That Cloud Holding Your Personal Photos? Its Security is Really “A Low-Qualified Locker” Researchers Say. A Better System is Proposed for Your Privacy.

By Lori Cameron
Published 06/21/2018
Share this on:

camera lens and film

More and more, we upload our personal photos to the cloud to store and edit them because our smartphones can’t handle the space or workload.

The reality is, however, the security isn’t what you might expect, according to new research funded by a U.S. National Science Foundation grant.

The protection is more like a gym locker than a bank.

“Even if we assume CSPs (cloud service providers) are completely honest and could be trusted to have data owners’ private information, such privacy leakages still happen. In fact, the cloud server is usually considered as a low-qualified locker rather than a strong bank deposit box. The cloud computing platform suffers from more security threats compared with a traditional network server,” researchers say.

“Nevertheless, private data leakage in the public cloud happens very often due to the improper configuration and maintenance by CSPs. In a nutshell, privacy concerns over outsourced data have become the main barrier to the further development of cloud computing platforms,” the researchers add.

Read about cybercrime, the dark web, and the future of digital forensics.

A team of researchers from the United States and China now propose a state-of-the-art system that includes secure multiparty computation, digital watermarks, and homomorphic encryption, which, simply put, means images can be processed without decrypting them.

Researchers from China and the United States propose a more secure cloud system for your photos.
Researchers from China and the United States propose a more secure cloud system. The system consists of two main entities: the Cloud Computing Platform (CCP) and the user. The user is a data owner who holds massive image data and intends to outsource the image processing tasks to the CCP.

“The privacy concerns over the sensitive information contained in outsourced image data arise in public. In fact, once uploaded to cloud, the security and privacy of the image content can only presume upon the reliability of the cloud service providers. Lack of assuring security and privacy guarantees becomes the main barrier to further deployment of cloud-based image processing systems,” say Zhan Qin of the University of Texas at San Antonio, Jian Weng of Jinan University, Yong Cui of Tsinghua University, and Kui Ren of the University at Buffalo, authors of “Privacy-Preserving Image Processing in the Cloud” (login may be required for full text) in the latest issue of IEEE Cloud Computing.

Read our collection of top research on fighting child exploitation and cybercrime.

You might remember the “celebgate” scandal of 2014 when hackers gained access to hundreds of iCloud accounts, many belonging to celebrities such as Jennifer Lawrence, Kim Kardashian, Rihanna, Scarlet Johansson, Hillary Duff, and Jenny McCarthy.

Lawrence called the leak a “sex crime” and a “sexual violation.” Apple later attributed the hacking to “a very targeted attack on user names, passwords and security questions” and encouraged users to deploy two-step verification and stronger passwords.

Such episodes inspire researchers to build better systems.

“In recent years, secure image data processing has grown rapidly as a research field and attracted attention from both academia and industry. In practice, many fancy image-processing applications require computational power beyond the limit of mobile devices. For example, 3D structure reconstruction needs massive computational power for image feature detection and matching. In this area, the main research direction lies in the detection of image features over ciphertext domain. Many encryption techniques are applied or adjusted to protect image data privacy while enabling visual feature extractions,” say the authors of the new study.

Finding techniques to improve cloud security

So how is it done? First, we must understand the problem.

The point at which any file is decrypted in transit over the internet, it is vulnerable to attack. That’s what makes multiparty computation and homomorphic encryption the perfect solution. Outside parties, including service providers, can process the file without gaining access to private data.

That means they can’t see your photos or grab any personal data attached to them.

Read how experts responded when asked by Google team for their top pieces of online security advice.

According to the authors, the three priorities in building a privacy algorithm should be functionality, security, and efficiency.

“These three design targets are equally important. However, if we must set a priority, the most important should be security. After all, sensitive information leakage can result in severe losses. Here, we use image feature detection algorithms as a set of case studies to analyze the above three design targets,” they say, referring to the illustration below.

The functionality of the RGB histogram is an illustrative example for global feature detection algorithms.
Red, green, blue (RGB) histogram. The functionality of the RGB histogram is an illustrative example for global feature detection algorithms. In color feature detection algorithms, the histogram descriptor is the most basic descriptor and a building block for advanced feature descriptors.

Cyphertext containing the same information as plaintext is unreadable to humans or computers without the cypher to decode it. But, as you can imagine, cyphers are easy for expert hackers to unravel, making them insufficient for preserving privacy.

The illustrative experimental result of SIFT Feature Descriptor.
The illustrative experimental result of SIFT Feature Descriptor: Figures (a-c) are the results in the plaintext domain. Figures (d-f) are the corresponding results in the ciphertext domain.

The histogram algorithm is a better method, but it still has its challenges.

“If ciphertexts are comparable to plaintexts, the adversary can easily deduce all the values of encrypted pixels and get the sensitive information contained in an image. However, after carefully analyzing the functionality requirement of the histogram algorithm, we find that the exact required functionality is not the result of comparison between ciphertext and plaintext. The required functionality is the corresponding comparison result in the ciphertext domain,” the authors say.

In short, the researchers are trying to build better algorithms—specifically, a privacy-preserving version of the histogram algorithm.

Utilizing secure multiparty computation (SMC) techniques by introducing additional cloud computing platform.
Utilizing secure multiparty computation (SMC) techniques by introducing additional cloud computing platform.

Using multiple servers to process images

One way to make things complicated for hackers is to introduce multiple parties to the imaging process.

“It is effective to alleviate computation complexity on the user side by introducing additional communication complexity between the user and cloud servers, e.g., through uploading ciphertexts to two cloud servers,” the authors say.

Workflow of secure digital watermarking detection in the cloud.
Workflow of secure digital watermarking detection in the cloud.

Digital watermarks make security even stronger

Digital watermarks add another layer of protection to cloud images.

“To construct a secure watermark detection mechanism, most existing solutions leverage secure multiparty computation (SMC) techniques,” say the authors, who agree with previous proposals to use both secure sharing and watermarking schemes to protect users’ media data in the cloud.

In simple terms, images are encrypted in multiple ways, broken into multiple pieces, and distributed over multiple servers. The effort involved in finding the pieces, putting them back together, and decrypting them is arduous if not impossible.

Read how cybersecurity experts are preparing to face off with saboteurs’ 5G botnets.

“Similar to the multiserver structure utilized in image feature detection applications, the proposed secure sharing scheme divides users’ data into multiple pieces and uploads it to different cloud servers, making it difficult to derive the entire information from any single cloud,” they say.

Ultimately, the solution lies in using multiple encryption methods instead of using only one standard approach and spreading the data out over several servers.

“The integration of different techniques instead of traditional cryptography tools is the most promising research direction in this area. Also, considering the prevalence of JPEG compression among some data, privacy-preserving decompression of JPEG file as a special case of privacy-preserving DCT computation is also a promising research direction in this area,” the authors say.


Research related to image processing in the Computer Society Digital Library

Login may be required for full text.




About Lori Cameron

Lori Cameron is a Senior Writer for the IEEE Computer Society and currently writes regular features for Computer magazine, Computing Edge, and the Computing Now and Magazine Roundup websites. Contact her at Follow her on LinkedIn.