"It's not too hard to make changes to digital video," says Tom Duerr, APL's project manager. "But our system quickly and conclusively detects any alterations made to the original tape." For the past two years, Duerr has led development of the project for the United States Postal Inspection Service.
"We're satisfied that our system can accurately detect tampering and now we're building a working prototype that can be attached to a camcorder," says Nick Beser, lead engineer for the project. "Our authenticator provides proof of tampering when the human eye can't detect it. You might theorize that a change has been made, but this system takes the theory out of that determination."
The U.S. Postal Inspection Service, the federal law enforcement agency that safeguards the U.S. Postal Service, its employees and assets, and ensures the integrity of the mail, uses video surveillance and cutting edge technology as investigative tools in many of its cases. "We are looking forward to field testing the prototype developed by APL," says Dennis Jones, assistant postal inspector in charge of the agency's Forensic & Technical Services Division. "Being able to present a certifiable digital recording in court in support of our investigative efforts will minimize court challenges over the admissibility of such evidence. This system could reinforce the public's confidence in the work of law enforcement professionals."
Securing the System
The authentication system computes secure computer-generated digital signatures for information recorded by a standard off-the-shelf digital video camcorder. While recording, compressed digital video is simultaneously written to digital tape in the camcorder and broadcast from the camera into the Digital Video Authenticator (currently a laptop PC). There the video is separated into individual frames and three digital signatures are generated per frame -- one each for video, audio, and camcorder/DVA control data -- at the camcorder frame rate.
Public-key cryptography is used to create unique signatures for each frame. The "keys" are actually parameters from mathematical algorithms embedded in the system. Duerr says, "The keys, signature, and original data are mathematically related in such a way that if any one of the three is modified, the fact that a change took place will be revealed in the verification process."
One key, called a "private" key, is used to generate the signatures and is destroyed when the recording is complete. The second, a "public" key, is used for verification. To provide additional accountability, a second set of keys is generated that identifies the postal inspector who made the recording. This set of keys is embedded in a secure physical token that the inspector inserts into the system to activate the taping session. The token also signs the Digital Video Authenticator's public key, ensuring that the public key released with the video signatures was created by the inspector and can be trusted.
The signatures that are generated for the recording make it easy to recognize tampering. If a frame has been added it won't have a signature and will be instantly detected. If an original frame is altered, the signature won't match the new data and the frame will fail verification. The method is so perceptive that tampering with even a single bit (an eighth of a byte) of a 120,000-byte video frame is enough to trigger an alert. After an event is recorded, the signatures and the signed public key are transferred to a removable storage device and secured along with the original tape in case the authenticity of a tape is challenged.
When finished, the Digital Video Authenticator is expected to be within the size and cost range of consumer-grade digital camcorders. It will be attached to, rather than embedded in, a video camera, which allows it to be transferred to different cameras when current ones become obsolete. Comparison of signatures with recorded video and analysis of the results will be accomplished in separate software that will run on a desktop PC.
Prototype development will include peer review by other researchers and potential users and is expected to be completed by 2005. In addition to Postal Inspection Service use, the system could serve state and local law enforcement needs and possibly corporate and other business venues.
The Applied Physics Laboratory, a division of The Johns Hopkins University, meets critical national challenges through the innovative application of science and technology. For more information, visit www.jhuapl.edu.