back to article Sony camera feature hopes to make digital images immune to secret manipulation

Sony has announced a new camera feature that the electronics goliath claims will make digital images immune to secret manipulation and forgery. Called in-camera signing mode, the functionality cryptographically signs every image an equipped camera captures. Any subsequent pixel modification or tampering with the image will …

  1. Martin Summers

    My first thought was that this was going to use Steganography to hold a digital certificate actually in the image. I can't really see how it would work otherwise as anything added to the file could presumably be stripped. It's actually a really cool idea and I can see it taking off to being implemented in other products if they licensed it. Manipulation of images is a big worry in this day and age, you simply cannot know if you can trust one.

    1. Def Silver badge

      The problem here is if you know how the extra data is encoded into the image (and that will be discovered as soon as the camera is on the market) it's going to be fairly easy to remove it. Steganography is more suited to hiding information others aren't expecting.

    2. DS999 Silver badge

      I've long thought Apple should do this

      It doesn't matter if the cryptographic checksum is removable if the intent is to use it to prove that a photo is original and untouched. It could be part of the MakerNote section of EXIF data.

      It would require generating a checksum somewhere outside the control of the OS, presumably in the ISP and thus could not be spoofed even in a jailbroken device. You could have one checksum "signed by Apple" and another "signed by this particular phone" which would help in establishing copyright or chain of custody (but should be disabled by default as linking your phone to a particular photo/video could have some downsides, especially in an authoritarian government)

      Now how well this would work I don't know. There would obviously be incentive for some to find a way around this, and I don't think anyone would argue this is something that a nation state level actor couldn't overcome if they decided the effort was worth it. But if it worked well enough otherwise it could be used to provide a pretty high level of assurance that a photo hadn't been retouched or a video wasn't deepfaked. Apple would update its key for each iPhone generation just in case someone cracks the hardware and exposes the key in an older phone.

      Theoretically Google could do it too, but only for the Pixel since they only control the hardware there. But Samsung and other Android OEMs could use their API to do the same, though security would depend on the OEM's implementation and how resistant their hardware was to attempts to compromise it.

      Worse case, they try this, people find a weakness in the hardware that lets them extract the private key so they can forge signatures, and you're no worse off than you are today.

  2. Cederic Silver badge

    all photographs are manipulated

    You can't convert from RAW to (print or web format of choice) without pixel level manipulation. I guess this can validate that a source image exists that contains content seen in the eventual image, but the image being shared will invariably be marked as 'manipulated'.

    E.g. my passport photograph is not as it came out of the camera - I cropped it, converted it to JPG, resized it so it would be within required file size. It's still recognisably the photograph I took but it's certainly not the same photo that came out of the camera.

    1. Giles C Silver badge

      Re: all photographs are manipulated

      Got to agree, I produce a club newsletter the pictures from the camera are in raw format, they are then tweaked for exposure, cropped, corrected etc before being exported as a jpeg and then imported to the newsletter for printing.

      So they don’t end up anything like the original pictures the camera took as they are 30mega pixel files which are about 6x7cm on the page typically.

      Yes you could argue I don’t need them that big but it helps when editing, and the larger the source file the better the smaller picture.

      1. Yet Another Anonymous coward Silver badge

        Re: all photographs are manipulated

        Yes but the point of this is that you can still edit Trotsky out of the party photo or add in the missing safety cable.

        BUT in court you can always go back to the .RAW file and see what was there.

    2. DS999 Silver badge

      Re: all photographs are manipulated

      This isn't to authenticate that a picture of you is you, it is to authenticate that a particular digital file is the exact same digital file that was saved by your camera. If you cropped a photo to publish it and then someone questioned "that close up of a UFO is a fake" you would have the original file with the cryptographic checksum that authenticates it to prove that photo is not a fake "look see, this is the same close up UFO photo just not cropped!"

  3. Brian Miller
    Boffin

    Creates a History of Modification

    What the signing does is create a base point for a history of modification, not to prevent said modifications. This is Signing class 101, the basics. Signing a file in this way has been available since certificate and hash code was public. Seriously, I remember the first post of PGP. Also, this stuff is my bread-and-butter. And if you get things wrong, then yes, someone can mess with things. I know, I've done it, and hexdump is your very dearest friend for mayhem like this.

    It would be nice if more manufacturers did this.

    No, the signing does not allow a "roll-back" to a previous version, only a verification of the data present.

    What happens is that A: the camera generates an internal public/private key pair, or B: you upload a key set and certificate. Next, the image is generated, and a SHA256 value is generated for that image. The value is then encrypted by the private key. You then use the public key to decrypt that SHA256 value, and compare it to the SHA256 of the image that you just computed yourself. If the values match, the image is not tampered. Easy. After that, it's the nightmare of certificate management. If the camera generated the key pair, then you may have to have the camera to verify the image.

    Anyways, it's just the normal verification stuff that's been done, with varying success, for quite some time.

    1. Def Silver badge

      Re: Creates a History of Modification

      So you take a photo, manipulate it, print it out, and take a photo of the print out.

      1. DS999 Silver badge

        Re: Creates a History of Modification

        Many modern cameras (and certainly all smartphones) have a GPS to provide both the location and date/time the photo was taken. That could be signed as well, then you have proof that not only is the photo untouched but it was taken at a particular time and place.

        If you try to manipulate a photo of a particular event no matter how good your "photo of a photo" could be made (and I'm skeptical that could fool more than the casual observer) you wouldn't be taking it at the time and place that event. So you couldn't modify a photo taken during for example a protest to add a gun into someone's hand, for example - because even if you used the method you suggest the metadata will be wrong.

  4. Auntie Dix Bronze badge
    Devil

    Anthony Weiner Wants a SONY

    This is thrilling.

    Finally, our citizens may receive our politicians' d!ck pics unaltered and be able to confirm their authenticity.

    Another step forward in the freedom of sexpression.

  5. Anonymous Coward
    Anonymous Coward

    Dear Sony

    What I want:

    An image sensor with many more pixels in the middle band than at the edges, similar to the way the eye works. Designed for the car camera market, its like the human eyes, so the image can be post processed to get far far more detail in the central portion of the frame than the edges. Sony is the big player in the camera sensor market, and they clearly need a new feature, and that is one that is needed.

    i.e. addressing Linus' point

    https://www.youtube.com/watch?v=4AnyhHl3_tE

    The idea is to get the detail where its needed, at license plates and signs, without burdening the image processor with data and without needing to store irrelevent detail.

    1. Mike 137 Silver badge

      Re: Dear Sony

      "An image sensor with many more pixels in the middle band than at the edges, similar to the way the eye works."

      But the crucial difference between the camera and the eye is that the eye constantly scans the field of view and the brain synthesises a higher resolution over the entire image field than would otherwise be available if the eye was stationary. Also, the monochromatic sensors at the edges of the eye's peripheral field are higher resolution (which is why WW2 night fighter pilots were taught to squint sideways at the view in front rather than looking at it directly).

      1. Mike 137 Silver badge

        Re: Dear Sony

        And (just a thought), an improvement might be to abandon the rectilinear sensor/Bayer filter array, replacing it with something on the lines of a honeycomb. This might significantly reduce the 'jaggies' of high contrast off axis edges without resorting to so much math (and thus artefact).

        The elephant in the camera is that a high proportion of a typical digital image is invented by the image processing in the equipment, so the photo is only partly representative of what's actually in front of the lens.

  6. An_Old_Dog Silver badge
    Thumb Down

    Hmm ...

    So, Sony is going to run a "secure" website you can use to tamper-check an image taken with one of their cameras.

    Will it be more secure than the Playstation Network was? (Duckduckgo "PSN Hack" Wikipedia)

  7. Anonymous Coward
    Anonymous Coward

    My CCTV cameras already have this feature, to allow the footage to verified if it was ever needed to be used in court.

  8. Pirate Dave Silver badge

    So what is the expected lifetime of these cameras, and will Sony continue providing updated digital certs (and a way to load them into the camera) for as long as the purchasers continue using the camera? Or is this one of those things that in 5-10 years will be an "abandonware" device, as Sony moves on to other projects and loses interest? Rather pricey for that.

  9. Doctor Syntax Silver badge

    "camera makers including Nikon and Leika,"

    Nikon and who?

    1. G40

      You know, got shot into space, never seen again.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like