"Encrypting Photos on the Cloud to Keep Them Private"
Online photo collections must be secured as they can provide a gold mine of personal data to attackers. A new study by computer scientists at Columbia Engineering has revealed what could potentially be the first way to encrypt personal images on widely used cloud photo services provided by Google, Apple, Flickr, and more, without making changes to those services. Traditional security measures such as passwords and two-factor authentication are not enough to protect photos on the cloud anymore. There have been many cases in which employees at online services abused their insider access to user data, for instance, Snapchat employees viewed users' private photos. There have also been bugs that expose random users' data to others. For example, a bug was found in Google Photos that revealed users' private videos to other users. Columbia Engineering researchers have created a system for mobile users to enjoy cloud photo services while protecting their photos from attackers. They developed a system called Easy Secure Photos (ESP), which encrypts photos uploaded to cloud services so that attackers or the cloud services themselves cannot decipher them. With this system, users can still visually browse and display images as if they were not encrypted. Therefore, if a user's account is hacked, attackers cannot access their photos because they are encrypted. ESP uses an image encryption algorithm whose resulting files can be compressed but still be recognizable as images. ESP also works for both lossy and lossless image formats like JPEG and PNG, and is efficient enough to be used on mobile devices. In addition, this system creates and uploads encrypted thumbnail images to cloud services. This article continues to discuss the weaknesses associated with cloud photo services and the new system developed by Columbia Engineering researchers to encrypt photos uploaded to those services.
Homeland Security News Wire reports "Encrypting Photos on the Cloud to Keep Them Private"