Finalse

Project Detection Of Forged Image
Chapter 1
INTRODUCTION
1.1 Preface
1.2 Statement of the problem
1.3 Organization of report
Dept Of CS&E, SJCE Mysore. 1

1. INTRODUCTION
1.1 Introduction to Image
An image (from Latin imago) is an artifact, usually two-dimensional (a picture), that has
a similar appearance to some subject—usually a physical object or a person.
Images may be two-dimensional, such as a photograph, screen display, and as well as

three-dimensional, such as a statue. They may be captured by optical devices—such as
cameras, mirrors, lenses, telescopes, microscopes, etc. and natural objects and
phenomena, such as the human eye or water surfaces.
The word image is also used in the broader sense of any two-dimensional figure such as a
map, a graph, a pie chart, or an abstract painting. In this wider sense, images can also be
rendered manually, such as by drawing, painting, carving, rendered automatically by
printing or computer graphics technology, or developed by a combination of methods,
especially in a pseudo-photograph.
A volatile image is one that exists only for a short period of time. This may be a
reflection of an object by a mirror, a projection of a camera obscura, or a scene displayed
on a cathode ray tube. A fixed image, also called a hard copy, is one that has been
recorded on a material object, such as paper or textile by photography or digital
processes.
Still image
A still image is a single static image, as distinguished from a moving image (see below).
This phrase is used in photography, visual media and the computer industry to emphasize
that one is not talking about movies, or in very precise or pedantic technical writing such
as a standard. A film still is a photograph taken on the set of a movie or television
program during production, used for promotional purposes.

A still image of a person's face from many years ago can only tell us about the face, not
what the person is feeling at the time of the photograph (1997:46). Therefore we can only
guess what they are thinking, and come up with our own conclusions about the image.
When a person visits the video store and wants to borrow a movie, the first thing they
may often look at is the image on the case. The phrase Never judge a book by its cover is
often said, however it is a common technique that is used to determine what we choose is
worth looking at and what is not.
Moving image
A moving image is typically a movie (film), or video, including digital video. It could
also be an animated display such as a zoetrope. Paul Levinson states that, 'moving
pictures are individual photographic images presented to the eye so quickly that they give
the illusion of motion.' (1997:37)These means that it gives people a real life encounter of
a person's experience. With a video camera, a person is able to capture many moments in
time, unlike the still image.
1.2 Introduction to Forgery

"Forgery" is a subjective word. An image can become a forgery based upon the
context in which it is used An image altered for fun or someone who has taken an bad
photo, but has been altered to improve its appearance cannot be considered a forgery
even though it has been altered from its original capture.
The other side of forgery is those who perpetuate a forgery for gain and prestige they
create an image in which to dupe the recipient into believing the image is real and from
this be able to gain payment and fame
Two type of forgery can be identified:
1) An image that is created using graphical software
2) An image where the content has been altered
Creating an image by altering its content is one method. Duping the recipient into
believing that the objects in an image are something else from what they really are. The
image itself is not altered, and if examined will be proven as so.

This method is where the context of the image is altered. Objects are be removed or
added, for example, a person can be added or removed. The easiest way is to cut an
object from one image and insert it into another image – image editing software makes
this a simple task
1.3 Copy-Move Forgery

Because of the extraordinary difficulty of the problem and its largely unexplored
character, the authors believe that the research should start with categorizing forgeries by
their mechanism, starting with the simple ones, and analyzing each forgery type
separately. In doing so, one will build a diverse Forensic Tool Set (FTS). Even though
each tool considered separately may not be reliable enough to provide sufficient evidence
for a digital forgery, when the complete set of tools is used, a human expert can fuse the
collective evidence and hopefully provide a decisive answer. In this paper, the first step
towards building the FTS is taken by identifying one very common class of forgeries, the
Copy-Move forgery, and developing efficient algorithms for its detection.
In a Copy-Move forgery, a part of the image itself is copied and pasted into another part
of the same image. This is usually performed with the intention to make an object
“disappear” from the image by covering it with a segment copied from another part of the
image. Textured areas, such as grass, foliage, gravel, or fabric with irregular patterns, are
ideal for this purpose because the copied areas will likely blend with the background and
the human eye cannot easily discern any suspicious artifacts. Because the copied parts
come from the same image, its noise component, color palette, dynamic range, and most
other important properties will be compatible with the rest of the image and thus will not
be detectable using methods that look for incompatibilities in statistical measures in
different parts of the image. To make the forgery even harder to detect, one can use the
feathered crop or the retouch tool to further mask any traces of the copied-and-moved
segments.
Examples of the Copy-Move forgery are given in Figures 1–3. Figure 1 is an obvious
forgery that was created solely for testing purposes. In Figure 2, you can see a less
obvious forgery in which a truck was covered with a portion of the foliage left of the
truck (compare the forged image with its original). It is still not too difficult to identify

the forged area visually because the original and copied parts of the foliage bear a
suspicious similarity. Figure 2 shows another Copy-Move forgery that is much harder to
identify visually. This image has been sent to the authors by a third party who did not
disclose the nature or extent of the forgery. We used this image as a real-life test for
evaluating our detection tools. A visual inspection of the image did not reveal the
presence of anything suspicious.
Figure : 1 Test image “Hats”.

Figure 2 Forged test image “Jeep” (above) and its original version (below).

Figure 3 Test image “Golf” with an unknown original.

Chapter 2
LITERATURE SURVEY
2.1 Existing Methods
Chapter
2.2 2 Method
Proposed
LITERATURE SURVEY
2.2 Proposed Method

The SHA hash functions are a set of cryptographic hash functions designed by the
National Security Agency (NSA) and published by the NIST as a U.S. Federal
Information Processing Standard. SHA stands for Secure Hash Algorithm.
The Three algorithms are denoted SHA-1, SHA-224, SHA-256.
These algorithms enable the determination of a message’s integrity
– any change to the message will, with a very high probability, result in a
different message digest
– This property is useful in the generation and verification of digital
signatures and message authentication codes, and in the generation of
random numbers (bits).

SHA-1 is the best established of the existing SHA hash functions, and is
employed in several widely used security applications and protocols. In 2005, security
flaws were identified in SHA-1, namely that a possible mathematical weakness might
exist, indicating that a stronger hash function would be desirable. Although no attacks
have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1
and so efforts are underway to develop improved alternatives.
Slide attacks against block ciphers were introduced by Biryukov and Wagner in
1999 [4, 5], although similar techniques had previously been used by others.
To our knowledge, slide attacks against hash functions have not been previously
considered in the literature. Indeed it is difficult to see if and how “slid pairs” in the
compression function can be exploited to find collisions for the hash function. This
remains an open question.
However, it is interesting to consider the question whether or not slid pairs (which
are essentially linear relations between two inputs and outputs) can be easily found for
SHA-1. This is also related to Anderson’s classification of hash functions [1]. David
Wagner has considered a slide attack on 40 iterations of SHA-1 in unpublished work
[21]. SHA-1 exhibits some properties which are useful when mounting slide attacks.

a) The SHA-1 compression function consists of four different “rounds”. For 20

iterations of each round the nonlinear function Fi and the constant Ki are unchanged there
are only three transitions between different iteration types .
b) The key schedule (i.e. message expansion) can be slid.
2.2 Proposed Method

SHA-256
SHA-256 may be used to hash a message, M, having a length of l bits, where 0

≤ l < 264 . The algorithm uses 1) a message schedule of sixty- four 32-bit words, 2) eight
working variables of 32 bits each, and 3) a hash value of eight 32-bit words. The final
result of SHA-256 is a 256-bit message digest.
The words of the message schedule are labeled W0, W1,…, W63. The eight
working variables are labeled a, b, c, d, e, f, g, and h. The words of the hash value are
Chapter 3
labeled H0(i) ,H1( i)…… H(7)( i) ,which will hold the initial hash value, H(0), replaced by each
successive intermediate hash value (after each message block is processed), H(i), and
REQUIREMENT ANALYSIS AND
ending with the final hash value, H(N). SHA-256 also uses two temporary words, T1 and T2.
SPECIFICATION
3.1 Requirement Analysis
3.2 Requirement Specification
3.3 Functional & Non- Functional Requirements
3.4 Hardware & Software requirements

Chapter 3
3.1 Requirements Analysis

Requirements analysis is an important process. After initial feasibility studies, the

first major stage of the requirements engineering process is requirement analysis. The
analysis model achieves three primary objectives:
o To describe what the customer requires.
o Establish a basis for the creation of the software design.
o Defines a set of requirements that can be validated after the software is
built.
After careful observations on the system, we found that the basic requirements
needed by the user were regarding a good user interface. An effective and self-descriptive
interface was what most of the people desired to have.
3.2 Requirements Specification

The basic construct we need is to store the images. The project must allow us to
enter images one at a time and used in Compare the images. It must allow us to easily
access file, where we can store the data related to images while we can compare the
sample data of image with the data in file.
3.3 Functional requirements

1) The first step in this is to store the original picture into the file in an application.
This is done by administrator.
2) Import the image to compare with all images in the stored list.
3) The result will be displayed based on the Comparison
Non Functional Requirements:
1. Reliability.
2. Availability.
3. Security.
4. Maintainability.
5. Portability
3.4 Hardware and Software Requirements

Hardware requirements:
RAM: 256mb
Hard disk: 100mb
Processor: Intel Pentium 4 processor
Processor speed: 1.3GHz
Software Requirements:
Operating system: Windows XP

Front end: MS Visual studio Dot Net 2005
Application: Windows Application.
Code Behind: C#.
Back end: Files

Chapter 4
SYSTEM DESIGN
Chapter 4
SYSTEM DESIGN
Basic Considerations
Algorithm
In this section a brief overview of the system design process is given. The design process
can be divided into the following sub sections.
4.1 Basic Considerations

In the design process, certain basic considerations were made which were
found to be essential, in order to design the system successfully.
• The Image should be of colour level..
• Images with jpg,bmp format are considered.
• Images are considered as array of pixels.
4.2 Algorithm
SHA-1 is the best established of the existing SHA hash functions, and is
employed in several widely used security applications and protocols. In 2005, security
flaws were identified in SHA-1, namely that a possible mathematical weakness might
exist, indicating that a stronger hash function would be desirable. Although no attacks
have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1
and so efforts are underway to develop improved alternatives.
Slide attacks against block ciphers were introduced by Biryukov and Wagner in
1999 [4, 5], although similar techniques had previously been used by others.
To our knowledge, slide attacks against hash functions have not been previously
considered in the literature. Indeed it is difficult to see if and how “slid pairs” in the
compression function can be exploited to find collisions for the hash function. This
remains an open question.
However, it is interesting to consider the question whether or not slid pairs (which
are essentially linear relations between two inputs and outputs) can be easily found for
SHA-1. This is also related to Anderson’s classification of hash functions [1]. David
Wagner has considered a slide attack on 40 iterations of SHA-1 in unpublished work
[21]. SHA-1 exhibits some properties which are useful when mounting slide attacks. a)
The SHA-1 compression function consists of four different “rounds”. For 20 iterations of
each round the nonlinear function Fi and the constant Ki are unchanged there are only
three transitions between different iteration types (see Figure 1). b) The key schedule (i.e.
message expansion) can be slid.

We simply choose
W′i =Wi+1 for 0 _ i _ 14 andW′15 = (W1 _W7 _W12 _W15)n1. It is easy to see that
after the key expansion = Wi+1 for 0 _ x _ 78.
An Algorithm for Finding Slid Pairs

A method exists for finding slid pairs with roughly 232 effort. The method is
rather technical, so we can only give an overview of the key ideas used. The general
strategy is as follows. The algorithm doesn’t start by choosing the plaintext or the cipher
text, but from the “middle”, iterations 20 and 40. We find collisions in these positions
with O(1) effort and then work towards iterations 25 – 28, where we perform a partial
meet-in-the middle match.
Round collisions: We note that in iteration i, not all input words affect the
possibility of a round collision; only B, C, and D are relevant, since A and E only affect
the output word linearly. Furthermore, the key word Wi has no effect to the probability of
collision in iterations i or i + 1.
For iteration pair 19/20 (select-parity transition) we use:
It is easy to see that
Thus the constant (K0/K20) is canceled out in both cases and a round collision occurs.
Similarly, for iteration pair 39/40 (parity-majority transition) we use:
Again we see that a collision occurs:



IMPLEMENTATION
5.1 Tools Used
5.2 Organization of Source code
5.3 Implementation Details
5.4 Menu Structure
Chapter 5
IMPLEMENTATION
5.1 Tools Used

Implementation Steps
Developing environment

5.1 Tools used
Environment and Language
The Windows operating system environment was chosen for implementation of

this project. The language chosen is .net,

The concepts discussed in the design section of this report were implemented.
Thus the following modules were the result of implementation phase:
 Size Comparison of images
 Color Comparison of images
 Pixel by pixel Comparison of images.
5.3 Implementation Steps

General Logic:
• Input message must be < 264 bits
– not really a problem
• Message is processed in 512-bit blocks sequentially
• Message digest is 160 bits
• SHA design is similar to MD5, but a lot stronger
Basic Steps:
• Step1: Padding
• Step2: Appending length as 64 bit unsigned
• Step3: Initialize MD buffer 5 32-bit words
Store in big endian format, most significant bit in low address
A|B|C|D|E
A = 67452301
B = efcdab89
C = 98badcfe
D = 10325476
E = c3d2e1f0
• Step 4: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each.
Each step t (0 <= t <= 79):
– Input:
• Wt – a 32-bit word from the message
• Kt – a constant.
• ABCDE: current MD.
– Output:
• ABCDE: new MD.

Only 4 per-round distinctive additive constants
0 <=t<= 19 Kt = 5A827999
20<=t<=39 Kt = 6ED9EBA1
40<=t<=59 Kt = 8F1BBCDC
60<=t<=79 Kt = CA62C1D6
5.4 Developing Environment.
.NET
.NET is software that includes everything required for developing software for
web services. It integrates presentation technologies, component technologies and data
technologies on a single platform so as to enable users to develop Internet applications as
easily as on desktop systems.
.NET wraps the Windows operating system, via a class library with the largest
functionality created to date, in effect permitting an object-oriented interaction with the
operating system.
.NET framework

The .Net framework provides an environment for deploying and running web
services and other application. It consists of three distinct technologies as given.
 Common Language Runtime (CLR)

 Framework Based Classes
 User and program interfaces (ASP.NET and Winforms)
C#
C# is a simple, modern, object oriented, and type-safe programming language
derived from C and C++. C# (pronounced “C sharp”) is firmly planted in the C and C++
family tree of languages, and will immediately be familiar to C and C++ programmers.
C# aims to combine the high productivity of Visual Basic and the raw power of C++.
C# is provided as a part of Microsoft Visual Studio 7.0. In addition to C#, Visual
Studio supports Visual Basic, Visual C++, and the scripting languages VBScript and
JScript. All of these languages provide access to the Next Generation Windows Services
(NWGS) platform, which includes a common execution engine and a rich class library.
The .NET software development kit defines a "Common Language Subset" (CLS), a sort
of lingua franca that ensures seamless interoperability between CLS-compliant languages
and class libraries.
Pronounced "C sharp“
 Modern, object-oriented language

 Announced by Microsoft on 26/6/2000
 Build range of products for .Net Platform
 Components can be converted into Web services – accessed over the internet
 Without sacrificing the power and control that have been a hallmark of C and C++.
Benefits of the .NET approach
 Simple and faster system development.
 Rich object model.
 Enhanced built in functionality.

 Many different ways to communicate with outside world.
 Integration of different languages into one platform.
 Easy deployment and execution.
 Wide range of scalability.
 Interoperability with existing applications.
 Simple and easy to build sophisticated development tools.
 Fewer bugs.

Chapter 6
TESTING AND RESULTS

Chapter 6
TESTING AND RESULTS
6.1 Testing Objectives
6.1 Results
6.2 Results

The testing process involves the process of feeding in test data and getting the
output. In this process there may be any error that will be discovered. These errors are to
be corrected and tested again. This is an iterative process. The process is continued till all
the test cases yield positive results. The objective of testing is mainly based on the fact
that when testing is carried out some undiscovered error might be detected.
The common view is to eliminate program errors. This sometimes may be very
difficult, time consuming and there cannot be cent percent accuracy in the design. All that
can be done is to put the system through a “Fail Test” cycle and determine what will
make the system to fail. Hence a successful test is that one that finds an error.
Testing is the process of executing a program with the intention of finding

errors. A good test case is one that has high probability of finding undiscovered errors. A
successful test is one that unveils an undiscovered error.
6.2 Results
Front End



Chapter 7
LIMITATIONS, FUTURE
ENHANCEMENTS AND AREAS OF
APPLICATIONS
7.1 Limitations
7.2 Areas of Applications
Chapter 7 Enhancements
7.3 Future
LIMITATIONS, FUTURE
ENHANCEMENTS AND AREAS OF
APPLICATIONS
7.1 Limitations
7.2 Future Enhancements
7.3 Areas of Applications

7.1 Limitations
When accomplishing a project, that too within limited time span, limitations are
inevitable. Meanwhile, the same applies to our project. There are certain limitations; we
have considered accomplishing the project successfully.
 Here in our project, we can only detect the forgery of an image if we have
another reference image to verify. A image is stored in the database, which is
cross checked against the given image.
 Only the static image forgery can be detected, not the active forgery.
 The project so implemented can be used only for offline, but not for online.
7.2 Applications
• We can detect the forgery of images by comparison.
• Forensic applications
• Check authentication.
• Pixel by pixel comparison.
7.3 Future Enhancements

• We can implement it for online applications.
• We can implement this for gray scale images.

• More than one type of forgery can be detected by enhancing the project.
• Skilled image forgery detection can be done.
Chapter 8
CONCLUSION

8. Conclusion
 Digital image forgeries can be used to deceive the public and the authorities.
 They are here to stay.
 Until non destructible/ non removal digital watermarks are perfected, passive
authentication will remain necessary.
 Currently no single passive authentication technique can detect all types of digital
forgeries.

References
1. Detection of Copy – Move Forgery in Digital Images by .J. Fridrich
2. “Methods for "Methods for Tamper Detection in Digital Images", Proc. ACM
Workshop on Multimedia and Security, Orlando, FL, October 30−31, 1999, pp. 19−23.
3. S. Saic, J. Flusser, B. Zitová, and J. Lukáš, “Methods for Detection of Additional

Manipulations with Digital Images”, Research Report, Project RN19992001003
"Detection of Deliberate Changes in Digital Images", ÚTIA AV ČR, Prague, December
1999 (partially in Czech).
4. J. Lukáš, “Digital Image Authentication“, Workshop of Czech Technical University

2001, Prague, Czech Republic, February 2001.
5. http://en.wikipedia.org

6: http://www.howstuffworks.com
7: http://www.reference.com

Finalse

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Finalse

Uploaded by

Copyright:

Available Formats

Project Detection Of Forged Image

Dept Of CS&E, SJCE Mysore. 1

1.1 Introduction to Image

Images may be two-dimensional, such as a photograph, screen display, and as well as

Dept Of CS&E, SJCE Mysore. 2

1.2 Introduction to Forgery

Dept Of CS&E, SJCE Mysore. 3

1.3 Copy-Move Forgery

Dept Of CS&E, SJCE Mysore. 4

Figure : 1 Test image “Hats”.

Dept Of CS&E, SJCE Mysore. 5

Dept Of CS&E, SJCE Mysore. 6

Figure 3 Test image “Golf” with an unknown original.

Dept Of CS&E, SJCE Mysore. 7

Dept Of CS&E, SJCE Mysore. 8

2.1 Existing Methods

Dept Of CS&E, SJCE Mysore. 9

a) The SHA-1 compression function consists of four different “rounds”. For 20

2.2 Proposed Method

SHA-256 may be used to hash a message, M, having a length of l bits, where 0

3.4 Hardware & Software requirements

Dept Of CS&E, SJCE Mysore. 10

3.1 Requirements Analysis

Dept Of CS&E, SJCE Mysore. 11

Requirements analysis is an important process. After initial feasibility studies, the

3.2 Requirements Specification

3.3 Functional requirements

3) The result will be displayed based on the Comparison

Non Functional Requirements:

Dept Of CS&E, SJCE Mysore. 12

Operating system: Windows XP

Dept Of CS&E, SJCE Mysore. 13

4.1 Basic Considerations

Dept Of CS&E, SJCE Mysore. 15

An Algorithm for Finding Slid Pairs

For iteration pair 19/20 (select-parity transition) we use:

It is easy to see that

Again we see that a collision occurs:

Dept Of CS&E, SJCE Mysore. 16

Dept Of CS&E, SJCE Mysore. 17

Dept Of CS&E, SJCE Mysore. 18

5.1 Tools Used

Dept Of CS&E, SJCE Mysore. 19

5.1 Tools used

Environment and Language

The Windows operating system environment was chosen for implementation of

5.2 Implementation Details

5.3 Implementation Steps

– not really a problem

• Message is processed in 512-bit blocks sequentially

• Message digest is 160 bits

• SHA design is similar to MD5, but a lot stronger

• Wt – a 32-bit word from the message

• ABCDE: current MD.

• ABCDE: new MD.

5.4 Developing Environment.

Dept Of CS&E, SJCE Mysore. 21

 Common Language Runtime (CLR)

Pronounced "C sharp“

 Modern, object-oriented language

 Simple and faster system development.

 Rich object model.