Privacy-Preserving Photo Sharing based on Secure JPEGcostic1206.uvigo.es/sites/default/files/Meetings... · – Photo sharing architecturebasedon a Public Key Infrastructure (PKI)

11/11/15

1

Privacy-Preserving Photo Sharingbased on Secure JPEG

Lin Yuan, Touradj EbrahimiMultimedia Signal Processing Group - MMSPG

Ecole Polytechnique Fédérale de Lausanne – EPFLCH-1015 Lausanne, Switzerland

[email protected]

2/11/2015 1COST Action IC1206 MC&WGs meetings, Valletta, Malta

Motivation• Social network and

cloud service• Easy and fast photo

sharing,huge amount• Privacy concern:

– “A picture is worth a thousand words.”

– Visual info., metadata, geo-taging, etc.

2COST Action IC1206 MC&WGs meetings, Valletta, Malta2/11/2015

11/11/15

2

Motivation• Privacy scandals

– Governmental surveillance, e.g. PRISM– Leakage of celebrities private photos

• Existing privacy protection solutions– limited degree of protection and

control


Goal and Approaches• Goal

– Diminish privacy risks in online photo sharing, whilepreserving a maximal usability

• Approaches– Secure JPEG:

• JPEG Scrambling• JPEG Transmorphing

– Photo sharing architecture based on a Public KeyInfrastructure (PKI)


11/11/15

3

JPEG Scrambling• Randomly change the signs of DCT coefficients

5

……

k1

k9…

−1 1 1 −1 1 −1 1 −1 1 ...

1 −1 1 1 −1 −1 1 1 −1 ...

⊗

Scrambled JPEG photoSigns of DCT coefficients

Pseudo-random number

Descrambled photos

Insert parameters in JPEG header

Original JPEG photo

12

3 45 6

78 9ROI1,Level1,Key1

ROI9,Level9,Key9 Metadata

COST Action IC1206 MC&WGs meetings, Valletta, Malta2/11/2015

JPEG Transmorphing• Converting an image to its processed version while

preserving sufficient information about the original image in the processed image in order to reverse it.

6

JPEG Transcoder

Mask matrix Sub-image Morphed JPEG image

Original image

Processed image −

Sub-image embedded in APPn Markers

T

Reconstructed image

0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!1!1!0!0!0!0!1!1!0!1!1!1!1!0!0!1!1!1!1!1!1!1!1!0!0!1!1!1!1!0!1!1!0!0!0!0!1!1!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!

JPEG Transcoder

Threshold t

JPEG Transcoder


11/11/15

4

JPEG Transmorphing• APP marker in JPEG header

COST Action IC1206 MC&WGs meetings, Valletta, Malta 7

Marker ID1 byte

Mask Matrixm bytes

Data Length4 bytes

Sub-Image Datan bytes

Security Tool2 bytes

Metadata

TransmorphedJPEG image

APP markers

Protectionmethod &parameters

0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 1 1 1 1 1 1 1 0 ……

0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!1!1!0!0!0!0!1!1!0!1!1!1!1!0!0!1!1!1!1!1!1!1!1!0!0!1!1!1!1!0!1!1!0!0!0!0!1!1!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0!0! File size

in byte 0x01 0x02 0xB7 0x1F0x2A0x450xF4 0x3C 0x6B 0xE1 0x13 ……

ProtectedSub-image

2/11/2015

Evaluation and Comparison• Bitrate Overhead

8

Low-levelscrambled

Medium-levelscrambled

High-levelscrambled

AVG. overhead(face regionsscrambled)

1.87% 2.04% 2.15%

AVG. overhead(whole image

scrambled)1.87% 4.89% 5.96%

- 1000 images, max. pixel resolution 1024 x 1024,file size 100 KB ~ 330 KB

- Scrambling - Transmorphing


11/11/15

5

Evaluation and Comparison• Similarity

– JPEG compatible– Reversible, and fast

• Difference– Bitrate overhead

• Scrambling: extremely low• Transmorphing: higher

– Pleasantness• Transmorphing is absolutely better


Photo Sharing Architecture• Assumptions

– Client device/application completely trusted– Server minimally trusted (for revocation)– Social networks or cloud services not trusted

• Principles– Photo data protection/recovery ONLY on client device– ONLY protected data “flying” on cloud


11/11/15

6

Photo Sharing Architecture• Public Key Infrastructure

– Private key cryptography• Like our Secure JPEG protections

– Public key cryptography• Encryption with public key• Decryption with private key

– Attribute-based Encryption• Encryption data with an access structure (policy)• Decryption with private key, associated with a set of attributes

11

key key


Photo Sharing Architecture

12

Client side

Server side

JPEG

……

User A

Content Server

Key Server

JPEG

JPEG

Image Image

User B

Certificate Authority

Untrusted

Trusted


11/11/15

7

Photo Sharing Architecture• Photo protection, sharing and accessing

13

Image Protection

CP-ABE Encryption

Image Recovery

CP-ABE Decryption

Sender operation Recipient operation Server

Protected Image

Encrypted Secret

Key

Sender APK

Image Image

Secret Key

AccessPolicy

Recipient ASK

Key Generator

Secret Key


Photo Sharing Architecture• Assign attribute privacy keys to friends

14

PKC Encryption

PKC Decryption

Sender operation Recipient operation Server

Recipient ASK

Encrypted Recipient

ASK

Recipient TPK

Recipient TSK

Recipient ASK

CP-ABE Key Generator

Sender AMSK

Sender APK

Recipient Attributes


11/11/15

8

Prototype and Demo• Prototype application: ProShare

– iOS– Android

15COST Action IC1206 MC&WGs meetings, Valletta, Malta

ProShare

2/11/2015

JPEG Security and PrivacySOI

APP1 (Exif)

EOI

SOI

APP1 (Exif)

EOI

APP11(protected metadata)

JPEG-1 decoder

JPEG Privacy & Securitydecoder

APP1 (Exif)

APP1 (Exif)

original JPEGcodestream

JPEG compatiblecodestream withdata protection

Image Data

Image data

APP11(protected

image data)

Image Data

APP11(protected metadata)

Image data

APP11(protected

image data)

APP3 (JPSearch)

APP3 (JPSearch)

APP3 (JPSearch)


11/11/15

9

Future Work• Context-aware privacy protection• Further evaluation


Thanks!Question?


Documents

Privacy-Preserving Photo Sharing based on Secure JPEGcostic1206.uvigo.es/sites/default/files/Meetings... · – Photo sharing architecturebasedon a Public Key Infrastructure (PKI)