Slashdot Mirror

← Back to Stories (view on slashdot.org)

Digital Camera Image Verification

Posted by michael on from the signed-sealed-and-delivered dept.

Polo writes "While reading dpreview, I noticed that among several new products, Canon has announced a Digital Image Verification Kit to prove that an image taken by a particular camera has not been modified. It's disturbing to think about the conditions that would allow digital images to be accepted in a courtroom. I guess one defense would be to figure out how to 'verify' a photo of shark attack..."

1 of 255 comments (clear)

  1. Re:It's called MD5 (?) by jdbarillari · · Score: 5, Interesting
    So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.

    [snip]

    What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

    Obviously, just storing the checksum of the image in the EXIF headers (or somewhere else) won't work -- you could just modify the image and calculate a new checksum. One variant on that scheme that would work (reasonably well) would be the following: each camera would be assigned a RSA private key. Canon would keep a record of which key was assigned to which camera (by associating it with the camera's serial number). The private key would be stored in a tamper-resistant chip on the camera's logic board. The camera could then digitally sign all of the images it captures. If the camera saved both its serial number and the digital signature in the EXIF headers of each image (or the JPEG comments, or whatever), a third party who wanted to verify the image could go to the Canon website, get the public key for that serial number, and verify the digitial signature.

    The weak point is in the 'tamperproof' chip -- research on smart cards has shown that virtually any so-called 'tamperproof' security system can be cracked. A court could demand to see one's camera (to ascertain that it had not been altered), but some smartcard attacks (such as those based on timing or power consumption) don't even need to modify the card to get at the key -- some of these attacks might translate to cameras, as well. It would be possible to provide pretty good image verification with this system. But a determined attacker could break it.