Digital Camera Image Verification 255
Polo writes "While reading dpreview, I noticed that among several new products, Canon has announced a Digital Image Verification Kit to prove that an image taken by a particular camera has not been modified. It's disturbing to think about the conditions that would allow digital images to be accepted in a courtroom. I guess one defense would be to figure out how to 'verify' a photo of shark attack..."
Windows only? (Score:3, Insightful)
Suddenly, this throws out the validity of anyone who owned a Mac or was using FreeBSD as their primary desktop operating system.
Re:Windows only? (Score:3, Insightful)
It's called MD5 (?) (Score:5, Interesting)
The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.
So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.
Two or three questions I suppose:
All in all I suppose it's a neat idea -- hope it actually works before somebody is on trial for his life though...
Re:It's called MD5 (?) (Score:5, Informative)
Well, the camera is only one step in the chain. Are they going to keep a bunch of these presumably more expensive memory cards lying around, or are "they" going to archive them on a CDR or hard drive? Once the image is out of the card, the verification is meaningless (if it wasn't already meaningless in the first place).
I provide "expert testimony" in court on a semi-regular basis in a completely different field. I always submit "photostatic replicas" of original documents and sign a notarized affidavit of their authenticity. Overall, it is simply the sworn testimony of the authenticity of any evidence that holds more weight than some "technological solution."
Photoshoppers be dammed! Long live fark.com
Re:It's called MD5 (?) (Score:3, Insightful)
Still does not (Score:5, Informative)
This is just general, but there are many rules about entering photograghs and other documents.
Re:It's called MD5 (?) (Score:2)
In courtrooms the image is probably gonna be printed too, so it'll matter even less..
Re:It's called MD5 (?) (Score:5, Interesting)
The weak point is in the 'tamperproof' chip -- research on smart cards [securingjava.com] has shown that virtually any so-called 'tamperproof' security system can be cracked. A court could demand to see one's camera (to ascertain that it had not been altered), but some smartcard attacks (such as those based on timing or power consumption) don't even need to modify the card to get at the key -- some of these attacks might translate to cameras, as well. It would be possible to provide pretty good image verification with this system. But a determined attacker could break it.
Re:It's called MD5 (?) (Score:2)
You can rotate in image in an image viewer without modifying it. But in a court room, they usually print the pictures out. In that case, rotate them manually using your thumb and forefinger.
Run around (Score:5, Funny)
2.) Photoshop picture
3.) Print picture
4.) Take picture of printed picture
Re:Run around (Score:2)
EXIF, distortions (Score:5, Informative)
The camera stores information about focus distance, focal length (zoom) and exposure parameters as well as other data in each image (in EXIF format, commonly). Example:
Also, you'd also have to account for the distortion effects that are measurable and reproducible with each camera model. For example, barrel or pincushion distortions compound if you take a shot of an existing picture.
Re:EXIF, distortions (Score:2)
Comment removed (Score:4, Insightful)
Re:Run around (Score:2)
Nevermind that in a jury trial most members presented with DNA evidence have no clue about DNA to start with, except from what they've heard/read about in popular media. They have to be ejumicated by the attorneys and specialists. If it is supposed to be trial by one's peers, there are some definite
won't work (Score:5, Insightful)
Re:won't work (Score:4, Insightful)
Re:won't work (Score:5, Informative)
GnuPG's ElGamal signing keys compromised (2003-11-27)
A severe problem with ElGamal sign+encrypt keys has been found. This leads to a full compromise of the private key.
Re:won't work (Score:2, Informative)
None of that is to say that I think Canon's solution sounds very workable. So it
Re:won't work (Score:2)
There are several pretty good signing-algorithms around...
ElGamal (Score:3, Informative)
Re:won't work (Score:3, Interesting)
Re:won't work (Score:2, Funny)
Re:won't work (Score:2, Insightful)
Re:won't work (Score:2, Interesting)
hmm (Score:3, Insightful)
2. modify picture
3. regenarate image verification data
4. profit?
Canon (Score:3, Insightful)
To everyone out there: you are an idiot if you buy a camera that does not support CompactFlash. You'll end up paying twice as much for the media.
In other good Canon news, they've announced that they'll be releasing 20 new digicams this year. Hail to the king, baby!
Re:Canon (Score:5, Insightful)
We have that interesting problem at work (Insurance Agency, which is half the reason this article caught my eye) -- we need digicams to do photo inspections of property or automobiles. All of our CSR workstations have CompactFlash readers. Half the new digicams out there don't use CF anymore -- which automatically takes them off my shopping list when I need to get new cameras.
I'd also add to your statement that you are an idiot if you buy a camera that doesn't take standard AA (or AAA) batteries. We also have several sets of NI-MH batts and chargers -- I refuse to buy a digicam with propriety batteries. I can't count how much money and aggravation the standard formats of CF and AA NI-MH batts have saved me -- both on a business and personal level.
Re:Canon (Score:2, Insightful)
None of the high end digital SLR cameras use NiMH batteries. Regular NiMH batteries run out of juice way too quickly. Using the Ca
Re:Canon (Score:3, Interesting)
You completely missed the point of my statement -- in our setting, a small business with several dozen cameras of different models (old models that still worked that were discontinued, needed more functionality, etc) it would be very stupid to
Re:Canon (Score:2)
Then charging won't be an issue as you can keep around ready charged batteries for swapping instead of having to wait for the battery to charge.
Re:Canon (Score:2)
When we first bought all the cameras we did exactly that. 18 months later we needed to buy two new ones and discovered that the original model (a very simple low megapixal camera that got the job done nicely) had been discontinued. We had to buy a different model to replace it -- the new model had to use AA batts and
Re:Canon (Score:2)
Where I used to work, we defaulted to all canon equipment. From the Gx-series -> D-xx for stills and xl-1s for quick videos and stuff. This allowed us to share chargers and media between most of the items even though we changed models every now and then (g3 replaced g2 and so on)
Re:Canon (Score:2)
I'm currently shopping for a new camera. I'm only looking at brands that support CF. Partly because I already have several CF cards, but there is a reason I deciced on CF in the first place.
Looks like I'm going to buy a Canon or a Nikon.
Re:Canon (Score:3, Insightful)
Nikon supports CompactFlash only in their high-end cameras. I'm not sure why they don't support it in their low-end cameras. Probably some sort of kick-backs from selling a camera that supports the more expensive media. There's always collusion when ignorant consumers are involved.
Someone tell me what I'm missing. From PriceWatch.com [pricewatch.com], we get the following for a 512MB media card (many of the proprietary don't go larger than this):
$95 - CompactFlash
$138 - Memory Stick
$141 - MMC/SD
$
Re:Canon (Score:2)
SD is popular because Kodak and HP use it, and idiots think that since Kodak and HP have huge advertising, they're good cameras. Both are cheap junk.
If you need low-cost quality, get Fuji or Olympus. They use another type of card, XD, but the cost of XD is the same as CF, and XD-CF adaptors are easy to find.
Re:Canon (Score:2)
CoolPix 3200 [nikonusa.com] - Media: Internal memory: approx 14.5MB; SD memory card (not included)
CoolPix 2200 [nikonusa.com] - Media : Internal memory: approx 14.5MB; SD memory card (not included)
I looked at Nikon before I purchased my Canon. Once I saw the SD media, I moved on. We can only pray that Canon does not sell out to the dark side.
Media is reusable (Score:2)
$80 for 256MB MMC
and
$60 for 256MB compact flash.
When I go on extended trips I bring the laptop and download as needed. Which you'd need to do with CF as well.
I prefer CF because it's more rugged but lower cost cameras use MMC which is also pretty standard.
Ben
Actualy (Score:2)
Re:Canon (Score:2)
But for all the bigger cameras, they use CF.
Another weird thing is that this new pro camera (which will cost close to $4000) has slots for both CF and SD.
Re:Canon (Score:3, Insightful)
Compact Flash is old and it is big and bulky.
Re:Canon (Score:3, Informative)
He's taling about COMPACTFlash cards, which are a whopping 36.4(L) x 42.8(W) x 3.30(T) mm for the type-I's
Any smaller physical size for your media and you tend to lose them. A lot.
"honey, have you seen my postage-stamp sized SD card?"
"I think one of the kids snapped it in half when they tried to feed it to the cat."
"Oh that's ok, it was only 75 bucks (sob)"
Re:Canon (Score:2)
Ok, that's a better way to put it. IMHO if a digicam is too small for CF then it's too small for me -- I'm not a big fan of super-tiny electronics -- but I could see the market for people who are.
Not just court rooms (Score:5, Interesting)
Re:Not just court rooms (Score:5, Funny)
Re:Not just court rooms (Score:2)
Its one thing to lead on the end consumer with hyped photos on the front cover.
Re:Not just court rooms (Score:5, Funny)
Time to sell you Weekly World News [weeklyworldnews.com] stock!
I fear the days of Bat Boy and "face of satan in 'x'" are coming to an end : (
Courtroom. (Score:5, Insightful)
Ask the photographer, under oath, "is this representative of what you saw?".
If it was, he says so.
It's really the same as with any other evidence that can be tampered with. If someone testifies under oath that it is what it is then there's no difference between a digital image and any (many?) other types of evidence.
Re:Courtroom. (Score:2)
Re:Courtroom. (Score:2)
Any evidence can be manipulated.
My roomie from college now runs one of these PCR "who's your daddy" companies often used by talk shows. We have had many dicussions regarding this... and PCR can be easy faked just as easy as audio or video.
Garbage in, garbage out. You still have to trust the one providing the evidence.
Davak
Re:Courtroom. (Score:4, Interesting)
From this review of the new eos-1d mark ii [imaging-resource.com]:
Re:Courtroom. (Score:3, Interesting)
Re:Courtroom.Rules of evidence (Score:3, Informative)
All writings and papers and so forth have to be introduced in such a way as to either not be hearsay or to gain a hearsay exception.
I don't know why you might think that a video movie is more sacrosanct than something like a blood sample. Both r
Call me crazy... (Score:2)
If, through some wacky chain of events, a digital picture of something becomes evidence, what's the loss in having a professional vouch that it is an unaltered (or altered) picture? From what I have seen, it's pretty easy to ferret out photoshopped images without the aid of additional (and probably easily circumvented) technology.
Re:Call me crazy... (Score:2)
juries know images can be faked (Score:5, Insightful)
These digital picture verifiers are nice but not the end of the question. A validation from one of these machines is just some more evidence that the picture is real. It's not conclusive and shouldn't be taken as so. In fact, the evidence of validation from one of these machines might not even be allowed into court if they're extremely unreliable. Daubert to the rescue.
What a joke (Score:5, Insightful)
Note to self: run the signing software *after* altering the image. If the image was alrady signed, display it, take screenshot, alter the image, and re-run the signing software.
Re:What a joke - not necessarily (Score:2)
Re:What a joke (Score:2)
Sure you could fool the input, but then the timestamp would show the picture was taken much later, or you could hack the algorithm but if the thing was designed well you would have to open the camera up to do that and the camera would show signs of tampering.
Re:What a joke (Score:2)
Making tamper-resistant hardware with encryption keys is not that difficult, actually.
Re:What a joke (Score:4, Insightful)
Non-issue, that is, until someone cracks the memory card, or discovers that the camera's signing software is defective, etc.
Re:What a joke (Score:2, Insightful)
EXIF (Score:2)
The camera saves focus, zoom and exposure settings in the EXIF header of each image. So you'd have to blow it up to real size so camera can focus at the same distance, and use the exact brightness so the camera uses the same exposure.
original post. [slashdot.org]
2D autocorrelation... (Score:5, Interesting)
By doing an autocorrelation of the image, you can detect parts that have been copied, but the mathematical part is not that easy, particularly if there are uniform noiseless areas (sky).
I can still deal with 1D autocorrelation, but in 2D [uniroma1.it] my maths skills are rusty...
Don't re-invent the wheel (Score:2, Interesting)
You don't have to re-invent the wheel.
Re:2D autocorrelation... (Score:5, Informative)
Forget it. Only amateurs copy/paste regions and leave them like that. Those who alter images to produce really credible results may copy/paste bits of images at first, but then will blur/sharpen/solarize/burn/lighten/brush slightly part of them, drop some noise in them to match the pizelization of an original jpeg for example, merge several together and modify gradiants to make the final patch blend in just right in the bit of background you want to mask or change. The final resulting altered regions usually doesn't have much to do with the original bits you copied.
Re:2D autocorrelation... (Score:4, Informative)
Since you said "uniform noiseless areas (sky)" - funny thing is, the sky is one of the most difficult things to get an "uniform" picture of. All digital cameras I know of produce "sky noise" in various proportions.
A picture of the sky is how you can quickly check how noisy of an image the camera can make (part of it can be internal image processing, of course).
Digital Images and ghosts (Score:4, Interesting)
He seems real serious about it too....
Wrong audience .... (Score:2, Interesting)
Canon in talks with Adobe (Score:4, Funny)
"We're also trying to annoy our customers like Adobe, but that software is still in beta. We might try to license some software form Microsoft, as they seem to be the leaders in that field."
Wayne continues, "Our R&D department has some great ideas, such as forcing the user to take every picture twice, erasing photos at random, and my personal favorite - increasing the time between pressing the shutter release and when the picture is taken!"
"We won't stop until our product is unusable at last!"
You can't modify the image... here's why. (Score:2)
But then you're stuck. Now you have to get your manipulated image back onto the memory card that can be read by the camera, but th
Re:You can't modify the image... here's why. (Score:2)
Could there be a way around this? Hmmm (Score:4, Interesting)
Re:You can't modify the image... here's why. (Score:2)
camera signs picture, adds signature to card
am I missing something here?
Re:You can't modify the image... here's why. (Score:2)
Re:You can't modify the image... here's why. (Score:2)
Aproach the bench. (Score:2)
So then the Defense lawyer presents as Defence exhibit 1 the camera alleged to have taken the picture, and points out all the wires sticking out of it.
IANALNot hard to modify (Score:2)
Easier way than that is public key encryption (Score:2)
Instead the camera could have a private key and a public RSA-like key. These are generated as the camera is manufactured, hopefully different for every camera. The private key is locked inside the chip in a way that hopefully cannot be retrieved without destroying the camera.
The camera makes an MD5 sum of the image, and then encrypts it with the private key, and the
Re:Easier way than that is public key encryption (Score:2)
The shark picture is not faked (Score:2, Funny)
The separate images that the debunkers claim they're made up from are the fakes.
The security lies in the key... (Score:3, Interesting)
The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.
So the upshot is that they use a memory card which has some additional security functionality. This additional functionality can only be accessed by the card reader and the camera.
The the crackers simply need to break that functionality or bypass it. This could be accomplished by breaking the camera's firmware (or the card reader) and changing it, or sitting between the USB reader and the computer (software or hardware wise) and changing the data as it goes along. Alternately it woud not be impossible to modify the camera so it gets the image from a computer instead of an image sensor.
The ultimate, however, would be to break the protocol and keys between the reader and card or camera and card. Hopefully they are using a good encryption algorithm with fully secured sessions and a long key. I'd hate to see this broken in less than a few months time.
-Adam
Interesting.. (Score:2)
I believe this would be 'at least' as untamperable as an equi
it's targetted to a specific market (Score:5, Insightful)
I'm thinking this is for Canon to target the camera at a specific market where legal evidenciary issues come into play: crime scenes, insurance, autopsy, etc. This is likely not to be a feature that will appear for most consumer products.
What it really shows is more about how the professional film camera market is facing realistic competition from digital cameras.
What about SECURE photography? (Score:5, Interesting)
I would love to see the firmware write all photographs to the CompactFlash already encrypted to my public key. Of course, that would mean you'd have to (1) forego viewing the images on the LCD, or (2) require the private key and allow entering some kind of text phrase or biometrical key.
It's not like I engage in some sort of espionage or porn market, but I want to see more publically available data devices support cradle-to-grave security.
Just shoot RAW (Score:2)
silliness (Score:2)
I wonder whether Canon is going the "secure hardware reader" route in order to make more money or in order to get around some patent.
The illusion of security is worse than no security (Score:2)
A Fake! Go get me the original and I'll prove it! (Score:2, Insightful)
Let's say someone tries to use a doctored digital photo as evidence. They eliminate the original md5 with the aforementioned screenshot trick, and then recreate it. The photo is contested on the grounds it is a fake. To prove it, they go off and get their wonderous DVK-E2 kit, and then they get their md5. The test works just fine, so they know the md5 has been altered, so they go and ask
What! (Score:3, Funny)
As an attorney.. (Score:2, Interesting)
Take a picture of a picture (Score:2, Redundant)
1, Take picture
2. Modify it
3. Print it
4. Take a picture of the print
5. Print the picture of the picture
Yes, you now have an unmodified picture (of a picture)
Good that will satisfy those (Score:2)
Re:Will this help the general use of captchas? (Score:2)
To your second question, huh?
To your third question, sure.
Re:"Real" validation with gpg possible? (Score:2)
Easy enough...
Make the OpenPGP signing element (and key) hard-wired into the Camera's Firmware. also make it so you can't get the private key out (or change it) without breaking the camera case. Put the public key on each memory card that's inserted, and have the public key fingerprint etched on the case right next to the serial number.
Now, if there's any doubt that a particular picture was taken by a specific camera and hasn't been modified
Re:"Real" validation with gpg possible? (Score:2)
Sure, this may seem like a lot of work, but if we're going to talk about large $$ court cases and matters of guilt, then cracking the camera's key becomes quite a worhwhile investme
Re:"Real" validation with gpg possible? (Score:2)
Re:"Real" validation with gpg possible? (Score:2)
It does not have to be impossible to get the private key. It just has to be impossible to get it and still have a working camera. To prove the picture is authentic you must produce the non-broken camera. It will also be necessary for manufactures to put diff
Re:Camera fingerprinting (Score:3, Interesting)
Re:Camera fingerprinting (Score:2)