This year Researchers expect 1.35 trillion photos are taken globally, or about 3.7 billion photos per day.If you store all these pixels on a personal computer or mobile phone, they will take up a lot of space, which is one of the reasons why many people hide their images In the cloudsBut unlike hard drives that can be encrypted to protect data, cloud storage users must trust that the technology platform will protect their private photos. Now, a team of computer scientists at Columbia University has developed a tool to encrypt images stored on many popular cloud services, while allowing authorized users to browse and display their photos as usual.
Malicious attempts to access or disclose cloud-based photos and accidental disclosure may expose personal information.For example, in November 2019, a bug in the popular photo storage application Google Photos Shared some users’ private videos With strangers.Security experts are also worried Employees of cloud storage company Deliberately access the user’s image.
So researchers at Columbia University came up with a system called Easy Secure Photos (ESP), and they Presented at a recent meeting“We want to see if we can encrypt data while using existing services,” said Jason Nieh, a computer scientist, one of the developers of ESP. “Everyone wants to continue to use Google Photos without having to register for a new encrypted image cloud storage service.” Previous attempts to encrypt photos while still storing them on existing cloud-based services have failed because most clouds The platform is only suitable for image standard image files, such as JPEG, and the encrypted version of the image is saved as a different file type. In some cases, the service refuses to treat encrypted files as non-images. In other cases, the platform attempts to compress encrypted files to reduce their size. This image processing technique unintentionally damages the images, so they will no longer be visible after decryption.
To overcome these challenges, developers rely on the insight of image processing technology to process pixel blocks. They created a tool that can keep these blocks, but can move them to effectively obscure the photo. First, ESP’s algorithm divides a photo into three separate files, each of which contains the red, green, or blue data of the image. The system then shuffles the pixel blocks in these three files (for example, allowing blocks in the red file to be hidden in the green or blue file).But the program does nothing within Pixel blocks, all image processing is done here. As a result, these files are still valid images, but to anyone accessing them without a decryption key, they end up looking like grainy black and white static. This means they can still be compressed, which makes them compatible with many cloud storage platforms. When an authorized user accesses the cloud from a device equipped with a decryption key, the photo will appear in its original form.
To test ESP, the researchers implemented it in Simple Gallery, a popular image gallery application for Android. In this application, they use their system to encrypt photos, and then store the hidden images in a cloud service-in the research, they collaborated with Google Photos, Flickr and Imgur-the platform to compress the images. Subsequently, the researchers downloaded the compressed file and successfully decrypted it, showing that their method can withstand image processing. The ESP team claims that a small disadvantage of this technology is the slight increase in download and upload time. Researchers have not finalized ESP’s future plans, but said they may license the program to cloud storage companies or provide it to anyone on an open-access basis.
The tool’s ability to work on multiple technology platforms is the key to its usefulness. “We live in an era where almost everything we do is closely monitored by a few companies,” said Charles Wright, a security and privacy expert at Portland State University and founder of the Kombucha Digital Privacy System. He was not involved. Colombian Studies. “There is a lot of value in figuring out how we can retain all the benefits of the technology we have without giving up all our privacy.”
ESP also allows users to access their photos from multiple devices. This has long been a challenge for researchers because the digital code used to encrypt the photo must be the same as the digital code used to decrypt the photo. The researchers designed a system in which each device has its own unique key pair (a method different from the usual encryption system in which a single key pair is replicated on multiple devices). When the user authenticates the new device, this will send a signal to the authorized device to share one of its keys with the new device in the form of a QR code. After that, both devices can decrypt the image, allowing users to view the file like a normal color photo.
Nevertheless, ESP encryption is not foolproof. Wright explained that because the pixel values within the block are not themselves encrypted, a determined adversary can begin to identify the block and interpret it to reconstruct part or all of the image (although this will be a difficult and time-consuming task). In addition to competing with hackers, privacy-conscious ESP users may also face obstacles from the cloud-based platform they use to store photos. Some of these platforms provide functions that rely on the ability to view unencrypted images, such as identifying objects in photos or combining related pictures into virtual albums. Wright suggests that if any encryption tool becomes truly popular, it will prevent the use of these features, so providers may start to combat it in various ways. The Columbia team believes that users can find a compromise. In this case, they can use ESP to hide particularly sensitive photos while leaving most images unencrypted.
Despite these difficulties, Wright believes that tools such as ESP are worthwhile. “Trying to protect the privacy and security of users is an exciting research problem precisely because it is very challenging,” he said. “This will always be a fundamental problem, and it will also be a continuous hard fight.”