Security Printing and Imaging : forensics

IEEE WIFS 2009 Submission Deadline Extended to May 31

StevenSimske — Mon, 25 May 2009 03:14:00 GMT

Thanks to the Program Chairs of IEEE WIFS 2009, the First IEEE International Workshop of Information Forensics and Security, you have an extra 9 days to submit your research on:

* Biometrics

* Computer Security

* Cryptography for Multimedia Content

* Data Hiding

* Digital Rights Management (DRM)

* Forensic Analysis (a personal favorite--where I am submitting to this new workshop)

* Network Security

* Non-technical Aspects of Security

*(Video) Surveillance

* Secure Applications

See more at the call for papers: http://www.wifs09.org/index.php?option=com_content&view=article&id=15&Itemid=42

"We received several requests yesterday to extend the submission deadline. Therefore, we have decided to leave the submission website open until the end of the month, i.e. Sunday 31st May 2009, midnight GMT. Authors who have already submitted their manuscript may want to exploit this extra time to further enhance their article."

Cheers,

Steve

Call for Papers, Security and Forensic Printing

StevenSimske — Sat, 24 Jan 2009 05:01:00 GMT

Security printing professionals may be interested in submitting to the IS&T/ISJ sponsored NIP25 conference, the "International Conference on Digital Printing Technologies"

http://www.imaging.org/conferences/nip25/index.cfm

(currently, the deadline for submission is 22 February)

I'm honored to co-chair the session on "Security and Forensic Printing". If you are involved in any way, shape or form with digital printing, consider submitting to this or another session (see Call For Papers link). Co-located with another excellent conference, DigiFab, and within driving distance of half the population in US and Canada, it may be easier to reach in this economic downturn than its competing conference, the Antarctic Digital Printing Conference (ADPC). Unlike the black and white penguins at ADPC, you'll meet some of the world's best color experts. Likewise, learning about laserjets in Louisville is certainly better for the environment than ADPC's planned special event, the walrus hunt and large petroleum lake fire. Please consider the more educational and earth-friendly alternative.

Cheers,

Steve

Stocking Stuffers I: Evolution Whitepaper

StevenSimske — Tue, 30 Dec 2008 04:52:00 GMT

[Part one of whitepaper-length recap's from this year's blog]

An Evolving Allegory

As an allegory for security printing, I have borrowed the concept of pre-adaptation from evolutionary biology. In the next few blogs I will borrow much more extensively from the concepts and terms in evolutionary biology. Evolution and security, I will argue, have a lot in common. Both accept the fact that change is inevitable, not always predictable, and if used properly a systemic advantage.

To set the agenda, I had the pleasure to re-read many of my Stephen J. Gould and Richard Fortey books. Two gentlemen who really knew/know how to write science essays. And, their great essays and chapters have the set the agenda for the five evolution-inspired blogs:

1. Pre-adaptation

2. Co-evolution

3. Mimicry (including Batesian mimicry) and convergent evolution

4. Survival of the fittest, modification, teleology, progress and complexity

5. Punctuated equilibrium

Pre-Adaptation

Pre-adaptation, also known as exaptation or “co-option”, is an instance in which a pre-existing anatomical structure eventually finds utility for a different purpose. A classic example is the pre-adaptation of sweat glands for use as lactating glands in mammals. Milk flow derived from earlier perspiration flow. Perspiration had utility, of course, in heat regulation (and possibly in the attraction of mates—deodorant was rare in the Triassic), and over time the survival advantage offered by the nursing of offspring selected for more and more productive sweat-as-mammary glands.

The other classic example is the pre-adaptation of feathers for wings. Feathers were originally selected for based on their utility in thermal regulation. Over time, presumably a cooling one, longer and more full feathers were selected for, and eventually some small feathered animal (such as the archaeopteryx, the fabled half-dino/half-bird) started seeing the structure and utility of its feathers no longer being selected solely for thermoregulation, but rather for the survival advantage of gliding and eventually flight.

We come to printing and security. How is printing pre-adapted to security? Printing is usually selected for, by the brand owner (detergent company, ticket salesperson, marketer, etc.), for its purpose in helping the customer identify the brand, obtain product information, or purchase the item (think about that bar code scanned at the cash register). In other words, printing has a large set of valuable roles already. Some brand owners select products based on the vividness of the printing, image quality, or layout of the printing. Others are simply looking for the printing of a trusted brand. Regardless, the printing already provides value.

Printing can also be used for security. With the use of security variable data printing, or SVDP, every package, label, ticket or other printed item can contain a unique set of embedded information—bits added to the variable region. So, for example, a 2D data matrix bar code may hold dozens of bits of information; a watermarked image may hold another few dozens of bits; and a variable line of text may contain a few dozen more. This type of “printing variability” illustrates how printing is pre-adapted to overt and covert security. So, VDP, originally selected for due to its powerful means of customizing printing, is pre-adapted to multiple roles of security.

Another aspect of printing is loosely pre-adapted to use in security. This exaptation is the parasitics that form when printing occurs. Parasitics are variations caused by the process of depositing ink on a substrate. For inkjet ink on office paper, as an example, the fibers in the paper will differentially wick the ink in the direction of the fibers. This “random” pattern of ink on the paper can be used as a difficult (if not impossible) to reproduce forensic mark.

Thus, printing can be used to provide all three types of security features—overt, covert and forensic. Not sure if it will be as useful in thermal regulation, but many a printed item, if folded properly (see http://paperairplanes.net/), is indeed pre-adapted to flight!

Co-evolution

Co-evolution is the process by which two species simultaneous exert selective pressure on each other, termed “reciprocal evolutionary adaptations”. Flowers and bees are a good example of mutualism, wherein the shared selective pressure results in a tangible advantage for both species (the flowers get improved pollen dispersion, the bees get the raw ingredients for honey).

Co-evolution can be less synergistic—predators and prey co-evolve, too. When natural selection leads to a cheetah adding on a few more kilometers/hour, the antelope, with a different architecture, can’t keep pace, and so if it is to survive, selection may lead it in a different direction. Thus, the ability to stop and/or change direction on a dime.

Co-evolution also includes the interaction between a host and a parasite. Think of a virus which kills its host every time. In order for it to find another host to support its progeny, there is selective pressure for it to let its host survive. Over time, then, it is selected to become less virulent to its host, and a more stable host-parasite relationship ensues. Such a long-term relationship is analogous to that between the oak and the mistletoe, or that between Dilbert and the Pointy-Haired Boss (http://www.shatteredmoonlight.net/phb/). It is important for the host (oak, Dilbert) to survive so that the parasite (mistletoe, Pointy-Haired Boss) doesn’t perish looking for another victim.

The examples above focus on paired co-evolution. However, in some sense, all species are co-evolving, and so co-evolution can be extended to sets of three, four or more species, interacting and significantly affecting each other. When three or more species are considered together, the situation is termed "diffuse co-evolution".

Co-evolutionary terms can be applied to arenas outside of evolutionary biology. For example, the size of car seats (to accommodate the size of people’s hind quarters) has co-evolved with the size of drink cup holders in the same cars.

This means we can apply co-evolutionary concepts to brand protection. Properly architected, a brand protection ecosystem illustrates mutualism, or the synergistic co-evolution described above. Some of the main principles of mutualism are: 1. Mutual benefit to each species involved.2. All species are free to adapt, independently forming secondary (diffuse) interactions as necessary.3. Collaborative (multiple species often providing complementary and/or redundant capabilities).

In brand protection, the complementary use of RFID and security printing can create a co-evolutionary situation. RFID should be used for shipping and tracking big items, and in other situations in which “line of sight” reading is not possible or tractable. Security printing should be used for smaller items, where “line of sight” reading is possible, and where RFID costs preclude their use. RFID and security printing, therefore, can complement each other for supply chain visibility, product tracking, security and authentication. They are mutually beneficial—RFID helping in workflows for which interrogating printed information is too costly, and security printing helping in workflows for which the item cost of RFID is too costly.

RFID and security printing are also free to adapt. For example, if RFID is someday efficiently and inexpensively printed, security printing may subsume the RFID process and the two will more closely combine. On the other hand, if next-generation printing technologies subsume more and more manufacturing processes—power, sensors, displays among them—a strong partnership between printing and manufacturing (as well as RFID) may create a new type of “diffuse co-evolution”. It will be exciting to see what the market selects for as technology moves inevitably forward.

Mimicry (including Batesian mimicry) and convergent evolution

Change isn’t always for the better. You can, for example, be short-changed. You can change from bad to worse. You can change your Outlook (Microsoft or otherwise). Or you can change a diaper (well, this is better, presumably, for the wearer of the diaper). Even in evolution, change is not for the “better”. Change simply is a consequence of genetic variability implicit in meiosis, mutation and mistakes innate to the reproductive processes.

Our interpretation of genetic change, therefore, depends on the perspective from which we view the change. As I discuss convergent evolution and mimicry in this posting, then, please keep in mind that usually one partner in the convergence/mimicry benefits more than the other.

Convergent evolution and mimicry are two of the most powerful concepts in evolution, as they directly relate to the change wrought by evolution. Since security printing and imaging, and the related supply chain and brand protection issues it addresses, must evolve as technology evolves, I consider these concepts as Part Three of the “evolution analogy” series.

Convergent evolution is the term for analogous structures that arise in genetically unrelated species as a consequence of their environment selecting a similar role for both species. This is different from a homologous structure, which arises in genetically related species. Examples of convergent evolution include:

1. Koalas and humans have independently evolved fingerprints

2. Bats and birds have independently evolved flight

3. Bats and toothed whales have independently evolved sonar-like capabilities

4. Opossums and humans have independently evolved opposable thumbs (pandas, too, although their thumbs are actually extensions of their wrist bones)

Examples of homologous structures are even more plentiful, including:

1. Robins and sparrows can both fly

2. Chimpanzees and humans both can walk

3. Giraffes and seals each have 7 vertebrae in their necks

4. Garter snakes and pythons each can slither

In security printing and imaging, these terms can refer to printed deterrents (homologous structures) and printed vs. non-printed deterrents (analogous structures, or convergent evolution). Security printing is the use of digital variable data printing (VDP) to add information to printed material. Bar codes contain bits of data suitable for disambiguating one item for sale from another item for sale. 1D and 2D bar codes contain different densities of data (number of bits per given area), but may contain the same (point-of-sale, track and trace, etc.) data. Thus, they are homologous (related and having similar utility).

Homology extends to any printed information that can be read and translated; that is, decoded from an image. So, printed features such as color tiles, guilloches, copy-detection patterns, watermarks, and their kin, are homologous—each is a species of the genus “security deterrent”.

Convergent evolution of security printing and RFID, however, is perhaps of more interest. Will all RFID tags be printed with electromagnetic ink (metallic or organically based, for example) someday, and RFID printing simply be incorporated as part of the printing-as-manufacturing process? Or will RFID manufacture move toward nominal cost along another route, and so reduce the importance of printed features in security? If the latter, then the current convergence of utility of RFID and security printing may become an irrelevant distinction—that is, RFID will effectively become “extinct” and become simply a part of printing, or conversely security printing will effectively become “extinct” as RFID assumes the roles of unique identifier, copy-prevention and tamper-evidence.

It seems more likely, though, that we will continue to reasonably view RFID and security printing as two separate species. Two species that are, in some respects, are undergoing convergent evolution. RFID is being extended to include tamper-evident information, using features such as what I term “RFID apoptosis” (programmed suicide possible with “KILL” and related RFID features) and signed additional bit strings. RFID is also, increasingly, being used for additional informational purposes, such as RFID-enable hardware in everything from car tires to refrigerators. Security printing, meanwhile, banking on the innate and broad adaptability afforded by digital VDP (variable data printing), has long been able to provide functionality like that of RFID. Bar codes provide EPCglobal or other mass serialized unique identifiers. VDP lends itself to an inference model based on either pre-printed serialization or inline serialization with real-time inspection. All security printing is missing is non-line of sight reading, although the development of conductive and other metallic inks indicates this hurdle will also soon be overcome.

Interestingly, RFID and security printing continue to “radiate” in terms of their phenotypic utilities, even while converging with respect to each other. This is easier to understand when one considers that they are converging to the same logical set of utilities: track and trace, authentication, point-of-sale, inventory management and forensics.

We come to Batesian mimicry, which is different from convergent evolution. Batesian mimicry can be simply described by example: The “classic” Batesian evolution is when uncommon, tasty animals resemble abundant, foul-smelling/noxious animals. Think of the yummy little bug that looks so much like a nasty tasting bug. Monarch butterflies and wasps have plenty of Batesian mimics out there.

Batesian mimicry also has an analogy for security printing and imaging. Security VDP affords the brand owner the ability to print a surfeit of security features, some overt and some covert. Some of these are tracked (inspected, authenticated, used for track and trace), and some are not. Those that are not, as I’ve noted in past blogs, can be used as “decoys” to get counterfeiters to try to mimic. They can also be used solely for forensic analysis of the counterfeiters, in which case they are not just decoys, but also bait. So, these excess deterrents are Batesian mimics of the tracked deterrents, and your would-be counterfeiter, in an effort to capture all the legitimate deterrents, will also swallow a number of Batesian mimics. The key is that at least one of the security VDP deterrents does in fact leave a bad taste in the counterfeiter’s mouth!

Survival of the fittest, modification, teleology, progress and complexity

Survival of the fittest

One of evolution’s tautologies is survival of the fittest. Whatever is best fit to survive, survives. Whatever survives is, by extension, fittest to survive. A lot like que será, será—whatever will be, will be. Sure, we get it—it’s a definition! However, this is a tautology only when taken from an a posteriori perspective (like the intellectually bankrupt concept of “social Darwinism”). From a different perspective—the a priori perspective—survival of the fittest is a contingency based on the future fitness of a species in a changing environment. And, while you’re living in the here and now, you don’t have 100% clarity of the future. What makes you most fit for survival is not fully known.

You may need contingency traits, which are extra traits that will allow you to respond better to the changing environment. Species that will survive and thrive when the world changes are species that have, serendipitously, differentiating attributes. This means that different future environments will have different future survivors and different definitions of fitness. Fitness is, indeed, arbitrary. Ask any marathoner meaning to bench press 300 pounds, or any bench-pressing behemoth pondering a long run—“fitness” depends on the context.

Since change is inevitable, and since you cannot predict with 100% accuracy what the future environment will look like, it may make sense to have multiple contingency traits to maximize survivability. This is a little tricky for a biological species, but much easier for a security printing job. Contingency deterrents can be added readily by a security variable data printing (SVDP) engine—these are deterrents not currently tracked, traced or authenticated. Contingency deterrents can be used to decoy or bait counterfeiters; in cases of recall; or as “back ups” for currently used deterrents. One contingency is that a counterfeiter “breaks” (reverse engineers) a currently used deterrent. The contingency deterrent allows you to roll over to the already-in-place, previously-unused deterrent—to move from counterfeiting to “counterfitness”.

Modification

Modifications are the driving force behind evolutionary changes. Mutations are the genetic basis for these modifications. Mutations are considered “random” in evolutionary terms—there are no Lamarckian mechanisms for translating life experience into gene alteration. These stochastic changes in genotype lead to (relatively) unpredictable changes in phenotype, and so provide the basis for different levels of “fitness” in a changing environment.

In security printing, modifications are built in to the surfeit of variable data features—so-called “contingency” deterrents described above. These allow a security printing protected product to modify in its strategy—how it deploys deterrents for QA, inspection, tracking, authentication, forensics, decoying and baiting.

Teleology

Teleology is “the study of design or purpose in natural phenomena”. In security printing and imaging, evolution and intelligent design are not internecine concepts. An intelligent design for your security printing anticipates contingencies—the need to stop using a deterrent once counterfeiters have successfully “broken” it, for example. This is termed the innate moving target offered by security printing. In security printing, an intelligent design is indeed one that will evolve as the environment in which it works—an environment that includes reputable and disreputable people alike—evolves.

Progress

Chris Hedges argues in his recent book that one mistake made by extremists of any political, philosophical or ethical flavor is that of assuming we are on the road to progress. However, history teaches us that the process of progress and regression is cyclical. The price of freedom—and progress—is constant vigilance. And once vigilance relaxes, regression seizes the opportunity.

An evolutionary approach to security printing makes no such assumption. An “innate moving target” assumes and endless competition with the counterfeiters. Some times you stay ahead of them for while in this arms race—like the ancient Hittites with their chariot—and sometimes they figure it out quickly. Especially quickly if they bribe one of your own people!

Complexity

The most complex species are generally those most specified for their environment. Horse, humans and hippos are good examples. Will these species evolve into something else? Perhaps. But history warns that bacteria will be around long after hippos, humans and horses are simple part of history. Stephen J. Gould contrasted the frequency of occurrence vs. complexity long-tail phenomenon in one of his works (Three Rivers Press, 1996, Stephen J. Gould, “Full House”, pp. 170-171, the “power of the modal bacter”). Some highly complex species will always evolve, but the majority—and those that survive—will be the simplest.

In security printing and imaging, for example, it is easy to add complexity to your deterrents. A simple example is the use of serif vs. sans-serif fonts. Another simple example is the adding of steganographic information to all of your images. But simpler is usually better. Use multiple security printing deterrents together, and simply change the way the data in one relates to the data in the others. Your deterrents will “live longer” and all of your changes will be made in software, and not in the selection of deterrents themselves.

You’ll live longer, too. Species under less stress survive longer. I suggest security VDP as a survival tool for the fittest of printing professionals!

Punctuated equilibrium

The final section of the security printing/evolution allegory is punctuated equilibrium. Punctuated equilibrium is an evolutionary biology hypothesis largely attributable to Niles Eldridge and Stephen Jay Gould in 1972. The theory states that species normally undergo relatively modest phenotypic change. However, when phenotypic (outward appearance) evolution occurs, it involves rare and relatively rapid change in the genetics of the species. Thus, the genetic similarity for the population is “punctuated”—changing rapidly for a relatively brief period, then changing slowly over a much longer time period.

Punctuated equilibrium does not oppose gradualism, the relatively secure theory of evolution that proposes an incremental change during evolution, with no great discontinuities between generations. Gould noted that punctuated equilibrium is supported by the fossil record, in which species are stable, phenotypically, for long periods of time; then, their descendent species appears in a relatively small time period.

If punctuated equilibrium exists, then what drives this seeming accelerated change? Why does the evolutionary rate seemingly increase? My perspective is that the rate does not necessarily change at all. Instead, the effective rate changes only because the environment itself is changing. So, the normal rate of mutation results in changes that lead to enhanced survival rate precisely because the environment can change faster than the based rate of change. As an example, a comet hits, and all the old advantages for survival—say, size, strength and speed—are less relevant. What survives now may survive because it was actually less fit in the old environment. Thus, the apparent rate of change increases only because the fringe members of the species that do survive become the norm of the “new” species that survive later.

Punctuated equilibrium has been applied to other fields. For example, in 1993, Frank Baumgartner and Bryan Jones noted that policy change can be described by punctuated equilibrium, inasmuch as policy changes slowly while one regime, party or system is in power, and then tends to change greatly when there is a transition in leadership.

We can apply this to printing, as well. Evolution was slow until the Johannes Gutenberg punctuation of 1440 helped change the slow and laborious process of scribes to the relative speed and efficacy of typed printing. Digital printing, certainly for security and customizability, is providing another “punctuated equilibrium” currently. However, the environment in which printing exists is changing quickly, too. The Internet and other fully-electronic workflows (RFID, for example) mean that many aspects of “traditional printing”—that is, printing 20 years ago—are no longer relevant. Printing that survives will seemingly change faster than the actual printing technology is changing, precisely because the “leaps” will likely survive better than the incremental changes. For example, look at the “–ology” series (http://www.ologyworld.com/), in which printing is merged with “manufacturing”—the inclusion of feathers, flaps and felt, for example—to successfully differentiate the “in-hand” from the “on-line”.

In security printing and imaging, punctuated equilibrium can be used to advantage. With a plurality of printed security deterrents, the brand owner can readily switch between the current deployment of deterrents—which are used for tracking, authentication, forensics, decoying and baiting, any combination thereof; or simply unused for the moment—to a new set and change the security strategy. The outward change in the set of deterrents is minimal or none. Then, when no new deployment strategy is possible—due to compromise of the deterrents or “inside job”—a new set of deterrents is deployed. The new set can be used in multiple future deployments. Thus, the outward rate of change in the security deterrents used exhibits punctuated equilibrium—steady state for a relatively long period, followed by a “massive change”—even though the rate of change for deployment (tracking, authentication, etc.) remains the same.

No matter how you look at it, security is the art of evolving, adapting and changing to survive the environment. Variable data printing makes evolution easier. Change is built-in.

Happy 2009!

-Steve

An Evolving Analogy, Part V: Punctuated Equilibrium

StevenSimske — Sat, 29 Nov 2008 06:44:00 GMT

No matter how you look at it, security is the art of evolving, adapting and changing to survive the environment. Variable data printing makes evolution easier. Change is built-in.

-Steve

[Thanks to Bisbee Finks for helpful comment on the "cladogram", incorporated into the post above--I'm going to pass on the suggested Stalin analogy, though it was definitely creative! Cheers, Steve]

An Evolving Analogy, Part 4: Survival of the fittest, modification, teleology, progress and complexity

StevenSimske — Wed, 05 Nov 2008 18:45:00 GMT

Survival of the fittest

Modification

Teleology

Progress

Complexity

The most complex species are generally those most specified for their environment. Horse, humans and hippos are good examples. Will these species evolve into something else? Perhaps. But history warns that bacteria will be around long after these hippos, humans and horses are simply part of history. Stephen J. Gould contrasted the frequency of occurrence vs. complexity long-tail phenomenon in one of his works (Three Rivers Press, 1996, Stephen J. Gould, “Full House”, pp. 170-171, the “power of the modal bacter”). Some highly complex species will always evolve, but the majority—and those that survive—will be the simplest.

You’ll live longer, too. Species under less stress survive longer. I suggest security VDP as a survival tool for the fittest of printing professionals!

-Steve

An Evolving Analogy: Part 3, Convergent Evolution and Mimicry

StevenSimske — Fri, 17 Oct 2008 05:10:00 GMT

1. Koalas and humans have independently evolved fingerprints

2. Bats and birds have independently evolved flight

3. Bats and toothed whales have independently evolved sonar-like capabilities

4. Opossums and humans have independently evolved opposable thumbs (pandas, too, although their thumbs are actually extensions of their wrist bones)

Examples of homologous structures are even more plentiful, including:

1. Robins and sparrows can both fly

2. Chimpanzees and humans both can walk

3. Giraffes and seals each have 7 vertebrae in their necks

4. Garter snakes and pythons each can slither

Convergent evolution of security printing and RFID, however, is perhaps of more interest. Will all RFID tags be printed with electromagnetic ink (metallic or organically based, for example) someday, and RFID printing simply be incorporated as part of the printing-as-manufacturing process? Or will RFID manufacture move toward nominal cost along another route, and so reduce the importance of printed features in security? If the former, then the current convergence of utility of RFID and security printing may become an irrelevant distinction—that is, RFID will effectively become “extinct” and become simply a part of printing. Or, conversely, security printing will effectively become “extinct” as RFID assumes the roles of unique identifier, copy-prevention and tamper-evidence.

-Steve

An Evolving Analogy, Part 2: Co-Evolution

StevenSimske — Sun, 05 Oct 2008 04:59:00 GMT

1. Mutual benefit to each species involved.

2. All species are free to adapt, independently forming secondary (diffuse) interactions as necessary.

3. Collaborative (multiple species often providing complementary and/or redundant capabilities--this may even be applied to humans and dogs).

-Steve

An Evolving Analogy

StevenSimske — Mon, 29 Sep 2008 04:38:00 GMT

In previous public presentations and in this blog, I have borrowed the concept of pre-adaptation from evolutionary biology to describe the role of printing in security. In the next few blogs I will borrow much more extensively from the concepts and terms in evolutionary biology. Evolution and security, I will argue, have a lot in common. Both accept the fact that change is inevitable, not always predictable, and if used properly a systemic advantage.

1. Pre-adaptation

2. Co-evolution

3. Mimicry (including Batesian mimicry) and convergent evolution

4. Survival of the fittest, modification, teleology, progress and complexity

5. Punctuated equilibrium

Pre-Adaptation

Today’s blog explores pre-adaptation more indepthly. Pre-adaptation, also known as exaptation or “co-option”, is an instance in which a pre-existing anatomical structure eventually finds utility for a different purpose. A classic example is the pre-adaptation of sweat glands for use as lactating glands in mammals. Milk flow derived from earlier perspiration flow. Perspiration had utility, of course, in heat regulation (and possibly in the attraction of mates—deodorant was rare in the Triassic), and over time the survival advantage offered by the nursing of offspring selected for more and more productive sweat-as-mammary glands.

Cheers,

Steve

Imaging Challenges, Part Deux

StevenSimske — Sat, 20 Sep 2008 11:30:00 GMT

In a blog post earlier on this busy blogging week (hard to tell I'm spending a lot of time rotting in airports/hotels, no?), I introduced some of the difficulties in image clustering, or aggregation. This post introduces some of the broad approaches used to solve such imaging challenges.

Broadly, there are at least three classes of image analysis technologies used to compare photos (more broadly termed "images" to include scanners, cameras, inspection systems, video, and all other forms of "image capture"):

1. Machine vision/pattern recognition

2. Segmentation-based approach

3. Image modeling

There is some overlap among these three approaches, but they are distinct enough to proceed.

1. Machine vision/pattern recognition: This approach typically uses correlation (a statistical measure of image similarity) to compare two images. Correlation can be used to compare texture, frequency, color, shape and/or other content in the two images compared. The use of frequency-based (looking for how an image varies spatially in one or more directions) comparisons allows images of different scale (size of features) to be readily compared by simply scaling the frequency outputs relative to one another. Best matches provide the scale differences and subsequent alignment of the relatively scaled images. Machine vision systems usually are initialized through "training" the system by capturing one or more images of a calibrating (or "ground truth") feature to which the other image(s) is(are) compared. Clearly, such pattern recognition or "machine vision" based systems are especially amenable to inspection, wherein many images are to be compared to the calibration image. This type of comparison is especially effective for comparing Pictures #1 and #2 in the "Imaging Challenges" post of two days past.

2. Segmentation-based approach. Image "segmentation" is the process by which an image is divided into regions, called segments, which can thereafter be used as individual images for comparison. Therefore, this approach is recursive inasmuch as it affords refined segmentation, or sub-segmentation, as further information needs to be extracted. Images which contain steganographic (hidden) information such as digital watermarks, fiducial marks, and the like, are effectively analyzed by these approaches. Note that this approach is also taken on the "storage" side for many compression approches, such as tiled JPEGs. This segmentation-based approach can be used to cluster Picture #3 in the "Imaging Challenges" post with Pictures #1 and #2.

3. Image modeling. An image model is a description of salient features for the image analysis algorithm to find in the image. This may be conveyed through a template (description of layout), a feature set, or other means. An "image model" assumes that the image processing system is capable of "image understanding", meaning it is capable of accurately deciding whether or not an image contains a match to the model defined. Such a system relies on powerful statistical classifiers to decide on a "yes" or "no" for the match. Clearly, the goal is to have 0% false positives (no regions identified as matching that actually are not matches) and 0% false negatives (no regions that actually are matches but are missed, or unidentified). In reality, though, the system is tuned to provide the best overall accuracy based on the task at hand. If the cost of a false positive is much higher than the cost of a false negative, then the system should be tuned to favor false negatives (miss some matches) but have very high confidence in the matches. This is usually the case for the reading of security-related information [in future blogs, I will discuss classification in greater detail]. Note that, if each GPS location has a "model" for the images that can be captured (such as a 3-D panoramic), there is the possibility that Picture #4 in the "Imaging Challenges" post could be aggregated with Pictures #1-#3 (even though the content in the Picture has no overlap with the other 3). Currently, however, except in expensive systems for high-security locations, these models do not yet exist. But, they will in the future (think about 3-D video games, for example, in which a 3-D panoramic model is created for various "rooms" in the game).

-Steve

Imaging Challenges

StevenSimske — Thu, 18 Sep 2008 11:57:00 GMT

"Imaging" is a broad term meaning the ability to transform, interpret and/or associate an image. Sounds pretty easy, right? But when you consider what is actually involved, it's pretty hard. Most modern digital cameras (and other photo-capture devices) are packed with a host of "automatic" imaging, such as noise removal, contrast/exposure enhancement, etc., up to red-eye removal and photo album aggregation. All of which implies there are (hopefully reliable!) algorithms available to improve the quality of an image (and thus improve its value).

However, the way you will use an image (called its "workflow") impacts what algorithms you will use to clean it up, improve its quality, and otherwise transform it. Normal metrics for "image quality", for example, are not as important in security printing and imaging as are the more arcane concepts of inspectability, authenticability and forensics-capability. Consider, as an exemplar, if I have added information--such as a 2D bar code or a digital watermark [hidden, or "steganographic" information]--to an image, then whatever I do with my imaging should be focused on helping me reliably extract that information rather than improving the aesthetics of the image.

How hard can that be, you ask? Let's look at four photos that each contain one set of identical information; namely, the GPS location that the image was taken from.

Picture 1 is the new Sao Paulo bridge by day, from the 31st floor:

Picture 2 is the same bridge, from the same floor, with a different aspect ratio:

The third is taken from the same GPS location, 30 floors lower, and at dark:

And the last image is taken from the same GPS location, 6 stories up, in the opposite direction:

What information do these pictures have in common aside from the GPS location? Picture 1 and 2 are pretty similar to the human viewer, but to the imaging algorithm have a number of distinctions. Perspective, aspect ratio, contrast and exposure all differ considerably. Most image-clustering technologies, however, can aggregate (find similar) these two. But if the bridge were watermarked, would the photos equally represent those watermarks? Would the same bridge in Picture 3 also aggregate with Pictures 1 and 2? Humans would say yes, but machine algorithms are not so sure. Picture 4, not a chance for the machine (or for any human who did not have the memory of both images), without the GPS information.

This represents (somewhat figuratively) some of the challenge involved in security imaging. In practice, we are not usually required to associate Picture #4 with Pictures 1-3 except through metadata (image header) search. In future blogs, I will discuss how the imaging is actually able to work (and work well!) on Pictures 1-3.

-Steve

Conference Time: NIP24 and DocEng2008

StevenSimske — Tue, 16 Sep 2008 17:03:00 GMT

Hi, all

I have been and am currently attending a couple of conferences last week and this. The IS&T sponsored NIP24 conference was last week. Please see http://www.imaging.org/conferences/NIP_DF2008/index.cfm for information. In particular, the Security & Forensic Printing session featured (links, where they exist, point you to the abstract only):

1. Evaluation of Conductive Inks for Anti-Counterfeiting Deterrents, Jason S. Aronoff and Steven J. Simske, Hewlett-Packard Labs (USA)

2. Use of Clear Toner in Electrophotography, Dinesh Tyagi, Mark Zaretski, Tom Tombs, and Pat Lambert, Eastman Kodak Company (USA)

3. Forensic Analysis and Databasing of Toners and Inkjet Inks Used in the Production of Fraudulent Documents, Douglas K. Shaffer and Joel A. Zlotnick, Department of Homeland Security (USA)

4. Status Quo of Security Printing – A Panoramic View at DRUPA (Focal), Long Lin, University of Leeds (UK)

5. Optimized Encoding and Decoding of Extrinsic Signatures for Electrophotographic Halftone Images, Pei-Ju Chiang, George T.-C. Chiu, Edward J. Delp, and Jan P. Allebach, Purdue University (USA)

6. Application of High Capacity Data Hiding in Halftone Images, Orhan Bulan and Gaurav Sharma, University of Rochester, and Vishal Monga, Xerox Research Center (USA)

7. Spectral Pre-Compensation and Security Print Deterrent Authentication, Steven J. Simske, Margaret Sturgill, Jason S. Aronoff, and Juan C. Villa, Hewlett-Packard Labs (USA)

8. Copy Detectable Images for Cryptographically Secure Counterfeit Detection (Focal), Justin Picard, Picard Media Security Consulting (Switzerland)

The last talk, in particular, was interesting for describing how embedded information survives (and doesn't survive!) the scan/print cycle. Justin Picard, formerly of MediaSec, then an independent consultant, and now with ATT in Paris, is one of the world's experts on copy-detecting glyphs. He described how to optimally print a pattern so that is suffers both measurable and predictable degradation through a single print/scan cycle, and a measureable, predictable and most importantly distinguishable different degradation after a second print/scan (or "copy") cycle.

Our papers described how to print conductive and MICR (Magnetic Ink Character Recognition) inks for data embedding/reading (and how to spoof them), and how to increase SPD (security payload density) through the use of spectral pre-compensation. Dinesh Tyagi described Kodak's "5th Station" security printing, featuring the (formerly Creo) Traceless forensic marks. Douglas Shaffer provided a nice overview of the Department of Homeland Security's forensics approach. There were also two nice papers on watermarking and another overview paper of some of the security printing announcements at this year's DRUPA.

This week I am at DocEng2008. Please see the conference website at http://www.icmc.usp.br/~doceng08/.

This ACM-sponsored conference will have less emphasis on security, perhaps, but plenty on the "front end" aspects of reading printed information. Thresholding, optical character recognition (OCR) and layout research are all salient to security printing and imaging.

Cheers,

Steve

Does Theft Matter?

StevenSimske — Tue, 09 Sep 2008 05:15:00 GMT

One of my colleagues and friends, Puneet Mehta (one of HP’s top RFID/Supply Chain experts), pinged me recently, and mentioned “I found this interesting article about the theft of baby formula. [Is it salient] to Security Printing?” This is an excellent question. Does Theft Matter?

When you consider the logic of a three-part plan for your company against its worst competitors (the counterfeiters), yes, theft really matters. In act, it is logically where you are directing the counterfeiters. As I’ve discussed before, one of the main advantages of security printing is to provide a low-cost means of adding product security. You’re going to print, anyway, so a would-be consumer can see it’s your product, so why not print something that helps you identify authentic, as opposed to counterfeit, product in your supply chain (or in someone else’s supply chain, come to that). Yes, you need security-VDP (variable data printing) to do so, but if you haven’t already gone digital (and thus variable), it’s time you considered it.

This segues directly to Step #1 in forcing the counterfeiters to do you bidding—get them to spend more on counterfeiting than you did in legitimately creating the product. If you spend nothing incrementally using security-VDP, then the counterfeiter will outspend you, if for no other reason than to figure out what you did, while you did it effortlessly. This is one place where reverse-engineering costs more than the original engineering. Use it. Don’t, however, think you can get the counterfeiter to spend more than you by getting an expensive, but restricted-access deterrent. The counterfeiter will either more cheaply spoof it, purchase them from an insidious insider at the very same provider as you purchase it from, or simply buy in greater bulk than you, and thus get a cheaper rate on the deterrent than you do! Remember, a good counterfeit company (“good” meaning successful here—don’t get all judgmental on me!) will have multiple products in the market, and so they can afford a good price for bulk purchasing.

Step #2 is to get the counterfeiter to buy your equipment. As mentioned above, I’m sure plenty of security deterrent companies are already achieving this “success”. How many security deterrents—from holograms to Holy-cruds [this being those Holy-crud-are-these-hard-to-open plastic shells around many toys and electronic items]—are purchased by counterfeiters to make their product seem “legitimate”? Probably more than we care to know. A more successful strategy is to provide packaging/labeling/printing of products—from notebooks and doughnuts to banknotes and documents—using a special printer that the counterfeiters need to replicate the job. I recommend the HP Indigo, but in fairness there are other non-HP presses with signature technologies and capabilities, especially in finishing. Get one of them, and use it for your products. If you use static and/or generic printing, you’re asking for trouble. And, in the case of HP (or any other special print device provider), you’re missing a revenue opportunity. Just because counterfeiters have become our biggest competition, there’s no reason they can’t become our customers, too.

Step #3, however, is the main focus of today’s blog. Puneet pointed out an article (http://www.phillyburbs.com/pb-dyn/news/113-09012008-1584236.html) describing how thieves have begun targeting baby formula. The article reports on thefts of up to or exceeding $1,000 worth of formula at a time. The response? The infant formula was brought behind the counter. A sure way to stop thieves, but for those who like browsing while shopping, a turn off. Sales are lost when wares are locked. The director of CVS Pharmacy stated, “The store will soon display the formula in a locked case.”

Who are these thieves? Not desperate housewives or househusbands, usually that is. The article notes “Many times the culprits are rings of thieves who sweep Similac, Enfamil and similar products from the shelves because they are a valuable commodity in the retail-theft marketplace”. Oh yeah, baby formula is easy to sell. In other words, it has high turnover in the undermarket, or what I call the market underneath the marketplace. And the rest is, sadly, old hat to any long-time readers of this blog. The thieves mislabel the formula, store it at the wrong temperature, and are often members of organized crime rings with big, nasty folks nicknamed “Bubba” and “Hurty”.

But, in Step #3 of any cohesive anti-counterfeiting program, you will drive the thieves to stealing. If they actually can’t economically reproduce your branding and security, they’ll start to hijack your trucks and raid your distributors. Your supply chain’s integrity is only as robust as the weakest deterrent, lock or mind you have working for you. Remember the mantra—security is not as much about prevention as it is about detection and reaction. Using tamper-evident, copy-evident and uniquely identifiable deterrents forces the thieves to steal. And you complete, with success, the three part program to “win” the brand protection battle. Now you must be prepared to “win” the after-branding battle. When you drive your competition—the counterfeiters—to theft, you need to bring the rest of your armaments to the fray. These are education, investigation, evidence and reaction. I’ve talked about how to put a system providing this into PRACTICE (May 12, 2008), but let me recapitulate briefly.

Make the brand identification integral to your security. That way, if a thief uses your label, he can be tracked. If he doesn’t, well, he will still provide clues to his identity by how he tries to mimic your label. If he doesn’t try to mimic your label and uses his own, fewer clues are gained (and less pity felt for the purchaser, who should know better). But, you’re surely getting the drift here—if you routinely inspect your packages, labels and documents as part of track and trace and authentication, then you will also gather intelligence on the rats scurrying around in your supply chain warehouses. I mean the two-legged rats, of course. This intelligence can be used to define—find and fingerprint—the counterfeiters and thieves, and provide evidence to those willing to prosecute them.

So, does theft matter? It sure does. First off, it is a sign of success. Yeah! You’re making it so hard for your counterfeiters, they’re resorting to stealing. They may actually go to jail for that. But, there’s no time to rest on your laurels. Stealing still requires a smart, security-VDP-driven approach. Why not plan for the future, and put into place a practical program that can both help prevent counterfeiting and later help fight theft?

-Steve

A Consideration of Processes

StevenSimske — Mon, 25 Aug 2008 06:53:00 GMT

Recent blogs have focused on how deterrent technologies can be used to support the ecosystem required to provide strong brand protection and anti-counterfeiting. That ecosystem involves the PRACTICE mnemonic:

P is for Plan, R is for Research, A is for Activate, C is for Collecting data, T is for Training, I is for Investigate, C is for Convict, E is for Evolve.

This form of PRACTICE outlines an end-to-end process for initiating and supporting an anti-fraud program. Each of these—from Plan to Evolve—involves by itself multiple processes as well. Today’s blog focuses on two quite different types of processes, each focused on the “Investigate” portion of PRACTICE.

The “Investigate” portion includes the continual accumulation of data on the counterfeiting of your product. One means to do this uses security variable data printing, or SVDP. This is the use of multiple variable deterrents to draw out the “style” of the counterfeiter. That is, SVDP regions can be used as “bait” or “decoy” deterrents—not to force the counterfeiters to “replicate” the data in the printed region, but instead to force the counterfeiter, through trying to replicate the appearance of the printed region, to identify himself. This is because complex printed regions cannot be scanned and re-printed without modification. How a counterfeiter will try to reproduce such a complicated region—the choice of color, intensity, spatial frequency, contrast and other transforms the counterfeiter uses—provide a signature for the counterfeiter’s style. This process is an example of an a priori process, in which the data to be collected is designed and deployed.

Another means to continually accumulate data on the counterfeiting of your product is to perform a posteriori analysis of the product, and compare the analysis results to those expected of legitimate product. As a non-printing example, John Jasper, head of Molecular Isotope Technologies (MIT), writes, “Process patents are mechanisms by which to protect and extend the patent-protected lives of pharmaceutical products. They are typically supported by the analysis of reaction impurities, trace metals, etc. Natural stable isotopes present a novel source of information recording evidence of the process manufacturing history – particularly, the synthetic pathway – used to produce pharmaceutical and other chemical materials…[Our] work in the area of product authentication showed that every batch of pharmaceutical materials had a highly-specific ‘isotopic fingerprint,’ allowing individual batches of materials to be tracked and counterfeit batches to be identified.” In other words, MIT’s process for analyzing the reagents in a pharmaceutical are precise enough to disambiguate between the authentic and the counterfeit processes involved in production.

Image forensics, not surprisingly, can also be used in an a posteriori manner. The process is, on the surface, similar to the a priori approach: printed regions are analyzed for their characteristics, and different regions classified and clustered to help identify the number and size of the counterfeiters in your supply chain. The difference is that, using such an approach, a suitably difficult-to-reproduce printed area must be identified without the benefit of SVDP. So, a word of advice: if you want to identify counterfeiters, don’t make it easy on them—use SVDP or at minimum a few regions of difficult-to-reproduce printing (natural images, designs such as guilloches, etc.). Otherwise, you’re simply making their job easier, and that’s one process that makes no sense.

-Steve

Ecosystem Score: Proving It’s Real vs. Proving It’s Fake?

StevenSimske — Sun, 17 Aug 2008 06:43:00 GMT

In the previous blog, I talked about your Deterrent Score, and mentioned you must multiply it by your Ecosystem Score to get your overall effectiveness. As I mentioned in the May 12 blog, it takes PRACTICE to put such an ecosystem together. In today’s blog, let’s talk about how a deterrent might fit into the ecosystem.

Also, for today’s blog, I had a discussion with two of HP’s top experts on anti-counterfeiting. Jim Colby is HP’s Manager for Packaging and Anti-Counterfeiting Technology, and Dave Kellar is a Technical Expert for Package and Product Anti-Counterfeiting. Dave initiated the conversation, sending a link to XStream Systems, Inc.’s XT250 System that provides Authentication Technology with “See –Through” Vision (see http://www.bpcouncil.com/index.php?sid=10&lang=en&act=page&id=716).

The description states that “drugs can be verified while still in their manufacturer's sealed containers – as the system can scan through opaque plastic, cardboard, and even metal packaging to ensure consumer safety”. This is classified as a “forensic” deterrent—meaning a deterrent that can authentic down to the individual item. However, there has to be an ecosystem around this deterrent—starting off with measuring the material property, comparing the property to the correct data for the product, and receiving the real/fake result.

In addition, there are some issues specific to the type of forensic deterrence offered. For one thing, how sensitive is the technology to the active ingredient? Can different concentrations of reagent be readily differentiated? How often are there false positives? How often are there false negatives? Can the “authentic” amount of active ingredient be spoofed with 1%, 10%, 1000% of the normal amount? By including some of it on the packaging?

The ecosystem issues extend well beyond these questions. Who are the intended authenticators? Inspectors? Retailers? Customers? How will these authenticators be educated to understand what to do when the results indicate a failure? And what of cost? How much does the test cost? How much does the education and training cost? How is the data conveyed from the point of testing to the analysis service? How is data integrity maintained? The comment that “Wholesalers acquire conclusive proof of due diligence and of the authenticity of their inventory” could provide a few liability issues if/when there is a mistake (false positive, or especially false negative). In other words, XStream claims to “prove” authenticity, which in my experience is usually more difficult than proving something is non-authentic (or counterfeit).

Take mass serialization data, for instance. A legitimate number suggests but does not prove authenticity, but a non-legitimate number proves something is wrong. Just because the correct active ingredient is present does not prove the product is legitimate. After all, savvy counterfeiters really do want to get away with it as long as possible without having to change to another product.

I ran these concerns past Jim and Dave. Dave’s feedback was: “The main area of interest for me was the process to check the product through the package, eliminating the risk of used packaging or refills. The main problem is still who would check, as I do not see this system as a consumer overt confirmation. As you stated I do not believe the system could check for fake product salted in with the good or the ingredient added to the package material.” Like me, Dave was excited that the device allows you to potentially check the product through the packaging. This is even more powerful than RFID, which allows you to check the mass serialization information through the outer packaging.

Jim backed this up. He noted “I too am enamored with the concept of 'authenticating' actual product through packaging, and this does take the serialization step farther, but with all the same issues with serialization; namely, how to interpret results.” Jim noted that wholesalers would have difficulty arguing for “having conclusive proof of authentic inventory”. Jim also offered the important observation that “the more complex and costly it is to 'authenticate' a product-- the happier a counterfeiter becomes, because they know very few people will have the means to check and so very few products will actually get checked". Indeed, trying to outspend a counterfeiter is never a good idea.

Based on this example of a very good technology being deployed into a rather challenging ecosystem, we see that the Ecosystem Score is really dependent on much more than technology. It depends on simplicity; that is, ease of training and implementation as much as ease of performing the authentication. It depends on an “impedance match” between what you are trying to prove and what you actually can easily prove. In my opinion, this technology will be very useful in screening large lots by (indepthly) analyzing only a sample of the product. It may be less useful at the item level.

-Steve

Categorical Imperative

StevenSimske — Sun, 03 Aug 2008 05:04:00 GMT

Immanuel Kant addressed human morality and its position in nature and the universe with his categorical imperative. The formula of Universal Law states that one must act in such a manner that you can at the same time will it should become a universal law (keep in mind, this last sentence is paraphrased--either Kant was the world's worst writer *ever* or a decent translation into English is still waiting). The formula of the Law of Nature is similarly dense: act in such a way that your action can become through your will a universal law of nature. Since Will Durant (who ought to know) and others consider Kant one of the 5 most important philosophers of history, and these are his crown jewels, it is worth considering the impact of these thoughts.

Essentially, legitimate behavior is behavior that, if extended to everyone else, would be tenable. So, if you are using more than 1 6.7 billionth of the planet's petrol, eating more than 1 6.7 billionth of the planet's calories, destroying more than 1 6.7 billionth of the planet's human-sustaining resources, you are breaking this law. From the other direction, if everyone did what you are considering doing, and it would be destructive, you are being immoral. Homicide? If everyone did this, everyone would be dead. OK, you might not be punished for this, since no one would be left to punish you, but clearly it is unsustainable. Grand theft auto (the felony, not the video game)? Only those who can hotwire cars would be able to drive. Not sustainable. Eating a hot dog? Sorry, I'm not allowed to talk about the ingredients in a hot dog, as you may know from past blogs. But clearly, not sustainable.

The point is, the categorical imperative can be used both proactively (what good can happen if everyone does something?) and reactively (what harm comes if noone does something?). Let's apply it to security printing.

If everything printed is variable, and therefore contains (potentially trackable, readable, interrogable) information, or variable data, is it tenable? Absolutely. Variable data can be added to printed areas without destroying the branding message, the product identification message or the graphic artist's intent (look and feel) of the printed material. This proactive deployment of variable security printing simultaneously enables track and trace, authentication, inspection, quality assurance, image forensics, auditing, decoying and "baiting" of counterfeiters and--due to surfeit variable regions--contingencies such as product recall.

What about reactive consideration of the universal deployment of security printing? If no one uses security variable data printing (SVDP), then opportunities to make counterfeiting more difficult are squandered. Opportunities to protect brands are squandered. Opportunities to increase consumer interaction, interest and interrogation of your product are squandered. And, most egregiously, opportunities to provide multiple layers of security--with no extra cost, no extra carbon footprint, and little extra effort--are eschewed. This can only be due to indolence or neglect. Guess which of these will be assumed should a consumer die because they got a counterfeit of your product? If you are having trouble guessing, think about which will cost your company more in punitive damages.

If noone uses SVDP, then universally product fraud is given a free pass. This is categorical neglect--and it is imperative that any means of increasing consumer safety, so long as negligible cost is incurred, be deployed. Previous blogs have highlighted how SVDP actually saves money while increasing security. I certainly think this is easier to understand than, say, Kant's Critique of Pure Reason ("Now it does indeed seem natural that, as soon as we have left the ground of experience, we should, through careful enquiries, assure ourselves as to the foundations of any building that we propose to erect, not making use of any knowledge that we possess without first determining whence it has come, and not trusting to principles without knowing their origin."--huh?).

-Steve