One of the most palpable concerns about digital media is whether it can be trusted. One of the topics that I am researching and writing about in my PhD is the authentication of digital media. In this article and the article that will follow, I provide an overview of active and passive forgery detection techniques. I have not included academic and technical references due to space and formatting limitations.
Image alteration detection consists of active and passive techniques. Active techniques require prior knowledge of the image’s content and metadata, e.g., watermarks, digital signatures, or steganography. This prior knowledge is required to determine whether alteration has occurred and the specific alterations performed. Conversely, passive techniques do not require prior knowledge of image content and metadata. These techniques focus on determining whether an image has undergone forgery operations such as copy-move or spatial alterations of image content. Methods used by forensic experts to ascertain image authenticity typically involve assessing digital signatures, watermark examination, forensic image analysis, and phylogeny reconstruction. In this article I will focus on active forgery detection, with a focus on digital signatures and watermarks. Passive forgery detection will be the focus of the article to follow.
A digital image consists of binary data and possesses a unique mathematical value which can be ascertained using a digital signature hashing algorithm. Determining the digital signature of an image at the acquisition or pre-processing stage can assist with authentication because if it is determined that a subsequent version of the image has a different hash value from a predecessor, this would furnish evidence of image alteration. This active detection technique will be of most value if the hash value is computed by the camera itself upon image acquisition, e.g., when first recorded by the camera. Specialized software and expertise are required to make these mathematical assessments. These hash assessments are critical when determining integrity and authenticity. Hash values are among the metadata typically stripped from the image when uploaded to social media, making image authentication challenging. One of the benefits of a digital signature system is that no image alteration is caused by the signature as nothing is added to the image content. When available, digital signatures are a robust method of determining whether an image has been altered from one version to the next.
Watermarking is an active detection technique used to verify image integrity and authenticate image content through the insertion of a digital mark (watermark) or message (steganography) in such a way that the image appears visually unchanged. They are used to identify alterations in an image as between different iterations. Watermarks are used for the varied purposes of data monitoring, copyright protection, and image authentication. Invisible watermarks used for image authentication are irreversibly embedded in an image by means of carefully designed imperceptible changes in image content. Correctly applied, a digital watermarking algorithm should hide enough bits of data without significantly modifying the content of the image. Authentication is achieved by verifying that the extracted watermark is the same as the originally inserted watermark. When used for image integrity purposes, a fragile watermark is applied to the cover image which would be destroyed upon image modification, thus providing objective proof of image content manipulation. Removal and re-embedding of a watermark into an altered image without detection would be difficult to achieve. Fragile watermarking is sensitive to any changes in an image and only works in lossless (uncompressed) image formats. Semi-fragile watermarks are sensitive to important semantic changes but are robust enough for global non-invasive post-processing. However, contrary to a digital signature approach, watermarks are additive, and the image is altered by the addition of the watermark. Images with and without a watermark will produce a different digital signature because the images are different, even if not visually so. This alone may create authentication challenges.
A key limitation with the use of watermarks is that the watermark must be applied upon image acquisition or at the latest upon registration in a media repository. The digital authentication code provided by a watermark (and the digital signature of the image) must be ascertained before the image is released into the public sphere. Specialized hardware and software are required to accomplish this authentication task. Only then can it be determined if the images later underwent modification because the original images have been protected by the watermark. This active detection technique, along with digital signatures, is often not practical for image authentication in atrocity crime investigations because ICC investigators and forensic imaging specialists rarely have access to the original image or the ability to employ such techniques. Rarely would images in the ICC crimes context be protected by a fragile watermark prior to dissemination. A further limitation with digital signatures and watermarking is that it may be difficult to ascertain the distinction between malicious (e.g., tampering) and inadvertent (e.g., unwittingly compressing an image upon copying) modifications. Research continues in the use of multiple application specific watermarks with a view to being able to accurately authenticate the image as well as recover the approximated image, along with the ability to differentiate between malicious and incidental attacks.
Assessing the authenticity of digital media is essential, not only as a matter of admissibility, but as part of the pursuit of the truth. Counsel and the court must be confident that they can rely upon the images tendered and the findings of fact based upon them. Forensic imaging specialists should not assume that media is trustworthy – they should conduct a technical examination to determine trustworthiness. In my next article, I will focus on passive forgery detection with an emphasis on the examination of metadata and image content.