pith. sign in

arxiv: 1907.04025 · v1 · pith:SV46Y3ZDnew · submitted 2019-07-09 · 💻 cs.MM · cs.CR

On the Security and Applicability of Fragile Camera Fingerprints

Erwin Quiring , Matthias Kirchner , Konrad Rieck This is my paper

Pith reviewed 2026-05-25 00:12 UTC · model grok-4.3

classification 💻 cs.MM cs.CR
keywords camera fingerprintimage forensicsdevice identificationfragile fingerprintssensor noisecompressionadversarial attackdigital authentication
0
0 comments X

The pith

Fragile camera fingerprints enable reliable device identification even when adversaries access only compressed images.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper investigates the security of fragile camera fingerprints against attacks where an adversary estimates and plants a fingerprint from publicly available images. It establishes that the defense works because owners retain access to uncompressed originals for a complete fingerprint while adversaries obtain only truncated versions from compressed files. This asymmetry supports reliable identification at everyday compression levels according to the theoretical and practical tests performed. Readers would care because standard camera fingerprints from sensor noise are otherwise vulnerable to spoofing in forensics and authentication scenarios. The work focuses on showing that this limitation on the adversary preserves the utility of the method.

Core claim

Fragile camera fingerprints address the planting attack by exploiting the asymmetry in data access: the camera owner always possesses uncompressed images that yield a full fingerprint, whereas the adversary typically has access only to compressed images and thus only a truncated fingerprint. Theoretical and practical tests show that this setup allows reliable device identification for common compression levels even in an adversarial environment.

What carries the argument

The fragile camera fingerprint, which is the truncated sensor noise pattern extracted from compressed images and used to create an access asymmetry against adversaries limited to those images.

If this is right

  • Device authentication systems can rely on fragile fingerprints without being defeated by public compressed images.
  • Image forensics applications maintain their ability to link photos to cameras despite common JPEG compression.
  • Adversaries cannot reliably plant fingerprints when restricted to the truncated versions from compressed sources.
  • The distinction between full and truncated fingerprints holds for compression levels typically used in practice.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar access-asymmetry defenses could be examined in other sensor-based forensic techniques.
  • Testing whether adversaries can acquire higher-fidelity images through indirect channels would probe the assumption further.
  • Consumer cameras might integrate checks based on fragile fingerprints to verify ownership of shared photos.

Load-bearing premise

The legitimate owner always possesses uncompressed images that provide a full fingerprint while the adversary never does.

What would settle it

A test in which an adversary using only compressed images produces a fingerprint estimate that matches the owner's full fingerprint closely enough to pass identification at standard compression ratios.

Figures

Figures reproduced from arXiv: 1907.04025 by Erwin Quiring, Konrad Rieck, Matthias Kirchner.

Figure 1
Figure 1. Figure 1: Fragile fingerprint computation based on a subband-selective filter H1(X): Each pixel block X is mapped to its DCT representation Y , element-wise multiplied by a binary mask H1, and transformed back to the spatial domain to give X˜ . DCT coefficient matrix, hi,j = [(i + j − 8 − c) > 0] , (7) where [·] denotes the Iverson bracket [PITH_FULL_IMAGE:figures/full_fig_p006_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Quality of fingerprint estimation. Results from (a) NE = 250 synthetic images and (b)-(c) NE = 250 natural Nikon D7000 images. The curves resemble each other reasonably well, with r generally predicting a slightly higher fingerprint quality than ρ due to the implied independence assumptions in the latter. As c increases, ρ slowly approaches φ1. This indicates that the analytically derived ρ is a good appro… view at source ↗
Figure 3
Figure 3. Figure 3: Kernel statistical test of independence. Plots (a) and (b) depict the first scenario; Plots (c) and (d) the second scenario for both databases. contrast to the Dresden database, Alice’s fingerprint is here calculated from natural instead of homogeneously lit images, raising the bar for establishing independence considerably. Analysis summary. The chosen HSIC test establishes statistical independence for su… view at source ↗
Figure 4
Figure 4. Figure 4: Fingerprint-copy attack with fragile fingerprints. Average PCE values as a function of the embedding strength α with NE = 4648 (Nikon D7000) for different JPEG qualities. As expected, high-quality JPEG 100 images enable Mallory to perform a successful attack due to the negligible quantization ( [PITH_FULL_IMAGE:figures/full_fig_p014_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Applications. Plot (a) shows the camera identification of uncompressed images. Plot (b) depicts the defense performance against fingerprint-copy attack using the triangle test and fragile fingerprints (JPEG quality 90, c = 1). 64 coefficients. An almost perfect detection is possible with c 6 4 for the Dresden database. The results for the Nikon D7000 camera are comparable for c 6 3. We contribute this smal… view at source ↗
read the original abstract

Camera sensor noise is one of the most reliable device characteristics in digital image forensics, enabling the unique linkage of images to digital cameras. This so-called camera fingerprint gives rise to different applications, such as image forensics and authentication. However, if images are publicly available, an adversary can estimate the fingerprint from her victim and plant it into spurious images. The concept of fragile camera fingerprints addresses this attack by exploiting asymmetries in data access: While the camera owner will always have access to a full fingerprint from uncompressed images, the adversary has typically access to compressed images and thus only to a truncated fingerprint. The security of this defense, however, has not been systematically explored yet. This paper provides the first comprehensive analysis of fragile camera fingerprints under attack. A series of theoretical and practical tests demonstrate that fragile camera fingerprints allow a reliable device identification for common compression levels in an adversarial environment.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The paper claims that fragile camera fingerprints—exploiting the asymmetry where camera owners access uncompressed images for full PRNU fingerprints while adversaries are limited to compressed images yielding truncated estimates—enable reliable device identification for common compression levels even in adversarial settings. This is supported by a series of theoretical and practical tests, providing the first comprehensive security analysis of the approach against fingerprint planting attacks.

Significance. If the result holds under the stated model, the work would establish a practical, low-overhead defense for PRNU-based forensics and authentication that leverages existing compression artifacts rather than requiring protocol changes. The combination of theoretical analysis with practical validation is a positive feature; however, the untested boundary condition of strict access asymmetry limits the strength of the adversarial-security claim.

major comments (1)
  1. [Abstract] Abstract (paragraph on fragile fingerprints concept): The security claim that fragile fingerprints allow reliable identification 'in an adversarial environment' rests on the unexamined assumption of persistent, strict data-access asymmetry. No analysis or experiments address the case in which an adversary obtains even a few uncompressed/RAW frames (via side-channel, device sharing, or public release), which would permit recovery of the missing high-frequency components and eliminate the claimed correlation advantage.
minor comments (1)
  1. [Abstract] Abstract: No details are provided on test design, datasets, specific compression parameters (e.g., JPEG quality factors), number of images, or statistical controls, which makes it impossible to evaluate the practical tests from the abstract alone.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive comment on the abstract and threat model. We address the point directly below and will make a targeted revision to improve clarity without altering the core claims or experiments.

read point-by-point responses

  1. Referee: [Abstract] Abstract (paragraph on fragile fingerprints concept): The security claim that fragile fingerprints allow reliable identification 'in an adversarial environment' rests on the unexamined assumption of persistent, strict data-access asymmetry. No analysis or experiments address the case in which an adversary obtains even a few uncompressed/RAW frames (via side-channel, device sharing, or public release), which would permit recovery of the missing high-frequency components and eliminate the claimed correlation advantage.

    Authors: The paper's model and abstract explicitly use 'typically' to describe the adversary's access to compressed images only, establishing the data-access asymmetry as a core modeling assumption rather than an unexamined one. Under this standard threat model for fragile fingerprints, the security analysis (both theoretical and experimental) demonstrates the correlation advantage. If the asymmetry is broken by the adversary obtaining even a few RAW frames, the fragile property is lost by definition, as the full fingerprint becomes recoverable; this is a logical boundary of the model, not a hidden assumption requiring separate experiments within the paper's scope. We agree that explicit discussion of this boundary would strengthen the presentation and will add a short clarifying paragraph in the threat model section (Section 3) to state the implications of asymmetry violation. No new experiments are needed, as the case lies outside the defined model. revision: partial

Circularity Check

0 steps flagged

No circularity; security claims rest on empirical tests under stated access model

full rationale

The paper defines fragile fingerprints via the access asymmetry (owner has uncompressed images for full PRNU; adversary limited to compressed yielding truncated estimate) and supports the reliability claim solely through described theoretical and practical tests. No equations, derivations, fitted parameters, or self-citations are exhibited that reduce any result to its own inputs by construction. The central demonstration is therefore independent of the inputs and self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review yields no explicit free parameters, axioms, or invented entities; the central claim rests on the unstated premise that the access asymmetry holds in realistic attack scenarios.

pith-pipeline@v0.9.0 · 5672 in / 977 out tokens · 48826 ms · 2026-05-25T00:12:01.531831+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

27 extracted references · 27 canonical work pages · 1 internal anchor

  1. [1]

    In: Annual Conference on Computer Security Applications (ACSAC) (2016) Security and Applicability of Fragile Camera Fingerprints 17

    Alaca, F., van Oorschot, P.C.: Device fingerprinting for augmenting web authentication: Classification and analysis of methods. In: Annual Conference on Computer Security Applications (ACSAC) (2016) Security and Applicability of Fragile Camera Fingerprints 17

    work page 2016

  2. [2]

    In: Proc

    Ba, Z., Piao, S., Fu, X., Koutsonikolas, D., Mohaisen, A., Ren, K.: ABC: Enabling smartphone authentication with built-in camera. In: Proc. of Network and Distributed System Security Symposium (NDSS) (2018)

    work page 2018

  3. [3]

    In: IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP) (2013)

    Barni, M., P´ erez-Gonz´ alez, F.: Coping with the enemy: Advances in adversary- aware signal processing. In: IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP) (2013)

    work page 2013

  4. [4]

    In: Geradts, Z.J.M.H., Franke, K.Y., Veenman, C.J

    B¨ ohme, R., Freiling, F.C., Gloe, T., Kirchner, M.: Multimedia forensics is not computer forensics. In: Geradts, Z.J.M.H., Franke, K.Y., Veenman, C.J. (eds.) Computational Forensics, IWCF, Lecture Notes in Computer Science, vol. 5718. Springer (2009)

    work page 2009

  5. [5]

    Mobile Device Identification via Sensor Fingerprinting

    Bojinov, H., Michalevsky, Y., Nakibly, G., Boneh, D.: Mobile device identifi- cation via sensor fingerprinting. CoRR abs/1408.1416 (2014)

    work page internal anchor Pith review Pith/arXiv arXiv 2014

  6. [6]

    In: 6th ACM Multimedia Systems Conference (2015)

    Dang-Nguyen, D.T., Pasquini, C., Conotter, V., Boato, G.: RAISE: a raw images dataset for digital image forensics. In: 6th ACM Multimedia Systems Conference (2015)

    work page 2015

  7. [7]

    In: IS&T Electronic Imaging: Media Watermarking, Security, and Forensics (2016)

    Entrieri, J., Kirchner, M.: Patch-based desynchronization of digital camera sensor fingerprints. In: IS&T Electronic Imaging: Media Watermarking, Security, and Forensics (2016)

    work page 2016

  8. [8]

    In: Sencar, H.T., Memon, N

    Fridrich, J.: Sensor defects in digital image forensic. In: Sencar, H.T., Memon, N. (eds.) Digital Image Forensics: There is More to a Picture Than Meets the Eye, pp. 179–218. Springer (2013)

    work page 2013

  9. [9]

    Journal of Digital Forensic Practice 3(2–4) (2010)

    Gloe, T., B¨ ohme, R.: The Dresden Image Database for benchmarking digital image forensics. Journal of Digital Forensic Practice 3(2–4) (2010)

    work page 2010

  10. [10]

    Gloe, T., Kirchner, M., Winkler, A., B¨ ohme, R.: Can we trust digital image forensics? In: 15th International Conference on Multimedia (2007)

    work page 2007

  11. [11]

    In: ACM Multimedia and Security Workshop (2012)

    Gloe, T., Pfennig, S., Kirchner, M.: Unexpected artefacts in PRNU-based camera identification: A ’Dresden Image Database’ case-study. In: ACM Multimedia and Security Workshop (2012)

    work page 2012

  12. [12]

    In: Memon, N., Alattar, A.M., Delp, E.J

    Goljan, M., Fridrich, J.: Sensor-fingerprint based identification of images corrected for lens distortion. In: Memon, N., Alattar, A.M., Delp, E.J. (eds.) Media Watermarking, Security, and Forensics. Proceedings of SPIE, vol. 8303, p. 83030H (2012)

    work page 2012

  13. [13]

    IEEE Transactions on Information Forensics and Security (TIFS) 6(1) (2011)

    Goljan, M., Fridrich, J., Chen, M.: Defending against fingerprint-copy attack in sensor-based camera identification. IEEE Transactions on Information Forensics and Security (TIFS) 6(1) (2011)

    work page 2011

  14. [14]

    In: Delp, E.J., Dittmann, J., Memon, N., Wong, P.W

    Goljan, M., Fridrich, J., Filler, T.: Large scale test of sensor fingerprint camera identification. In: Delp, E.J., Dittmann, J., Memon, N., Wong, P.W. (eds.) Media Forensics and Security. Proceedings of SPIE, vol. 7254, p. 72540I (2009)

    work page 2009

  15. [15]

    In: Advances in Neural Information Processing Systems (NIPS) (2008)

    Gretton, A., Fukumizu, K., Teo, C.H., Song, L., Sch¨ olkopf, B., Smola, A.J.: A kernel statistical test of independence. In: Advances in Neural Information Processing Systems (NIPS) (2008)

    work page 2008

  16. [16]

    Digital Investigation 12 (2015)

    Karak¨ u¸ c¨ uk, A., Dirik, A.E.: Adaptive photo-response non-uniformity noise removal against image source attribution. Digital Investigation 12 (2015)

    work page 2015

  17. [17]

    In: Delp, E.J., Dittmann, J., Memon, N., Wong, P.W

    Kirchner, M., B¨ ohme, R.: Synthesis of color filter array pattern in digital images. In: Delp, E.J., Dittmann, J., Memon, N., Wong, P.W. (eds.) Media Forensics and Security. Proceedings of SPIE, vol. 7254, p. 72540K (2009) 18 E. Quiring et al

    work page 2009

  18. [18]

    In: IEEE International Conference on Image Processing (ICIP) (2011)

    Li, S., Karrenbauer, A., Saupe, D., Kuo, C.C.J.: Recovering missing coeffi- cients in DCT-transformed images. In: IEEE International Conference on Image Processing (ICIP) (2011)

    work page 2011

  19. [19]

    IEEE Transactions on Information Forensics and Security (TIFS) 1(2) (2006)

    Luk´ aˇ s, J., Fridrich, J., Goljan, M.: Digital camera identification from sensor pattern noise. IEEE Transactions on Information Forensics and Security (TIFS) 1(2) (2006)

    work page 2006

  20. [20]

    In: IEEE International Conference on Image Processing (ICIP) (2014)

    Marra, F., Roli, F., Cozzolino, D., Sansone, C., Verdoliva, L.: Attacking the triangle test in sensor-based camera identification. In: IEEE International Conference on Image Processing (ICIP) (2014)

    work page 2014

  21. [21]

    IEEE Trans- actions on Dependable and Secure Computing (TDSC) (2019)

    Mohanty, M., Zhang, M., Asghar, M.R., Russello, G.: e-PRNU: Encrypted domain PRNU-based camera attribution for preserving privacy. IEEE Trans- actions on Dependable and Secure Computing (TDSC) (2019)

    work page 2019

  22. [22]

    In: IEEE European Symposium on Security and Privacy (EuroS&P) (2018)

    Quiring, E., Arp, D., Rieck, K.: Forgotten siblings: Unifying attacks on machine learning and digital watermarking. In: IEEE European Symposium on Security and Privacy (EuroS&P) (2018)

    work page 2018

  23. [23]

    In: IEEE International Workshop on Information Forensics and Security (WIFS) (2015)

    Quiring, E., Kirchner, M.: Fragile sensor fingerprint camera identification. In: IEEE International Workshop on Information Forensics and Security (WIFS) (2015)

    work page 2015

  24. [24]

    IEEE Transactions on Communications 31(6) (1983)

    Reininger, R.C., Gibson, J.D.: Distributions of the two-dimensional DCT coefficients for images. IEEE Transactions on Communications 31(6) (1983)

    work page 1983

  25. [25]

    IEEE Transactions on Information Forensics and Security (TIFS) 6(3) (2011)

    Stamm, M.C., Liu, K.J.R.: Anti-forensics of digital image compression. IEEE Transactions on Information Forensics and Security (TIFS) 6(3) (2011)

    work page 2011

  26. [26]

    IEEE Transactions on Informa- tion Forensics and Security (TIFS) 12(8) (2017)

    Valsesia, D., Coluccia, G., Bianchi, T., Magli, E.: User authentication via PRNU-based physical unclonable functions. IEEE Transactions on Informa- tion Forensics and Security (TIFS) 12(8) (2017)

    work page 2017

  27. [27]

    Widrow, B., Koll´ ar, I.: Quantization Noise. Cambridge University Press (2008) A Sample Correlation Coefficient The objective is to compute Pearson’s sample correlation coefficient between two imagesu andv equivalently in the DCT domain. Without loss of generality, we focus on an 8× 8 pixel block, so that the correlation is given as r = n ∑u(l)v(l)− ∑u(l) ∑v...

    work page 2008