TransWikia.com

Can digital cameras sign images to prove authenticity?

Photography Asked on June 21, 2021

Beyond the metadata/EXIF/IPTC (which can be easily altered), is it possible to prove that an image is authentic? If this is not possible, how does a photojournalist prove the authenticity of an original image?

Can digital cameras sign images to prove authenticity? How does this work, and what cameras can do it?

8 Answers

Yes, this capability exists to some extent, but not through "signing" the image in the normal sense. It's based on the sensor noise patterns. Jan Lukáš, Jessica Fridrich, and Miroslav Golja (and a few others) at SUNY Binghamton have done work relating to two fields - identification of digital cameras using sensor noise patterns and identification of digital image forgeries using sensor noise patterns.

Something like this paper probably discusses what you are looking for. By detecting interruptions and inconsistencies in the noise pattern produced by the sensors that capture an image, it is possible to detect what parts of a digital image may have been manipulated. It's not a trivial process by any means, but research has been done on using the characteristics of the hardware to perform this type of task.

The last time I did work in this field was about 5 years ago, so I'm a bit out of touch with the latest and greatest, but I do know that law enforcement and the press are both interested in this capability (or at least were 5 years ago). You might have to do some digging to see if/how this has advanced, but it seems to be the best bet at proving authenticity. I just don't see it as something an individual would have on their own.

Correct answer by Thomas Owens on June 21, 2021

Yes, they can sign images.

This should prove authenticity although a team claims to have cracked Canon's implementation. Another team did the same for Nikon.

So this is like most digital security issues, it will prove authenticity or monumental effort to circumvent it ;)

Answered by Itai on June 21, 2021

The inherent problem here is that if you have physical access to the device that can sign/decrypt the data, you can always break the security. So it is fundamentally impossible, while you can make it harder by using various tricks.

Answered by Zds on June 21, 2021

Based on the mix of tags applied to this question, I think there is an important distinction to be made. While there may be technologies which prove an image is unaltered at a digital level, that does not extend to the content as it might be applied with respect to the photojournalism tag. Suppose I take a lemon and paint it the appropriate shade of green. I then take a picture. I may be able to prove to you the picture is unaltered, but it is still a picture of a lemon and not a lime. Ethics aside, I'm not sure you can apply the same analysis to the journalism as to the image.

Answered by cdkMoose on June 21, 2021

is it possible to prove that an image is authentic?

I've been told that Japanese police are using cameras with "tamper-proof storage". As far as I can tell, they are ordinary off-the-shelf digital cameras, with special write-once read-many (WORM) storage cards.

Answered by David Cary on June 21, 2021

The Canon image authentication kit can do this. As with anything related to security, there are technical and physical aspects. Others have pointed out the technical aspects have been called into question, but they still apply assuming you have good physical security. The kit includes an sd card, and it is important to verify where the card has been, and in whose possession at all times. Only then, along with the software kit, can you be assured of authenticity.

http://www.canon.co.jp/imaging/osk/index.html

Answered by cmason on June 21, 2021

In general the software on most cameras does not support this, but in theory it is definitely possible. The camera could directly encrypt the image with a public key and since it can only be decrypted with the private key, that could be held only by whoever needs to verify the images. For more details on what is meant by public and private keys, look up RSA Encryption and/or read https://en.wikipedia.org/wiki/Public-key_cryptography for a general overview.

People that hacked the NX300 firmware were able to get very close to this (only downside was that the image was still being written to the card once before being encrypted and deleted, a deeper knowledge of the firmware could change avoid the initial write).
https://sites.google.com/site/nxcryptophotography/

I am not aware of any commercial camera supporting a feature like this from the factory.

If the image is still meant to be viewable, then invisible sorts of signatures can be used (look up "steganography"), but in general these can still be manipulated. Some forms might be altered by manipulation, so there is some potential to detect inauthentic versions.

Itai's answer does mention an attempt at verification that Canon and Nikon made, but doesn't go into the details, and neither did the links. In the case of Nikon:

"ElcomSoft research shows that image metadata and image data are processed independently with a SHA-1 hash function. There are two 160-bit hash values produced, which are later encrypted with a secret (private) key by using an asymmetric RSA-1024 algorithm to create a digital signature. Two 1024-bit (128-byte) signatures are stored in EXIF MakerNote tag 0x0097 (Color Balance).

During validation, Nikon Image Authentication Software calculates two SHA-1 hashes from the same data, and uses the public key to verify the signature by decrypting stored values and comparing the result with newly calculated hash values.

The ultimate vulnerability is that the private (should-be-secret) cryptographic key is handled inappropriately, and can be extracted from camera. After obtaining the private key, it is possible to generate a digital signature value for any image, thus forging the Image Authentication System." -- https://blog.elcomsoft.com/2011/04/nikon-image-authentication-system-compromised/

So they commit the cardinal sin of cryptography, the private key really should not be on the camera, or if it is, it needs to itself be encrypted in a way that prevents extraction. This is of course quite difficult, and the private keys should probably be created/distributed by a channel completely independent of the camera. The method above for the NX300 would only require the public key to be on the camera, but has it's own downsides, like not having previews on camera (the image is encrypted and with no private key it can't be decrypted on the camera). Of course the camera could keep both the encrypted and never-encrypted version, in which case the never-encrypted one can be considered a sort of preview of the official authentic image, which is strictly speaking never seen until authenticated by decryption with the private key.

In the court case scenario this would mean that these private keys would need to be held by the courts, not be those taking the photos or that might deal with them along the way. In the case of photojournalism the private keys could be held by the editors or by independent regulatory bodies. From a marketing standpoint these are a bit difficult to set up, since these individuals and institutions would need to learn how to create private/public key pairs and to distribute the public keys and how people are meant to load the public key to their camera, and people would need to be storing a bunch of encrypted photos they're never going to see as 'just in case' evidence. In the IT space this sort of thing is common enough though, e.g. there are many tutorials on setting up these kinds of keys for SSH.

Edit1: Changed to not say the private key is used on the camera, I think it is not but is just stored there.
Edit2: The hashing approach they use is space saving, but even without the private key it may be possible to make edits to the photo that conform with the hashes in some constrained way.

Answered by ttbek on June 21, 2021

If the camera signs the image, then you can prove that the image hasn't been altered since it was taken by that particular camera.

In many cases, we apply some post processing. And just using another RAW converter, such as Adobe Camera Raw or Capture One is also post processing in that respect. The file you distribute did not originate from the camera.

Another problem is that each camera would need it's own unique digital signature for this, a process that would make production more complex.

So a much more practical application is to sign it with a digital signature belonging to the photographer. Then anybody can verify that the picture originates from that photographer, and has not been tampered with.

Although I have a good knowledge on cryptographic signatures in general, I am not an expert in how to apply this to photographs, and standards that could apply. This paper however touches on that subject: http://people.csail.mit.edu/kimo/publications/jpeg/tifs11a.pdf

Answered by Pete on June 21, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP