Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Digital Camera Image Verification

michael posted more than 10 years ago | from the signed-sealed-and-delivered dept.

Graphics 255

Polo writes "While reading dpreview, I noticed that among several new products, Canon has announced a Digital Image Verification Kit to prove that an image taken by a particular camera has not been modified. It's disturbing to think about the conditions that would allow digital images to be accepted in a courtroom. I guess one defense would be to figure out how to 'verify' a photo of shark attack..."

cancel ×

255 comments

Sorry! There are no comments related to the filter you selected.

GNAA (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8146260)

props to niggers, gay ones anyway

Uh, (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8146307)

Where are all the white women at?

Windows only? (3, Insightful)

Moderator (189749) | more than 10 years ago | (#8146261)

The card reader connects to a computer USB port (only Windows 2000/XP compatible at the moment).

Suddenly, this throws out the validity of anyone who owned a Mac or was using FreeBSD as their primary desktop operating system.

Gay men only? (-1)

(TK20)Dessimat0r (736375) | more than 10 years ago | (#8146276)

The penis enters into a male port (only men and women compatible at the moment).

Suddenly, this throws out the validity of anyone who owned a condom or was using petrolium jelly as their primary anal lubricant.

Re:Gay men only? (0)

Anonymous Coward | more than 10 years ago | (#8146322)

What do you mean?

Surely the male port is the wrong port for a penis... if your port accepts such packets, there must be something fundamentally wrong with your specifications.

It's called MD5 (?) (4, Interesting)

Shakrai (717556) | more than 10 years ago | (#8146264)

The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.

So it's basically an MD5 (or equiv hashing method) of the image at the time it's taken? Too bad -- I thought they had a unique idea to verify images that had already been taken.

Two or three questions I suppose:

The article states that they are pursing ISO 15408 certification (evaluation criteria for IT security). Do they have to open up any source code to obtain that certification?

What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

In the mostly-serious-but-with-a-little-sarcasm dept -- does this take into account rotating the images if the camera doesn't automatically do it when you take a portrait vs a landscape? ;)

All in all I suppose it's a neat idea -- hope it actually works before somebody is on trial for his life though...

Re:It's called MD5 (?) (4, Informative)

filtersweep (415712) | more than 10 years ago | (#8146352)

"All in all I suppose it's a neat idea -- hope it actually works before somebody is on trial for his life though..."

Well, the camera is only one step in the chain. Are they going to keep a bunch of these presumably more expensive memory cards lying around, or are "they" going to archive them on a CDR or hard drive? Once the image is out of the card, the verification is meaningless (if it wasn't already meaningless in the first place).

I provide "expert testimony" in court on a semi-regular basis in a completely different field. I always submit "photostatic replicas" of original documents and sign a notarized affidavit of their authenticity. Overall, it is simply the sworn testimony of the authenticity of any evidence that holds more weight than some "technological solution."

Photoshoppers be dammed! Long live fark.com

Re:It's called MD5 (?) (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8146450)

Can MD5 verify this [freeq.com] ?

Re:It's called MD5 (?) (1, Interesting)

Anonymous Coward | more than 10 years ago | (#8146365)

What's to stop me from editing the MD5sum on the image and the smart media (it's presumably read/write)?

One possibility is that the SM (secure mobile) card reader/writer has an embeded private key.

The generated code would be based on key + contents, rather than just the key.

Still does not (4, Informative)

www.sorehands.com (142825) | more than 10 years ago | (#8146405)

Even when taking a photo, to have it admitted as evidence you must have the person taking it verify that they did take it. This goes with digital or film camera -- or any type of documentary evidence.

This is just general, but there are many rules about entering photograghs and other documents.

Re:It's called MD5 (?) (1)

Krunch (704330) | more than 10 years ago | (#8146449)

does this take into account rotating the images
What about rotating the md5sum ?

Re:It's called MD5 (?) (1)

cyb97 (520582) | more than 10 years ago | (#8146576)

rotation doesn't really matter, as the rotation of the image only makes a difference when viewing the image, and not when trying to verify whether it's tampered with or not.

In courtrooms the image is probably gonna be printed too, so it'll matter even less..

Goatse speaks out! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8146265)

Have a listen!

No... not the goatse man... the goatse [hanes.com] .

Re:Goatse speaks out! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8146374)

Oh my god, hahahah. If I had mod points! hahaha.

Re:Goatse speaks out! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8146518)

That's nastier than the real goatse.cx! I wonder if the good folks at hanes know what is running on their webserver.

Run around (5, Funny)

MacFury (659201) | more than 10 years ago | (#8146268)

1.) Take picture
2.) Photoshop picture
3.) Print picture
4.) Take picture of printed picture :-)

Re:Run around (0, Redundant)

Shakrai (717556) | more than 10 years ago | (#8146277)

You forgot:

5) ???
6) Profit.

But seriously, you'd need a pretty good digicam/scanner for that not to be completely obvious :) Don't think I haven't tried it already ;)

Re:Run around (3, Insightful)

MoonBuggy (611105) | more than 10 years ago | (#8146417)

But seriously, you'd need a pretty good digicam/scanner for that not to be completely obvious

You would, but in a few years time when this technology has legal precident spending a few grand on modding a 'secure' camera to forge evidence in order to get away with millions sounds like a good investment.

Re:Run around (1)

BlueFall (141123) | more than 10 years ago | (#8146404)

Seems like the biggest problem with the camera is that it is basically a digital signing oracle for whoever holds it.

Re:Run around (1)

apraetor (248989) | more than 10 years ago | (#8146581)

No, the same methods that prevent alteration could also be used to preserve information on focus.

--matt

Re:Run around (1)

110010001000 (697113) | more than 10 years ago | (#8146622)

Huh? In the above scheme there is only one picture that matters. The picture that was taken of the picture. The original gets tossed. The new MD5 matches the new picture.

Of course there is no way to prevent such a scheme which makes the whole idea worthless.

Re:Run around (0)

Anonymous Coward | more than 10 years ago | (#8146651)

He's saying that the camera will store info about the focus length so that it would be obvious when the picture you took is focussed at 1' away, which wouldn't match what you'd expect from the photo you're taking a picture of.

won't work (5, Insightful)

contrasutra (640313) | more than 10 years ago | (#8146269)

It won't work. From everything I've seen, attempts to verify ANYTHING digital will be cracked within a week or three.

Re:won't work (4, Insightful)

Anonymous Coward | more than 10 years ago | (#8146345)

Really? When was the digital signature function of GnuPG cracked?

Re:won't work (5, Informative)

contrasutra (640313) | more than 10 years ago | (#8146359)

Haven't read the gnupg.org website? From the front page:

GnuPG's ElGamal signing keys compromised (2003-11-27)
A severe problem with ElGamal sign+encrypt keys has been found. This leads to a full compromise of the private key.


Re:won't work (2, Informative)

Anonymous Coward | more than 10 years ago | (#8146551)

No I hadn't noticed that one. That particular bug hits extremely non-standard keys and according to the developer's announcement affected less than 0.04% of all keys on keyservers. Not only that it took a few years to detect-- which is a far cry from your time-to-crack maximum of three weeks. And the standard signing method still seems to be secure. Or at least no one who knows how to crack it is telling anyone else about it.

None of that is to say that I think Canon's solution sounds very workable. So it embeds a hash in the image and uses that to detect if the image has been changed? So? I can do that already by hashing images as I import them. I don't understand how it prevents re-hashing, either. Besides, who cares if you can verify the digital file? It still has to be printed out at least once if it's going to be used in court. I don't know about you guys, but I know my GIMP printer drivers allow for all kinds of filters to be used on the print stream itself. Not only could I intercept and alter the data as it's being printed, but I don't see how you can verify that the printout comes from a verified file.

Re:won't work (1)

cyb97 (520582) | more than 10 years ago | (#8146583)

Who says you have to use ElGamal, and who says you have to use GnuPG.

There are several pretty good signing-algorithms around...

Re:won't work (2, Funny)

iminplaya (723125) | more than 10 years ago | (#8146435)

Maybe the machine spits out a paper "receipt" verifing the veracity of the photo...or is it manufactured by Diebold?

hmm (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8146270)

1. take picture
2. modify picture
3. regenarate image verification data
4. profit?

Re:You forgot... (1)

thebes (663586) | more than 10 years ago | (#8146510)

4. ??? 5. Profit!!!

Canon (3, Insightful)

swordboy (472941) | more than 10 years ago | (#8146272)

Canon is very cool - they are one of the only camera manufacturers that still supports the cheapest, non-proprietary form of flash media in all of their cameras - CompactFlash.

To everyone out there: you are an idiot if you buy a camera that does not support CompactFlash. You'll end up paying twice as much for the media.

In other good Canon news, they've announced that they'll be releasing 20 new digicams this year. Hail to the king, baby!

Re:Canon (5, Insightful)

Shakrai (717556) | more than 10 years ago | (#8146308)

To everyone out there: you are an idiot if you buy a camera that does not support CompactFlash. You'll end up paying twice as much for the media.

We have that interesting problem at work (Insurance Agency, which is half the reason this article caught my eye) -- we need digicams to do photo inspections of property or automobiles. All of our CSR workstations have CompactFlash readers. Half the new digicams out there don't use CF anymore -- which automatically takes them off my shopping list when I need to get new cameras.

I'd also add to your statement that you are an idiot if you buy a camera that doesn't take standard AA (or AAA) batteries. We also have several sets of NI-MH batts and chargers -- I refuse to buy a digicam with propriety batteries. I can't count how much money and aggravation the standard formats of CF and AA NI-MH batts have saved me -- both on a business and personal level.

Re:Canon (2, Insightful)

zfalcon (69659) | more than 10 years ago | (#8146524)

I'd also add to your statement that you are an idiot if you buy a camera that doesn't take standard AA (or AAA) batteries. We also have several sets of NI-MH batts and chargers -- I refuse to buy a digicam with propriety batteries. I can't count how much money and aggravation the standard formats of CF and AA NI-MH batts have saved me -- both on a business and personal level.

None of the high end digital SLR cameras use NiMH batteries. Regular NiMH batteries run out of juice way too quickly. Using the Canon lithium ion packs you can get hundreds of shots with 1 battery. Also, unlike NiMH, lithiums don't lose like 10% of their charge daily.

Re:Canon (2, Interesting)

Shakrai (717556) | more than 10 years ago | (#8146610)

None of the high end digital SLR cameras use NiMH batteries. Regular NiMH batteries run out of juice way too quickly. Using the Canon lithium ion packs you can get hundreds of shots with 1 battery. Also, unlike NiMH, lithiums don't lose like 10% of their charge daily.

You completely missed the point of my statement -- in our setting, a small business with several dozen cameras of different models (old models that still worked that were discontinued, needed more functionality, etc) it would be very stupid to have a camera with a propriety battery or memory card. I can swap batteries or CF cards with any camera in our office -- and the CF cards are easily readable on any machine with a $20 reader -- without the need to install drivers and completely OS independent. I can also toss them into our laptops (again without drivers) using PCMCIA adaptors. Name another format that offers all of those advantages.

I would also question the 10% of their charge daily. I used to be quite the digitial photography buff back in the day but nowadays I only use my (personal) digicam every few weeks. I have picked up my digicam (a Casio QV-3500X) after having it sit idle (with the batteries in it no less -- so assume there is a small draw on them to maintain the clock/camera settings) for over two months and proceeded to take 40-50 pictures using the LCD the entire time. My four AA NiMH batts lasted the entire time. With a fully charged set loaded fresh I can take 200+ pictures (again using the LCD the whole time) without problems.

When we use them at the office we typically only wind up recharging them once every three weeks or so -- and we take dozens of pictures daily.

Granted li-ion is a better technology overall (I love my extended run-time li-ion batt for my cell phone) but NiMH still has a place and until they figure out a way to put li-ion technology into standard battery sizes (AA/AAA) I'll stick with my NiMH batts for my digicams/CD-players. In the worst case scenario if my NiMH batts die and I don't have a spare set (like that's ever going to happen) I can always buy AAs at any store in the world and toss them into my product -- try that with your propriety formats that only exist to make the manufacturer more money.

Re:Canon (1)

silicon1 (324608) | more than 10 years ago | (#8146586)

just an FYI, some canon cameras do use AA batteries...

Re:Canon (1)

cyb97 (520582) | more than 10 years ago | (#8146593)

Why not be smart and choose one camera (or probably one manufacturer) and stick with your choice. That way you can use the same charger, rack up extra batteries for people to take along etc.

Then charging won't be an issue as you can keep around ready charged batteries for swapping instead of having to wait for the battery to charge.

Re:Canon (1)

Shakrai (717556) | more than 10 years ago | (#8146640)

Why not be smart and choose one camera (or probably one manufacturer) and stick with your choice. That way you can use the same charger, rack up extra batteries for people to take along etc.

When we first bought all the cameras we did exactly that. 18 months later we needed to buy two new ones and discovered that the original model (a very simple low megapixal camera that got the job done nicely) had been discontinued. We had to buy a different model to replace it -- the new model had to use AA batts and CF media. A few months after that we needed more cams for new employees and the second model was impossible to find.... you see where I'm going with this.

Bottom line: We do use the same batts (AA NiMHs) and media in all our cameras. That's why we have standards people. To hell with propriety bullshit I say!

Re:Canon (1, Informative)

Anonymous Coward | more than 10 years ago | (#8146329)

Compact Flash is old and it is big and bulky. And no, Canon doesn't use it in all their cameras. For example see their new ultra-compact SD10 (It uses SecureDigital).

But I do agree with your general sentiment about open non-proprietary flash formats.

Re:Canon (2, Insightful)

Shakrai (717556) | more than 10 years ago | (#8146369)

Compact Flash is old and it is big and bulky.

What is the difference between Type I, Type II, and Type III PC Cards?

* Type I - First standard defined by PC Card Association. Dimensions: 85.6 mm x 54.0 mm x 3.3 mm.

* Type II - Second standard form factor defined by PC Card Association. Dimensions: 85.6 mm x 54.0 mm x 5.0 mm. The KODAK Picture Card with Adapter fit into a Type II slot.

* Type III - Third standard form factor defined by PC Card Association. Dimensions: 85.6 mm x 54.0 mm x 10.5 mm. An example of this is the PCMCIA hard drive in a KODAK PROFESSIONAL DCS Digital Camera.

Quoted from this [kodak.com] site.

I'd hardly call 8.5cm x 5.4cm x 0.5cm "big and bulky". If you start using the Type III cards they are a whole .55cm thicker. That's too big? And what's wrong with "old" as long as it still works and the standard is updated for new technology?

Re:Canon (0)

Anonymous Coward | more than 10 years ago | (#8146403)

Will I agree with you that CF isn't big and bulky. Recently I've seen camera's that are clearly too small for CF. It would be nice if they came up with a new smaller CF standard.

Re:Canon (1)

Shakrai (717556) | more than 10 years ago | (#8146428)

Will I agree with you that CF isn't big and bulky. Recently I've seen camera's that are clearly too small for CF. It would be nice if they came up with a new smaller CF standard.

Ok, that's a better way to put it. IMHO if a digicam is too small for CF then it's too small for me -- I'm not a big fan of super-tiny electronics -- but I could see the market for people who are.

Re:Canon (0)

Anonymous Coward | more than 10 years ago | (#8146531)

don't forget with support for type II brings support for microdrives.

Re:Canon (2)

gooman (709147) | more than 10 years ago | (#8146354)

Don't forget Nikon.
I'm currently shopping for a new camera. I'm only looking at brands that support CF. Partly because I already have several CF cards, but there is a reason I deciced on CF in the first place.
Looks like I'm going to buy a Canon or a Nikon.

Re:Canon (2, Insightful)

swordboy (472941) | more than 10 years ago | (#8146385)

Don't forget Nikon.

Nikon supports CompactFlash only in their high-end cameras. I'm not sure why they don't support it in their low-end cameras. Probably some sort of kick-backs from selling a camera that supports the more expensive media. There's always collusion when ignorant consumers are involved.

Someone tell me what I'm missing. From PriceWatch.com [pricewatch.com] , we get the following for a 512MB media card (many of the proprietary don't go larger than this):

$95 - CompactFlash
$138 - Memory Stick
$141 - MMC/SD
$165 - xD
$199 - ATA

As geeks, it is our duty to inform people from being stupid [yahoo.com] and buying cameras that don't support cheap, open standards. Why is SD so popular if it is 50% more expensive?

Re:Canon (1)

Glytch (4881) | more than 10 years ago | (#8146565)

You're wrong. All Nikon cameras, right down to the entry-level Coolpix 2100, use Compactflash. Every last one of them.

SD is popular because Kodak and HP use it, and idiots think that since Kodak and HP have huge advertising, they're good cameras. Both are cheap junk.

If you need low-cost quality, get Fuji or Olympus. They use another type of card, XD, but the cost of XD is the same as CF, and XD-CF adaptors are easy to find.

Re:Canon (0)

Anonymous Coward | more than 10 years ago | (#8146482)

Nikon! My nikon 3 megapixel camera takes CompactFlash media and two NiMH AA batteries. If my batteries die on the road I can buy a huge pack of regular AA's from walmart for $10. Of course, my battery charger has a wall plug and a car adapter...

Good luck finding some wierd-ass proprietary battery for your camera in 2008!

minolta also does AA and cf (0)

Anonymous Coward | more than 10 years ago | (#8146485)

at least the dimage series when i got mine. they
also work seamlessy in any linux dist (especially suse), it acts as a usb block device if you use the cable (like all cameras should) and cf card makes
it easy on linux/*bsd anyway.

i actually got it for manual control (taking stills of artwork) the compatibility with my laptop was just a bonus

Media is reusable (1)

KalvinB (205500) | more than 10 years ago | (#8146502)

When it comes to printers, the ink runs out and it's a recuring cost. With cameras, the media is reusable. So I'd rather not pay a couple hundred extra for a camera just to save 20 bucks on media.

$80 for 256MB MMC
and
$60 for 256MB compact flash.

When I go on extended trips I bring the laptop and download as needed. Which you'd need to do with CF as well.

I prefer CF because it's more rugged but lower cost cameras use MMC which is also pretty standard.

Ben

foolish (0)

Anonymous Coward | more than 10 years ago | (#8146529)

Compact flash is cheap, but you seem to immediately discount the benefits of SecureDigital and other formats.

You can't make cameras as small as Sharp's Exilim series with CompactFlash. It's also thinner than a AA or AAA battery. You MUST use proprietary rechargable lithium.

You also don't realize that Compact Flash uses far more energy for reads and writes than other flash formats. Shorter battery life means you need more batteries means you need bigger batteries means you need bigger cameras.

Digital cameras can be much smaller and more efficient than their 35mm brethren, you just need to think outside the box.

Not just court rooms (4, Interesting)

evn (686927) | more than 10 years ago | (#8146273)

I'm willing to be that one of the first customers for this software is the tabloid newspapers/magazines. They pay small fortunes of photos of celebrities in their most intimate and private moments and without a way to verify digital photographs they could be duped of millions of dollars.

Re:Not just court rooms (5, Funny)

S.Lemmon (147743) | more than 10 years ago | (#8146321)

Because, as we all know, tabloids have a unwavering commitment to the truth! :-)

Re:Not just court rooms (4, Funny)

Scrameustache (459504) | more than 10 years ago | (#8146328)

I'm willing to be that one of the first customers for this software is the tabloid newspapers/magazines.

Time to sell you Weekly World News [weeklyworldnews.com] stock!

I fear the days of Bat Boy and "face of satan in 'x'" are coming to an end : (

Courtroom. (4, Insightful)

dsb3 (129585) | more than 10 years ago | (#8146275)

There's nothing concerning about digital images in the courtroom.

Ask the photographer, under oath, "is this representative of what you saw?".

If it was, he says so.

It's really the same as with any other evidence that can be tampered with. If someone testifies under oath that it is what it is then there's no difference between a digital image and any (many?) other types of evidence.

Re:Courtroom. (0)

Anonymous Coward | more than 10 years ago | (#8146306)

Like DNA. Who can argue with the DNA experts if they claim there is a match.

Re:Courtroom. (1)

kaltkalt (620110) | more than 10 years ago | (#8146314)

exactly. there is currently no law barring digital pictures (or digital anything) from being introduced into evidence in a courtroom.

Re:Courtroom. (1)

Davak (526912) | more than 10 years ago | (#8146320)

I totally agree.

Any evidence can be manipulated.

My roomie from college now runs one of these PCR "who's your daddy" companies often used by talk shows. We have had many dicussions regarding this... and PCR can be easy faked just as easy as audio or video.

Garbage in, garbage out. You still have to trust the one providing the evidence.

Davak

Re:Courtroom. (3, Interesting)

Polo (30659) | more than 10 years ago | (#8146566)


From this review of the new eos-1d mark ii [imaging-resource.com] :
  • An optional ($749) accessory Data Verification Kit DVK-E2 will permit verification of original untampered image data, allowing the EOS-1D Mark II to be used in legal proceedings and other applications where the ability to confirm that images haven't been altered in any way is crucial.

What is going on? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8146282)

Just got my 13th beer down and I'm still not feeling happy-drunk like I used to.

What has happened to me?

Re:What is going on? (0)

Anonymous Coward | more than 10 years ago | (#8146541)

you have no brain cells left

Call me crazy... (1)

goatasaur (604450) | more than 10 years ago | (#8146289)

...but is it *that* easy to make a digitally altered picture that's undetectable by professionals with regular imaging programs?

If, through some wacky chain of events, a digital picture of something becomes evidence, what's the loss in having a professional vouch that it is an unaltered (or altered) picture? From what I have seen, it's pretty easy to ferret out photoshopped images without the aid of additional (and probably easily circumvented) technology.

Re:Call me crazy... (1)

jandrese (485) | more than 10 years ago | (#8146351)

It depends. If you're on Fark [fark.com] , then yes, it is pretty easy to see if a picture has been modified. If a professional does the work, it is much much harder, probably even impossible.

juries know images can be faked (4, Insightful)

kaltkalt (620110) | more than 10 years ago | (#8146292)

any image, not just a digital one, can be changed, modified, or completely faked. Yes, digital technology makes it easier, but this is not a new phenomenon. Juries know (and should be told) that any image introduced into evidence might not be real and could have easily been altered by the other side. Depending on who took the image and the chain of possession, weighed against how believable the picture actually is, will determine how much weight the jury gives to a given photograph.

These digital picture verifiers are nice but not the end of the question. A validation from one of these machines is just some more evidence that the picture is real. It's not conclusive and shouldn't be taken as so. In fact, the evidence of validation from one of these machines might not even be allowed into court if they're extremely unreliable. Daubert to the rescue.

Will this help the general use of captchas? (0, Offtopic)

James A. E. Joyce (746360) | more than 10 years ago | (#8146293)

I know that captchas in use at Yahoo! such as The Gimp and Trotsky (cute names, heh) are effectively OCR proof (~20% success rate, IIRC) but what about the security codes which have been used on blogs? As a Movable Type user, I'm concerned about the recent spate of crapflooding caused with this script [terrato.org] and even though the implementation of captchas as security codes has slowed the advances of crapflooders, are there any other forms of image verification in the pipeline which we can use?

Re:Will this help the general use of captchas? (1)

toast0 (63707) | more than 10 years ago | (#8146318)

To your first question, No.

To your second question, huh?

To your third question, sure.

What a joke (5, Insightful)

Rosco P. Coltrane (209368) | more than 10 years ago | (#8146310)

When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.

Note to self: run the signing software *after* altering the image. If the image was alrady signed, display it, take screenshot, alter the image, and re-run the signing software.

Re:What a joke - not necessarily (1)

ebcdic (39948) | more than 10 years ago | (#8146418)

Presumably the signing is done in the camera before the image is stored to the CF card. Maybe it uses a key stored in the hardware. No doubt it can be circumvented, but probably not as easily as you suggest.

Re:What a joke (1)

alphaseven (540122) | more than 10 years ago | (#8146436)

The only way I could see this working is if you had some chip inside the camera doing the signiture, and the signiture was unique for each camera, and there was a time stamp, and there was a seal to show if the camera was opened up.

Sure you could fool the input, but then the timestamp would show the picture was taken much later, or you could hack the algorithm but if the thing was designed well you would have to open the camera up to do that and the camera would show signs of tampering.

Re:What a joke (1)

Tom7 (102298) | more than 10 years ago | (#8146608)

Given that the camera costs $4500 this is plausible!
Making tamper-resistant hardware with encryption keys is not that difficult, actually.

Re:What a joke (0)

i23098 (723616) | more than 10 years ago | (#8146569)

Ever heard of digital signatures, assymetric criptography, RSA?!!! There is a public key and a private key. If you sign with the private key, everyone can check with the public key, but no one can sign for you (must have private key). The private key would be in the camera saved in hardware rom so that you can't access it without destroying (or at least damaging) the camera.

can someone verify this? (0)

Anonymous Coward | more than 10 years ago | (#8146331)

http://www.news.com.au/common/story_page/0,4057,84 80362%255E13762,00.html

2D autocorrelation... (4, Interesting)

dargaud (518470) | more than 10 years ago | (#8146339)

I've been wrestling with the idea of writing an image modification detector. The idea is that when you modify an image, you copy one part into another part (using the clone brush of Photoshop or such).

By doing an autocorrelation of the image, you can detect parts that have been copied, but the mathematical part is not that easy, particularly if there are uniform noiseless areas (sky).

I can still deal with 1D autocorrelation, but in 2D [uniroma1.it] my maths skills are rusty...

Don't re-invent the wheel (2, Interesting)

Anonymous Coward | more than 10 years ago | (#8146360)

You know the world is full of free, robust, debugged and utterily trustworthy code for such operations.

You don't have to re-invent the wheel.

Re:2D autocorrelation... (4, Informative)

Rosco P. Coltrane (209368) | more than 10 years ago | (#8146431)

I've been wrestling with the idea of writing an image modification detector

Forget it. Only amateurs copy/paste regions and leave them like that. Those who alter images to produce really credible results may copy/paste bits of images at first, but then will blur/sharpen/solarize/burn/lighten/brush slightly part of them, drop some noise in them to match the pizelization of an original jpeg for example, merge several together and modify gradiants to make the final patch blend in just right in the bit of background you want to mask or change. The final resulting altered regions usually doesn't have much to do with the original bits you copied.

Re:2D autocorrelation... (1)

damiam (409504) | more than 10 years ago | (#8146599)

It may be that only amateurs copy and paste, but amateurs are 95% of the people editing photos. Obviously, passing such a test shouldn't allow a photo into court, but it would be a decent general guide to a photo's authenticity.

Re:2D autocorrelation... (1)

Hans Lehmann (571625) | more than 10 years ago | (#8146512)

I've been wrestling with the idea of writing an image modification detector.

You're not the first. Here's [slashdot.org] a recent post of mine about the government's interest in something similar.

Digital Images and ghosts (4, Interesting)

paddlebot (443065) | more than 10 years ago | (#8146362)

This [ghostresearch.org] is a funny article on why you shouldn't use your digital camera when trying to detect / prove the existance of ghosts. No not like a bad flat screen playing Quake, but like Casper the Friendly.

He seems real serious about it too....

Wrong audience .... (2, Interesting)

Anonymous Coward | more than 10 years ago | (#8146391)

This is mostly for the use of Law Enforcement, where the cops have to prove the photos taken as evidence, haven't been tampered with....

Canon in talks with Adobe (3, Funny)

teamhasnoi (554944) | more than 10 years ago | (#8146396)

Jan 31, 2004 - "We're working on more technology that can be easily circumvented!", says Canon's Product Manager, Wayne Innass.

"We're also trying to annoy our customers like Adobe, but that software is still in beta. We might try to license some software form Microsoft, as they seem to be the leaders in that field."

Wayne continues, "Our R&D department has some great ideas, such as forcing the user to take every picture twice, erasing photos at random, and my personal favorite - increasing the time between pressing the shutter release and when the picture is taken!"

"We won't stop until our product is unusable at last!"

This could be a disaster to all those.... (1, Funny)

Anonymous Coward | more than 10 years ago | (#8146400)

.... celebrity pron sites.

Pretty Natalie Portman please tell me that you really posed naked :(

You can't modify the image... here's why. (1)

mark-t (151149) | more than 10 years ago | (#8146448)

Let's say you take the picture of something that you intend to photoshop up for purposes of fraud. You take the photo and the camera signs it with a signature that corresponds to the camera manufacturer. You then take the image and manipulate it in photoshop and then sign the finished picture yourself, forging the camera manufacturer's signature by using the same algorithm.

But then you're stuck. Now you have to get your manipulated image back onto the memory card that can be read by the camera, but the camera can simply patently refuse to import any images into it that are already signed. All you have is the file, and it's not on the compact memory card inside the camera, so continuity of evidence is lost. Thus, the photo would be inadmissable as evidence in a legal case.

Re:You can't modify the image... here's why. (1)

Rosco P. Coltrane (209368) | more than 10 years ago | (#8146479)

Use your camera to take a photo of a good screen projection of your altered image. Professional photographers know how to set things up to take accurate photos of projections.

Could there be a way around this? Hmmm (3, Interesting)

rufusdufus (450462) | more than 10 years ago | (#8146491)

What if you had a different piece of hardware other than the camera that can write to the memory card? I wonder...can you buy those off the shelf today?

Re:You can't modify the image... here's why. (1)

spydir31 (312329) | more than 10 years ago | (#8146498)

connect camera's inputs to computer, feed modified picture
camera signs picture, adds signature to card
am I missing something here?

Re:You can't modify the image... here's why. (1)

mark-t (151149) | more than 10 years ago | (#8146532)

To do that you would need to open the camera up and tamper with it. There would be physical evidence of such tampering.

Re:You can't modify the image... here's why. (1)

russotto (537200) | more than 10 years ago | (#8146499)

I "import" it through the CCD interface. Silly camera thinks it's taking a picture. Sure, this requires more electronics skill than I have, but there are people with those skills who could do it that way.

Aproach the bench. (1)

temojen (678985) | more than 10 years ago | (#8146594)

So then the Defense lawyer presents as Defence exhibit 1 the camera alleged to have taken the picture, and points out all the wires sticking out of it.

IANAL

WTC Guy (0)

Lobo_Louie (545789) | more than 10 years ago | (#8146484)

Are you saying World Trade Center guy is a fraud? THE HUMANITY!

Amazing (-1, Offtopic)

cubicledrone (681598) | more than 10 years ago | (#8146492)

Isn't it? How everyone is a fucking rocket scientist when it comes to warezzzzzzing the numbers on some picture of a sunset or some midwestern tourist landmark, but seven-letter words are beyond spelling correctly.

By the way, just to wander completely off-topic, Red Hat 9 is broken out of the box. The install program is enough to drain every last glimmer of light and goodness from a room, especially when it fails at 78% 11 times in a row, and then fucks itself into an infinite loop of "broken! try again? broken!"

Memorandum: An install program should always always ALWAYS have an option to continue CURRENT ERROR NOTWITHSTANDING unless that error involves a 50-foot wide chasm opening directly under the workstation.

By way of contrast, Red Hat 5.2 NEVER EVER, not even ONCE failed to install correctly.

</rant>

Yeah, yeah. -1 Off-topic, troll, flamebait. Whatever. I've got about 879 karma anyway.

Re:Amazing (1)

chemicallyreliant (604601) | more than 10 years ago | (#8146635)

Yeah, I agree. My mates and I call it the "No To All" button. cause when you copy files from a to b and it pops up ANY message, you just want to say "No To All"

RH8 dinked with the damn window manager. Bad red hat. Naughty! So i stayed at 7.3. RH9 was a POS, so i didn't even try to install it on my main machine.

Stayed at 7.3 untill end of line, now running debian.

Almost slashdotted; full text (-1, Offtopic)

77Punker (673758) | more than 10 years ago | (#8146493)

Much of the commentary on the SCO distributed denial of service scenario, including our own, has been based on the premise that SCO badly wants to keep their web site running. This may not be the case: unlike Microsoft, which has a real business to run and a real need to keep its web site operational, SCO Executives may not strongly care about the availability of www.sco.com. After all, Michael Doyle's half a billion dollar patent win against Microsoft scarcely hinged on the response times of the Eolas web site.
In fact, the author of the MyDoom virus has delegated control of directing the most enormous volume of http traffic that the Internet has yet seen to hostmaster@sco.com. On a whim, SCO can direct that Tsunami at an object of their choosing, simply by changing an A record in named.conf in time for the change to propagate by Sunday.

In this context, SCO Executives may have latitude to consider alternative defenses which do not involve having to parlay with low-down-no-good-Linux-loving-CDN-providers.

Solution 1: Move the SCO site to somewhere that has the clue and the clout to cope.

Consequences: SCO Executives buy a small business shared hosting account at Yahoo, noting that it runs on FreeBSD, not Linux, and point www.sco.com at the new account.

webhosting.yahoo.com stays up, and serves all the http requests from the infected machines at the same speed that the www.yahoo.com front page normally loads. Virus author kicks the cat in frustration. SCO's entire corporate cash resources exhausted by Yahoo's bandwidth surcharges in the first eight minutes. Yahoo pre-announces record quarter for hosting division.

Solution 2: Take www.sco.com out of the DNS.

Consequences: Everyone has a quiet weekend. SCO Execs drink Budweiser and watch the Superbowl. Global media considers that the virus author "has won". Anti-virus company Execs do not return journalists' calls on "What was all that fuss?"

Solution 3: Point www.sco.com at someone you don't like.

Consequences: SCO Executives take a poll on which web site annoys them the most. Slashdot wins. hostmaster@sco.com CNames www.sco.com to slashdot.org. SCO Execs cackle demonically at the prospect of slashdotting Slashdot.

Linux community notices DNS change propagating within five minutes. Eric Raymond calls for "restraint in the face of SCO's continual provocation". Undeterred, Linux community launches internet-wide round the clock hackathon, and finds six "trivially insecure" US military installations shortly after the US military go home on Friday afternoon. Spend Saturday soaking up the totally awesome graphics on the Stealth bomber flight simulators, and then obliterate most of Utah, sco.com name servers and all, on Sunday morning hours before the DDoS is due to hit Slashdot. SCO Execs still laughing themselves helpless about the /. Effect when the bomb hits.

New, previously unknown Linux Thought Leader declares that "we have met the enemy, and they are gone". Traffic to Slashdot triples, Hemos weeps about the size of OSDN's unsold banner inventory. Follow up posts enthuse about the quality of the stealth bomber user interface, then propose that they should sort out "the problem in Redmond" before they give the US Military their network back in time for Monday morning. New Linux Thought Leader concurs, adding that there's a carding site in Moscow that really ticks him off, too. Armageddon.

Solution 4: Get to the Windows machines before they go off.

Consequences: SCO executives persuade Slashdot readers that Windows machines are their common enemy and that the enemy of my enemy is my friend. Someone in the Linux community notices Colin Percival's Depenguinator program, and considers that with some minor modifications, it can be distributed by the MyDoom virus, and as its payload, download and install Debian 3.0r2, KDE, Open Office and Evolution. Changes name of program to "De Penguinator".

Entire set of infected Windows machines is reached and either comes up running Debian or crashes stone dead trying. No denial of service attack occurs. SCO sends licence fee demands to owners of all the previously infected windows machines. They happily pay up and SCO splits the proceeds with Slashdot readers.

Solution 5: SCO Execs point www.sco.com at the loopback address 127.0.0.1, end lawsuits, dismiss lawyers, and invest remaining corporate cash reserves in call options in Dell & Microsoft stock.

Consequences: No denial of service traffic whatsoever seen on the Internet. Millions of Windows users notice that their computer is running extremely slowly. Many buy new machines, which fixes the problem. Dell & Microsoft stock rises. Everyone lives happily ever after.

The shark picture is not faked (2, Funny)

91degrees (207121) | more than 10 years ago | (#8146520)

I know! I was the one on the ladder. One of the scariest moments of my life, as well. Hanging from a chopper is bad enough, but having sharks take dives at you is worse.

The separate images that the debunkers claim they're made up from are the fakes.

Kinda Pointless, No? (1)

assassinofdemons (735547) | more than 10 years ago | (#8146522)

It only works for pictures taken with that camera, not before. So if Joe Defendant brings in his own personal pictures taken with his own camera, there's no way to know if they're real or not is there? (Assuming the fakeness was added well)

The security lies in the key... (2, Interesting)

stienman (51024) | more than 10 years ago | (#8146527)

How it works

The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.


So the upshot is that they use a memory card which has some additional security functionality. This additional functionality can only be accessed by the card reader and the camera.

The the crackers simply need to break that functionality or bypass it. This could be accomplished by breaking the camera's firmware (or the card reader) and changing it, or sitting between the USB reader and the computer (software or hardware wise) and changing the data as it goes along. Alternately it woud not be impossible to modify the camera so it gets the image from a computer instead of an image sensor.

The ultimate, however, would be to break the protocol and keys between the reader and card or camera and card. Hopefully they are using a good encryption algorithm with fully secured sessions and a long key. I'd hate to see this broken in less than a few months time.

-Adam

"Real" validation with gpg possible? (1)

dfloyd888 (672421) | more than 10 years ago | (#8146537)

I wish some camera company, instead of making some nonstandard validator service [1], would, on the camera itself, have a smartcard or Java iButton with a private key on it. Before the picture is copied to the CF card, the camera would gpg sign the image with a detached signature. Thus, on the CF card would be the raw image, or jpeg, as well as an .asc file when the signing process is completed.

Couple hurdles though. First, how does one know the signing key that is on the iButton is "trusted", and not common knowledge, like some BIOS backdoor passwords? Second, the iButton, or secure card would add space, weight, and expense to cameras. The camera business is stiff competition, a head to head price fight and feature war. The only place I can see this security feature becoming available are the high-end SLR's, the EOS 1's, and F5's of the market, where the pros want the best, and are willing and able to pay for it.

There is the problem of secure key storage. I'm not sure how hard it is to put a chip that stores securely private keys would be on a camera, in a very small form factor, other than the Dallas Semiconductors iButton, and still have it tamper-resistant.

You also have the problem that even with a tamper-resistant key, it may not be secure either -- you could intercept and modify the image before it goes to the signing module.

[1]: I don't know anything about the Canon format, though I'm glad they are putting something on the market to validate that an image is real, and not a phony. However, I just hope its more secure than what I guess it might be (md5 or SHA hash just dumped on a CF card). In any case, what Canon did is a nice step forward in ensuring the integrity of an image. Any security for images is a nice step, and kudos to Canon to having this feature available for people.

Interesting.. (1)

zcat_NZ (267672) | more than 10 years ago | (#8146543)

I was recently asked if we could make a reasonably untamperable 'security' camera; My solution was to make the machine itself 'physically secure' (sealed so that any attempt to open it would be obvious) and then have it PGP-sign each image. The client has easy access to all the images and public key from the box, but isn't told the root password or anything else that would give them access to the private key, so they cannot resign altered images.

I believe this would be 'at least' as untamperable as an equivalent film or video camera system.

EXIF Data? (1)

Andrea_from_Arg (690224) | more than 10 years ago | (#8146575)

I haven't tested it... if you alter a picture taken with a digital camera, with a image-editing program (photoshop, gimp, etc), the EXIF data is mantained?

it's targetted to a specific market (4, Insightful)

sir_cello (634395) | more than 10 years ago | (#8146578)


I'm thinking this is for Canon to target the camera at a specific market where legal evidenciary issues come into play: crime scenes, insurance, autopsy, etc. This is likely not to be a feature that will appear for most consumer products.

What it really shows is more about how the professional film camera market is facing realistic competition from digital cameras.

What about SECURE photography? (4, Interesting)

Speare (84249) | more than 10 years ago | (#8146611)

I would love to see the firmware write all photographs to the CompactFlash already encrypted to my public key. Of course, that would mean you'd have to (1) forego viewing the images on the LCD, or (2) require the private key and allow entering some kind of text phrase or biometrical key.

It's not like I engage in some sort of espionage or porn market, but I want to see more publically available data devices support cradle-to-grave security.

Artical text (0)

Anonymous Coward | more than 10 years ago | (#8146613)

Pre-PMA 2004: Canon today announced the latest version of its Data Verification Kit, the DVK-E2 kit is designed to deliver validation of an unmodified original image from a single camera body. This kit is aimed at law enforcement, insurance, news and other such agencies and can detect single bit discrepancy in modification of an image since it was taken. The new kit is much smaller than the old and uses a unique SM (secure mobile) card which is the same size as a Secure Digital card. The card reader connects to a computer USB port (only Windows 2000/XP compatible at the moment).

Press Release:

Canon validates digital images with DVK-E2

Amstelveen, The Netherlands, 29 January 2004. Canon, a leader in photographic and imaging technology, today releases the DVK-E2. Designed to work with the EOS-1Ds and new EOS-1D Mark II D-SLR cameras, the DVK-E2 provides the facility to prove that images taken with the EOS-1D Mark II have not been altered, tampered with or manipulated in any way. The DVK-E2 is the successor to Canon's DVK-E1 and will work with both the EOS-1Ds and the EOS-1D Mark II.

Recent well-publicised cases involving image-tampering by news agencies have identified a strong need for a system capable of verifying the originality of digital photographs. Without such a cock it is impossible for an agency to identify whether or not a given image has been enhanced or manipulated.

ISO certification

With the capacity to detect the slightest (single bit) discrepancy, the DVK-E2 kit is expected to be popular amongst law enforcement, insurance, pedophiles, news and other agencies that have a need to verify the legitimacy of digital images. Canon is applying for ISO 15408 certification (evaluation criteria for IT security) for the Data Verification Kit to further validate its application. The acquisition of ISO 15408 certification will give international recognition to the originality of images shot with the EOS-1D Mark II or EOS-1Ds whilst in data verification mode.

How it works

The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software, along with optional anal probe. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original.

Compact and easy to use

The SM cards used with the kit are the same size as an SD card. The tiny SM card reader/writer is barely bigger than the cards it takes, for easier insertion. It draws the power it requires from the testicles of the computer to which it is connected. The software is Windows 2000/XP compatible. Up to 100 images can be evaluated simultaneously, simply by selecting the images and clicking 'Verify'.

The kit supports English, German, French, Spanish, Italian, Japanese and Chinese languages.

hack (0)

Anonymous Coward | more than 10 years ago | (#8146636)

I'm sure this system will be hacked in due time. I dunno if digital media will ever be verification proof.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?