Detecting Faked Photographs Gets Easier

nusratt writes "Some years ago, an issue of 'Whole Earth' had a convincing cover-photo of a flying saucer cruising low over downtown San Francisco in broad daylight. The accompanying feature article proclaimed that photographs can no longer be trusted as evidence of anything, because of the ease of doctoring images digitally and undetectably. Now, Dartmouth Professor Hany Farid and graduate student Alin Popescu 'have developed a mathematical technique to tell the difference between a "real" image and one that's been fiddled with.' Farid says, 'as more authentication tools are developed it will become increasingly more difficult to create convincing digital forgeries'." There's also an NYT story.

A more in-depth article

[asterism]

If you are looking for more detailed information, along with equasions, here is a link to one of their recent publications on the topic: http://www.cs.dartmouth.edu/~farid/publications/sp 04.html [dartmouth.edu]

MICHAEL, thanks for adding the . . .

[nusratt]

NYTimes story link, which is actually more informative and interesting than Dartmouth's own story. In particular, the instant that I started to read the NYT story, I dope-slapped myself for not having thought of the reverse implication of the technology, namely that it might be used to prove that a contraband image (such as child-porn) is NOT faked (and therefore is genuinely illicit).

for those who want more information

[flynt]

Anyone who wants to know more can read the actual papers here: http://www.cs.dartmouth.edu/~farid/publications/ ...papers 1,2,4, and 5 seem to be what this research is about, but others probably cover it too.

NY Times Article Text

[Billobob]

for those who care about it...

For Doctored Photos, a New Flavor of Digital Truth Serum By NOAH SHACHTMAN

Published: July 22, 2004

From the material found on his hard drive, Bryan Sparks of Springfield Township, Ohio, seemed guilty when he was arrested in 2002. The sexually explicit pictures of minors appeared to put him on the wrong side of child pornography laws. But at his trial this spring, Mr. Sparks was acquitted because no one could tell for sure whether the images were authentic or just clever digital forgeries.

Mr. Sparks was eventually convicted on a separate charge of rape and sentenced to life in prison. But the uncertainties that surrounded his case, and others like it, are driving researchers to develop software that can automatically figure out which digital pictures are real and which ones are fake.

"It used to be that you had a photograph, and that was the end of it - that was truth," said Hany Farid, an associate professor of computer science at Dartmouth College who is a leader in the field. "We're trying to bring some of that back. To put some measure of guarantee back in photography."

At stake is more than the fate of possible child pornographers. The United States military has become increasingly reliant on digital images from drones and satellites to give soldiers a sense of the battlefield. Law enforcement officers routinely use digital cameras to photograph crime scenes. Newspapers and magazines are now dependent on digital photographs that can be easily doctored.

Over the last three years, Professor Farid and his students have become experts at forgery, making hundreds of images that look authentic but have in fact been digitally tweaked. License plate numbers are changed. A single stool standing on a checkerboard floor is suddenly a pair of stools. Dents on a car are wiped away with a few mouse clicks.

The skillful tampering disturbed the images in ways that the human eye could not detect. But Professor Farid says his algorithms can spot them and sound the alarm.

For example, when two images are spliced together - like the picture of a shark attacking a helicopter that has circulated around the Internet in the past few years - one or both of the original pictures usually has to be shrunk, enlarged or rotated to make the pieces fit together. And those changes, no matter how artful, leave clues behind.

Take a picture that is 10 pixels by 10 pixels, for a total of 100. Stretch it to 10 by 20 pixels, and image-editing software like Adobe Photoshop will assign the picture's original pixels to every other slot in the new picture. That leaves 100 pixels "blank," or without values. Image-editing software fills in the gaps by examining what their neighbors look like, and then applying an average. To oversimplify, if pixel A is blue, and pixel C is red, the blank pixel B will become purple.

This kind of averaging becomes "pretty obvious" after some analysis of the image, Professor Farid said.

In tests on several hundred doctored photos, this technique for detecting changes proved to be virtually foolproof if the picture quality was high enough. Uncompressed TIFF image files, which contain enormous amounts of data, were like an open book to Professor Farid's team.

But Professor Farid said that for now the technique does not work as well with files created in JPEG, the compressed picture format most commonly used online. As the size of a JPEG file shrinks, the correlations between pixels become much less obvious. "At 90 percent quality, it falls apart very quickly," Professor Farid noted.

Jessica Fridrich, a research professor in electrical and computer engineering at the State University of New York at Binghamton, is approaching the fraud problem from the other side. She is trying to figure out who took the digital picture in the first place.

Just like the rifling in a gun barrel leaves a distinctive pattern on the bullets it fires, a digital camera has a signature of sorts. Today's digit

More About Investigating Digital Images

[rpiquepa]

I wrote about this technology a while ago, in "True or False? Investigating Digital Images [weblogs.com]." A keypoint is that the Dartmouth College team thinks that their technology, or a similar one, will soon be incorporated in the U.S. legal system to authenticate images. At the above link to my blog, you'll also find an analysis of a forged image and more references, including the full research paper published by the IEEE Transactions on Signal Processing journal.

Re:What kind of digitized photos does this work on

[blonde rser]

The NY Times article deals with this directly.

But Professor Farid said that for now the technique does not work as well with files created in JPEG, the compressed picture format most commonly used online. As the size of a JPEG file shrinks, the correlations between pixels become much less obvious. "At 90 percent quality, it falls apart very quickly," Professor Farid noted.

So good point. That does seem to be a problem. The NY Times article has more details than the other; it is worth reading.

Re:Okay, but here's my question.

[drinkypoo]

Compress your JPEG with three different encoders at subsequently lower quality settings until you reach the quality setting (and file size) you're looking for, and the artifacting will be effectively untracable. Unless there has only been one predictable compression pass since the manipulation, the lossy nature of JPEG should be sufficient to make it impossible to track the chain of encoders back to the source image data. (It's always impossible to achieve the original data, that's what lossy means, but you can likely get some good information about what it was encoded with by examining the resulting file.)

from the author

[Hany Farid]

In response to some of the posts on our work, we have developed a number of different techniques for detecting certain types of tampering. For those interested in technical details, please see:

sp04.html [dartmouth.edu]
ih04.html [dartmouth.edu]
sacv03.html [dartmouth.edu]

And, we have two new papers currently in review (abstracts are currently on-line, and preprints will be available soon):

sp05a.html [dartmouth.edu]
sp05b.html [dartmouth.edu]

Some of these techniques work, as some have pointed out, only on high-quality jpeg or uncompressed images, while others work on lower-quality images. We are only in the early stages of development, and are currently working to extend some of these ideas to low-quality jpeg and gif images (though this will likely be a harder problem given that the compression artifacts will overwhelm any statistical perturbation resulting from tampering). One outcome of this may be that a legal standard is set that enforces images brought into a court of law to be of a certain resolution and compression quality.

I will be the first to admit that each of the techniques that we have developed can be reverse-engineered, though doing so is more difficult for some techniques than others. It is our hope, however, that as we and others continue to develop more techniques it will become increasingly more difficult (though never impossible) to simultaneously foil each of the detection tools.

Re:Self Defeating

[slavemowgli]

I know how cryptographic (and hashing) algorithms work.

As for "almost unbreakable" - well, that simply means that it *is* breakable after all; brute force does work, even though it's usually inefficient (which is why I added that an attacker would need a sufficient amount of time, energy and/or computing power).

Furthermore, from what I know, it is neither proven that your average hash functions (MD5, SHA1, RIPEMD-160 etc.) are collision-free nor that the underlying mathematical problems of your average asymmetric ciphers (RSA, DS, El Gamal etc.) indeed cannot be solved with less effort than brute force. (I may be wrong here, so feel free to correct me)

And lastly... you missed my point completely. :) What I really was saying was that the fact that there will be ways to defeat this system does not mean it is completely useless or obsolete. Without looking at the algorithm in detail, it's not even possible to say that there likely will be easy ways around it (common sense might dictate there are, but common sense also dictates that RSA is easily breakable - mine does, anyway). Ultimately, only time will tell just how feasible it is to defeat this system, and only that will determine just how useful it will prove to be on a given level. (As an example, I could very well imagine that an intelligence agency or a similar organization will be able to produce images that pass the test when necessary, for example, while your average Paintshop Pro user won't).

Re:good background and intro, little details

[Anonymous Coward]

RTFP [dartmouth.edu]. 0.5% false-positives on their training data, ~1.5% on their test data... More to the point, the process is (of course) susceptible to certain kinds of manipulations... but it does really well with natural phenomena, even ones like 'strange lighting.' It really is picking up on statistical regularities that result from actually taking a photo (no matter what it is of) vs. those that come from, say, manipulating pixels in photoshop in a mathematical (that is, regular) way, no matter how subtle to the human eye.

Re:What kind of digitized photos does this work on

[rgmoore]

I strongly suspect that the solution will be some sort of hardware image signing, rather than after-the-fact examination. Canon [canoneos.com] already offers a Data Verification Kit [canon.com] for their superb EOS 1-DS [canon.com] digital SLR. They don't give too many details, but my guess is that they can attach a cryptographically signed hash of the image data into the file header so that it's possible to confirm the integrity of the data later. Since the EOS 1-Ds can only save data in raw and JPEG formats, and since this doesn't make sense for raw data (which has to be processed to be turned into a viewable image) it seems likely that they have this working with JPEGs.

Doesn't work on .jpg's

[dpbsmith]

The New York Times article actually says something about the methods used. It basically works by looking at the kinds of operations that need to be performed when interpolating between pixels in manipulations such as changes in size, rotation, etc.

And, "Professor Farid said that for now the technique does not work as well with files created in JPEG, the compressed picture format most commonly used online. As the size of a JPEG file shrinks, the correlations between pixels become much less obvious. 'At 90 percent quality, it falls apart very quickly," Professor Farid noted.'"