Forgot your password?
typodupeerror
Graphics Software Security

Digital Camera Image Verification 255

Posted by michael
from the signed-sealed-and-delivered dept.
Polo writes "While reading dpreview, I noticed that among several new products, Canon has announced a Digital Image Verification Kit to prove that an image taken by a particular camera has not been modified. It's disturbing to think about the conditions that would allow digital images to be accepted in a courtroom. I guess one defense would be to figure out how to 'verify' a photo of shark attack..."
This discussion has been archived. No new comments can be posted.

Digital Camera Image Verification

Comments Filter:
  • Windows only? (Score:3, Insightful)

    by Moderator (189749) * on Saturday January 31, 2004 @05:04PM (#8146261)
    The card reader connects to a computer USB port (only Windows 2000/XP compatible at the moment).

    Suddenly, this throws out the validity of anyone who owned a Mac or was using FreeBSD as their primary desktop operating system.
    • Re:Windows only? (Score:3, Insightful)

      by redJag (662818)
      That's really not insightful. All this means is that, as of now, only Windows computers can *check* the validity of the picture in question. The computer you use has nothing to do with the pictures your camera takes.
  • It's called MD5 (?) (Score:5, Interesting)

    by Shakrai (717556) * on Saturday January 31, 2004 @05:04PM (#8146264) Journal

    The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.

    So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.

    Two or three questions I suppose:

    The article states that they are pursing ISO 15408 certification (evaluation criteria for IT security). Do they have to open up any source code to obtain that certification?

    What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

    In the mostly-serious-but-with-a-little-sarcasm dept -- does this take into account rotating the images if the camera doesn't automatically do it when you take a portrait vs a landscape? ;)

    All in all I suppose it's a neat idea -- hope it actually works before somebody is on trial for his life though...

    • by filtersweep (415712) on Saturday January 31, 2004 @05:21PM (#8146352) Homepage Journal
      "All in all I suppose it's a neat idea -- hope it actually works before somebody is on trial for his life though..."

      Well, the camera is only one step in the chain. Are they going to keep a bunch of these presumably more expensive memory cards lying around, or are "they" going to archive them on a CDR or hard drive? Once the image is out of the card, the verification is meaningless (if it wasn't already meaningless in the first place).

      I provide "expert testimony" in court on a semi-regular basis in a completely different field. I always submit "photostatic replicas" of original documents and sign a notarized affidavit of their authenticity. Overall, it is simply the sworn testimony of the authenticity of any evidence that holds more weight than some "technological solution."

      Photoshoppers be dammed! Long live fark.com
    • Still does not (Score:5, Informative)

      by www.sorehands.com (142825) on Saturday January 31, 2004 @05:30PM (#8146405) Homepage
      Even when taking a photo, to have it admitted as evidence you must have the person taking it verify that they did take it. This goes with digital or film camera -- or any type of documentary evidence.

      This is just general, but there are many rules about entering photograghs and other documents.

    • rotation doesn't really matter, as the rotation of the image only makes a difference when viewing the image, and not when trying to verify whether it's tampered with or not.

      In courtrooms the image is probably gonna be printed too, so it'll matter even less..
    • by jdbarillari (590703) <joseph+slashdot@barillari.org> on Saturday January 31, 2004 @06:48PM (#8146816) Homepage
      So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.

      [snip]

      What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

      Obviously, just storing the checksum of the image in the EXIF headers (or somewhere else) won't work -- you could just modify the image and calculate a new checksum. One variant on that scheme that would work (reasonably well) would be the following: each camera would be assigned a RSA private key. Canon would keep a record of which key was assigned to which camera (by associating it with the camera's serial number). The private key would be stored in a tamper-resistant chip on the camera's logic board. The camera could then digitally sign all of the images it captures. If the camera saved both its serial number and the digital signature in the EXIF headers of each image (or the JPEG comments, or whatever), a third party who wanted to verify the image could go to the Canon website, get the public key for that serial number, and verify the digitial signature.

      The weak point is in the 'tamperproof' chip -- research on smart cards [securingjava.com] has shown that virtually any so-called 'tamperproof' security system can be cracked. A court could demand to see one's camera (to ascertain that it had not been altered), but some smartcard attacks (such as those based on timing or power consumption) don't even need to modify the card to get at the key -- some of these attacks might translate to cameras, as well. It would be possible to provide pretty good image verification with this system. But a determined attacker could break it.

    • does this take into account rotating the images if the camera doesn't automatically do it when you take a portrait vs a landscape?

      You can rotate in image in an image viewer without modifying it. But in a court room, they usually print the pictures out. In that case, rotate them manually using your thumb and forefinger. ;)
  • Run around (Score:5, Funny)

    by MacFury (659201) <me@johnkramli[ ]com ['ch.' in gap]> on Saturday January 31, 2004 @05:05PM (#8146268) Homepage
    1.) Take picture
    2.) Photoshop picture
    3.) Print picture
    4.) Take picture of printed picture :-)
    • Seems like the biggest problem with the camera is that it is basically a digital signing oracle for whoever holds it.
    • EXIF, distortions (Score:5, Informative)

      by wotevah (620758) on Saturday January 31, 2004 @06:59PM (#8146851) Journal

      The camera stores information about focus distance, focal length (zoom) and exposure parameters as well as other data in each image (in EXIF format, commonly). Example:

      Camera make : SANYO Electric Co.,Ltd

      Camera model : J1
      Date/Time : 2004:01:15 14:21:22
      Resolution : 2048 x 1536
      Flash used : No
      Focal length : 6.0mm
      Exposure time: 0.400 s (1/2)
      Aperture : f/2.9
      ISO equiv. : 113
      Metering Mode: center weight
      Exposure : program (auto)
      (focus distance is manufacturer-dependent and jhead couldn't get it).

      Also, you'd also have to account for the distortion effects that are measurable and reproducible with each camera model. For example, barrel or pincushion distortions compound if you take a shot of an existing picture.

      • Barrel, pincushion and any other non-linearities could be handled when generating the image that you are going to take a picture of - just pre-distort it before printing. Those other values in the EXIF will be harder to spoof though since they (ought) to be part of the data that is hashed.
  • won't work (Score:5, Insightful)

    by contrasutra (640313) on Saturday January 31, 2004 @05:05PM (#8146269) Journal
    It won't work. From everything I've seen, attempts to verify ANYTHING digital will be cracked within a week or three.
    • Re:won't work (Score:4, Insightful)

      by Anonymous Coward on Saturday January 31, 2004 @05:20PM (#8146345)
      Really? When was the digital signature function of GnuPG cracked?
      • Re:won't work (Score:5, Informative)

        by contrasutra (640313) on Saturday January 31, 2004 @05:23PM (#8146359) Journal
        Haven't read the gnupg.org website? From the front page:

        GnuPG's ElGamal signing keys compromised (2003-11-27)
        A severe problem with ElGamal sign+encrypt keys has been found. This leads to a full compromise of the private key.


        • Re:won't work (Score:2, Informative)

          by Anonymous Coward
          No I hadn't noticed that one. That particular bug hits extremely non-standard keys and according to the developer's announcement affected less than 0.04% of all keys on keyservers. Not only that it took a few years to detect-- which is a far cry from your time-to-crack maximum of three weeks. And the standard signing method still seems to be secure. Or at least no one who knows how to crack it is telling anyone else about it.

          None of that is to say that I think Canon's solution sounds very workable. So it
        • Who says you have to use ElGamal, and who says you have to use GnuPG.

          There are several pretty good signing-algorithms around...
        • ElGamal (Score:3, Informative)

          by metalhed77 (250273)
          ElGamal was a legacy key and not really meant to be used that much. The one slashdot poster who said he was affected (when that came out) said he chose it because he liked the sound of the name. ElGamal is legacy and shouldn't really be counted against GPG
        • Re:won't work (Score:3, Interesting)

          by Trejkaz (615352)
          ElGamal signing keys aren't even used by anyone. You use RSA or DSA for signing, and ElGamal for encryption. ElGamal encryption keys haven't been compromised yet.
    • by iminplaya (723125)
      Maybe the machine spits out a paper "receipt" verifing the veracity of the photo...or is it manufactured by Diebold?
    • Re:won't work (Score:2, Insightful)

      by Lehk228 (705449)
      all it would take would be for someone to tear apart the camera and replace the image sensor with a USB cable so that the camera would sign the image going onto the card, then put the card into a different camera, unless the camera also wrote it's serial number to part of the image in a way that could not be hacked (yea right) this verification would be useless if someone really wanted to fake a digital image
    • Re:won't work (Score:2, Interesting)

      Sounds like a dare to me. A Slashdoter race for it anyone?
  • hmm (Score:3, Insightful)

    by Anonymous Coward on Saturday January 31, 2004 @05:06PM (#8146270)
    1. take picture
    2. modify picture
    3. regenarate image verification data
    4. profit?
  • Canon (Score:3, Insightful)

    by swordboy (472941) on Saturday January 31, 2004 @05:07PM (#8146272) Journal
    Canon is very cool - they are one of the only camera manufacturers that still supports the cheapest, non-proprietary form of flash media in all of their cameras - CompactFlash.

    To everyone out there: you are an idiot if you buy a camera that does not support CompactFlash. You'll end up paying twice as much for the media.

    In other good Canon news, they've announced that they'll be releasing 20 new digicams this year. Hail to the king, baby!
    • Re:Canon (Score:5, Insightful)

      by Shakrai (717556) * on Saturday January 31, 2004 @05:14PM (#8146308) Journal
      To everyone out there: you are an idiot if you buy a camera that does not support CompactFlash. You'll end up paying twice as much for the media.

      We have that interesting problem at work (Insurance Agency, which is half the reason this article caught my eye) -- we need digicams to do photo inspections of property or automobiles. All of our CSR workstations have CompactFlash readers. Half the new digicams out there don't use CF anymore -- which automatically takes them off my shopping list when I need to get new cameras.

      I'd also add to your statement that you are an idiot if you buy a camera that doesn't take standard AA (or AAA) batteries. We also have several sets of NI-MH batts and chargers -- I refuse to buy a digicam with propriety batteries. I can't count how much money and aggravation the standard formats of CF and AA NI-MH batts have saved me -- both on a business and personal level.

      • Re:Canon (Score:2, Insightful)

        by zfalcon (69659)
        I'd also add to your statement that you are an idiot if you buy a camera that doesn't take standard AA (or AAA) batteries. We also have several sets of NI-MH batts and chargers -- I refuse to buy a digicam with propriety batteries. I can't count how much money and aggravation the standard formats of CF and AA NI-MH batts have saved me -- both on a business and personal level.

        None of the high end digital SLR cameras use NiMH batteries. Regular NiMH batteries run out of juice way too quickly. Using the Ca

        • Re:Canon (Score:3, Interesting)

          by Shakrai (717556) *
          None of the high end digital SLR cameras use NiMH batteries. Regular NiMH batteries run out of juice way too quickly. Using the Canon lithium ion packs you can get hundreds of shots with 1 battery. Also, unlike NiMH, lithiums don't lose like 10% of their charge daily.

          You completely missed the point of my statement -- in our setting, a small business with several dozen cameras of different models (old models that still worked that were discontinued, needed more functionality, etc) it would be very stupid to

      • Why not be smart and choose one camera (or probably one manufacturer) and stick with your choice. That way you can use the same charger, rack up extra batteries for people to take along etc.

        Then charging won't be an issue as you can keep around ready charged batteries for swapping instead of having to wait for the battery to charge.
        • Why not be smart and choose one camera (or probably one manufacturer) and stick with your choice. That way you can use the same charger, rack up extra batteries for people to take along etc.

          When we first bought all the cameras we did exactly that. 18 months later we needed to buy two new ones and discovered that the original model (a very simple low megapixal camera that got the job done nicely) had been discontinued. We had to buy a different model to replace it -- the new model had to use AA batts and

          • seems to me you should hook up with a quality supplier that can provide the stability and guarantee you'll need to restock the cameras when needed.

            Where I used to work, we defaulted to all canon equipment. From the Gx-series -> D-xx for stills and xl-1s for quick videos and stuff. This allowed us to share chargers and media between most of the items even though we changed models every now and then (g3 replaced g2 and so on)
    • Don't forget Nikon.
      I'm currently shopping for a new camera. I'm only looking at brands that support CF. Partly because I already have several CF cards, but there is a reason I deciced on CF in the first place.
      Looks like I'm going to buy a Canon or a Nikon.
      • Re:Canon (Score:3, Insightful)

        by swordboy (472941)
        Don't forget Nikon.

        Nikon supports CompactFlash only in their high-end cameras. I'm not sure why they don't support it in their low-end cameras. Probably some sort of kick-backs from selling a camera that supports the more expensive media. There's always collusion when ignorant consumers are involved.

        Someone tell me what I'm missing. From PriceWatch.com [pricewatch.com], we get the following for a 512MB media card (many of the proprietary don't go larger than this):

        $95 - CompactFlash
        $138 - Memory Stick
        $141 - MMC/SD
        $
        • by Glytch (4881)
          You're wrong. All Nikon cameras, right down to the entry-level Coolpix 2100, use Compactflash. Every last one of them.

          SD is popular because Kodak and HP use it, and idiots think that since Kodak and HP have huge advertising, they're good cameras. Both are cheap junk.

          If you need low-cost quality, get Fuji or Olympus. They use another type of card, XD, but the cost of XD is the same as CF, and XD-CF adaptors are easy to find.
          • You're wrong. All Nikon cameras, right down to the entry-level Coolpix 2100, use Compactflash. Every last one of them.

            CoolPix 3200 [nikonusa.com] - Media: Internal memory: approx 14.5MB; SD memory card (not included)
            CoolPix 2200 [nikonusa.com] - Media : Internal memory: approx 14.5MB; SD memory card (not included)

            I looked at Nikon before I purchased my Canon. Once I saw the SD media, I moved on. We can only pray that Canon does not sell out to the dark side.
    • When it comes to printers, the ink runs out and it's a recuring cost. With cameras, the media is reusable. So I'd rather not pay a couple hundred extra for a camera just to save 20 bucks on media.

      $80 for 256MB MMC
      and
      $60 for 256MB compact flash.

      When I go on extended trips I bring the laptop and download as needed. Which you'd need to do with CF as well.

      I prefer CF because it's more rugged but lower cost cameras use MMC which is also pretty standard.

      Ben
    • The new uber-highend sony cam supports CF, oddly enough (eveything else uses sony's propritary memorysticks). In fact, you can use CF and memory sticks. There are a few high-end cams that can take either CF cards or SD cards.
    • Actually, the smallest Canon digicam uses SD memory because CF would make the camera too big.

      But for all the bigger cameras, they use CF.

      Another weird thing is that this new pro camera (which will cost close to $4000) has slots for both CF and SD.

  • Not just court rooms (Score:5, Interesting)

    by evn (686927) on Saturday January 31, 2004 @05:07PM (#8146273)
    I'm willing to be that one of the first customers for this software is the tabloid newspapers/magazines. They pay small fortunes of photos of celebrities in their most intimate and private moments and without a way to verify digital photographs they could be duped of millions of dollars.
  • Courtroom. (Score:5, Insightful)

    by dsb3 (129585) on Saturday January 31, 2004 @05:07PM (#8146275) Homepage Journal
    There's nothing concerning about digital images in the courtroom.

    Ask the photographer, under oath, "is this representative of what you saw?".

    If it was, he says so.

    It's really the same as with any other evidence that can be tampered with. If someone testifies under oath that it is what it is then there's no difference between a digital image and any (many?) other types of evidence.

    • exactly. there is currently no law barring digital pictures (or digital anything) from being introduced into evidence in a courtroom.
    • I totally agree.

      Any evidence can be manipulated.

      My roomie from college now runs one of these PCR "who's your daddy" companies often used by talk shows. We have had many dicussions regarding this... and PCR can be easy faked just as easy as audio or video.

      Garbage in, garbage out. You still have to trust the one providing the evidence.

      Davak
    • Re:Courtroom. (Score:4, Interesting)

      by Polo (30659) * on Saturday January 31, 2004 @06:00PM (#8146566) Homepage

      From this review of the new eos-1d mark ii [imaging-resource.com]:
      • An optional ($749) accessory Data Verification Kit DVK-E2 will permit verification of original untampered image data, allowing the EOS-1D Mark II to be used in legal proceedings and other applications where the ability to confirm that images haven't been altered in any way is crucial.

    • Re:Courtroom. (Score:3, Interesting)

      by pixas (711468)
      What if the fotage is from a automated security camera and there is no human photographer to testify?
    • by Anonymous Coward
      This is correct. The federal rules of evidence (and the rules of most states) require that the witness testify that the photograph actually depicts what it is that the witness says it depicts. The witness could paint the photograph, if he were an adequate artist.
      All writings and papers and so forth have to be introduced in such a way as to either not be hearsay or to gain a hearsay exception.
      I don't know why you might think that a video movie is more sacrosanct than something like a blood sample. Both r
  • ...but is it *that* easy to make a digitally altered picture that's undetectable by professionals with regular imaging programs?

    If, through some wacky chain of events, a digital picture of something becomes evidence, what's the loss in having a professional vouch that it is an unaltered (or altered) picture? From what I have seen, it's pretty easy to ferret out photoshopped images without the aid of additional (and probably easily circumvented) technology.
    • It depends. If you're on Fark [fark.com], then yes, it is pretty easy to see if a picture has been modified. If a professional does the work, it is much much harder, probably even impossible.
  • by kaltkalt (620110) on Saturday January 31, 2004 @05:10PM (#8146292)
    any image, not just a digital one, can be changed, modified, or completely faked. Yes, digital technology makes it easier, but this is not a new phenomenon. Juries know (and should be told) that any image introduced into evidence might not be real and could have easily been altered by the other side. Depending on who took the image and the chain of possession, weighed against how believable the picture actually is, will determine how much weight the jury gives to a given photograph.

    These digital picture verifiers are nice but not the end of the question. A validation from one of these machines is just some more evidence that the picture is real. It's not conclusive and shouldn't be taken as so. In fact, the evidence of validation from one of these machines might not even be allowed into court if they're extremely unreliable. Daubert to the rescue.
  • What a joke (Score:5, Insightful)

    by Rosco P. Coltrane (209368) on Saturday January 31, 2004 @05:14PM (#8146310)
    When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.

    Note to self: run the signing software *after* altering the image. If the image was alrady signed, display it, take screenshot, alter the image, and re-run the signing software.
    • Presumably the signing is done in the camera before the image is stored to the CF card. Maybe it uses a key stored in the hardware. No doubt it can be circumvented, but probably not as easily as you suggest.
    • The only way I could see this working is if you had some chip inside the camera doing the signiture, and the signiture was unique for each camera, and there was a time stamp, and there was a seal to show if the camera was opened up.

      Sure you could fool the input, but then the timestamp would show the picture was taken much later, or you could hack the algorithm but if the thing was designed well you would have to open the camera up to do that and the camera would show signs of tampering.

      • Given that the camera costs $4500 this is plausible!
        Making tamper-resistant hardware with encryption keys is not that difficult, actually.
    • Re:What a joke (Score:4, Insightful)

      by Beryllium Sphere(tm) (193358) on Saturday January 31, 2004 @06:21PM (#8146682) Homepage Journal
      Non-issue if the camera does the signing with an embedded private key or if the "Secure Mobile" memory card prevents uploading hashed images from your computer.

      Non-issue, that is, until someone cracks the memory card, or discovers that the camera's signing software is defective, etc.
    • Re:What a joke (Score:2, Insightful)

      by Joe Decker (3806)
      FYI, Personal Function 31 is a mode, the signing happens automatically after you take the picture if that mode is on, you can't just ask it to sign after the picture is taken.
    • by wotevah (620758)

      The camera saves focus, zoom and exposure settings in the EXIF header of each image. So you'd have to blow it up to real size so camera can focus at the same distance, and use the exact brightness so the camera uses the same exposure.

      original post. [slashdot.org]

  • by dargaud (518470) <slashdot2@NOspam.gdargaud.net> on Saturday January 31, 2004 @05:19PM (#8146339) Homepage
    I've been wrestling with the idea of writing an image modification detector. The idea is that when you modify an image, you copy one part into another part (using the clone brush of Photoshop or such).

    By doing an autocorrelation of the image, you can detect parts that have been copied, but the mathematical part is not that easy, particularly if there are uniform noiseless areas (sky).

    I can still deal with 1D autocorrelation, but in 2D [uniroma1.it] my maths skills are rusty...

    • by Anonymous Coward
      You know the world is full of free, robust, debugged and utterily trustworthy code for such operations.

      You don't have to re-invent the wheel.

    • by Rosco P. Coltrane (209368) on Saturday January 31, 2004 @05:35PM (#8146431)
      I've been wrestling with the idea of writing an image modification detector

      Forget it. Only amateurs copy/paste regions and leave them like that. Those who alter images to produce really credible results may copy/paste bits of images at first, but then will blur/sharpen/solarize/burn/lighten/brush slightly part of them, drop some noise in them to match the pizelization of an original jpeg for example, merge several together and modify gradiants to make the final patch blend in just right in the bit of background you want to mask or change. The final resulting altered regions usually doesn't have much to do with the original bits you copied.
    • by wotevah (620758) on Saturday January 31, 2004 @07:13PM (#8146908) Journal

      Since you said "uniform noiseless areas (sky)" - funny thing is, the sky is one of the most difficult things to get an "uniform" picture of. All digital cameras I know of produce "sky noise" in various proportions.

      A picture of the sky is how you can quickly check how noisy of an image the camera can make (part of it can be internal image processing, of course).

  • by paddlebot (443065) * on Saturday January 31, 2004 @05:23PM (#8146362)
    This [ghostresearch.org] is a funny article on why you shouldn't use your digital camera when trying to detect / prove the existance of ghosts. No not like a bad flat screen playing Quake, but like Casper the Friendly.

    He seems real serious about it too....

  • Wrong audience .... (Score:2, Interesting)

    by Anonymous Coward
    This is mostly for the use of Law Enforcement, where the cops have to prove the photos taken as evidence, haven't been tampered with....
  • by teamhasnoi (554944) <(teamhasnoi) (at) (yahoo.com)> on Saturday January 31, 2004 @05:29PM (#8146396) Homepage Journal
    Jan 31, 2004 - "We're working on more technology that can be easily circumvented!", says Canon's Product Manager, Wayne Innass.

    "We're also trying to annoy our customers like Adobe, but that software is still in beta. We might try to license some software form Microsoft, as they seem to be the leaders in that field."

    Wayne continues, "Our R&D department has some great ideas, such as forcing the user to take every picture twice, erasing photos at random, and my personal favorite - increasing the time between pressing the shutter release and when the picture is taken!"

    "We won't stop until our product is unusable at last!"

  • Let's say you take the picture of something that you intend to photoshop up for purposes of fraud. You take the photo and the camera signs it with a signature that corresponds to the camera manufacturer. You then take the image and manipulate it in photoshop and then sign the finished picture yourself, forging the camera manufacturer's signature by using the same algorithm.

    But then you're stuck. Now you have to get your manipulated image back onto the memory card that can be read by the camera, but th

  • I know! I was the one on the ladder. One of the scariest moments of my life, as well. Hanging from a chopper is bad enough, but having sharks take dives at you is worse.

    The separate images that the debunkers claim they're made up from are the fakes.
  • by stienman (51024) <adavis@ubasi c s .com> on Saturday January 31, 2004 @05:53PM (#8146527) Homepage Journal
    How it works

    The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.


    So the upshot is that they use a memory card which has some additional security functionality. This additional functionality can only be accessed by the card reader and the camera.

    The the crackers simply need to break that functionality or bypass it. This could be accomplished by breaking the camera's firmware (or the card reader) and changing it, or sitting between the USB reader and the computer (software or hardware wise) and changing the data as it goes along. Alternately it woud not be impossible to modify the camera so it gets the image from a computer instead of an image sensor.

    The ultimate, however, would be to break the protocol and keys between the reader and card or camera and card. Hopefully they are using a good encryption algorithm with fully secured sessions and a long key. I'd hate to see this broken in less than a few months time.

    -Adam
  • I was recently asked if we could make a reasonably untamperable 'security' camera; My solution was to make the machine itself 'physically secure' (sealed so that any attempt to open it would be obvious) and then have it PGP-sign each image. The client has easy access to all the images and public key from the box, but isn't told the root password or anything else that would give them access to the private key, so they cannot resign altered images.

    I believe this would be 'at least' as untamperable as an equi
  • by sir_cello (634395) on Saturday January 31, 2004 @06:03PM (#8146578)

    I'm thinking this is for Canon to target the camera at a specific market where legal evidenciary issues come into play: crime scenes, insurance, autopsy, etc. This is likely not to be a feature that will appear for most consumer products.

    What it really shows is more about how the professional film camera market is facing realistic competition from digital cameras.

  • by Speare (84249) on Saturday January 31, 2004 @06:09PM (#8146611) Homepage Journal

    I would love to see the firmware write all photographs to the CompactFlash already encrypted to my public key. Of course, that would mean you'd have to (1) forego viewing the images on the LCD, or (2) require the private key and allow entering some kind of text phrase or biometrical key.

    It's not like I engage in some sort of espionage or porn market, but I want to see more publically available data devices support cradle-to-grave security.

  • And that is what you should do anyway to get the best quality and easiest work flow. Better still, there is no (easy?) way to turn something you edited into a camera RAW file. So when you need evidence that your image is unmanipulated, just show them the RAW version...
  • That shouldn't require a separate piece of hardware. Instead, the camera should sign the image digitally and store the signature as an entry in the EXIF header. You know, the same way you sign stuff with PGP. Anybody should be able to verify it.

    I wonder whether Canon is going the "secure hardware reader" route in order to make more money or in order to get around some patent.
  • When an authority claims that these pictures are tamper-resistant the cost to the public when the technology being broken will be raised. It will allow people to relax their judgement when trusting 'photo' evidence and perhaps not be sufficiently skeptical of them. If the members of the jury believes only goverment spies and elite hackers have the ability to forge digital pictures, its going to be easy for them to ignore the possibility that any goober who read the instructions on internet could do it too
  • All this hinges on the testers having an _original_ copy of the image in addition to the supposedly modified version.

    Let's say someone tries to use a doctored digital photo as evidence. They eliminate the original md5 with the aforementioned screenshot trick, and then recreate it. The photo is contested on the grounds it is a fake. To prove it, they go off and get their wonderous DVK-E2 kit, and then they get their md5. The test works just fine, so they know the md5 has been altered, so they go and ask
  • What! (Score:3, Funny)

    by rspress (623984) on Saturday January 31, 2004 @06:32PM (#8146738) Homepage
    You mean that was not a picture of the Olsen twins giving some guy a blow-job?

  • As an attorney.. (Score:2, Interesting)

    by JANYAtty. (678934)
    I would point out that there was a noted case where someone took pictures with a reduced scale ruler to make a crack or pothole look that much bigger. The picture was all original but already manipulated.... Ultimately I think I would go with affidavits (this is a true, accurate and unmodified picture of what it purports to be) containing a print in b&w on the affidavit as well as an md5 checksum of the pic file or files if I was attaching a cdrom or floppy. There are issues here about submitting info t

  • 1, Take picture
    2. Modify it
    3. Print it
    4. Take a picture of the print
    5. Print the picture of the picture

    Yes, you now have an unmodified picture (of a picture)
  • Good that will satisfy those fake-moon-landing conspiracy theorists.

FORTRAN is a good example of a language which is easier to parse using ad hoc techniques. -- D. Gries [What's good about it? Ed.]

Working...