View
111
Download
0
Tags:
Embed Size (px)
DESCRIPTION
An analysis on attacker actions in fingerprint-copy attack on source camera identificationc - Roberto Caldelli, Irene Amerini, Andrea Novi - WIFS'11 Foz do Iguaçu, 30 November 2011
Citation preview
An analysis
on attacker actions in fingerprint-copy attack on source
camera identificationRoberto Caldelli, Irene Amerini, Andrea Novi
[email protected]'11 Foz do Iguaçu, 30 November 2011
Outline
Forensic Security
Source identification attack
Analysis on attacker actions
Experimental results
Forensic
Security
•
Plenty of Image Forensics methods•
An attacker can try to invalidate such methods
•
Anti-forensics activities rely on several weaknesses in the forensic process
•
Study the possible attacks and find some countermeasures
Forensic SecurityForensic Security
Source IdentificationPhoto Response Non-Uniformity Noise (PRNU)
• Inhomogeneity over the silicon wafer and imperfections generated during sensor manufacturing process.
• Multiplicative noise, independent from temperature and time.• Unique for each sensor.
•
PRNU is a deterministic fingerprint of each
camera.
•
Matching between a digital camera and an
image is established through a correlation detector.
•
Fingerprint-copy attack presented in Fridrich et al.*
Attack scenario•
Alice, the victim has posted her images acquired with her camera C on the Internet (e.g. Facebook, her web site etc.).
•
Eve, the attacker, gets N of these photos and estimates the fingerprint K^
of Alice’s camera C.
•
Eve superimposes K^ onto another image J
taken from a different camera C’
with the aim to frame Alice as being the author of such
fake image J’.
Source Identification Attack
* Miroslav Goljan, Jessica Fridrich, and Mo Chen, “Sensor noise camera identification: Countering counter-forensics,”in SPIE Conference on Media Forensics and Security, 2010.
J’J
Nikon L19
Samsung S860
Source Identification Attack
FORGED
Noise suppression
attacker
C’
C
N images taken from Alice’s camera
N images taken from Alice’s camera
+
Fingerprint insertion• multiplicative model
PRNU extraction
Samsung S860
Defence scenario
Goals•
Is the image J’
forged?
•
Which images from Alice’s dataset were stolen by Eve?
Alice’s defence•
Alice can utilize her camera C.
•
Dataset composed by S>=N–
N images stolen by Eve
–
plus others images belonging to her camera C.
•
Triangle Test procedure.
Defence scenario
Triangle Triangle TestTest
Used by Eve
Not used by Eve
Alice estimates her camera’s fingerprint by using innocent flat images.• better fingerprint estimation
PRNU extraction
Noise extraction
Noise extraction
J’
victim
•
Alice
computes some correlations to perform the triangle test using as input:
Triangle Test
Basic idea
•
A residual of the content of each image I, used by Eve to estimate Alice’s fingerprint, has been transferred within the fake image J’.
•
The correlation will be greater than it would be when the image I is not utilized by Eve.
•
For images I
not used by Eve (innocent images) the dependence between
and is well fit with a straight line.•
The deviation from this linear trend will indicate that such photos have been stolen by Eve.
Triangle Test
Issues
•
What is available to the attacker?–
Triangle test procedure
•
Which actions Eve, the attacker, can carry out to frame Alice?•
How triangle test performances are reduced?
attack
triangle test
What an attacker can do?1.
Typology and number of the stolen images
2.
Fingerprint insertion3.
Refined fingerprint estimation
•
Textured images
• Flat images• Textured images• Flat images
•
Different denoising filter
• Denoising with Enhancer function*• Different denoising filter• Denoising with Enhancer function*
• Multiplicative• Additive• Multiplicative• Additive
* R.Caldelli, I.Amerini, F.Picchioni , M.Innocenti,”
Fast Image Clustering of Unknow Source Images”, Workshop on Information Forensics & Security (WIFS 2010), December 12-15, 2010,
pp.
1-5.
Enhancer function
•
PRNU is improved by applying an enhancer function–
wavelet domain
–
filter out scene details
noise
extr
acte
d n
oise
ResultsBasic triangle testTriangle test is effective and able to separate the two clusters
of images.
’
‘
•
Alice’s dataset S is totally composed by Nc = 70 photos
•
20 stolen by Eve (the green circle)
•
50 “innocent”
images (the red rhombus)
•
Eve’s attack•
Multiplicative model•
Textured images
•
Alice’s dataset S is totally composed by Nc = 70 photos
•
20 stolen by Eve (the green circle)
•
50 “innocent”
images (the red rhombus)
• Eve’s attack•
Multiplicative model•
Textured images
ResultsAdditive model for fingerprint insertionSeparation between two groups is slightly augmented.
’
‘
•
Alice’s dataset S is totally composed by Nc = 70 photos
•
20 stolen by Eve (the green circle)
•
50 “innocent”
images (the red rhombus)
•Eve’s attack•
Additive model•
Textured images
•
Alice’s dataset S is totally composed by Nc = 70 photos
•
20 stolen by Eve (the green circle)
•
50 “innocent”
images (the red rhombus)
•Eve’s attack•
Additive model•
Textured images
ResultsFlat stolen imagesThe cluster separation is still significant and the triangle test does not appear to lose its effectiveness.
Not only is higher but also caused by the higher values assumed by the term which contributes to .
’
‘
•
Alice’s dataset S is totally composed by Nc = 70 photos
•
20 stolen by Eve (the green circle)
•
50 “innocent”
images (the red rhombus)
•Eve’s attack•
Multiplicative model•
Flat images
•
Alice’s dataset S is totally composed by Nc = 70 photos
•
20 stolen by Eve (the green circle)
•
50 “innocent”
images (the red rhombus)
•Eve’s attack•
Multiplicative model•
Flat images
ResultsThe attacker uses the enhancer functionThe separation is drastically reduced and the two clusters are adjoining.
The enhancer action succeeds in strongly reducing the residual of image content in the fingerprint that is the component the Triangle Test looks for.
’
‘
•
Alice’s dataset S is totally composed by Nc = 70 photos
•
20 stolen by Eve (the green circle)
•
50 “innocent”
images (the red rhombus)
•Eve’s attack•
Multiplicative model
•
Textured images•
Enhancer function
•
Alice’s dataset S is totally composed by Nc = 70 photos
•
20 stolen by Eve (the green circle)
•
50 “innocent”
images (the red rhombus)
•Eve’s attack•
Multiplicative model
•
Textured images•
Enhancer function’
‘
ResultsIncreasing number of the images stolen by Eve: from 20 images to
50 images.
’
‘
enhancer and 20 images no enhancer and 50 images
enhancer and 50 images
ResultsCorrect detection probability vs different attack procedures.
•
6 tampered images by Eve
•
In brackets the number of images stolen by Eve to perform the attack.
The use of the enhancer with only 20 images can grant better results in term of miss detection respect to resort at 50 photos.
Attack procedure Correct detection prob. (%)
Basic (20 images) 100
Additive (20) 100
Flat (20) 100
Enhancer (20) 61.7
Basic (50) 83.7
Enhancer (50) 30
Conclusion
Forensic Security
Source identification attack
Analysis on attacker actions
Experimental results
Future works: Eve could estimate Alice’s fingerprint by resorting at profitable patches of each stolen images and then recompose the fingerprint.
An analysis
on attacker
actions
in fingerprint-copy
attack
on source
camera identificationRoberto Caldelli, Irene Amerini, Andrea Novi
[email protected]'11 Foz
do Iguaçu, 30 November
2011