Digitally sign digital photos for authenticity.

Problem background.

Most of the world is moving from the film-based camera to the digital camera. Digital photography presents challenges for investigation work; without original film for verification, it can be diffult to convince a court that a photo has not been modified. Law authorities and personal investigators have had to develop guidelines for handling digital evidence to avoid such difficulties.

Suggested solution.

Make cameras that digitally sign images using public-key cryptography. Each camera should have it's own private key built in, and it should be provided with a matching public key. Each time a photo is taken, the camera signs the image with the private key. Anyone wishing to verify the integrity of the photo could use the public key to check the signature.

Notes and considerations:

• No system can be 100% tamper-proof. If someone could extract the private key, she may be able to use it to sign an altered image. However, the digital signature approach should still provide a greater assurance of integrity. If the private key is built into the camera itself, it should be reasonably difficult to extract, and could only be done by someone with physical access to it.
• For further integrity, investigators could use Time-Stamping Authorities to get time signatures for image files, thereby proving that the image was not created before the timestamp was issued.