App to prove that an image is not edited

Question

I want to prove that a photo I will take has not been edited.

So I am planning to implement an open source app which uses a "strict image authentication" technique using private key cryptography as described in the research paper at https://www.etsmtl.ca/ETS/media/ImagesETS/Labo/LIVIA/Publications/2008/Haouzia_MTA_2008.pdf

To be specific, the planned app will only allow images to be taken from camera within the app and not other apps and sources. Then the bits of the image will be used to generate private key. To verify the image and the private key can be submitted. Private key can be regenerated from the image. If edited, both the private keys will be different. Also if timestamp is needed, the private key can be added to blockchain.

What could be the reasons it would not succeed?

several DSLRs provide this capability, often used for court-evidence, by including a sig in the EXIF — dandavis, Jun 25 '18 at 17:40
I am unable to find in search engines about sig. Could you provide links? — Agnel Vishal, Jun 26 '18 at 06:51

score 1 · Answer 1 · answered Jun 23 '18 at 13:25

Some points:

You want an program to help A "prove" something to B. Why should B trust you, your programs correctness, etc.etc.? And if it should hold up in official things like courts, many countries have a list of requirements for digital signatures etc. to be valid.
Apparently the private key and the signature are made on the phone and then sent to a server to store them. How does the server know the received data was made by your program, and not manually from a faked image? How does the server know that your program wasn't modified, memory changed during runtime, ran from an emulator which takes images as camera imput, or tricked in some other way?
Even if the program is fine and the camera real, what does it help? Nobody is interested in this, rather people want to know if the shown things are real. I can't sent you evidence for this (:D), but I've seen someone "building" a very real-looking image of a castle on the shore of a lake - from mostly paper, various other things found in a household, some colored light bulbs in the right directions, and a good angle for the camera.

Summary: It's not as easy as you think.

score 0 · Answer 2 · answered Jun 23 '18 at 13:36

You are actually covering two topics:

I want to take a picture and sign it.
I want to be able to prove that it was not changed/edited at a later stage.

Generating a key and storing that somewhere safe where you have no control over it (bullet point 2) is certainly doable.

But you have full control over your own hardware. And thus also over the software used/ You while you can make it likely that the picture was made in the secure app there is no proof of that. You could use another app with the same output (one where you take a photograhp, edit it and then send the key of the 'unedited, safe' picture).

Basically, you have full control of something at the beginning. So you can not 'prove' anything. At best you can make things more likely, esp. if the initial application is well designed to check (e.g. check ifs own binary, always contact the server before and after taking a picture etc. But that can still be worked around and it is not a 100% proof).

App to prove that an image is not edited

2 Answers2