Project Detection Of Forged Image

Chapter 1

INTRODUCTION

1.1 Preface

1.2 Statement of the problem

1.3 Organization of report

Dept Of CS&E, SJCE Mysore. 1

Chapter 1

INTRODUCTION

1.1 Introduction to Image

1.2 Introduction to Forgery

1.3 Copy-Move Forgery

Project Detection Of Forged Image

1. INTRODUCTION

1.1 Introduction to Image

An image (from Latin imago) is an artifact, usually two-dimensional (a picture), that has

a similar appearance to some subject—usually a physical object or a person.

Images may be two-dimensional, such as a photograph, screen display, and as well as

three-dimensional, such as a statue. They may be captured by optical devices—such as

cameras, mirrors, lenses, telescopes, microscopes, etc. and natural objects and

phenomena, such as the human eye or water surfaces.

The word image is also used in the broader sense of any two-dimensional figure such as a

map, a graph, a pie chart, or an abstract painting. In this wider sense, images can also be

rendered manually, such as by drawing, painting, carving, rendered automatically by

printing or computer graphics technology, or developed by a combination of methods,

especially in a pseudo-photograph.

A volatile image is one that exists only for a short period of time. This may be a

reflection of an object by a mirror, a projection of a camera obscura, or a scene displayed

on a cathode ray tube. A fixed image, also called a hard copy, is one that has been

recorded on a material object, such as paper or textile by photography or digital

processes.

Still image

A still image is a single static image, as distinguished from a moving image (see below).

This phrase is used in photography, visual media and the computer industry to emphasize

that one is not talking about movies, or in very precise or pedantic technical writing such

as a standard. A film still is a photograph taken on the set of a movie or television

program during production, used for promotional purposes.

Dept Of CS&E, SJCE Mysore. 2

Project Detection Of Forged Image

A still image of a person's face from many years ago can only tell us about the face, not

what the person is feeling at the time of the photograph (1997:46). Therefore we can only

guess what they are thinking, and come up with our own conclusions about the image.

When a person visits the video store and wants to borrow a movie, the first thing they

may often look at is the image on the case. The phrase Never judge a book by its cover is

often said, however it is a common technique that is used to determine what we choose is

worth looking at and what is not.

Moving image

A moving image is typically a movie (film), or video, including digital video. It could

also be an animated display such as a zoetrope. Paul Levinson states that, 'moving

pictures are individual photographic images presented to the eye so quickly that they give

the illusion of motion.' (1997:37)These means that it gives people a real life encounter of

a person's experience. With a video camera, a person is able to capture many moments in

time, unlike the still image.

1.2 Introduction to Forgery

"Forgery" is a subjective word. An image can become a forgery based upon the

context in which it is used An image altered for fun or someone who has taken an bad

photo, but has been altered to improve its appearance cannot be considered a forgery

even though it has been altered from its original capture.

The other side of forgery is those who perpetuate a forgery for gain and prestige they

create an image in which to dupe the recipient into believing the image is real and from

this be able to gain payment and fame

Two type of forgery can be identified:

1) An image that is created using graphical software

2) An image where the content has been altered

Creating an image by altering its content is one method. Duping the recipient into

believing that the objects in an image are something else from what they really are. The

image itself is not altered, and if examined will be proven as so.

Dept Of CS&E, SJCE Mysore. 3

Project Detection Of Forged Image

This method is where the context of the image is altered. Objects are be removed or

added, for example, a person can be added or removed. The easiest way is to cut an

object from one image and insert it into another image – image editing software makes

this a simple task

1.3 Copy-Move Forgery

Because of the extraordinary difficulty of the problem and its largely unexplored

character, the authors believe that the research should start with categorizing forgeries by

their mechanism, starting with the simple ones, and analyzing each forgery type

separately. In doing so, one will build a diverse Forensic Tool Set (FTS). Even though

each tool considered separately may not be reliable enough to provide sufficient evidence

for a digital forgery, when the complete set of tools is used, a human expert can fuse the

collective evidence and hopefully provide a decisive answer. In this paper, the first step

towards building the FTS is taken by identifying one very common class of forgeries, the

Copy-Move forgery, and developing efficient algorithms for its detection.

In a Copy-Move forgery, a part of the image itself is copied and pasted into another part

of the same image. This is usually performed with the intention to make an object

“disappear” from the image by covering it with a segment copied from another part of the

image. Textured areas, such as grass, foliage, gravel, or fabric with irregular patterns, are

ideal for this purpose because the copied areas will likely blend with the background and

the human eye cannot easily discern any suspicious artifacts. Because the copied parts

come from the same image, its noise component, color palette, dynamic range, and most

other important properties will be compatible with the rest of the image and thus will not

be detectable using methods that look for incompatibilities in statistical measures in

different parts of the image. To make the forgery even harder to detect, one can use the

feathered crop or the retouch tool to further mask any traces of the copied-and-moved

segments.

Examples of the Copy-Move forgery are given in Figures 1–3. Figure 1 is an obvious

forgery that was created solely for testing purposes. In Figure 2, you can see a less

obvious forgery in which a truck was covered with a portion of the foliage left of the

truck (compare the forged image with its original). It is still not too difficult to identify

Dept Of CS&E, SJCE Mysore. 4

Project Detection Of Forged Image

the forged area visually because the original and copied parts of the foliage bear a

suspicious similarity. Figure 2 shows another Copy-Move forgery that is much harder to

identify visually. This image has been sent to the authors by a third party who did not

disclose the nature or extent of the forgery. We used this image as a real-life test for

evaluating our detection tools. A visual inspection of the image did not reveal the

presence of anything suspicious.

Figure : 1 Test image “Hats”.

Dept Of CS&E, SJCE Mysore. 5

Project Detection Of Forged Image

Figure 2 Forged test image “Jeep” (above) and its original version (below).

Dept Of CS&E, SJCE Mysore. 6

Project Detection Of Forged Image

Figure 3 Test image “Golf” with an unknown original.

Dept Of CS&E, SJCE Mysore. 7

Project Detection Of Forged Image

Chapter 2

LITERATURE SURVEY

2.1 Existing Methods

2.2 Proposed Method

Dept Of CS&E, SJCE Mysore. 8

Chapter 2

LITERATURE SURVEY

2.1 Existing Methods

2.2 Proposed Method

Project Detection Of Forged Image

The SHA hash functions are a set of cryptographic hash functions designed by the

National Security Agency (NSA) and published by the NIST as a U.S. Federal

Information Processing Standard. SHA stands for Secure Hash Algorithm.

The Three algorithms are denoted SHA-1, SHA-224, SHA-256.

These algorithms enable the determination of a message’s integrity

– any change to the message will, with a very high probability, result in a

different message digest

– This property is useful in the generation and verification of digital

signatures and message authentication codes, and in the generation of

random numbers (bits).

2.1 Existing Methods

SHA-1 is the best established of the existing SHA hash functions, and is

employed in several widely used security applications and protocols. In 2005, security

flaws were identified in SHA-1, namely that a possible mathematical weakness might

exist, indicating that a stronger hash function would be desirable. Although no attacks

have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1

and so efforts are underway to develop improved alternatives.

Slide attacks against block ciphers were introduced by Biryukov and Wagner in

1999 [4, 5], although similar techniques had previously been used by others.

To our knowledge, slide attacks against hash functions have not been previously

considered in the literature. Indeed it is difficult to see if and how “slid pairs” in the

compression function can be exploited to find collisions for the hash function. This

remains an open question.

However, it is interesting to consider the question whether or not slid pairs (which

are essentially linear relations between two inputs and outputs) can be easily found for

SHA-1. This is also related to Anderson’s classification of hash functions [1]. David

Wagner has considered a slide attack on 40 iterations of SHA-1 in unpublished work

[21]. SHA-1 exhibits some properties which are useful when mounting slide attacks.

Dept Of CS&E, SJCE Mysore. 9

Project Detection Of Forged Image

a) The SHA-1 compression function consists of four different “rounds”. For 20

iterations of each round the nonlinear function Fi and the constant Ki are unchanged there

are only three transitions between different iteration types .

b) The key schedule (i.e. message expansion) can be slid.

2.2 Proposed Method

SHA-256

SHA-256 may be used to hash a message, M, having a length of l bits, where 0

l 264 . The algorithm uses 1) a message schedule of sixty- four 32-bit words, 2) eight

working variables of 32 bits each, and 3) a hash value of eight 32-bit words. The final

result of SHA-256 is a 256-bit message digest.

The words of the message schedule are labeled W0, W1,…, W63. The eight

working variables are labeled a, b, c, d, e, f, g, and h. The words of the hash value are

labeled H0(i) ,H1( i)…… H(7)( i) ,which will hold the initial hash value, H(0), replaced by each

successive intermediate hash value (after each message block is processed), H(i), and

ending with the final hash value, H(N). SHA-256 also uses two temporary words, T1 and T2.

Dept Of CS&E, SJCE Mysore. 10

Chapter 3

REQUIREMENT ANALYSIS AND

SPECIFICATION

3.1 Requirement Analysis

3.2 Requirement Specification

3.3 Functional & Non- Functional Requirements

3.4 Hardware & Software requirements

Project Detection Of Forged Image

Chapter 3

3.1 Requirements Analysis

Dept Of CS&E, SJCE Mysore. 11

Project Detection Of Forged Image

Requirements analysis is an important process. After initial feasibility studies, the

first major stage of the requirements engineering process is requirement analysis. The

analysis model achieves three primary objectives:

o To describe what the customer requires.

o Establish a basis for the creation of the software design.

o Defines a set of requirements that can be validated after the software is

built.

After careful observations on the system, we found that the basic requirements

needed by the user were regarding a good user interface. An effective and self-descriptive

interface was what most of the people desired to have.

3.2 Requirements Specification

The basic construct we need is to store the images. The project must allow us to

enter images one at a time and used in Compare the images. It must allow us to easily

access file, where we can store the data related to images while we can compare the

sample data of image with the data in file.

3.3 Functional requirements

1) The first step in this is to store the original picture into the file in an application.

This is done by administrator.

2) Import the image to compare with all images in the stored list.

3) The result will be displayed based on the Comparison

Non Functional Requirements:

1. Reliability.2. Availability.3. Security.4. Maintainability.5. Portability

3.4 Hardware and Software Requirements

Dept Of CS&E, SJCE Mysore. 12

Project Detection Of Forged Image

Hardware requirements:

RAM: 256mb Hard disk: 100mb Processor: Intel Pentium 4 processor

Processor speed: 1.3GHz

Software Requirements:

Operating system: Windows XPFront end: MS Visual studio Dot Net 2005Application: Windows Application.Code Behind: C#.

Back end: Files

Dept Of CS&E, SJCE Mysore. 13

Project Detection Of Forged Image

Chapter 4

SYSTEM DESIGN

In this section a brief overview of the system design process is given. The design process

can be divided into the following sub sections.

4.1 Basic Considerations

Dept Of CS&E, SJCE Mysore. 14

Chapter 4

SYSTEM DESIGN

Basic Considerations

Algorithm

Project Detection Of Forged Image

In the design process, certain basic considerations were made which were

found to be essential, in order to design the system successfully.

The Image should be of colour level..

Images with jpg,bmp format are considered.

Images are considered as array of pixels.

4.2 Algorithm

SHA-1 is the best established of the existing SHA hash functions, and is

employed in several widely used security applications and protocols. In 2005, security

flaws were identified in SHA-1, namely that a possible mathematical weakness might

exist, indicating that a stronger hash function would be desirable. Although no attacks

have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1

and so efforts are underway to develop improved alternatives.

Slide attacks against block ciphers were introduced by Biryukov and Wagner in

1999 [4, 5], although similar techniques had previously been used by others.

To our knowledge, slide attacks against hash functions have not been previously

considered in the literature. Indeed it is difficult to see if and how “slid pairs” in the

compression function can be exploited to find collisions for the hash function. This

remains an open question.

However, it is interesting to consider the question whether or not slid pairs (which

are essentially linear relations between two inputs and outputs) can be easily found for

SHA-1. This is also related to Anderson’s classification of hash functions [1]. David

Wagner has considered a slide attack on 40 iterations of SHA-1 in unpublished work

[21]. SHA-1 exhibits some properties which are useful when mounting slide attacks. a)

The SHA-1 compression function consists of four different “rounds”. For 20 iterations of

each round the nonlinear function Fi and the constant Ki are unchanged there are only

three transitions between different iteration types (see Figure 1). b) The key schedule (i.e.

message expansion) can be slid.

Dept Of CS&E, SJCE Mysore. 15

Project Detection Of Forged Image

We simply choose

W′i =Wi+1 for 0 _ i _ 14 andW′15 = (W1 _W7 _W12 _W15)n1. It is easy to see that

after the key expansion = Wi+1 for 0 _ x _ 78.

An Algorithm for Finding Slid Pairs

A method exists for finding slid pairs with roughly 232 effort. The method is

rather technical, so we can only give an overview of the key ideas used. The general

strategy is as follows. The algorithm doesn’t start by choosing the plaintext or the cipher

text, but from the “middle”, iterations 20 and 40. We find collisions in these positions

with O(1) effort and then work towards iterations 25 – 28, where we perform a partial

meet-in-the middle match.

Round collisions: We note that in iteration i, not all input words affect the

possibility of a round collision; only B, C, and D are relevant, since A and E only affect

the output word linearly. Furthermore, the key word Wi has no effect to the probability of

collision in iterations i or i + 1.

For iteration pair 19/20 (select-parity transition) we use:

It is easy to see that

Thus the constant (K0/K20) is canceled out in both cases and a round collision occurs.

Similarly, for iteration pair 39/40 (parity-majority transition) we use:

Again we see that a collision occurs:

Dept Of CS&E, SJCE Mysore. 16

Project Detection Of Forged Image

Dept Of CS&E, SJCE Mysore. 17

Project Detection Of Forged Image

Dept Of CS&E, SJCE Mysore. 18

Project Detection Of Forged Image

IMPLEMENTATION 5.1 Tools Used

5.2 Organization of Source code

5.3 Implementation Details

5.4 Menu Structure

Dept Of CS&E, SJCE Mysore. 19

Chapter 5

IMPLEMENTATION

5.1 Tools Used

5.2 Implementation Details

Implementation Steps

Developing environment

Project Detection Of Forged Image

5.1 Tools used Environment and Language The Windows operating system environment was chosen for implementation of

this project. The language chosen is .net,

5.2 Implementation Details

The concepts discussed in the design section of this report were implemented.

Thus the following modules were the result of implementation phase:

Size Comparison of images

Color Comparison of images

Pixel by pixel Comparison of images.

5.3 Implementation Steps

General Logic:

• Input message must be < 264 bits

– not really a problem

• Message is processed in 512-bit blocks sequentially

• Message digest is 160 bits

• SHA design is similar to MD5, but a lot stronger

Basic Steps:

Step1: Padding

Step2: Appending length as 64 bit unsigned

Step3: Initialize MD buffer 5 32-bit words

Store in big endian format, most significant bit in low address

A|B|C|D|E

A = 67452301

B = efcdab89

C = 98badcfe

Dept Of CS&E, SJCE Mysore. 20

Project Detection Of Forged Image

D = 10325476

E = c3d2e1f0

Step 4: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each.

Each step t (0 <= t <= 79):

– Input:

• Wt – a 32-bit word from the message

• Kt – a constant.

• ABCDE: current MD.

– Output:

• ABCDE: new MD.

Only 4 per-round distinctive additive constants

0 <=t<= 19 Kt = 5A827999

20<=t<=39 Kt = 6ED9EBA1

40<=t<=59 Kt = 8F1BBCDC

60<=t<=79 Kt = CA62C1D6

5.4 Developing Environment .

.NET

.NET is software that includes everything required for developing software for

web services. It integrates presentation technologies, component technologies and data

technologies on a single platform so as to enable users to develop Internet applications as

easily as on desktop systems.

.NET wraps the Windows operating system, via a class library with the largest

functionality created to date, in effect permitting an object-oriented interaction with the

operating system.

.NET framework

The .Net framework provides an environment for deploying and running web

services and other application. It consists of three distinct technologies as given.

Dept Of CS&E, SJCE Mysore. 21

Project Detection Of Forged Image

Common Language Runtime (CLR)

Framework Based Classes

User and program interfaces (ASP.NET and Winforms)

C#

C# is a simple, modern, object oriented, and type-safe programming language

derived from C and C++. C# (pronounced “C sharp”) is firmly planted in the C and C++

family tree of languages, and will immediately be familiar to C and C++ programmers.

C# aims to combine the high productivity of Visual Basic and the raw power of C++.

C# is provided as a part of Microsoft Visual Studio 7.0. In addition to C#, Visual

Studio supports Visual Basic, Visual C++, and the scripting languages VBScript and

JScript. All of these languages provide access to the Next Generation Windows Services

(NWGS) platform, which includes a common execution engine and a rich class library.

The .NET software development kit defines a "Common Language Subset" (CLS), a sort

of lingua franca that ensures seamless interoperability between CLS-compliant languages

and class libraries.

Pronounced "C sharp“

Modern, object-oriented language

Announced by Microsoft on 26/6/2000

Build range of products for .Net Platform

Components can be converted into Web services – accessed over the internet

Without sacrificing the power and control that have been a hallmark of C and C++.

Benefits of the .NET approach

Simple and faster system development.

Rich object model.

Enhanced built in functionality.

Many different ways to communicate with outside world.

Integration of different languages into one platform.

Dept Of CS&E, SJCE Mysore. 22

Project Detection Of Forged Image

Easy deployment and execution.

Wide range of scalability.

Interoperability with existing applications.

Simple and easy to build sophisticated development tools.

Fewer bugs.

Dept Of CS&E, SJCE Mysore. 23

Project Detection Of Forged Image

Chapter 6

TESTING AND RESULTS

6.1 Testing Objectives 6.2 Results

6.1 Testing Objectives

Dept Of CS&E, SJCE Mysore. 24

Chapter 6

TESTING AND RESULTS

6.1 Testing Objectives

6.2 Results

Project Detection Of Forged Image

The testing process involves the process of feeding in test data and getting the

output. In this process there may be any error that will be discovered. These errors are to

be corrected and tested again. This is an iterative process. The process is continued till all

the test cases yield positive results. The objective of testing is mainly based on the fact

that when testing is carried out some undiscovered error might be detected.

The common view is to eliminate program errors. This sometimes may be very

difficult, time consuming and there cannot be cent percent accuracy in the design. All that

can be done is to put the system through a “Fail Test” cycle and determine what will

make the system to fail. Hence a successful test is that one that finds an error.

Testing is the process of executing a program with the intention of finding

errors. A good test case is one that has high probability of finding undiscovered errors. A

successful test is one that unveils an undiscovered error.

6.2 Results

Front End

Dept Of CS&E, SJCE Mysore. 25

Project Detection Of Forged Image

Dept Of CS&E, SJCE Mysore. 26

Project Detection Of Forged Image

Dept Of CS&E, SJCE Mysore. 27

Project Detection Of Forged Image

Chapter 7

LIMITATIONS, FUTURE

ENHANCEMENTS AND AREAS OF

APPLICATIONS

7.1 Limitations

7.2 Future Enhancements

7.3 Areas of Applications

7.1 Limitations

Dept Of CS&E, SJCE Mysore. 28

Chapter 7

LIMITATIONS, FUTURE

ENHANCEMENTS AND AREAS OF

APPLICATIONS

7.1 Limitations

7.2 Areas of Applications

7.3 Future Enhancements

Project Detection Of Forged Image

When accomplishing a project, that too within limited time span, limitations are inevitable. Meanwhile, the same applies to our project. There are certain limitations; we have considered accomplishing the project successfully.

Here in our project, we can only detect the forgery of an image if we have another reference image to verify. A image is stored in the database, which is cross checked against the given image.

Only the static image forgery can be detected, not the active forgery.

The project so implemented can be used only for offline, but not for online.

7.2 Applications

We can detect the forgery of images by comparison.

Forensic applications

Check authentication.

Pixel by pixel comparison.

7.3 Future Enhancements

We can implement it for online applications.

We can implement this for gray scale images.

More than one type of forgery can be detected by enhancing the project.

Skilled image forgery detection can be done.

Dept Of CS&E, SJCE Mysore. 29

Project Detection Of Forged Image

Dept Of CS&E, SJCE Mysore. 30

Chapter 8

CONCLUSION

Project Detection Of Forged Image

8. Conclusion

Digital image forgeries can be used to deceive the public and the authorities.

They are here to stay.

Until non destructible/ non removal digital watermarks are perfected, passive

authentication will remain necessary.

Currently no single passive authentication technique can detect all types of digital

forgeries.

Dept Of CS&E, SJCE Mysore. 31

Project Detection Of Forged Image

References

1. Detection of Copy – Move Forgery in Digital Images by .J. Fridrich

2. “Methods for "Methods for Tamper Detection in Digital Images", Proc. ACM

Workshop on Multimedia and Security, Orlando, FL, October 30−31, 1999, pp. 19−23.

3. S. Saic, J. Flusser, B. Zitová, and J. Lukáš, “Methods for Detection of Additional

Manipulations with Digital Images”, Research Report, Project RN19992001003

"Detection of Deliberate Changes in Digital Images", ÚTIA AV ČR, Prague, December

1999 (partially in Czech).

4. J. Lukáš, “Digital Image Authentication“, Workshop of Czech Technical University

2001, Prague, Czech Republic, February 2001.

5. http://en.wikipedia.org

6: http://www.howstuffworks.com

7: http://www.reference.com

Dept Of CS&E, SJCE Mysore. 32