Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blurring Images Not So Secure

Posted by CmdrTaco on from the release-the-blue-dot dept.

An anonymous reader writes "Dheera Venkatraman explains in a webpage how an attacker might be able to extract personal information such as check or credit card numbers, from images blurred with a mosaic effect, potentially exposing the data behind hundreds of images of blurred checks found online, and provides a ficticious example. While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

7 of 166 comments (clear)

  1. Re:Impossible! by dheera · · Score: 5, Informative

    the problem is more the fact that so many people on the internet use just a simple mosaic to do blurring. i can cite enough examples from google image search if i wanted to. others resort to applying a motion blur effect just once which can be reversed by deconvolution if it's not blurred enough. if you use the smudge tool, good for you, i don't think there's a good way to reverse that. the problem is that blurring and mosaic techniques are simple, consistent transformations, while smudging is not.

  2. Re:Japanese porn by 1u3hr · · Score: 5, Informative
    Try GMask. This method of mosaic masking is often used to make the images legal for Japanese webpages, yet allow perverts to recover the original image.

    Now cue about 50 posts talkng about the "CSI Photoshop enhance plugin".

  3. RTFA by porneL · · Score: 4, Informative

    The whole point of the article is that blurring and pixelating beyond recognition isn't enough. You don't need to see the original numbers, you just have to find numbers that blur to a similar blob. It's a dictionary attack with blur as a hash function.

  4. MaxEnt by TeknoHog · · Score: 4, Informative

    This is a kind of maximum entropy method, like the unsharp mask in image processing. Basically, if you know the blurring (convolving) function, you can reverse it. There are more sophisticated algorithms for cases where the blurring function is unknown, based on certain regularities; for example motion blur has a fixed direction and magnitude.

    --
    Escher was the first MC and Giger invented the HR department.
  5. maximum entropy by localoptimum · · Score: 5, Informative
    This kind of problem is indeed quite easy to solve with a good algorithm. It's a hard(!) inverse problem, meaning that there are many possible model solutions (guessed number combinations) that match your data (pixels). The weakest link is knowing exactly the blurring algorithm that was used.

    In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.

    --
    This message was scanned by European governments and contains no terrorism.
  6. Fragment-based image completion/reconstruction by Oddscurity · · Score: 2, Informative

    Daniel Cohen-Or manages something I consider far more interesting. Take for instance this PDF about image reconstruction.

    There's quite a few more impressive papers on his page, for those interested in graphics.

    --
    Indeed!
  7. Re:Japanese porn by alphamugwump · · Score: 2, Informative

    Right. Witness the single-keystroke cache-clearing abilities of firefox. Also, they refer to their image rendering library as "libpr0n"