![\"One](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2024\/04\/09200315\/real-or-fake-image-analysis-and-provenance-01.jpg\")
<\/a>One of the first deepfakes to go viral worldwide: the Pope sporting a trendy white puffer jacket<\/p><\/div>\n
This will only exacerbate the already knotty problem of fake news and accompanying images. These might show a photo from one event and claim it\u2019s from another, put people who\u2019ve never met in the same picture, and so on.<\/p>\n
Image and video spoofing has a direct bearing on cybersecurity. Scammers have been using fake images and videos to trick victims into parting with their cash for years. They might send you a picture of a sad puppy they claim needs help, an image of a celebrity promoting some shady schemes<\/a>, or even a picture of a credit card they say belongs to someone you know. Fraudsters also use AI-generated images for profiles for catfishing<\/a> on dating sites and social media.<\/p>\n The most sophisticated scams make use of deepfake video and audio of the victim\u2019s boss<\/a> or a relative to get them to do the scammers\u2019 bidding. Just recently, an employee of a financial institution was duped into transferring $25 million<\/a> to cybercrooks! They had set up a video call with the \u201cCFO\u201d and \u201ccolleagues\u201d of the victim \u2014 all deepfakes.<\/p>\n So what can be done to deal with deepfakes or just plain fakes? How can they be detected? This is an extremely complex problem, but one that can be mitigated step by step \u2014 by tracing the provenance<\/strong> of the image.\n<\/p>\n \nAs mentioned above, there are different kinds of \u201cfakeness\u201d. Sometimes the image itself isn\u2019t fake, but it\u2019s used in a misleading way. Maybe a real photo from a warzone is passed off as being from another conflict, or a scene from a movie is presented as documentary footage. In these cases, looking for anomalies in the image itself won\u2019t help much, but you can try searching for copies of the picture online. Luckily, we\u2019ve got tools like Google Reverse Image Search<\/a> and TinEye<\/a>, which can help us do just that.<\/p>\n If you\u2019ve any doubts about an image, just upload it to one of these tools and see what comes up. You might find that the same picture of a family made homeless by fire, or a group of shelter dogs, or victims of some other tragedy has been making the rounds online for years. Incidentally, when it comes to false fundraising, there are a few other red flags<\/a> to watch out for besides the images themselves.<\/p>\n Dog from a shelter? No, from a photo stock<\/p><\/div>\n \nSince photoshopping has been around for a while, mathematicians, engineers, and image experts have long been working on ways to detect altered images automatically. Some popular methods include image metadata analysis and error level analysis (ELA)<\/a>, which checks for JPEG compression artifacts to identify modified portions of an image. Many popular image analysis tools, such as Fake Image Detector<\/a>, apply these techniques.<\/p>\n Fake Image Detector warns that the Pope probably didn\u2019t wear this on Easter Sunday\u2026 Or ever<\/p><\/div>\n With the emergence of generative AI, we\u2019ve also seen new AI-based methods for detecting generated content, but none of them are perfect. Here are some of the relevant developments: detection of face morphing<\/a>; detection of AI-generated images and determining the AI model used to generate them<\/a>; and an open AI model<\/a> for the same purposes.<\/p>\n With all these approaches, the key problem is that none gives you 100% certainty about the provenance of the image, guarantees that the image is free of modifications, or makes it possible to verify any such modifications.\n<\/p>\n \nWouldn\u2019t it be great if there were an easier way for regular users to check if an image is the real deal? Imagine clicking on a picture and seeing something like: \u201cJohn took this photo with an iPhone on March 20\u201d, \u201cAnn cropped the edges and increased the brightness on March 22\u201d, \u201cPeter re-saved this image with high compression on March 23\u201d, or \u201cNo changes were made\u201d \u2014 and all such data would be impossible to fake. Sounds like a dream, right? Well, that\u2019s exactly what the Coalition for Content Provenance and Authenticity (C2PA)<\/a> is aiming for. C2PA includes some major players from the computer, photography, and media industries: Canon, Nikon, Sony, Adobe, AWS, Microsoft, Google, Intel, BBC, Associated Press, and about a hundred other members \u2014 basically all the companies that could have been individually involved in pretty much any step of an image\u2019s life from creation to publication online.<\/p>\n The C2PA standard<\/a> developed by this coalition is already out there and has even reached version 1.3, and now we\u2019re starting to see the pieces of the industrial puzzle necessary to use it fall into place. Nikon is planning<\/a> to make C2PA-compatible cameras, and the BBC has already published<\/a> its first articles with verified images.<\/p>\n BBC talks about how images and videos in its articles are verified<\/p><\/div>\n The idea is that when responsible media outlets and big companies switch to publishing images in verified form, you\u2019ll be able to check the provenance of any image directly in the browser. You\u2019ll see a little \u201cverified image\u201d label, and when you click on it, a bigger window will pop up showing you what images served as the source, and what edits were made at each stage before the image appeared in the browser and by whom and when. You\u2019ll even be able to see all the intermediate versions of the image.<\/p>\n History of image creation and editing<\/p><\/div>\n This approach isn\u2019t just for cameras; it can work for other ways of creating images too. Services like Dall-E and Midjourney can also label their creations.<\/p>\n This was clearly created in Adobe Photoshop<\/p><\/div>\n The verification process is based on public-key cryptography similar to the protection used in web server certificates for establishing a secure HTTPS connection. The idea is that every image creator \u2014 be it Joe Bloggs with a particular type of camera, or Angela Smith with a Photoshop license \u2014 will need to obtain an X.509 certificate from a trusted certificate authority. This certificate can be hardwired directly into the camera at the factory, while for software products it can be issued upon activation. When processing images with provenance tracking, each new version of the file will contain a large amount of extra information: the date, time, and location of the edits, thumbnails of the original and edited versions, and so on. All this will be digitally signed by the author or editor of the image. This way, a verified image file will have a chain of all its previous versions, each signed by the person who edited it.<\/p>\n This video contains AI-generated content<\/p><\/div>\n The authors of the specification were also concerned with privacy features. Sometimes, journalists can\u2019t reveal their sources. For situations like that, there\u2019s a special type of edit called \u201credaction\u201d. This allows someone to replace some of the information about the image creator with zeros and then sign that change with their own certificate.<\/p>\n To showcase the capabilities of C2PA, a collection of test images and videos<\/a> was created. You can check out the Content Credentials website<\/a> to see the credentials, creation history, and editing history of these images.<\/p>\nWait\u2026 haven\u2019t I seen that before?<\/h2>\n
<\/a>Photoshopped? We\u2019ll soon know.<\/h2>\n
<\/a>WWW to the rescue: verifying content provenance<\/h2>\n
<\/a><\/a><\/a><\/a>