Several device types are now available for recording images on digital media, including digital still cameras, digital video cameras, and even mobile phones and Pocket Data Assistants (PDAs). Digital cameras in particular are becoming increasingly popular because they are more convenient to use than film cameras, and the price of digital cameras continues to drop, while the quality of images produced by digital cameras is now approaching that of film.
One feature of digital data is the ease with which such data can be manipulated or modified. This creates a difficulty that it is easy to modify a captured image to create a false representation of the original scene or event. There is a desire to guard against such modification of images, and particularly in fields such as forensics, insurance, and legal or law enforcement, where it is essential to prove the authenticity of images.
Conventional approaches to proving authenticity of digital data have involved the use of digital signatures based on cryptography. A digital signature signed with a private key is typically added to the image data so that the data can be authenticated by verifying the signature using the associated public key. This has the drawback that the authentication data may easily be separated from the image data. It is therefore desirable to have a means of authenticating image data without referring to any authentication data that may be separated from the image data.
Another approach to proving the authenticity of an image is to embed a digital signature in the image through the use of steganography. Steganography is the art and science of hiding information such that the presence of such information cannot be detected. The digital signature is typically based on a hash of the raw image data encrypted with a private key.
A known way of embedding the digital signature in the image is to embed the digital signature in a removable watermark. A watermark image is embedded in the image when the image is captured and may be embedded by the image capture device. Removable watermarks are embedded into an image by using a reversible operation to modify one or more colour components of the pixel data of the image. One known method is to add the watermark image to the image data using modulo 2n addition, where n is the number of bits used to store the relevant colour component.
To authenticate the image, the watermark pattern used for creating the watermark image has to be known. The watermark positions are detected using a correlation of the known watermark pattern with the watermarked image. The original watermark image is then reproduced and subtracted to recover the original image. Finally the signature can be verified using the public key of the source. This is typically done by re-calculating the hash of the image and comparing it to the result of decrypting the stored signature with the public key. If the values are the same, the image is authentic.
A problem with the above-mentioned solution is that the modulo 2n addition of the watermark is likely to cause some large component values to wrap around, resulting in a small value in the watermarked image. This may be highly visible. For example, adding the watermark may make some regions that are lightly coloured in the original image become very dark in the watermarked image, resulting in highly visible changes to parts of the image.
Another problem with this solution is that because the process of detecting the watermark uses correlation, the detection process is not always reliable, as it is affected by the characteristics of the image itself. The watermark must be detected exactly to enable it to be removed. A known solution to this problem is to increase the amplitude of the watermark until the watermark becomes reliably detectable. This typically involves repeated insertion and detection operations until a suitable amplitude value is found. Unfortunately, this makes the process of inserting the authentication data inefficient.
Another approach to image authentication is to embed a fragile watermark in the image that is destroyed by modification of the image data. If the watermark can be detected, the image must be authentic. This approach is not as secure as one using digital signatures.
Other approaches to steganographically embedding information in images are based on modification of compressed images. Images are often stored in a compressed form, and the compression algorithms typically used are “lossy”, i.e. the original image cannot be exactly recovered from the compressed form. These approaches have the disadvantage that the quality of the image is reduced by the compression process. There is a demand amongst professional photographers for high quality images, and these are the kinds of images for which authentication is likely to be required. Thus there is a need for reliable authentication of uncompressed images.