Internet Media Verification and Authentication Standard

By Sam Jones and Sean Hacker

The internet is increasingly filled with fake, doctored or artificially created media, e.g. images, video and audio. There are numerous examples of software doctored images or video that were created for reasons spanning from humor to political motivations. The ability to discern what is real and what is not will be crucial for any society moving forward. There have already been instances of public outrage over doctored images, eliciting the creator’s intended response with excellent precision. This trend will only get worse as Artificial Intelligence (AI) improves and is able to create new images, videos and audio that are indistinguishable from what a real world device is able to create. There is a need for a standard for verifying and authenticating media, otherwise the internet will quickly devolve into an untrusted medium.

A good standard needs to be open, in the same way that Secure Socket Layer (SSL) is an open standard technology that the majority of secure web communications travel through. However, a standard for media verification and authentication is more complex than SSL and needs to balance the following tradeoffs: privacy, media quality, accuracy and security, and ease of use.

• Privacy — ensures no sharing of media or user information with any central platform or other actors unless desired by the user.
• Media quality — ensures untampered, high quality media requirements necessary for some professions.
• Accuracy and security — ensures that the media is authentic and tamper evident.
• Ease of use — ensures the solution is easily adoptable so the solution becomes standard practice.

To break down those tradeoffs further, below is a list of properties a perfect standard for media verification and authentication must have:

• Open and pervasive — such a standard needs to be used by almost everything we create, otherwise the long tail of unverified media will still cause confusion. The assumption needs to be that if something is not trusted, it is likely not real. (Ease of use)
• Fast — implementing the standard on an end device and performing the verification and authentication process must be fast, otherwise mass adoption is again risked because of some use cases requiring speed. (Ease of use)
• Readable without verification — and this should be possible offline, with no access to the internet. (Ease of use)
• Preserves original media file — if the native media file is not preserved, then mass adoption is risked because of a common need to have high quality media, e.g. journalism, movies or art. (Media quality)
• Unextractable — if a bad actor can extract the original media, they can then re-verify it under a false identity making it seem as though the media is authentic from that actor. (Accuracy and security)
• Artificially created media cannot be verified under a real identity — if an artificially created piece of media is run through the same verification standard (i.e. watermarking algorithm) with the signature of a real identity, then it would falsely seem like the media is real and authentic. (Accuracy and security)
• Identity attachment — it would be possible to verify that a piece of media is real, but not from where it came. This is important for uses cases like journalism, where you might be documenting government or corporate abuse and you don’t want your identity attached to the media but want to to be verifiably real. (Accuracy and security, privacy)
• Verification — the fact that an image is real can be checked definitively. (Accuracy and security)
• Authentication — the source of the media can optionally be revealed. (Accuracy and security)
• Central platform not required — this has many privacy and cost implications if media needs to be uploaded to a central platform. (Privacy)

However, some of these properties are in direct conflict. For example, preserving the original media file for viewing and non extraction of original media for falsifying origin are in conflict. Additionally, any implementation would have to deal with trade offs of delivering on certain properties better than others.

There are some current initiatives and products that are working to solve the general problem of fake media in a few different ways. Three such initiatives are SurfSafe, TruePic and some projects run out of the US Defense Advanced Projects Agency (DARPA) — all should be commended for working on this very important problem. They are mostly early initiatives with different levels of progress, but each one has at least one major flaw.

SurfSafe works as a browser plugin checking ‘trusted’ news sites and fact-checking sites. The issue here is that it will become impossible to distinguish as a human what is real and what is not in the future, and this approach relies on a corpus of ‘trusted’ media to compare to. ‘Trusted’ sites can easily be contaminated or have no reference of a media file therefore this approach could output false negatives or a non definitive answer. [1] (Fails accuracy and security)

TruePic has an app and SDK for use in 3rd party apps that submits an image to TruePic’s servers along with a signature identifying the user, date and time. This approach is the closest to all the properties above as it allows verification and authentication, and in a sense is open. However, as a commercial product, TruePic requires images being stored on their platform, which is a non starter for many use cases spanning journalism to intelligence, and would not scale to the entire internet. Additionally, the software signing only approach may be susceptible to attack if someone registers an app and then uses that registration to falsely sign an artificially created image. A better approach would involve a trusted hardware component as well. (Fails privacy and possibly media quality)

Finally, the DARPA projects that are publicly talked about reference AI detecting doctored or fake media. This works by looking at certain patterns within the file that would not otherwise be found in something real. This approach may work for now, but if we assume that the AI that is used to create media will catch up to detection techniques and eventually advance as quickly as the AI that is being used as detection, it can never be a reliable approach. [3] (Fails accuracy and security)

The ideas presented in this post are not completely developed nor do they meet all the properties of an ideal standard. They are meant to be a starting point for a discussion on how this might be accomplished.

Solution 1: Invisible Watermarking Using Private and Public Keys

Example PKI based Watermarking approach

There are a few instances of research, [4] and [5], that demonstrate a watermarking method utilizing public and private keys that is invisible to the human eye. This approach at a high level works as follows:

1. Private and public keys are distributed to end users and devices.
2. Each user or device also gets a unique watermark pattern to be used.
3. Upon creation of the media, it is watermarked, and this watermarked version is shared and distributed however the user wants it to be.
4. Another user or application can verify the authenticity of the image by utilizing the user or device’s public key to attempt to reveal the watermark, if successful, the watermark will be returned through the standard algorithm. If the public key does not match or the image has been tampered with, the watermark will not verify.

This approach nearly hits all properties of a perfect standard. It does not hit the ability to be able to store the media in its original format. Additionally it is still susceptible to attacks where an artificially created piece of media is later signed by a legitimate user or device’s private key. A possible solution to this is to require that every device store a private key in hardware in a way that is inaccessible from illegitimate software. This however is hard and may not be possible to control.

Moreover, this approach is also not perfect. It may fail the perfect media quality test depending on the performance of the watermarking algorithm and is susceptible to different attacks against its accuracy and security.

Solution 2: Create new secure versions of media file formats

This idea is admittedly not fully worked out technically and likely the outcome would not be all that different from Solution 1. Inspiration for this new set of secure formats stem from the way secure packet encapsulation works in networking. Contents of messages are encrypted for the recipients to receive and the headers have metadata about the payload. This approach could take the form of a watermarked media file that also contains metadata about the creator and creation of this media. The watermark needs to be tied to the image itself, in this format there is no “original” image because the original image would be created at the time of creation. A common smartphone has a 10 megapixel camera, that is 10 million pixels to be minutely altered for verification.

This approach would hit the same requirements as Solution 1 but also be susceptible to the same problems.

Conclusion

There is not current proposed technical standard that hits all the properties perfectly, however most solution ideas require a broadly accessible Public Key Infrastructure (PKI) network in place to work. As an alternative to PKI, a trustless distributed ledger could be used for storing original media files with metadata on its origination, but this comes with issues of cost and scale.

This post serves to add to the discussion about possible technical implementation paths to having a pervasive standard that can help us verify and authenticate media. Additionally, the ideal properties proposed here should also add to the discussion of how we should think about segmenting trusted sections of the internet and non trusted sections. A broadly accepted solution becomes easier if it is not truly pervasive, and only industries or users that require a certain level of trust use a given solution.

This is a hard problem that will likely require a change of behavior and a major architecture change to some of our critical systems, but it is one we need to solve.