The present invention relates generally to the field of signal encryption and more specifically, to a method for identifying whether digital images, transmitted with a loss, have been unaltered and have been sent from a specific source. This is accomplished through the creation of a specialized fingerprint and "signature".
Methods exist for encrypting digital signals to prevent tampering such as disclosed in U.S. Pat. No. 5,499,294, keep a malicious adversary from altering the signal. A fingerprint or "hash" is taken of the digital image. Hashing algorithms (i.e. one-way functions) are well known and easy to calculate but very difficult to mathematically invert. The fingerprint is typically encrypted with an encryption key to prove or authenticate the creator of the signature. The encryption itself is a standard public/private key cryptology with the source station utilizing a private key. The resulting signature can be decrypted by a receiving station with the source's public key.
The hash-key combination along with the original image, is then sent to the receiving station which uses the public key of the presumed transmitter in decrypting the encrypted hash. The receiving station performs the same hash algorithm on the received image and compares it to the decrypted hash. If these two hashes are identical, there has been no noise in the transmission and the image has not been modified (tampered) by a third party. If the image was modified or the wrong public key is used, the two hashes will not be identical.
The same technique would generally not work in a transmission where information is lost. Generally, a digitized version of a received image includes lost bits or noise which corrupt the received digitized image. Consequently, it is difficult to confirm whether a received image has been tampered with based upon a comparison of the received fingerprint of the source image to a digitized fingerprint generated based on the received digitized image.
Another attempt to solve the problem in a JPEG transmission is described in "A Robust Image Authentication Algorithm Distinguishing JPEG Compression from Malicious Manipulations" by Ching-Yun Lin and Shih-Fu Chang, published in ISLT/SPIE Symposium on Electronic Imaging: Science and Technology, Jan 1998, San Jose, Calif. pages 77-80. Their method is to compare the same block in subsequent frames of a JPEG compressed transmission. This comparison is performed to ensure the range of difference in value between these two blocks remains the same ever after compression and decompression is performed. A signature is created by comparing the difference between two blocks and a threshold. A binary "0" or "1" is entered into the signature depending on whether the difference is above or below that threshold. This signature is sent along with the transmitted image and the method continues as discussed above.
The Lin/Chang method is deficient in that it relies on the inherent structure of JPEG compression and would not work with other transmissions (including lossy transmissions) which do not follow the JPEG format. Further, The Lin/Chang method allows the possibility of tampering. Since the signature is completely based upon a comparison of consecutive frames with a threshold, a malicious adversary could create a completely different data stream and send it to the receiver as long as the differences between consecutive frames is approximately (within the range of the chosen threshold) the same.
Still another technique known in the art is watermarking. A set of bits (a mark) is added to a transmitted image. This mark should be complete enough so that it can be detected by a receiver but should not alter the nature of image. The technique is often used in copyright situations where piracy is a concern. A defendant who alleges he did not copy the image will then be forced to explain why the watermark is still within the image. Watermarking is an efficient way of proving origination. However, it does not indicate when tampering has occurred.
Therefore, it is desirable to provide an improved method for confirming whether a received image has been altered. The method should include a fingerprint which is simple to compute from the image but difficult to create an image that has a given fingerprint. The fingerprint method also should have the characteristic that it would be difficult to generate two images that have the same fingerprint. The fingerprint method should be operable when losses are experienced through transmission of the digitized signal.