A Leak in PRNU Based Source Identification. Questioning
Total Page:16
File Type:pdf, Size:1020Kb
Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000. Digital Object Identifier A leak in PRNU based source identification. Questioning fingerprint uniqueness MASSIMO IULIANI1,2, MARCO FONTANI3, AND ALESSANDRO PIVA1,2, (Fellow, IEEE) 1Department of Information Engineering, University of Florence, Via di S. Marta, 3, 50139 Florence, Italy 2FORLAB, Multimedia Forensics Laboratory, PIN Scrl, Piazza G. Ciardi, 25, 59100 Prato, Italy 3AMPED Software, Loc. Padriciano 99, 34149 Trieste, Italy Corresponding author: Alessandro Piva (e-mail: alessandro.piva@unifi.it). ABSTRACT Photo Response Non-Uniformity (PRNU) is considered the most effective trace for the image source attribution task. Its uniqueness ensures that the sensor pattern noises extracted from different cameras are strongly uncorrelated, even when they belong to the same camera model. However, with the advent of computational photography, most recent devices heavily process the acquired pixels, possibly introducing non-unique artifacts that may reduce PRNU noise’s distinctiveness, especially when several exemplars of the same device model are involved in the analysis. Considering that PRNU is an image forensic technology that finds actual and wide use by law enforcement agencies worldwide, it is essential to keep validating such technology on recent devices as they appear. In this paper, we perform an extensive testing campaign on over 33.000 Flickr images belonging to 45 smartphone and 25 DSLR camera models released recently to determine how widespread the issue is and which is the plausible cause. Experiments highlight that most brands, like Samsung, Huawei, Canon, Nikon, Fujifilm, Sigma, and Leica, are strongly affected by this issue. We show that the primary cause of high false alarm rates cannot be directly related to specific camera models, firmware, nor image contents. It is evident that the effectiveness of PRNU based source identification on the most recent devices must be reconsidered in light of these results. Therefore, this paper is intended as a call to action for the scientific community rather than a complete treatment of the subject. Moreover, we believe publishing these data is important to raise awareness about a possible issue with PRNU reliability in the law enforcement world. INDEX TERMS Image processing, image classification, image forensics, source identification. I. INTRODUCTION moved [2]. a more general approach was proposed to manage arXiv:2009.04878v2 [eess.IV] 12 Apr 2021 Photo Response Non-Uniformity (PRNU ) is considered the the case of cropped and resized images, and the peak-to- most distinctive trace to link an image to its originating correlation-energy (PCE) ratio was introduced as a more device [1]. Such a trace has been studied and improved for robust way to measure the peak value of the correlation more than a decade and can be used for several tasks: (i) [6], [7]. To further improve its effectiveness and efficiency, attribute an image to its source camera [2]; (ii) determine several filters and pre-processing steps have been designed whether two images belong to the same camera [3]; (iii) [8], [9], [10], [11], [12], and, recently, also data-driven ap- cluster a large number of images based on the originating proaches have been proposed [13], [14]. PRNU compression device [4]; (iv) determine whether a photo and a video have techniques have been developed to enable very large scales been captured with the same camera [5]; (v) detect and operations [15], [16], previously impossible due to the size of localize the presence of a manipulated image region [2]. the PRNU pattern and the matching operations’ complexity. Such a trace has also been studied under more complicated After its introduction [1], several refinements were pro- setups, e.g., when the media is exchanged through social me- posed to improve the usage of the PRNU trace under chal- dia [17], [18], or when it is acquired using digital zoom [6]. lenging scenarios. Non-unique artifacts introduced by color PRNU has also been combined with camera-model finger- interpolation and JPEG compression were studied and re- VOLUME 4, 2016 1 Massimo Iuliani et al.: A leak in PRNU based source identification. Questioning fingerprint uniqueness prints to increase the performance of source identification To the best of our knowledge, this paper represents the first [19]. study where the PRNU based source identification is tested All the mentioned works have been carried out under under a large set of images taken by the most recent devices scenarios where the images used in the experiments were that exploit the newest imaging technologies. In particular, taken by camera devices or smartphones that follow the we highlight that this forensic technique, applied as it is on standard acquisition pipeline [20]. The first step towards modern cameras, is not reliable anymore since it is strongly more modern acquisition devices was the study of PRNU affected by unexpected high correlations among different detection in the presence of Electronic Image Stabilization devices of the same camera model or brand. Considering that (EIS). EIS introduces a pixel grid misalignment that, if not PRNU based source camera identification is currently used taken into account, leads PRNU based testing to failure [21]– by law enforcement agencies worldwide, often to investigate [24]. Anyhow, under all the above scenarios, the main risk serious crimes such as child sexual exploitation, we believe was mainly related to the increase of the false negative rate. it is fundamental that the scientific community cross-verifies On the other hand, when dealing with false positive rate, the the results we obtained (the dataset presented in the paper effectiveness of PRNU has never been put in doubt. Indeed, is made available) and tries to shed light on this potentially the state of the art [17] highlights that, when a good reference disruptive discovery as promptly as possible. is available, the source identification task on a single image The paper is organized as follows: Section II summarizes can achieve an area under curve (AUC) of 0:99 and a false the theoretical framework and the main pipeline for the positive rate below 0:001 (at the commonly agreed PCE ratio PRNU extraction and comparison; in Section III presents the threshold of 60). collected dataset; in Section IV we describe the experiments Thanks to these results and similar experiments carried out performed on the acquired data and comment on the results; with other datasets, forensic experts, law enforcement agen- in Section V we focus on the results obtained comparing cies, and the research community agree on the effectiveness different exemplars of two specific devices. Section VI draws of PRNU as a means for the source identification task. More some conclusions and highlights questions that remain open. specifically, a false positive is expected to be a sporadic event, Everywhere in this paper, vectors and matrices are in- thus assuring that a high PCE ratio value represents a robust dicated in bold as X and their components as X(i) and and reliable finding. X(i; j) respectively. All operations are element-wise unless This belief, actually, is mainly based on results achieved mentioned otherwise. Given two vectors X and Y, jjXjj is on devices released several years ago (such as those in the euclidean norm of X, X · Y is the dot product between ¯ the VISION dataset [17]), so their imaging technology is X and Y, X is the mean value of X, ρ(s1; s2; X; Y) is the somewhat obsolete. normalized cross-correlation between X and Y calculated at With the advent of computational photography, new chal- the spatial shift (s1; s2) as lenges appear since the image acquisition pipeline is rapidly P P (X[i; j] − X¯ )(Y[i + s ; j + s ] − Y¯ ) changing, and it appears to be strongly customized by each i j 1 2 ρ(s1; s2; X; Y) = ; brand. Novelties involve both the acquisition process, e.g., jjX − X¯ jjjjY − Y¯ jj with the use of pixel binning [25], [26], and the in-camera where the shifts [i; j] and [i + s ; j + s ] are taken processing, with the development of customized HDR algo- 1 2 modulo the horizontal and vertical image dimensions4. rithms [27] and the exploitation of artificial intelligence for a Furthermore, we denote maximum by ρ(s ; X; Y) = variety of image improvements [28], [29]. peak max ρ(s1; s2; X; Y). The notations are simplified in ρ(s) and These new customized pipelines can introduce new non- s1;s2 unique artifacts (NUA), shared among different cameras in ρ(speak) when the two vectors cannot be misinterpreted. of the same model, or even among cameras of different models, disturbing the PRNU extraction process. This fact II. PRNU BASED SOURCE IDENTIFICATION poses the severe risk that images belonging to different PRNU defines a subtle variation among pixels amplitude due cameras expose correlated patterns, thus increasing the false to the different sensitivity to light of the sensor’s elements. alarm rate abruptly in PRNU detection. This is a severe This defect introduces a unique fingerprint into every image issue since PRNU based source identification is currently the camera takes. Then, camera fingerprints can be estimated used as evidence in court1 and is implemented in several and compared against images to determine the originating de- forensic software supplied to law enforcement agencies and vice. A camera fingerprint is usually estimated from n images intelligence services, like PRNU Compare Professional 2 I1;:::; In as follows: a denoising filter [1], [30] is applied to developed by the Netherlands Forensic Institute (NFI), and the images to obtain the noise residuals W1;:::; Wn. The Amped Authenticate3 by Amped Software. camera fingerprint estimate Ke is derived by the maximum likelihood estimator [2]: 1(United States of America v Nathan Allen Railey, United States District PN WiIi Court: Southern District of Alabama: 1:10-cr-00266-CG-N, 2011) Ke = i=1 : (1) 2 PN 2 https://www.forensicinstitute.nl/products-and-services/forensic- i=1 Ii products 3https://ampedsoftware.com/authenticate 4If X and Y dimensions mismatch, a zero down-right padding is applied.