Ad
Ad
Ad
Pages: « 1 [2]   Bottom of Page
Print
Author Topic: Can a raw file be doctored?  (Read 6370 times)
madmanchan
Sr. Member
****
Offline Offline

Posts: 2108


« Reply #20 on: July 29, 2008, 04:04:16 PM »
ReplyReply

Joh, your reasoning is flawed. The validation system works by grabbing the image data from the raw file, computing the MD5 hash, then comparing that computed hash with the digest stored in the file metadata. If they match, it's considered good. If not, it's considered bogus.

If an adversary modifies the original data and updates the hash, then the original hash no longer exists (it's been overwritten). So the validation system has no way of knowing that the data has been modified. It'll run thru the above check and say "looks good to me."
Logged

John.Murray
Sr. Member
****
Offline Offline

Posts: 893



WWW
« Reply #21 on: July 29, 2008, 04:24:32 PM »
ReplyReply

I believe the original post was about detecting whether a file was altered . . .

That (at least to me) would imply there was something to compare it against.  Any reasonable chain of evidence would include documentation.  The built in features in the new DNG spec allow:

Quick and easy documentation at the ingestion phase - run dng_validate.exe and generate a human readable text file of metadata and fields.

The ability of *anyone* to post process within that same file for presentation, yet be assured that the data upon which the presentation is based is unaltered - run dng_validate and compare . . . .

I've never suggested that the new DNG spec replace "rules of evidence", rather it greatly enhances and benefits them.
« Last Edit: July 29, 2008, 04:28:52 PM by Joh.Murray » Logged

bjanes
Sr. Member
****
Offline Offline

Posts: 2763



« Reply #22 on: July 29, 2008, 07:11:29 PM »
ReplyReply

Quote
Joh, your reasoning is flawed. The validation system works by grabbing the image data from the raw file, computing the MD5 hash, then comparing that computed hash with the digest stored in the file metadata. If they match, it's considered good. If not, it's considered bogus.

If an adversary modifies the original data and updates the hash, then the original hash no longer exists (it's been overwritten). So the validation system has no way of knowing that the data has been modified. It'll run thru the above check and say "looks good to me."
[{POST_SNAPBACK}][/a]


From the above discussion, it would appear that many technically accomplished programmers could easily doctor a raw file without detection by the methods discussed. However, other methods may reveal tampering. Some of these are discussed in a recent volume of Scientific American:

[a href=\"http://www.sciam.com/article.cfm?id=digital-image-forensics]http://www.sciam.com/article.cfm?id=digital-image-forensics[/url]

Be sure to read the sidebar:

http://www.sciam.com/article.cfm?id=5-ways-to-spot-a-fake

The recent Iranian photos of a missile launch were crude attempts at cloning:

http://www.sciam.com/article.cfm?id=is-that-iranian-missile

In legal cases it is still necessary to have the photographer testify that the picture in question accurately represents what he/she saw and it is also important to preserve the chain of evidence as previously mentioned.

Bill
Logged
feppe
Sr. Member
****
Offline Offline

Posts: 2909

Oh this shows up in here!


WWW
« Reply #23 on: July 30, 2008, 07:16:14 AM »
ReplyReply

I haven't read the DNG specifications, but it is entirely possible to have a "secure" or forensic camera to make an MD5 (or whatever) hash with its own key. Any new hash made would show that the adjustments are not done by the camera, ie. it was adjusted off-camera.

This would not only validate the photo was not altered, but also which camera took the photo. Again, making a new hash would only serve the purpose of validating that the hash is correct, but it would also show the source of the hash (ie. alteration) is different than the camera.

In similar way, Lightroom or Photoshop could conceivably have a plugin which would also sign the hash with its own key.

For those who are interested in the nitty-gritty, google "public key cryptography."
Logged

Bradley Proctor
Full Member
***
Offline Offline

Posts: 150



WWW
« Reply #24 on: July 30, 2008, 11:35:04 AM »
ReplyReply

Quote
I haven't read the DNG specifications, but it is entirely possible to have a "secure" or forensic camera to make an MD5 (or whatever) hash with its own key. Any new hash made would show that the adjustments are not done by the camera, ie. it was adjusted off-camera.

This would not only validate the photo was not altered, but also which camera took the photo. Again, making a new hash would only serve the purpose of validating that the hash is correct, but it would also show the source of the hash (ie. alteration) is different than the camera.

In similar way, Lightroom or Photoshop could conceivably have a plugin which would also sign the hash with its own key.

For those who are interested in the nitty-gritty, google "public key cryptography."
[a href=\"index.php?act=findpost&pid=211721\"][{POST_SNAPBACK}][/a]

Now we're getting somewhere
Logged

Panopeeper
Sr. Member
****
Offline Offline

Posts: 1805


« Reply #25 on: July 30, 2008, 06:31:18 PM »
ReplyReply

Quote
Now we're getting somewhere
We are not getting anywhere. The topic was and is NOT if a photographer can verify if his/her image has been modified. No additional info is necessary (checksum, digest, key) if the original is available.

The topic is, how an image can be proven as being the original to a third party, for example in court. In other words: how can one prove, that an image is original, not compared to another version, but on its own.

It is possible to encode a digest like MD5 using an asymmetric key; however, the private part of that key has to be preserved somewhere. It can be stored in the camera firmware, in which case only the manufacturer knows the key - as long as no-one makes the effort to find it.

Doing the same in Photoshop, etc. is a dead-born idea. What should that prove? That I have successfully processed the image in Photoshop?

Methink some posters don't understand the difference between watermarking and authentication.
Logged

Gabor
Bradley Proctor
Full Member
***
Offline Offline

Posts: 150



WWW
« Reply #26 on: July 30, 2008, 08:52:59 PM »
ReplyReply

Quote
We are not getting anywhere. The topic was and is NOT if a photographer can verify if his/her image has been modified. No additional info is necessary (checksum, digest, key) if the original is available.

The topic is, how an image can be proven as being the original to a third party, for example in court. In other words: how can one prove, that an image is original, not compared to another version, but on its own.

It is possible to encode a digest like MD5 using an asymmetric key; however, the private part of that key has to be preserved somewhere. It can be stored in the camera firmware, in which case only the manufacturer knows the key - as long as no-one makes the effort to find it.

Doing the same in Photoshop, etc. is a dead-born idea. What should that prove? That I have successfully processed the image in Photoshop?

Methink some posters don't understand the difference between watermarking and authentication.
[a href=\"index.php?act=findpost&pid=211882\"][{POST_SNAPBACK}][/a]

Methinks some posters are a little grumpy this evening.

I think we've established that there must be more information than the file itself for this concept to work.  An MD5 hash embedded in the file doesn't do any good, but the use of encryption like feppe suggested at least allows that additional piece of information to to stay consistent and is a step in the right direction.  Hence, "Now we're getting somewhere."
Logged

bernie west
Full Member
***
Offline Offline

Posts: 132



« Reply #27 on: July 31, 2008, 06:10:45 AM »
ReplyReply

Quote
It is possible to encode a digest like MD5 using an asymmetric key; however, the private part of that key has to be preserved somewhere. It can be stored in the camera firmware, in which case only the manufacturer knows the key - as long as no-one makes the effort to find it.

[a href=\"index.php?act=findpost&pid=211882\"][{POST_SNAPBACK}][/a]

The key could be hardware based, as opposed to software, I believe.  The down-side might be processing time for keys of any meaningful length.
Logged
Marlyn
Sr. Member
****
Offline Offline

Posts: 253


« Reply #28 on: July 31, 2008, 11:00:45 PM »
ReplyReply

For a system to work where you can verify the contents hasn't changed since it was Origionally created, the data would have to be signed, generally by a digital Certificate.

You could sign the entire file, or you could just sign the MD5 Hash potentially,

For the best end-to-end system, this would have to take place IN the camera, but I suspect it could also take place at the first download, when done by law enforcment maintaining a chain of evidence.

Mark.
Logged
Guillermo Luijk
Sr. Member
****
Offline Offline

Posts: 1275



WWW
« Reply #29 on: August 02, 2008, 05:35:48 AM »
ReplyReply

If the camera had its own hardware code to encode the key into the RAW file, and only the owner of that camera (for instance the forensic corps making use of it) had access to that camera, then it is certainly possible in a court to prove:
* That the RAW file in discussion was actually produced by that particular camera
* That the RAW file has not been altered

but only as long as the owner of the camera has not access to the hardware code and algorithm to generate the key.

If the owner of the camera has access to that information, they (and only they) could only prove:
* That the RAW file in discussion *could* actually have been produced by that particular camera

So the problem is here again. It all depends on who has access to the original camera and its inner data, and what their intentions or legal confidence are.
Logged

jerryrock
Sr. Member
****
Offline Offline

Posts: 561



WWW
« Reply #30 on: August 02, 2008, 02:49:09 PM »
ReplyReply

Canon has been producing data verification kits for it's line of Digital EOS cameras since the 1Ds in 2002. These kits provide data verification for law enforcement and other documentary purposes.

Canon DVK-E1 (discontinued) for the EOS 1Ds
Canon DVK-E2 (discontinued)for the EOS 1Ds, 1D Mark II(n), 1Ds Mark II, 1D Mark III, 5D, 30D, 20D, 20Da.

Current model is the OSK-E3 which was introduced in 2007 with the EOS 1D Mark III. It support all previously supported models of Canon EOS cameras. Price = $650. (US)
« Last Edit: August 02, 2008, 02:49:27 PM by jerryrock » Logged

Gerald J Skrocki
skrockidesign.com
Pages: « 1 [2]   Top of Page
Print
Jump to:  

Ad
Ad
Ad