wifs 2011

An analysis

on attacker actions in fingerprint-copy attack on source

camera identificationRoberto Caldelli, Irene Amerini, Andrea Novi

irene.amerini@unifi.itWIFS'11 Foz do Iguaçu, 30 November 2011

Outline

Forensic Security

Source identification attack

Analysis on attacker actions

Experimental results

Forensic

Security

•

Plenty of Image Forensics methods•

An attacker can try to invalidate such methods

•

Anti-forensics activities rely on several weaknesses in the forensic process

•

Study the possible attacks and find some countermeasures

Forensic SecurityForensic Security

Source IdentificationPhoto Response Non-Uniformity Noise (PRNU)

• Inhomogeneity over the silicon wafer and imperfections generated during sensor manufacturing process.

• Multiplicative noise, independent from temperature and time.• Unique for each sensor.

•

PRNU is a deterministic fingerprint of each

camera.

•

Matching between a digital camera and an

image is established through a correlation detector.

•

Fingerprint-copy attack presented in Fridrich et al.*

Attack scenario•

Alice, the victim has posted her images acquired with her camera C on the Internet (e.g. Facebook, her web site etc.).

•

Eve, the attacker, gets N of these photos and estimates the fingerprint K^

of Alice’s camera C.

•

Eve superimposes K^ onto another image J

taken from a different camera C’

with the aim to frame Alice as being the author of such

fake image J’.

Source Identification Attack

* Miroslav Goljan, Jessica Fridrich, and Mo Chen, “Sensor noise camera identification: Countering counter-forensics,”in SPIE Conference on Media Forensics and Security, 2010.

J’J

Nikon L19

Samsung S860

Source Identification Attack

FORGED

Noise suppression

attacker

C’

C

N images taken from Alice’s camera

N images taken from Alice’s camera

+

Fingerprint insertion• multiplicative model

PRNU extraction

Samsung S860

Defence scenario

Goals•

Is the image J’

forged?

•

Which images from Alice’s dataset were stolen by Eve?

Alice’s defence•

Alice can utilize her camera C.

•

Dataset composed by S>=N–

N images stolen by Eve

–

plus others images belonging to her camera C.

•

Triangle Test procedure.

Defence scenario

Triangle Triangle TestTest

Used by Eve

Not used by Eve

Alice estimates her camera’s fingerprint by using innocent flat images.• better fingerprint estimation

PRNU extraction

Noise extraction

Noise extraction

J’

victim

•

Alice

computes some correlations to perform the triangle test using as input:

Triangle Test

Basic idea

•

A residual of the content of each image I, used by Eve to estimate Alice’s fingerprint, has been transferred within the fake image J’.

•

The correlation will be greater than it would be when the image I is not utilized by Eve.

•

For images I

not used by Eve (innocent images) the dependence between

and is well fit with a straight line.•

The deviation from this linear trend will indicate that such photos have been stolen by Eve.

Triangle Test

Issues

•

What is available to the attacker?–

Triangle test procedure

•

Which actions Eve, the attacker, can carry out to frame Alice?•

How triangle test performances are reduced?

attack

triangle test

What an attacker can do?1.

Typology and number of the stolen images

2.

Fingerprint insertion3.

Refined fingerprint estimation

•

Textured images

• Flat images• Textured images• Flat images

•

Different denoising filter

• Denoising with Enhancer function*• Different denoising filter• Denoising with Enhancer function*

• Multiplicative• Additive• Multiplicative• Additive

* R.Caldelli, I.Amerini, F.Picchioni , M.Innocenti,”

Fast Image Clustering of Unknow Source Images”, Workshop on Information Forensics & Security (WIFS 2010), December 12-15, 2010,

pp.

1-5.

Enhancer function

•

PRNU is improved by applying an enhancer function–

wavelet domain

–

filter out scene details

noise

extr

acte

d n

oise

ResultsBasic triangle testTriangle test is effective and able to separate the two clusters

of images.

’

‘

•

Alice’s dataset S is totally composed by Nc = 70 photos

•

20 stolen by Eve (the green circle)

•

50 “innocent”

images (the red rhombus)

•

Eve’s attack•

Multiplicative model•

Textured images

•

Alice’s dataset S is totally composed by Nc = 70 photos

•

20 stolen by Eve (the green circle)

•

50 “innocent”

images (the red rhombus)

• Eve’s attack•

Multiplicative model•

Textured images

ResultsAdditive model for fingerprint insertionSeparation between two groups is slightly augmented.

’

‘

•

Alice’s dataset S is totally composed by Nc = 70 photos

•

20 stolen by Eve (the green circle)

•

50 “innocent”

images (the red rhombus)

•Eve’s attack•

Additive model•

Textured images

•

Alice’s dataset S is totally composed by Nc = 70 photos

•

20 stolen by Eve (the green circle)

•

50 “innocent”

images (the red rhombus)

•Eve’s attack•

Additive model•

Textured images

ResultsFlat stolen imagesThe cluster separation is still significant and the triangle test does not appear to lose its effectiveness.

Not only is higher but also caused by the higher values assumed by the term which contributes to .

’

‘

•

Alice’s dataset S is totally composed by Nc = 70 photos

•

20 stolen by Eve (the green circle)

•

50 “innocent”

images (the red rhombus)

•Eve’s attack•

Multiplicative model•

Flat images

•

Alice’s dataset S is totally composed by Nc = 70 photos

•

20 stolen by Eve (the green circle)

•

50 “innocent”

images (the red rhombus)

•Eve’s attack•

Multiplicative model•

Flat images

ResultsThe attacker uses the enhancer functionThe separation is drastically reduced and the two clusters are adjoining.

The enhancer action succeeds in strongly reducing the residual of image content in the fingerprint that is the component the Triangle Test looks for.

’

‘

•

Alice’s dataset S is totally composed by Nc = 70 photos

•

20 stolen by Eve (the green circle)

•

50 “innocent”

images (the red rhombus)

•Eve’s attack•

Multiplicative model

•

Textured images•

Enhancer function

•

Alice’s dataset S is totally composed by Nc = 70 photos

•

20 stolen by Eve (the green circle)

•

50 “innocent”

images (the red rhombus)

•Eve’s attack•

Multiplicative model

•

Textured images•

Enhancer function’

‘

ResultsIncreasing number of the images stolen by Eve: from 20 images to

50 images.

’

‘

enhancer and 20 images no enhancer and 50 images

enhancer and 50 images

ResultsCorrect detection probability vs different attack procedures.

•

6 tampered images by Eve

•

In brackets the number of images stolen by Eve to perform the attack.

The use of the enhancer with only 20 images can grant better results in term of miss detection respect to resort at 50 photos.

Attack procedure Correct detection prob. (%)

Basic (20 images) 100

Additive (20) 100

Flat (20) 100

Enhancer (20) 61.7

Basic (50) 83.7

Enhancer (50) 30

Conclusion

Forensic Security

Source identification attack

Analysis on attacker actions

Experimental results

Future works: Eve could estimate Alice’s fingerprint by resorting at profitable patches of each stolen images and then recompose the fingerprint.

An analysis

on attacker

actions

in fingerprint-copy

attack

on source

camera identificationRoberto Caldelli, Irene Amerini, Andrea Novi

irene.amerini@unifi.itWIFS'11 Foz

do Iguaçu, 30 November

2011