PRIVACY-‐PRESERVING PHOTO SHARING BASED ON A PUBLIC KEY INFRASTRUCTURE
Lin Yuana, David McNallya, AlptekinKüpçüb and Touradj [email protected]
a Multimedia Signal Processing Group (MMSPG)EPFL, Lausanne, Switzerland
b Cryptography, Security, and Privacy Research GroupKoç University, Istanbul, Turkey
Introduction
§ Huge amount of photos shared in Online Social Networks and Cloud Services
§ Privacy concern– Governmental surveillance– Private photo leakage– Service insider– Unauthorized access
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 2
Objective
§ Privacy-preserving photo sharing architecture– User-defined privacy image region– Cope with a large number of possible image protection solutions– JPEG compliant protected photos– PKI enabling key exchange and access control
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 3
Illustration
§ Secure JPEG Scrambling
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 4
…
…
Key1
…
Scrambled JPEG photo
������Descrambled photos Original JPEG photo
1 2 3 4 5 6
7 8 9
APP Markers in file header:
Metadata about scrambled ROIs (without keys)
ROI1,Level1,Key1 Key9ROI9,Level9,Key9
1 -1 1 1 -1 -1 1 1 -1 1 …
-1 1 1 -1 1 -1 1 -1 1 1 …
Signs of DCT coefficients
Pseudorandom numbers
Fundamentals
§ Public-Key Cryptography (PKC)– Encryption with public key– Decryption with private key– Public key infrastructure (PKI)– Certificate Authority (CA)
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 5
http://www.akadia.com/services/email_security.html
Fundamentals
§ Attribute-Based Encryption (ABE)– A special public-key encryption: secret key of a user and the ciphertext are dependent upon attributes
– Decryption only possible if Attributesmatch an Access Policy• Attributes
– A set of descriptive items,e.g., (‘Close Friend’, ‘Co-worker’, ‘Age = 26’)
• Access Policy– Access structure over all attributes, normal or numerical
e.g.,(‘Family’ OR ‘Close Friend’ AND ‘Age>18’)– Key-Policy ABE (KP-ABE)
• Access policy in keys• Attributes in ciphertext
– Ciphertext-Policy ABE (CP-ABE)• Access policy in ciphertext• Attributes in keys
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 6
Fundamentals
§ CP-ABE operations– Setup à (APK, AMSK)– KeyGen à ABE Private Key (ASK)
– Encryption
– Decryption
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 7
KeyGenAMSK
AttributesASK
EncryptionPlaintext
Access Policy
Decryption
ASK
APK Ciphertext
Plaintext
SystemDesign
§ Architecture Overview
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 8
Client side
Server side
JPEG
……
User A
Content Server
Key Server
JPEG
JPEG
Image Image
User B
Certificate Authority
Untrusted
Trusted
SystemDesign
§ Assumptions– Client components are trustworthy– Certificate Authority is trustworthy– Content Server and Key Server are not trusted
• honest-but-curious– Users do not keep viewed photo data, image secret keys and ABE private keys on client-side. • Revocation of a shared digital good is impossible without this assumption anyway.
§ Setup– Two types of information used as attributes:
• User ID or username (unique to each user)• Descriptive info (group, role, age, etc.)
– Image secret key:• Randomly generated, or• Manually set by user
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 9
SystemDesign
§ OP1 – User Initialization– Generate keys for user:
• PKC Public Key (TPK)• PKC Private Key (TSK)• ABE Public Key (APK)• ABE Master Key (AMSK)
§ OP2 – Add a friend
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 10
PKCEncryption
PKCDecryption
Sender operation Recipient operationServer
FriendASK
EncryptedFriendASK
FriendTPK
FriendTSK
FriendASK
CP-ABEKey Generator
SenderAMSK
SenderAPK
FriendAttributes
CA
Keep on device
SystemDesign
§ OP3 – Protect and Share a Photo– Protect photo with JPEG Scrambling or Transmorphing– Encrypt secure key with CP-ABE
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 11
ImageProtection
CP-ABEEncryption
Sender operation Server
ProtectedImage
EncryptedSecretKey
SenderAPK
Image
SecretKey
AccessPolicy
KeyGenerator
Scramble
SystemDesign
§ OP4 – Access a Photo– Decrypt ABE private key with PKC– Decrypt image secret key with CP-ABE– Descramble image
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 12
ImageRecovery
CP-ABEDecryption
Recipient operationServer
ProtectedImage
EncryptedSecretKey
SenderAPK
Image
RecipientASK
SecretKey
Descramble
SystemDesign
§ Revocation– Assumption: Users do not keep viewed photo data, image secret keys and ABE private keys on client-side.
– Re-generate friends ABE private keys, newattributes set• (‘Bob’, ‘Close Friend’, ‘Co-worker’)à (‘Bob’, ‘Co-worker’)
– Re-encrypt image secret keys, newaccess policy• (‘Family’ OR ‘Close Friend’ OR ‘Carol’)à (‘Family’ OR ‘Close Friend’)
§ Operation summary– OP2 (add a friend):
• One ABE KenGen operation à One PKC Encryption operation– OP3 (share a photo, n different privacy areas):
• n JPEG Scrambling operations à n ABE Encryption operations– OP4 (access a photo, n different privacy areas):
• One PKC Decryption à n ABE Decryption à n JPEG Descrambling– Revocation:
• One OP2 or one OP3
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 13
Conclusion
§ A privacy-preserving photo sharing architecture applicable to JPEG coded images
§ Protected photos compatible with JPEG coding § CP-ABE along with conventional PKC:
– Secure distribution of secret keys– Fine-grained access control
§ Prototype application:ProShare
§ Future work– Context-aware privacy protection– Further evaluation
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 14
Thank you for your attention!
Privacy-Preserving Photo Sharing based on a Public Key Infrastructure 15
