Privacy-preserving architecture for forensic image recognition

Forensic image recognition is an important tool in many areas of law enforcement where an agency wants to prosecute possessors of illegal images. The recognition of illegal images that might have undergone human imperceptible changes (e.g., a JPEG-recompression) is commonly done by computing a perceptual image hash function of a given image and then matching this hash with perceptual hash values in a database of previously collected illegal images. To prevent privacy violation, agencies should only learn about images that have been reliably detected as illegal and nothing else. In this work, we argue that the prevalent presence of separate departments in such agencies can be used to enforce the need-to-know principle by separating duties among them. This enables us to construct the first practically efficient architecture to perform forensic image recognition in a privacy-preserving manner. By deriving unique cryptographic keys directly from the images, we can encrypt all sensitive data and ensure that only illegal images can be recovered by the law enforcement agency while all other information remains protected

Robust Image Hashing Based Efficient Authentication for Smart Industrial Environment

[EN] Due to large volume and high variability of editing tools, protecting multimedia contents, and ensuring their privacy and authenticity has become an increasingly important issue in cyber-physical security of industrial environments, especially industrial surveillance. The approaches authenticating images using their principle content emerge as popular authentication techniques in industrial video surveillance applications. But maintaining a good tradeoff between perceptual robustness and discriminations is the key research challenge in image hashing approaches. In this paper, a robust image hashing method is proposed for efficient authentication of keyframes extracted from surveillance video data. A novel feature extraction strategy is employed in the proposed image hashing approach for authentication by extracting two important features: the positions of rich and nonzero low edge blocks and the dominant discrete cosine transform (DCT) coefficients of the corresponding rich edge blocks, keeping the computational cost at minimum. Extensive experiments conducted from different perspectives suggest that the proposed approach provides a trustworthy and secure way of multimedia data transmission over surveillance networks. Further, the results vindicate the suitability of our proposal for real-time authentication and embedded security in smart industrial applications compared to state-of-the-art methods.This work was supported in part by the National Natural Science Foundation of China under Grant 61976120, in part by the Natural Science Foundation of Jiangsu Province under Grant BK20191445, in part by the Six Talent Peaks Project of Jiangsu Province under Grant XYDXXJS-048, and sponsored by Qing Lan Project of Jiangsu Province, China.Sajjad, M.; Ul Haq, I.; Lloret, J.; Ding, W.; Muhammad, K. (2019). Robust Image Hashing Based Efficient Authentication for Smart Industrial Environment. IEEE Transactions on Industrial Informatics. 15(12):6541-6550. https://doi.org/10.1109/TII.2019.2921652S65416550151

Balancing End-to-End Encryption and Public Safety

Over the last decade, there has been a significant debate around end-to-end encryption (E2EE) and its implications for public safety. At the forefront of the discourse is a false dichotomy between protecting privacy and ensuring national security. At the extreme ends of this deeply polarised debate are two key arguments. On the privacy side, it is believed that governments and law enforcement agencies desire unrestrained exceptional access to E2EE communications to spy on their citizens. On the security side, it is maintained that obtaining lawful exceptional access is the only way to protect citizens and uphold national security. The debate has reached a deadlock, with both sides perpetuating zero-sum views.However, experts are calling for a more nuanced conversation about possible solutions to the criminal use of E2EE services. It is vital that a range of views are considered in order to identify the key issues and inform a more productive debate. Through a review of the existing literature and insights from 22 semi-structured interviews, this paper balances the perspectives from a range of relevant stakeholders on the main elements of the E2EE debate and presents some key takeaways in an effort to move away from a crude privacy-versus-security binary.The paper presents the following key findings:There are clear and significant cyber security and privacy benefits to E2EE. Efforts to weaken or restrict its access would be a net loss for all.Criminal use of E2EE is a significant risk to public safety and solutions are vital. Yet, it should also be acknowledged that technology is an enabler of criminal and harmful activity and should not be treated as the root cause.The possibility of developing technical tools which could assist law enforcement investigations should not be categorically ruled out, but future proposals must be measured against the principles of proportionality, legality and technical robustness.Alternative options for law enforcement investigations such as metadata analysis and legal hacking should be considered, but they are not without their drawbacks. Legal hacking could be proportionate but its reliance on software vulnerabilities is largely at odds with strong cyber security. Metadata analysis is promising but more research is needed to determine the extent to which it can be used to aid law enforcement investigations.Industry do have a responsibility to make their platforms safer and free from criminal abuse. This requires implementation of safety-by-design principles and the provision of resources for better digital literacy and education. Governments must have oversight over the technical tools developed.A more nuanced debate must continue which actively moves away from zero-sum views of absolute privacy versus absolute security, and focuses more on how the risks to public safety can be reduced in proportion with the need to protect citizens' rights and freedoms

Privacy Preserving EEG-based Authentication Using Perceptual Hashing

The use of electroencephalogram (EEG), an electrophysiological monitoring method for recording the brain activity, for authentication has attracted the interest of researchers for over a decade. In addition to exhibiting qualities of biometric-based authentication, they are revocable, impossible to mimic, and resistant to coercion attacks. However, EEG signals carry a wealth of information about an individual and can reveal private information about the user. This brings significant privacy issues to EEG-based authentication systems as they have access to raw EEG signals. This thesis proposes a privacy-preserving EEG-based authentication system that preserves the privacy of the user by not revealing the raw EEG signals while allowing the system to authenticate the user accurately. In that, perceptual hashing is utilized and instead of raw EEG signals, their perceptually hashed values are used in the authentication process. In addition to describing the authentication process, algorithms to compute the perceptual hash are developed based on two feature extraction techniques. Experimental results show that an authentication system using perceptual hashing can achieve performance comparable to a system that has access to raw EEG signals if enough EEG channels are used in the process. This thesis also presents a security analysis to show that perceptual hashing can prevent information leakage

Privacy-Preserving Outsourced Media Search

International audienceThis work proposes a privacy-protection framework for an important application called outsourced media search. This scenario involves a data owner, a client, and an untrusted server, where the owner outsources a search service to the server. Due to lack of trust, the privacy of the client and the owner should be protected. The framework relies on multimedia hashing and symmetric encryption. It requires involved parties to participate in a privacy-enhancing protocol. Additional processing steps are carried out by the owner and the client: (i) before outsourcing low-level media features to the server, the owner has to one-way hash them, and partially encrypt each hash-value; (ii) the client completes the similarity search by re-ranking the most similar candidates received from the server. One-way hashing and encryption add ambiguity to data and make it difficult for the server to infer contents from database items and queries, so the privacy of both the owner and the client is enforced. The proposed framework realizes trade-offs among strength of privacy enforcement, quality of search, and complexity, because the information loss can be tuned during hashing and encryption. Extensive experiments demonstrate the effectiveness and the flexibility of the framework

Squint Hard Enough: Evaluating Perceptual Hashing with Machine Learning

Many online communications systems use perceptual hash matching systems to detect illicit files in user content. These systems employ specialized perceptual hash functions such as Microsoft\u27s PhotoDNA or Facebook\u27s PDQ to produce a compact digest of an image file that can be approximately compared to a database of known illicit-content digests. Recently, several proposals have suggested that hash-based matching systems be incorporated into client-side and end-to-end encrypted (E2EE) systems: in these designs, files that register as illicit content will be reported to the provider, while the remaining content will be sent confidentially. By using perceptual hashing to determine confidentiality guarantees, this new setting significantly changes the function of existing perceptual hashing -- thus motivating the need to evaluate these functions from an adversarial perspective, using their perceptual capabilities against them. For example, an attacker may attempt to trigger a match on innocuous, but politically-charged, content in an attempt to stifle speech. In this work we develop threat models for perceptual hashing algorithms in an adversarial setting, and present attacks against the two most widely deployed algorithms: PhotoDNA and PDQ. Our results show that it is possible to efficiently generate targeted second-preimage attacks in which an attacker creates a variant of some source image that matches some target digest. As a complement to this main result, we also further investigate the production of images that facilitate detection avoidance attacks, continuing a recent investigation of Jain et al. Our work shows that existing perceptual hash functions are likely insufficiently robust to survive attacks on this new setting