Police may soon have a new way to catch pedophiles who distribute child abuse photos anonymously online. The technology could also help law enforcement agencies in other ways, such as identifying smartphone thieves who take pictures with the stolen gadgets and then post their snapshots on the Internet.
Riccardo Satta, scientific project officer of the European Commission Joint Research Center’s Institute for the Protection and Security of the Citizen, described the work he did with fellow researcher Pasquale Stirparo at the Computers, Privacy and Data Protection Conference in Brussels held in January.* The key is the ability to spot a unique, unremovable pattern—or signature—that each digital camera imprints on photographs. By comparing the signature from a specific camera with those found in images posted to social media, a forensic investigator would be able to establish that all the images had been taken by the same camera. Additional contextual information pointing to the photographer can help investigators narrow in on the culprit.
The approach Satta described exploits slight imperfections in digital camera sensors. Tiny variations in the silicon chips create differences in the light response that add a pattern of inconsistent responses, interference, or “noise”, to every image they capture. Current technology cannot fake or entirely remove this signature. As Satta noted in an e-mail, "It is not currently possible to perfectly separate the image from the noise, modify the noise and then add it back to the image. Trying to fake it by substituting it [noise] with another one will probably create a lot of visible artifacts [wheereas] removing it will likely result in a blurry and unnatural image."
This sensor pattern noise (SPN) was identified as unique to each camera in the mid-2000s. Satta, whose PhD is in computer vision and machine learning from the University of Cagliari in Italy, became "fascinated by the possibilities" for making use of the noise in 2011 when he heard Chang-Tsun Li of the University of Warwick in England present work on novel methods for identifying the noise pattern in photographs. They went on to collaborate on improving methods for studying the noise and extracting the SPN.
In 2012 Satta began experimenting with matching the SPN signature of a given camera to photos posted to social network accounts, a technique Satta calls "picture-to-identity linking". Extracting the SPN is computationally intensive a problem Satta is trying to solve.
Investigators have long known of other identifiers that digital cameras insert into images as they convert a stream of light into digital bits. But none are as reliable as SPN for tracing the source of images. For instance, a camera’s software may adjust color, saturation, light level and white balance as well as compress the file before storing the final image. Each of these steps leaves traces. These artifacts are not always present because many modern cameras allow photographers to bypass this in-camera processing. Cameras also add metadata known as Exif (for exchangeable image file format), which may include location, date, time, camera make, model, settings and copyright information. Exif, however, is easily stripped out, according to Peter Sommer, a Visiting Professor at De Montfort University's Cyber Security Centre and one of the U.K.'s foremost experts on digital forensics. It's also typically lost when the original file is altered, for example by the resizing, rescaling, compression, cropping and even enhancements social media often apply to posted images.
What Satta has been able to show, however, is that although the modifications made by social media when photographs are uploaded affect the SPN and make extracting it challenging, enough remains to provide a consistent identifier. Another difficulty, however, arises from interpreting natural variations, such as the effect of varying light levels and intricate patterns made by highly textured objects such as grids and trees. Even so, in a preliminary study of 2,896 images drawn from two accounts for each of 15 different social network or blog identities, Satta found that 50 percent of the time a single image could be accurately matched to the candidate identified by his software as the most probable match. Satta also found that images could be accurately grouped according to the originating camera 90 percent of the time, with a false-positive rate of 2 percent.
Those rates would not be high enough to use in court as evidence against someone suspected of a crime. But they could help select targets for investigation, especially with accuracy enhanced by other information commonly found on social networks, such as location, friends lists and other contextual data. Sommer notes that in his experience police routinely draw from many lines of evidence when building a case. "There's a rule in a lot of computer forensics," he says. "You try to avoid relying on a single strand. A single strand may give you the clue, but in terms of presenting in court you will have multiple different strands and build up your case in front of the jury that way."
Satta next intends to study other elements that help create unique signatures, such as lens aberrations, artifacts produced by in-camera processing and dust particles on the sensors. He also wants to find ways to lessen the computational demands to make it possible to work with large image archives.
*Editor's note (3/12/14): This sentence was edited after posting. The original text did not include Satta's colleague, Pasquale Stirparo.