Forensic analysis for digital images

IX n.s.Nowadays, taking and sharing digital pictures is becoming a very popular activity. This is witnessed by the explosive growth of the digital cameras market: e.g., more than one billion of digital cameras have been produced and shipped in 2010. A consequence of this trend is that also the number of crimes involving digital pictures increases, either because pictures are part of the crime (e.g., exchanging pedopornographic pictures) or because their analysis may reveal some important clue about the author of the crime. The highly technical nature of computer crimes facilitated a wholly new branch of forensic science called digital forensics. The Digital Forensic Sci- ence involves processes such as acquisition of data from an electronic source, analysis of the acquired data, extraction of evidence from the data, and the preservation and presentation of the evidence. Digital Imaging Forensics is a specialization of the Digital Forensics which deals with digital images. One of the many issues that the Digital Imaging Forensics tries to deal with is the source camera identi cation problem, i.e., establish if a given image has been taken by a given digital camera. Today this is a practical and important problem aiming to identify reliably the imaging device that acquired a particular digital image. Techniques to authenticate an electronic image are especially important in court. For example, identifying the source device could establish the origin of images presented as evidence. In a prosecution for child pornography, for example, it could be desirable that one could prove that certain imagery was obtained with a speci c camera and is thus not an image generated by a computer, given that "virutal images" are not considered offense. As electronic images and digital video replace their analog counterparts, the importance of reliable, inexpensive, and fast identification of the origin of a particular image will increase. The identification of a source camera of an image is a complex issue which requires the understanding of the several steps involved in the creation of the digital photographic representation of a real scene. In particular, it is necessary to understand how the digital images are created, which are the processes which create (and therefore affect) the creation of the digital data, starting from the real scene. Moreover, it is necessary to point out the factors which can be used to support the camera identification and, may be even more important, which are the factors which can tamper the photos and prevent (maliciously or not) the camera identification. Many identification techniques have been proposed so far in literature. All these techniques generally work by using the sensor noise (an unexpected variation of the digital signal) left by a digital sensor when taking a picture as a fingerprint for identifying the sensor. These studies are generally accompanied with tests proving the effectiveness of these techniques, both in terms of False Acceptance Rate (FAR) and False Rejection Rate (FRR). Unfortunately, most of these contributions do not take into consideration that, in practice, the images that are shared and exchanged over the Internet have often been pre-processed. Instead, it is a common practice to assume that the images to be examined are unmodified or, at most, to ignore the e ects of the pre-processing. Even without considering the case of malicious users that could intention- ally process a picture in order to fool the existing identification techniques, this assumption is unrealistic for at least two reasons. The first is that, as previously mentioned, almost all current photo-managing software o ers several functions for adjusting, sometimes in a "magic" way (see the "I'm feeling lucky" function on Google Picasa) different characteristics of a picture. The second reason can be found in the way the images are managed by some of the most important online social network (OSN) and online photo sharing (OPS) sites. These services usually make several modifications to the original photos before publishing them in order to either improve their appearance or reduce their size. In this thesis we have first implemented the most prominent source camera identification technique, proposed by Lukas et al. and based on the Photo-Response Non-Uniformity. Then, we present a new identification technique that use a SVM (Support Vector Macchine) classifier to associate photos to the right camera. Both our implementation of Lukas et al. technique and our SVM technique have been extensively tested on a test-sample of nearly 2500 images taken from 8 different cameras. The main purpose of the experiments conducted is to see how these techniques performs in presence of pre-processed images, either explicit modified by a user with photo management tools or modified by OSNs and OPSs services without user awareness. The results confirm that, in several cases, the method by Lukas et al. and our SVM technique is resilient to the modifications introduced by the considered image-processing functions. However, in the experiments it has been possible to identify several cases where the quality of the identifica- tion process was deteriorated because of the noise introduced by the image- processing. In addition, when dealing with Online Social Networks and Online Photo Sharing services, it has been noted that some of them process and modify the uploaded pictures. These modifications make ineffective, in many cases, the method by Lukas et al. while SVM technique performs slightly better. [edited by author]2009 - 201

SAVI: a new system for advanced SQL visualization

In this paper, we present SAVI, a new system for supporting the teaching and the understanding of the semantics of the SQL language. SAVI uses visualization to explain the way some of the SQL operators select and transform data from a target database. The contribution of our paper is two-fold. From a conceptual point of view, we improve the visualization approach provided by existing systems, in order to address the mental visualization problem faced by students when learning SQL. From a technological point of view, we leverage on emerging web technologies to develop a visualization infrastructure that can be seamlessly run on any standard HTML5-capable browser, without any need for an additional software or virtual machine installation. © 2011 ACM

Source camera identification in real practice: a preliminary experimentation

In this paper, an experimental evaluation of one of the most effective source camera identification techniques proposed so far, by Lukáš et al., is presented. This method uses the characteristic noise left by the sensor on a digital picture as a fingerprint in order to identify the source camera used to take the picture. The aim of the experiments is to assess the effectiveness of this technique when used with pictures that were previously modified using several common image-processing functions coming with photo-editing tools. The results seem to confirm that, in most cases, the method by Lukáš et al. is resilient to the modifications introduced by the considered image-processing functions. However, it was possible to identify several cases where the quality of the identification process deteriorated because of the noise introduced by the image-processing. © 2010 IEEE

Experimentations with source camera identification and Online Social Networks

In this paper is presented an extended experimental evaluation of one of the most effective source camera identification techniques proposed so far, by Lukáš et al. (IEEE Trans Inf Forensics Security 1(2):205-214, 2006). This method uses the characteristic noise left by the sensor on a digital picture as a fingerprint in order to identify the source camera used to take the picture. The aim of the experiments is to assess the effectiveness of this technique when used with pictures that were previously modified using several common image-processing functions coming with photo-editing tools. Moreover, the technique is applied to photos passed through Online Social Networks or Online Photo Sharing websites, without any "human" explicit modification but only elaborated by such Web 2. 0 tools. The results confirm that, in several cases, the method by Lukáš et al. (IEEE Trans Inf Forensics Security 1(2):205-214, 2006) is resilient to the modifications introduced by the considered image-processing functions. However, in the experiments it has been possible to identify several cases where the quality of the identification process deteriorated because of the noise introduced by the image-processing. In addition, when dealing with Online Social Networks and Online Photo Sharing services, it has been noted that some of them process and modify the uploaded pictures. These modifications make ineffective, in many cases, the method by Lukáš et al. (IEEE Trans Inf Forensics Security 1(2):205-214, 2006) © 2011 Springer-Verlag

An Extensible Framework for Efficient Secure SMS

Nowadays, Short Message Service (SMS) still represents the most used mobile messaging service. SMS messages are used in many different application fields, even in cases where security features, such as authentication and confidentiality between the communicators, must be ensured. Unfortunately, the SMS technology does not provide a built-in support for any security feature. This work presents SEESMS (Secure Extensible and Efficient SMS), a software framework written in Java which allows two peers to exchange encrypted and digitally signed SMS messages. The communication between peers is secured by using public-key cryptography. The key-exchange process is implemented by using a novel and simple security protocol which minimizes the number of SMS messages to use. SEESMS supports the encryption of a communication channel through the ECIES and the RSA algorithms. The identity validation of the contacts involved in the communication is implemented through the RSA, DSA and ECDSA signature schemes. SEESMS is able to certify the phone number of the peers using the framework. Additional cryptosystems can be coded and added to SEESMS as plug-ins. Special attention has been devoted to the implementation of an efficient framework in terms of energy consumption and execution time. This efficiency is obtained in two steps. First, all the cryptosystems available in the framework are implemented using mature and fully optimized cryptographic libraries. Second, an experimental analysis was conducted to determine which combination of cryptosystems and security parameters were able to provide a better trade-off in terms of speed/security and energy consumption. This experimental analysis has also been useful to expose some serious performance issues affecting the cryptographic libraries which are commonly used to implement security features on mobile devices. © 2010 IEEE

Engineering a secure mobile messaging framework

It is quite usual in the world of scientific software development to use, as black boxes, algorithmic software libraries without any prior assessment of their efficiency. This approach relies on the assumption that the experimental performance of these libraries, although correct, will match the theoretical expectation of their algorithmic counterparts. In this paper we discuss the case of SEESMS (Secure Extensible and Efficient SMS). It is a software framework that allows two peers to exchange encrypted and digitally signed SMS messages. The cryptographic part of SEESMS is implemented on top of the Java BC library (The Legion of Bouncy Castle, 2010), a widely used open-source library. The preliminary experimentations conducted on SEESMS, discussed in Castiglione et al. (2010), revealed some unexpected phenomena like the ECDSA-based cryptosystem being generally and significantly slower than the RSA-based equivalent. In this paper, we analyze these phenomena by profiling the code of SEESMS and expose the issues causing its bad performance. Then, we apply some algorithmic and programming optimizations techniques. The resulting code exhibits a significant performance boost with respect to the original implementation, and requires less memory in order to be run. © 2012 Elsevier Ltd. All rights reserved