[pixas]

What if the fotage is from a automated security camera and there is no human photographer to testify?