Digital Photo Security

Professional photographers could have an easier time proving there were
not changes to their images to a third party and could also prove
ownership of an image.

Images have been doctored since film has been developed and printed.
Digital images are being used to asses traffic fines remotely and there
should be some safeguard that the images are not being doctored. With
the raise of crime scene photographs, and surveillance cameras in
businesses the need for authenticity becomes greater. There have been
press photographers fired for doctoring digital images. How would you
like to be picked up for a bank robbery because your image was added to
a surveillance image by someone with a grudge against you?

With the Internet there are a number of photographers complaining about
their images being used by other sites without their permission or
their being compensated. Just because there is copyright notice, that
alone does not protect the photographer, writer or artist. The
copyright notice just notifies others that the artist is claiming
ownership. The artist still needs to prove he/she created the work
before the other claimant.

Granted for most hoggiest, this is not as important but even some
advanced hobbiest may need this feature at a later date.

Roy G wrote:
> <intrepid_dw RemoveThis @hotmail.com> wrote in message
> news:1157037761.092229.237190@i3g2000cwc.googlegroups.com...
> > All:
> >
> > I was wondering if anyone is aware of any efforts on the part of
> > digital camera manufacturers to establish any kind of baseline
> > technology for photo authentication (something that would allow an
> > end-user of an image to verify that it is unaltered from the time it
> > was taken)? I have heard of external systems that intercept photos as
> > they are downloaded to an external source, such as a PC, and then uses
> > that as their baseline, but it seems that process isn't comprehensive.
> >
> > I'm thinking in terms of embedding some sort of hash or thumbprint into
> > the actual image data that could be externally recomputed and validated
> > when the digital image is delivered to a third party. It might also be
> > implemented as a separate file that accompanies each photo image.
> >
> > This might imply some sort of a key system embedded in each camera's
> > firmware, with each camera possessing it's own private key or
> > certificate issued by the manufacturer and then used to "sign" the
> > image. There are other possibilities, of course, but that one came to
> > mind.
> >
> > Anyway, perhaps someone is already doing this at the camera level and
> > I'm just not aware of it, so any info would be appreciated.
> >
> > Thanks in advance,
> > -intrepid
>
> Why would anyone even think about doing that.
>
> They never even tried in the 100 years, or whatever, that silver technology
> was the main source of photos.
>
> Why would I want to pay for a feature which would just be a pain in the
> arse.
>
> Even if they did, some clever git would soon be spamming the News Groups
> with a Crack to get round it.
>
> Roy G
 >> Stay informed about: Digital Photo Security 

<intrepid_dw.DeleteThis@hotmail.com> wrote in message
news:1157037761.092229.237190@i3g2000cwc.googlegroups.com...
> All:
>
> I was wondering if anyone is aware of any efforts on the part of
> digital camera manufacturers to establish any kind of baseline
> technology for photo authentication (something that would allow an
> end-user of an image to verify that it is unaltered from the time it
> was taken)? I have heard of external systems that intercept photos as
> they are downloaded to an external source, such as a PC, and then uses
> that as their baseline, but it seems that process isn't comprehensive.
>
> I'm thinking in terms of embedding some sort of hash or thumbprint into
> the actual image data that could be externally recomputed and validated
> when the digital image is delivered to a third party. It might also be
> implemented as a separate file that accompanies each photo image.
>
> This might imply some sort of a key system embedded in each camera's
> firmware, with each camera possessing it's own private key or
> certificate issued by the manufacturer and then used to "sign" the
> image. There are other possibilities, of course, but that one came to
> mind.
>
> Anyway, perhaps someone is already doing this at the camera level and
> I'm just not aware of it, so any info would be appreciated.
>
> Thanks in advance,
> -intrepid

Why would anyone even think about doing that.

They never even tried in the 100 years, or whatever, that silver technology
was the main source of photos.

Why would I want to pay for a feature which would just be a pain in the
arse.

Even if they did, some clever git would soon be spamming the News Groups
with a Crack to get round it.

Roy G
 >> Stay informed about: Digital Photo Security 

Ben:

Thanks. I'll take a look at those search parameters you suggested.

While I realize (and agree) that a certain degree of forensic analysis
(and, for now, keen observation) will often reveal doctored
photographs, I was thinking more in terms of an integrated system that
provides the empirical mechanism for change detection, in much the same
way we use hashes to validate the correctness of an file, or even a
packet of network data over the wire.

I suspect that doctoring techniques are going to become increasingly
sophisticated, increasing the need for this type of technology -
wherein you conclusively assert a file has been altered because, eg,
the hashes don't match.

Thanks,
-intrepid





Ben Brugman wrote:
> I have seen an annoucement for a camera and/or
> flash memory especially with that in mind.
> (Forensics etc. aimed).
> In this camera together with the flash memory
> there was authentication on which camera
> had produced the picture, and there was a check
> that the picture was unaltered.
>
> Sorry but can't remember where I saw the announcement.
>
>
>
> (Try to Google on combinations of : Forensic, camera, authentication,
> integretty)
>
> But there are techniques to reveal that a digital
> picture has been altered. If the camera is available
> on can check the pictures 'noise' signature against
> the camera's noise signature.
> On can check statistically for the distribution
> of the different light levels.
> On can check statistically for the distribution
> of the different light levels for only parts of the picture.
>
> Most 'enhancements' of the picture on a original can
> be detected. If a picture is completely stripped of all
> aspecs going with the original, and the quality is reduced
> it is difficult to detect the 'enhancements'.
>
> Depending on the amount of effort (money) you have,
> most alterations on 'originals' can be detected.
>
> http://www.linuxelectrons.com/News/General/20060418195849566
>
> ben
>
>
>
>
>
>
>
>
> <intrepid_dw DeleteThis @hotmail.com> schreef in bericht
> news:1157037761.092229.237190@i3g2000cwc.googlegroups.com...
> > All:
> >
> > I was wondering if anyone is aware of any efforts on the part of
> > digital camera manufacturers to establish any kind of baseline
> > technology for photo authentication (something that would allow an
> > end-user of an image to verify that it is unaltered from the time it
> > was taken)? I have heard of external systems that intercept photos as
> > they are downloaded to an external source, such as a PC, and then uses
> > that as their baseline, but it seems that process isn't comprehensive.
> >
> > I'm thinking in terms of embedding some sort of hash or thumbprint into
> > the actual image data that could be externally recomputed and validated
> > when the digital image is delivered to a third party. It might also be
> > implemented as a separate file that accompanies each photo image.
> >
> > This might imply some sort of a key system embedded in each camera's
> > firmware, with each camera possessing it's own private key or
> > certificate issued by the manufacturer and then used to "sign" the
> > image. There are other possibilities, of course, but that one came to
> > mind.
> >
> > Anyway, perhaps someone is already doing this at the camera level and
> > I'm just not aware of it, so any info would be appreciated.
> >
> > Thanks in advance,
> > -intrepid
> >
 >> Stay informed about: Digital Photo Security 

I have to assume this is a naive question.

Given the increasing incidents of intellectual fraud emerging from
various media outlets arising from doctored photos, it doesn't take a
brain surgeon to realize that something has to be done to ensure the
integrity of an electronic image. The spectre of fabricated photos used
in civil or criminal trials is even more unsettling.

This isn't about "someone spamming the News Groups with a Crack,"
because it isn't about breaking into something or copying a DVD. It's
about leveraging a proven, existing technology into a new area for the
purposes of validation. It's becoming increasingly obvious that someone
must cultivate the ability to demonstrate that what is represented to
be an image capture of a specific event at a specific time is, in fact,
an accurate and true representation of what that camera saw when the
button was pressed.

For the hobbyist, day-to-day photo snapper, granted, this is hardly a
critical issue. If I were a professional photographer, however, I would
want to be able to advertise to any prospective purchaser of my
photographs that I, in fact, can prove I created them, and would be
able to affirmatively defend any attempt to misrepresent or alter them.
I would think that represents a value-add for the both the producer and
consumer of the photos so created.

-intrepid



> Why would anyone even think about doing that.
>
> They never even tried in the 100 years, or whatever, that silver technology
> was the main source of photos.
>
> Why would I want to pay for a feature which would just be a pain in the
> arse.
>
> Even if they did, some clever git would soon be spamming the News Groups
> with a Crack to get round it.
>
> Roy G
 >> Stay informed about: Digital Photo Security 

I have seen an annoucement for a camera and/or
flash memory especially with that in mind.
(Forensics etc. aimed).
In this camera together with the flash memory
there was authentication on which camera
had produced the picture, and there was a check
that the picture was unaltered.

Sorry but can't remember where I saw the announcement.



(Try to Google on combinations of : Forensic, camera, authentication,
integretty)

But there are techniques to reveal that a digital
picture has been altered. If the camera is available
on can check the pictures 'noise' signature against
the camera's noise signature.
On can check statistically for the distribution
of the different light levels.
On can check statistically for the distribution
of the different light levels for only parts of the picture.

Most 'enhancements' of the picture on a original can
be detected. If a picture is completely stripped of all
aspecs going with the original, and the quality is reduced
it is difficult to detect the 'enhancements'.

Depending on the amount of effort (money) you have,
most alterations on 'originals' can be detected.

http://www.linuxelectrons.com/News/General/20060418195849566

ben








<intrepid_dw RemoveThis @hotmail.com> schreef in bericht
news:1157037761.092229.237190@i3g2000cwc.googlegroups.com...
> All:
>
> I was wondering if anyone is aware of any efforts on the part of
> digital camera manufacturers to establish any kind of baseline
> technology for photo authentication (something that would allow an
> end-user of an image to verify that it is unaltered from the time it
> was taken)? I have heard of external systems that intercept photos as
> they are downloaded to an external source, such as a PC, and then uses
> that as their baseline, but it seems that process isn't comprehensive.
>
> I'm thinking in terms of embedding some sort of hash or thumbprint into
> the actual image data that could be externally recomputed and validated
> when the digital image is delivered to a third party. It might also be
> implemented as a separate file that accompanies each photo image.
>
> This might imply some sort of a key system embedded in each camera's
> firmware, with each camera possessing it's own private key or
> certificate issued by the manufacturer and then used to "sign" the
> image. There are other possibilities, of course, but that one came to
> mind.
>
> Anyway, perhaps someone is already doing this at the camera level and
> I'm just not aware of it, so any info would be appreciated.
>
> Thanks in advance,
> -intrepid
>
 >> Stay informed about: Digital Photo Security 

On Fri, 01 Sep 2006 09:15:22 -0400
Shawn Hirn <srhi DeleteThis @comcast.net> wrote:

> In article <1157037761.092229.237190 DeleteThis @i3g2000cwc.googlegroups.com>,
> intrepid_dw DeleteThis @hotmail.com wrote:
>
> > [... Q about whether any camera makers are implementing
> > cryptographic image authentication ...]
>
> I doubt it.

See the previous post about Nikon and Canon already implementing it in
some high end systems.

> What would be the market for such a technology

Crime scene photographers and journalists come to mind. It would
be a subset of the DSLR market, I guess.

> and how
> would it be implemented?

As has been described. Each camera has a unique public/private key
pair. It digitally signs each image using its private key. If you
can verify the signature using the public key, you can trust the
image as far as you trust the crypto algorithms the camera uses.

The major downside is that cryptography costs time and compute cycles,
and takes a bite out of the camera's energy budget. There is also
the issue that the private key must be protected against disclosure
at all costs. It's essentially the same challenge smart cards face.

> Most, if not all, journalists and other
> digital photographers do some modifications to their images before
> publication.

Of course. But they would still have the provably authentic original
to back up the published version.

One can imagine a draconian "trusted computing platform" where
hardware only runs trusted software and image editors preserve a
cryptographic derivation trail back to the original image. Such
extremes are not needed just to prove that an image has not been
significantly doctored.

Paul Allen

Paul Allen
 >> Stay informed about: Digital Photo Security 

In article <1157037761.092229.237190.DeleteThis@i3g2000cwc.googlegroups.com>,
intrepid_dw.DeleteThis@hotmail.com wrote:

> All:
>
> I was wondering if anyone is aware of any efforts on the part of
> digital camera manufacturers to establish any kind of baseline
> technology for photo authentication (something that would allow an
> end-user of an image to verify that it is unaltered from the time it
> was taken)? I have heard of external systems that intercept photos as
> they are downloaded to an external source, such as a PC, and then uses
> that as their baseline, but it seems that process isn't comprehensive.
>
> I'm thinking in terms of embedding some sort of hash or thumbprint into
> the actual image data that could be externally recomputed and validated
> when the digital image is delivered to a third party. It might also be
> implemented as a separate file that accompanies each photo image.
>
> This might imply some sort of a key system embedded in each camera's
> firmware, with each camera possessing it's own private key or
> certificate issued by the manufacturer and then used to "sign" the
> image. There are other possibilities, of course, but that one came to
> mind.
>
> Anyway, perhaps someone is already doing this at the camera level and
> I'm just not aware of it, so any info would be appreciated.
>
> Thanks in advance,
> -intrepid

I doubt it. What would be the market for such a technology and how would
it be implemented? Most, if not all, journalists and other digital
photographers do some modifications to their images before publication.
 >> Stay informed about: Digital Photo Security 

In many states if you want to use digital photos in a criminal case you have
to prove they haven't been changed. One way that I know of is to have the
RAW file.

R


"Paul Allen" <paul.l.allen.DeleteThis@NOSPAM.comcast.net> wrote in message
news:20060901085545.14133df9@granite.localdomain...
> On Fri, 01 Sep 2006 09:15:22 -0400
> Shawn Hirn <srhi.DeleteThis@comcast.net> wrote:
>
>> In article <1157037761.092229.237190.DeleteThis@i3g2000cwc.googlegroups.com>,
>> intrepid_dw.DeleteThis@hotmail.com wrote:
>>
>> > [... Q about whether any camera makers are implementing
>> > cryptographic image authentication ...]
>>
>> I doubt it.
>
> See the previous post about Nikon and Canon already implementing it in
> some high end systems.
>
>> What would be the market for such a technology
>
> Crime scene photographers and journalists come to mind. It would
> be a subset of the DSLR market, I guess.
>
>> and how
>> would it be implemented?
>
> As has been described. Each camera has a unique public/private key
> pair. It digitally signs each image using its private key. If you
> can verify the signature using the public key, you can trust the
> image as far as you trust the crypto algorithms the camera uses.
>
> The major downside is that cryptography costs time and compute cycles,
> and takes a bite out of the camera's energy budget. There is also
> the issue that the private key must be protected against disclosure
> at all costs. It's essentially the same challenge smart cards face.
>
>> Most, if not all, journalists and other
>> digital photographers do some modifications to their images before
>> publication.
>
> Of course. But they would still have the provably authentic original
> to back up the published version.
>
> One can imagine a draconian "trusted computing platform" where
> hardware only runs trusted software and image editors preserve a
> cryptographic derivation trail back to the original image. Such
> extremes are not needed just to prove that an image has not been
> significantly doctored.
>
> Paul Allen
>
> Paul Allen
 >> Stay informed about: Digital Photo Security 

On 31 Aug 2006 18:09:58 -0700, intrepid_dw.DeleteThis@hotmail.com, <intrepid_dw.DeleteThis@hotmail.com wrote:

> I suspect that doctoring techniques are going to become increasingly
> sophisticated, increasing the need for this type of technology -
> wherein you conclusively assert a file has been altered because, eg,
> the hashes don't match.

People will simply stop believing digital photos soon. I scanned
through my .newsrc (list of all available groups) for the word "fake",
and here are some examples of what I found...

alt.binaries.celebrities.fake.moderated
alt.binaries.pictures.nude.celebrities.fake
alt.binaries.pictures.nude.celebrities.fake.repost
alt.binaries.pictures.nude.celebrities.fake.sme-group

Some people obviously have too much time on their hands.

--
Walter Dnes; my email address is *ALMOST* like wzaltdnes.DeleteThis@waltdnes.org
Delete the "z" to get my real address. If that gets blocked, follow
the instructions at the end of the 550 message.
 >> Stay informed about: Digital Photo Security 

The digital signature process I'm referencing here (and was described
most succinctly by Paul Allen in his post) would allow someone to take
an image file and prove it was an unaltered copy of the original
produced by a specific camera. The change of even a single bit of image
data would cause the signature process to fail.

-intrepid

Hebee Jeebes wrote:
> In many states if you want to use digital photos in a criminal case you have
> to prove they haven't been changed. One way that I know of is to have the
> RAW file.
>
> R
>
>
> "Paul Allen" <paul.l.allen.TakeThisOut@NOSPAM.comcast.net> wrote in message
> news:20060901085545.14133df9@granite.localdomain...
> > On Fri, 01 Sep 2006 09:15:22 -0400
> > Shawn Hirn <srhi.TakeThisOut@comcast.net> wrote:
> >
> >> In article <1157037761.092229.237190.TakeThisOut@i3g2000cwc.googlegroups.com>,
> >> intrepid_dw.TakeThisOut@hotmail.com wrote:
> >>
> >> > [... Q about whether any camera makers are implementing
> >> > cryptographic image authentication ...]
> >>
> >> I doubt it.
> >
> > See the previous post about Nikon and Canon already implementing it in
> > some high end systems.
> >
> >> What would be the market for such a technology
> >
> > Crime scene photographers and journalists come to mind. It would
> > be a subset of the DSLR market, I guess.
> >
> >> and how
> >> would it be implemented?
> >
> > As has been described. Each camera has a unique public/private key
> > pair. It digitally signs each image using its private key. If you
> > can verify the signature using the public key, you can trust the
> > image as far as you trust the crypto algorithms the camera uses.
> >
> > The major downside is that cryptography costs time and compute cycles,
> > and takes a bite out of the camera's energy budget. There is also
> > the issue that the private key must be protected against disclosure
> > at all costs. It's essentially the same challenge smart cards face.
> >
> >> Most, if not all, journalists and other
> >> digital photographers do some modifications to their images before
> >> publication.
> >
> > Of course. But they would still have the provably authentic original
> > to back up the published version.
> >
> > One can imagine a draconian "trusted computing platform" where
> > hardware only runs trusted software and image editors preserve a
> > cryptographic derivation trail back to the original image. Such
> > extremes are not needed just to prove that an image has not been
> > significantly doctored.
> >
> > Paul Allen
> >
> > Paul Allen
 >> Stay informed about: Digital Photo Security 

All I was saying is that a lot of courts in a lot of states accept RAW files
as proof since there is no way to change them and then re-save them as the
cameras native Raw format. You can not open a Canon Raw file in Photoshop do
some cloning or other stuff and then save it back as a Canon Raw file. Canon
just being one example of a brand a Raw file format.

This is easier and cheaper than some of the systems you have mentioned, as
most of those systems don't come standard with the cameras. However, it is
nice that they are offered for those that really need them.

I recently read an article that suggests that because of digital cameras and
programs like Photoshop that photos today are nearly to the point that they
are proof of nothing. I don't know if I fully agree, but I can see a time
coming that this will be the case.

R


<intrepid_dw.DeleteThis@hotmail.com> wrote in message
news:1157203588.773942.292540@b28g2000cwb.googlegroups.com...
> The digital signature process I'm referencing here (and was described
> most succinctly by Paul Allen in his post) would allow someone to take
> an image file and prove it was an unaltered copy of the original
> produced by a specific camera. The change of even a single bit of image
> data would cause the signature process to fail.
>
> -intrepid
>
> Hebee Jeebes wrote:
>> In many states if you want to use digital photos in a criminal case you
>> have
>> to prove they haven't been changed. One way that I know of is to have the
>> RAW file.
>>
>> R
>>
>>
>> "Paul Allen" <paul.l.allen.DeleteThis@NOSPAM.comcast.net> wrote in message
>> news:20060901085545.14133df9@granite.localdomain...
>> > On Fri, 01 Sep 2006 09:15:22 -0400
>> > Shawn Hirn <srhi.DeleteThis@comcast.net> wrote:
>> >
>> >> In article <1157037761.092229.237190.DeleteThis@i3g2000cwc.googlegroups.com>,
>> >> intrepid_dw.DeleteThis@hotmail.com wrote:
>> >>
>> >> > [... Q about whether any camera makers are implementing
>> >> > cryptographic image authentication ...]
>> >>
>> >> I doubt it.
>> >
>> > See the previous post about Nikon and Canon already implementing it in
>> > some high end systems.
>> >
>> >> What would be the market for such a technology
>> >
>> > Crime scene photographers and journalists come to mind. It would
>> > be a subset of the DSLR market, I guess.
>> >
>> >> and how
>> >> would it be implemented?
>> >
>> > As has been described. Each camera has a unique public/private key
>> > pair. It digitally signs each image using its private key. If you
>> > can verify the signature using the public key, you can trust the
>> > image as far as you trust the crypto algorithms the camera uses.
>> >
>> > The major downside is that cryptography costs time and compute cycles,
>> > and takes a bite out of the camera's energy budget. There is also
>> > the issue that the private key must be protected against disclosure
>> > at all costs. It's essentially the same challenge smart cards face.
>> >
>> >> Most, if not all, journalists and other
>> >> digital photographers do some modifications to their images before
>> >> publication.
>> >
>> > Of course. But they would still have the provably authentic original
>> > to back up the published version.
>> >
>> > One can imagine a draconian "trusted computing platform" where
>> > hardware only runs trusted software and image editors preserve a
>> > cryptographic derivation trail back to the original image. Such
>> > extremes are not needed just to prove that an image has not been
>> > significantly doctored.
>> >
>> > Paul Allen
>> >
>> > Paul Allen
>
 >> Stay informed about: Digital Photo Security 

On Sat, 2 Sep 2006 09:49:40 -0700
"Hebee Jeebes" <nospam.DeleteThis@nospam.com> wrote:

> All I was saying is that a lot of courts in a lot of states accept
> RAW files as proof since there is no way to change them and then
> re-save them as the cameras native Raw format. You can not open a
> Canon Raw file in Photoshop do some cloning or other stuff and then
> save it back as a Canon Raw file. Canon just being one example of a
> brand a Raw file format.

Some states may be assuming that RAW files cannot be altered, but they
do so without (or against) the advice of any skilled programmers they
might have access to. Dcraw knows how to decode most camera RAW formats
and it is open source. Given a decoder, it is a simple matter for a
determined programmer to produce an encoder. Therefore, RAW files
cannot be considered unalterable just because the camera makers keep
the format secret. Security through obscurity isn't.

> This is easier and cheaper than some of the systems you have
> mentioned, as most of those systems don't come standard with the
> cameras.

Easier and cheaper. Not sufficient.

> However, it is nice that they are offered for those that
> really need them.

Yup, and given the likely size of the market for secure images, the
two makers who currently offer the technology may be all that are
needed. Who knows? I'm neither a crime scene photographer nor a
journalist.

> I recently read an article that suggests that because of digital
> cameras and programs like Photoshop that photos today are nearly to
> the point that they are proof of nothing. I don't know if I fully
> agree, but I can see a time coming that this will be the case.

Ummm, right. The article's author thought something new was
happening? When was the first doctored silver photograph used as
evidence in court? The only thing that's changed is the ease of use
of the tools. The motivation to alter images has always been there.

Paul Allen
 >> Stay informed about: Digital Photo Security 

"Walter Dnes (delete the 'z' to get my real address)" <wzaltdnes.TakeThisOut@waltdnes.org> wrote:
>On 31 Aug 2006 18:09:58 -0700, intrepid_dw.TakeThisOut@hotmail.com, <intrepid_dw.TakeThisOut@hotmail.com wrote:

>> I suspect that doctoring techniques are going to become increasingly
>> sophisticated, increasing the need for this type of technology -
>> wherein you conclusively assert a file has been altered because, eg,
>> the hashes don't match.

> People will simply stop believing digital photos soon. I scanned
>through my .newsrc (list of all available groups) for the word "fake",
>and here are some examples of what I found...

>alt.binaries.celebrities.fake.moderated
>alt.binaries.pictures.nude.celebrities.fake
>alt.binaries.pictures.nude.celebrities.fake.repost
>alt.binaries.pictures.nude.celebrities.fake.sme-group

> Some people obviously have too much time on their hands.

I dunno. Does the word "fake" refer to their nudity or
to their celebrity?

---- Paul J. Gans
 >> Stay informed about: Digital Photo Security