Slashdot Mirror
Detecting Faked Photographs Gets Easier
nusratt writes "Some years ago, an issue of 'Whole Earth' had a convincing cover-photo of a flying saucer cruising low over downtown San Francisco in broad daylight. The accompanying feature article proclaimed that photographs can no longer be trusted as evidence of anything, because of the ease of doctoring images digitally and undetectably. Now, Dartmouth Professor Hany Farid and graduate student Alin Popescu 'have developed a mathematical technique to tell the difference between a "real" image and one that's been fiddled with.' Farid says, 'as more authentication tools are developed it will become increasingly more difficult to create convincing digital forgeries'." There's also an NYT story.
If you are looking for more detailed information, along with equasions, here is a link to one of their recent publications on the topic: http://www.cs.dartmouth.edu/~farid/publications/sp 04.html
So good point. That does seem to be a problem. The NY Times article has more details than the other; it is worth reading.
sp04.html
ih04.html
sacv03.html
And, we have two new papers currently in review (abstracts are currently on-line, and preprints will be available soon):
sp05a.html
sp05b.html
Some of these techniques work, as some have pointed out, only on high-quality jpeg or uncompressed images, while others work on lower-quality images. We are only in the early stages of development, and are currently working to extend some of these ideas to low-quality jpeg and gif images (though this will likely be a harder problem given that the compression artifacts will overwhelm any statistical perturbation resulting from tampering). One outcome of this may be that a legal standard is set that enforces images brought into a court of law to be of a certain resolution and compression quality.
I will be the first to admit that each of the techniques that we have developed can be reverse-engineered, though doing so is more difficult for some techniques than others. It is our hope, however, that as we and others continue to develop more techniques it will become increasingly more difficult (though never impossible) to simultaneously foil each of the detection tools.
I know how cryptographic (and hashing) algorithms work.
:) What I really was saying was that the fact that there will be ways to defeat this system does not mean it is completely useless or obsolete. Without looking at the algorithm in detail, it's not even possible to say that there likely will be easy ways around it (common sense might dictate there are, but common sense also dictates that RSA is easily breakable - mine does, anyway). Ultimately, only time will tell just how feasible it is to defeat this system, and only that will determine just how useful it will prove to be on a given level. (As an example, I could very well imagine that an intelligence agency or a similar organization will be able to produce images that pass the test when necessary, for example, while your average Paintshop Pro user won't).
As for "almost unbreakable" - well, that simply means that it *is* breakable after all; brute force does work, even though it's usually inefficient (which is why I added that an attacker would need a sufficient amount of time, energy and/or computing power).
Furthermore, from what I know, it is neither proven that your average hash functions (MD5, SHA1, RIPEMD-160 etc.) are collision-free nor that the underlying mathematical problems of your average asymmetric ciphers (RSA, DS, El Gamal etc.) indeed cannot be solved with less effort than brute force. (I may be wrong here, so feel free to correct me)
And lastly... you missed my point completely.
quidquid latine dictum sit altum videtur.