Signing pictures -- how hard, how long?
At the Media Lab, some people have begun discussing the ease with which digital pictures can be altered. One suggested way of ameliorating the problem is to have the original photographer append something like a PGP signature to the picture. This doesn't stop the original photographer doctoring the picture before signing it, but it does stop (I think) people downstream from undetectably doctoring the pic. And if the subject of the photo wants to claim it's been doctored, there's a clearly-responsible person's signature attached. Anyone performing an operation which changed the bits (such as cropping) would have to generate a new signature associating his name with the set of alterations. With luck, newspapers and other information deliverers who care about their reputations would not accept unsigned pictures (just as they don't take pix today without the proper releases). The end user would not likely see the signatures (though they could be delivered and checked in software invisibly to the user), but people with reputations and liability on the line would. One associated question has to do with the soon-to-be-productized next generation of high-end movie cameras. These are all-digital at the source, so the question becomes: how hard would it be to build in digital signing at the source. In theory, you'd like every frame (probably 70 fps in the ultra-high end HDTV cameras) to be signed -- how long would that take? You'd like the signature hardware built into the camera -- what would that cost? Can we come up with a relatively reliable way for the camera operator to handshake with the camera so that it's *his* signature appended to each frame? Perhaps by using some hand-held plug-in module to carry the key or to generate an unique session key each time the camera is turned on? In my opinion we're never going to get a 100% unspoofable system. But I think that a pretty straightforward signature system can get us to a level of reliability where there is at least someone somewhere we can point the finger at as the potential source of doctoring. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex@media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 an53607@anon.penet.fi The belief that enhanced understanding will necessarily stir a nation to action is one of mankind's oldest illusions.
Actually, I was talking to someone the other day about this same problem, and spun out approximately the same solution. The important part would be a fast MD5 chip or equivalent (very fast algorithm) and the camera would only periodicallly sign the result. The question in my mind is, "do you want to sign every N frames, or only from the digital equivalent of a control track break to a control track break." (Obviously digital cameras don't have control track breaks, but a certified one would need to create an equivalent.) For use in legal matters, I'd assume you'd need to put seals on the device, or something, that were periodically inspected, to make sure the signal wasn't tampered with before hitting the signature module. I'd imagine that you _could_ incorporate the cameraperson's key, but more likely it would be some key issued by the certifying agency (a very high-rep individual or organization) that inspected the camera periodically, placed the seals, etc. A problem I see: highly realistic projections might outpace camera tech, so that you could just be projecting something and recording it. Might be thwarted by inclusion of a GPS inside the sealed part of the module. I was reading David Brin's _Earth_, and one of the things he posits are these legions of senior citizens with TruVue (or something) glasses that are apparently certified for crime reporting. -- ---------------- /\ Douglas Barnes cman@illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\
From: "Alan (Miburi-san) Wexelblat" <wex@media.mit.edu>
At the Media Lab, some people have begun discussing the ease with which digital pictures can be altered. One suggested way of ameliorating the problem is to have the original photographer append something like a PGP signature to the picture. [...] One associated question has to do with the soon-to-be-productized next generation of high-end movie cameras. These are all-digital at the source, so the question becomes: how hard would it be to build in digital signing at the source. In theory, you'd like every frame (probably 70 fps in the ultra-high end HDTV cameras) to be signed -- how long would that take?
Well, the compression problem that others have mentioned is going to be one problem, and an additional problem that occurs to me is that putting the signature mechanism into the camera may not be the best locatoin for it. I do not know of any work that people would want to sign (e.g. would be worth protecting from fraud) that did not undergo some post-processing... One idea that sort of popped into my head if people want to do post-processing signatures has to do with something else I remember hearing about from the media lab: you stack all of the frames together into a sort of cube structure (like a deck of cards, for example) and then select and sign random number of planes from different angles that intersect this cube. While not impervious to the fraud you are trying to detect, it does create a much more managable detached signature (somehow I think that creating 4200 signatures per minute is going to end up being viewed as a bit unwieldy... :) I think that you could even make the plane selection ahead of time and then do it on-the-fly as the work is being filmed. You just keep track of which/where planes will intersect the frame being generated and store the results of these intersections to a buffer that is then signed before the storage media is ejected. jim
participants (3)
-
Alan (Miburi-san) Wexelblat -
cman@caffeine.io.com -
Jim McCoy