Watermarking

[tech_fixer]

Hi there!
I believe this project can help: http://diit.sourceforge.net/howtos.html

It embeds a file into an image, practically watermarking it. What I'm thinking is that If you can retreive the intact embedded file, then the image is not tampered. Maybe an encrypted certificate can be embedded...

Too bad the program is written in Java... anyone interested in doing a Perl/PHP port?

Regards,
Jose Rodriguez.

[Cylindric]

As already said, the problem is not really one of distrust of a third-party tampering with the image data. After all, it's actually VERY easy to stop this by the simple expedient of locking your stuff away in a vault, sending data at time-of-capture to an escrow agent, or other more 'logistical' means.

The problem is one of the defendent not trusting the person who owns the equipment in the first place. The only system I've heard of (admittedly not authorititive, of course) that is almost bullet-proof in court, relies on the use of WORM devices.

WORM stands for "Write Once Read Many" and includes things like CD-R and DVD-R etc, but can in theory be magnetic.

The problem, from a video-recording point of view, is the huge amount of cumulative data involved, if you can't delete any of it. Speed turns out actually to not be a problem - Terabyte devices (based on a CD-R core) are available that can write hundreds's of megabytes a second.

For obvious reasons these are not usually used for data-intensive applications like video recording.

I think the only way this could be made to work in our situation here (and could be done with CD-R, I imagine) would be something like the following...

1. Image captured from camera
2. Image is watermarked or just named with an MD5 of the (image data+timestamp+maybe some PGP key or something) The file might end up as "20060110-220700-37e7ca26af5a2dabc4b4f63dd1c6a487.jpg"
3. Image is written to disk as usual, and the MD5 is added to a queue
4. At regular intervals, the MD5 queue is written to WORM disk, or remote independent storage (if such a thing exists)

(The time-delay between writes at step 3 is dependent on the media used. What is the maximum number of sessions on a CD-R, for example? Would affect how reliable this is, I suppose. A 4-hour delay between queue-flushes gives time to fiddle the results.

This should ensure that any given image presented as evidence can be verified as being accurate.
A malicious third-party cannot edit the images without changing the checksum.

I've only just been thinking about this, so the above process may well be flawed. Even if it's not 100.000% proof, it should be enough to persuade someone that my 8-year-old son didn't just Photoshop the school bully into that armed-robbery footage.

[update]
While writing all this (longest post ever!) I suppose one possibly effective method of preventing someone in-house from simply changing an image and then recreating the names and MD5 queue, would be to email the queue to some holding agent every 5 minutes or so. Again, this would not entirely prevent fraud, but would require a conspiracy including the impartial corporate third-party, and due to established methods of auditing email traffic, should be easily implementable.

[Cylindric]

I'm seeing a Disaster Recovery/Security company tomorrow. If I can squeeze this in, I'll see what they have to say.

It's not really what we are meeting them about, but I may be able to ask it in relation to web logs, email logs and so on.

[jameswilson]

I personally think this is difficult to solve due to zm being a fully open product. Whatever implimented, the process would be open thus easier to fake. The way the commercial machines do it is by supplying (closed) software to check if the image has changed. Now obviously as you point out this assumes the manufacturer is trustworthy. The issue is not for people like myself as we are seen as trustworthy, (NACOSS GOLD etc) but for the guys that operate zm's on their own properties. I tdont see a way around this one. And i wouldnt involve external non approved 3r
parties as this will have to added to your public data protection manual. (you are gisterd i assume (Uk non-domestic only). But hopefully one of us can have a brainwave

[Cylindric]

I think it is possible to create secure open-source applications. Look at PGP and similar products.

Anyway, at this point in ZM's life, I don't think it's going to be used for multi-billion dollar liability systems. TBH, I think if I can show a JPEG/movie with a recognisable image of DaveTheLocalThug lifting equipment from my site and putting it in his white transit van and then burning out of my carpark, that will probably be sufficient for the police. If this is not the case in the UK (and I guess I need to seek advice on the effectiveness of 'amateur' photographs as evidence in law) then I need to reconsider my choice of monitoring system. Rightly or wrongly, if the general trend is mistrust of 'home-recorded' footage, we'll have to think of something else. I'm hoping some of you guys have some experience of using stuff recorded by systems like ZM (if not ZM itself) in a legal situation.

If, however, it's a matter of proving high-risk high-value corporate data-theft by tech-aware and prepared infiltrators/corporate spies/etc with high-profile complex fraud trials that run for months, the the CCTV footage is only going to be a small part of that, and is quite probably out of the league of ZoneMinder users.

/rant on (aimed at our lawmakers, not any poster here)
Unfortunately, it's the old case of people accepting as fact what is actually only guesswork at worst. Two examples:
Digital Imagery:
I, with very little knowledge, can tell if a digital camera image has been photoshopped (by an amateur) simply by looking closely at it. (JPEG artifacts, etc) I could not digitally insert a person into an image that wasn't there, in a way that would not be completely obvious. This goes for 100% of people out there too. Those that can are so few it's hardly significant.

Fingerprints:
There has never been a scientific study done that successfully proved that fingerprints are unique or the methods of gathering them accurate. Ever. Yet they are accepted by judges and juries the world over, because it's been said so many times that they are accurate. I don't what the figures are that they quote for accuracy (of the "one-in-a-thousand chance of a match" etc).
DNA has a much higher accuracy when it comes to 'false-positive' matches, yet because they have to emphasise the proportion (even if it's just one-in-ten-million), which they don't for fingerprints, people distrust them.

You'll have to excuse my rant, and somewhat vague examples (never good with figures ) but the complete lack of knowledge about most technical issues by the courts in todays world is quite frightening. I'm no conspiracy-nut either, I think in most things they try and do the right thing.

[Cylindric]

phew, I must have some pent-up anger there

Anyway, I've found some interesting (reliable) websites with information about this stuff, so I'll have a rummage around. If I end up getting anything authoratitive (ie factual, not something I guessed/assumed/untrusted/randomGoogled), I'll pass it on. (Other than the obvious 'get an expert to do it' of course)

First stop might be http://www.informationcommissioner.gov. ... px?id=5739 although for a slightly different area of small-business CCTV.

[cordel]

I'm afraid that you may find that unless you are a law enforcement official that can testify as to the chain of evidence is intact or that there is no way to tamper with the evidence (as a normal DVR has no facility in it to manipulate the image other than watermarking) you may find it hard to prove and hold up in a court. All audio recording that we do go from one official to the next and the contents and the chain of people that have custody of the original are well documented and at no time does this original ever get in position of a civilian.
If zm is installed on a system that you want to present as evidence then you will need to make sure that is a headless system with no way for anyone to login and manipulate the images and an official will have to determine if everything is intact to start the evidence chain (most likely they will take the whole machine). Any network type connection should be only read access as well (Samba, nfs, etc..).

[jameswilson]

I think it is possible to create secure open-source applications. Look at PGP and similar products.

Yes but that works on a private shared key etc (i think but i am ignorant here) if you as the system builder (no manufacturer involved) knew these details then you 'could' edit the images.
I agree that its extremly rare and i have 'yet' to see this attempted bu anyone, but i suppose it will happen.

//rant, our current state of political corrected liberal society will soon have you in court for een thinking about fitting an item to spy on people who happen to pass your property, with iron bars and screwdrivers who also just happen to fall through your window, whislt falling, 7 of your computers accidently fall into their pockets (big pockets but you get the idea) and you actually think you have the right to invades these poor unfortunate, bullied, descriminated aginst etc etc. You should b ashemed of you self, they were only out with the family going for a walk with thier ski masks on. Oh and youll have to pay them £20000 after one of them cut them selves on your non safety glass main window, they know it was you that hurt them as you gave the police the footage of the whole incident....... and as it isnt watermarked you can claim the footage is inadmissiable lol
// end of rant

I like you r comment on amatuer digital photos and maybe this could be a getout (ie its not a cctv system your honour it my personal amatuer digital camera)

I have only ever been asked to authenticate images in my profesional career and they all have been in the last 9 months. The reason i am being asked is if its serious enough and the only good evidence is the cctv, the brief needs to get rid of it. Some idiot told said breif of the data protection act (authenticity of images and traceability), and some europen human rights law and they use these acts againt us. (Us being decent people who like to protect what we have)

You can use your footage regardless but if anyone asks you to 'authenticate your images' then say its not a cctv system your honour it was my cam-corder.

Its unlikely to happen as most crims plead not-guilty once they know you have good cctv of them as they get 20 hours community service then instead of 21

I think we can come up with a way of doing this and i thought a bit ago would be to insert a checksum into the exif headers (which includes a serial number of the setup (ie you have a 10 string number in zm options which is used along with say the image size)
To be fair i think the bulk of the profesional recorders could easily be duped as i think their checks are basic plus its very dificult to get at raw jpegs without opening the machine and pulling them of the hard drives.
I think ultimatly there will be standard on how secure this has to be, but at the moment (for next few years anyway) i think a basic implimentsation would do.

Im running out of things to say now to pad the post anymore, i was trying to break your record of the longest post, but failed..badly lol.

The above is my personal opionion and not the opionion of anyone at zoneminder, my employer or my girlfriend.

James

[zoneminder]

Though I've not had to show any output of ZM to police etc personally, so have nothing to back up my comments (not that that usually stops me ) I would have thought that you don't necessarily need the images as hard evidence in court as such, surely it will often fall into the category of circumstantial evidence which does not always need the same degree of verisimilitude.

If you show Plod some images of Oik removing crates from van, and Plod visits Oik's premises and finds stolen goods, then it is the possession of said goods that is hard evidence, and perhaps what a prosecution would be aimed at. The captured images, plus any fingerprints, lack of alibi etc all adds up to circumstantial evidence that it was Oik that done the theft crime and consequently Oik that must do the time as a result for the theft as well. However the images etc may not be required or even presented in court for the offence being prosecuted.

As I said, I may be talking out of my backside so I would welcome more informed comment. I remember a while ago a poster reporting that after showing the police some images he got from ZM of two blokes siphoning petrol from his lorries, the police basically used the pictures to know exactly what spots on the trucks to test for fingerprints and the rest of the process went from there without needing to refer to the visual evidence again.

Since everyone on this thread is having a rant, I'd feel left out if I didn't. So here's mine [rant]Maxtor Disks[/rant]. That's it really, the set of 'failed disks I've ever had' is a subset of 'Maxtor disks I've ever bought'. Having spent the last week on data recovery and rebuilding my development box I can safely say I won't be buying any more Crapstors (as a friend of mine accurately refers to them).

[Cylindric]

I had a conversation with someone who works in the field, and has had to present this sort of evidence in court before. I've copied here what was said, although none of it should be considered authoritive, of course.

Basically he says the same as us already, the images appear to be almost circumstantial, they may help find the crook, but it's the loot in his garage , or the blood on his clothes, that gets him locked up.

The two (UK) government documents linked may be worth looking at, although I haven't yet. (The Police and Criminal Evidence Act, and the House of
Lords Science and Technology Fifth Report)

>
> In the States, it is apparently no use admitting digital
> photographs unless they
> have been digitally watermarked by some proprietory system, despite
> this not in
> itself helping at all.

Well that is the americans for you, classic case of over engineering
a solution to a problem.

> First off, (and assuming you know/care/guess/blag) do you think a
> sequence of
> JPEG images taken from a camera and stored on a computer be
> admissable as proof
> of someone's presence at a location? (There do appear to be
> 'forensic' methods
> of determining if a JPEG has been edited.)

Firstly I'd suggest you take a look at the Police and Criminal
Evidence Act (PACE), it is basically the bible when it comes to
handling of evidence for the UK Courts. Secondly the CPS acknowledge
that they can be used but there are problems, the main is tampering
thus you need to be able to prove that they could not have been
tampered with from when they are captured by the camera and when they
are stored. The other document you should look at is the House of
Lords Science and Technology Fifth Report it covers the use and
handling of Digital Photos as Evidence you can find a copy online
here (http://tinyurl.com/am865).

As long as you take care and can show that you have a defined
handling procedure, that takes into account the guidance that is
available then in court if someone says to you how do you know it
hasn't been tampered with you go, here is our procedure, here are our
written logs all countersigned and witnessed...

> Second, how 'tamper-proof' does a computer log need to be to be
> considered
> trustworthy? I've seen terrabyte+ CD-based WORM drives, but would
> for instance
> burning logs to standard CD-R be considered fairly tamper-proof?

Having handled stuff for court before burning originals to CD is ok,
as long as you document on paper the procedure you undertook. Showing
Dates, Times and a description for each step in a book that you can
show that hasn't been tampered with for instance we had special A4
notebooks made which had 'hard' bindings that you could not add or
remove pages from with out it showing. You keep on book for one job,
always use pen, lines in the book you don't fill up with text you
draw a line through so nothing can be added and finally and most
importantly everything is witnessed, you always have a observer that
is watching you do what your doing and then countersigns the log book.

[jameswilson]

i agree with most of the comments, but to be fair the 3 times i have been asked to authenticate images were for the following crimes
2 x armed roberies (1 time gun fired at cctv)
1 x murder outside a chemists

As these are serious they tried to remove as much evidence as possible from the case, they try the authenticaten, rigistrar etc way with cctv and im sure they have similar tricks for other evidence.
To be fair this authentication i could take any system, run my modifed jpegs out of a video out port into the recorder and record these images.
I could then acuratly say they had not been edited after they were recorded.

Thats why i think its just a feature tick list at the moment, no system is undefeatable.

James

[Cylindric]

I suppose not. I guess the best we could do is make sure there is a 'sensible' process in place to ensure data isn't inadvertenly lost or deleted before it's needed, and work on the theory that it can be used to give law-enforcement enough to be able to identify a suspect, and subsequently 'solid' evidence.

Either that, or I'll just litter the store with banana-peels, and make a fortune from sending in the 'hilarious' clips to "You've Been Framed"...

[jethrov]

An idea. It could be that the watermark function comes with the images of the camera. For example the axis cameras have the watermarking incorporated.

We are testing a shareware ip surveillance program called ¨VortexIP¨ and I cant find any information about its watermark possibilty. And I think the rest of the programs are based on the ip camera´s watermarking.

[jhilliard]

One could use OpenTimestamps to prove cryptographically that the recording existed at a certain point in time.