Slashdot Mirror
Blurring Images Not So Secure
An anonymous reader writes "Dheera Venkatraman explains in a webpage how an attacker might be able to extract personal information such as check or credit card numbers, from images blurred with a mosaic effect, potentially exposing the data behind hundreds of images of blurred checks found online, and provides a ficticious example.
While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."
Will this work on Japanese porn too? My friend wants to know.
While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."
And please, when you cover the information with black bars, use Adobe Acrobat. (this solution brought to you by the CIA)
Push Button, Receive Bacon
Squinting your eyes also works.
damn right. I see this happening on CSI all the time, the licence plate, blurred, reflected in a window, with someone standing in front of it.. just 'clean up the image', and bobs your uncle - one licence plate revealed clear as day. :)
You do realise that an algorithm to "un-blur" a blurred image is a total waste of time, right? There's no way for the algorithm to know how many times and in what various directions I blured the image - or if I added/deleted text before blurring. It's like a virus for Linux.. no one writes it because it's a waste of time. Leave it to slashdot to post bullshit.
Anytime I post a picture, such as a car with a license plate, I BLANK out the numbers/letters with three colors, a block of white, then a block of silver, then a block of black. Not layers, just the colors.
Blurring can be made secure, if the picture is blurred or pixelated) to the maximum. Then no one can see the original numbers any longer, therefore creating the highest possible degree of security.
http://www.automatiq.se
An unclassified report was released with information blacked out to make it unclassified. The problem is that whatever software was used to produce the PDF with classified information hidden had only applied a layer which was easily removed.
People who do not understand the technology they are working with should not have this kind of release authority. And that's the hard part--the higher up you are in the food chain, the less likely you are to understand the new tools your organization is working with.
There are very few users in government who could not do their jobs just fine using Windows 3.11, WordStar 3.x and an e-mail client on a fast but simple machine.
Slaved as the government is to Microsoft's development cycle, however, the government will always be at the cutting edge of compromised.
Don't trust anyone under thirty.
While I acknowledge knowning little about different blurring algorithms could someone enlight a bit how much of "unblurring" can be done? I realize there are some "sharpen" filters in Photoshop and Gimp but AFAIK they all seem to be based on highlighting edges or something like that.
As in the TFA, the Bill Gates picture has a small part of it blurred (his face). Could it be possible to calcute all the possible variations that give the same bitmap as the original when filtered with gaussian blur? What I glanced from gaussian blur page the group including all the possible solutions has to be finite, I guess, while being very huge..
This combined with a monkey (or bored computer user) could "help" refine the patter by selecting the most likely variation until the user is satisfied. Or is this something for which there already exists programs?
He basically points out that a blurred mosaic amounts to a form of inexact hash function. While irreversable, if you have a small enough input space, you can exhaustively hash all possible candidates and pick the one(s) that best match the target.
Interestingly enough, while he points out that most financial account numbers contain a degree of error detection and correction, he chooses to use that to reduce the match set, rather than the candidate set. I suppose this would matter if you wanted to prove a hypothesis (if the best match yields a valid number, you have a p=[valid/total]), but if you just want to steal someone's account info, you'd do better to reduce your processing time and just try the best few results in order.
Not only do you have no idea what TFA is about, you're wrong about what you're talking about as well.
That isn't 'lazy programmers'. That's people trying to up their search engine rank without bothering their customers with a ton of pointless text.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
and what is wrong with saying "i agree" to the article. this is a public forum for people to voice opinions, if you think that is wrong, just set the widget to show comments rated +5.
Why UNIX?
Wouldn't multiple blurs over the same area also make it much harder to decipher? Yes, [evil person] could apply the affect multiple times as well, but that would be assuming they knew that a) the person had done it more than once and b) how many times they'd actually done it.
The whole point of the article is that blurring and pixelating beyond recognition isn't enough. You don't need to see the original numbers, you just have to find numbers that blur to a similar blob. It's a dictionary attack with blur as a hash function.
This is a kind of maximum entropy method, like the unsharp mask in image processing. Basically, if you know the blurring (convolving) function, you can reverse it. There are more sophisticated algorithms for cases where the blurring function is unknown, based on certain regularities; for example motion blur has a fixed direction and magnitude.
Escher was the first MC and Giger invented the HR department.
In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.
This message was scanned by European governments and contains no terrorism.
I see that this would be harder with people's faces; there'd be a lot of headless people in photos.
This is precisely why I hand write all my checks with a sharpe marker, here's an Example.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Daniel Cohen-Or manages something I consider far more interesting. Take for instance this PDF about image reconstruction.
There's quite a few more impressive papers on his page, for those interested in graphics.
Indeed!
Can someone agree with an article they didn't read?
Why UNIX?
You're new here, aren't you?
This reminds me of when a company sent out a PDF file with a lot of very sensitive information covered in black, but it was done with a black box in Acrobat.
If you read it on screen or printed it out, it worked as they expected. But when you selected the text and copy and pasted it somewhere else, you could read every bit, including the names and details they thought were obscured.
Lose Weight and Feel Great with Isagenix
See that little icon on the toolbar that looks like an eraser. Click it and then drag it over the area you want to remove (the credit card number or whatever else). The information is gone and there is no way to bring it back.
In a lot of advanced image processing where you want to upscale an image, you can actually use a wavelet-based scaling technique that recovers amazing amounts of detail. In most digital TVs these days, they use a two-dimensional polyphase finite impulse response filter tuned for a certain degree of Gibbs phenomenon (ringing around harder edges) versus detail loss. But this has its limits, and it doesn't intelligently reconstruct the image details. In addition, it's notoriously difficult to tune properly for all content.
In contrast, wavelet based scaling can actually reconstruct phenomenal amounts of detail from a degraded image. For digital TV applications where you have DVDs or standard definition content displayed on a high-definition fixed-resolution display, wavelet-based scaling can actually make real details re-emerge where they weren't there before. The bottom line explanation is understanding and interpreting the influence of adjacent pixels with a minimum of error as the article's author demonstrates (although, as the parent post explains, he's going about it in a convoluted way). I've actually seen the preliminary results that some engineers had shown me that makes it look like something a government agency would use to enhance satellite or surveillance camera images. It makes DVDs look almost exactly like HD-DVD or Blu-Ray HD content. In fact, I expressed my concern that this scaling method could be used on digital TVs to actually "unmask" blurred or blocked faces on TV shows and introduce liability issues.
Nevertheless, it is possible to reconstruct a LOT of detail from blocked out or blurred faces or pretty much any content. Doing it in real time on HD resolution displays is a different matter altogether as it requires enormous computing power. But it is coming in the next 3-5 years. If you're really interesting in blocking out content on digital photos, use a solid black color over the part you don't want recognized.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
So yes, I used an image against itself and designed it to work here. But the algorithem can surely be improved to work on real stuff. I don't have the time nor desire to improve this any further, though, because I'm not the one after your information.
Yeah, like: surely someone else can make it work - I've only described a fantasy in an article that'll work only under fabricated examples and circumstances and I don't want to put myself in a position of proving it unworkable in general use.
"It's time to take life by the cans." ~ Bender ("Bendin' in the Wind", ep. 3-13)
Why not just crop the image? Oh wait...
Kernel Krunch - Part of a Complete OS
Long ago, I posted up a picture about Vonage 911 and a screenshot for dslreports.com long ago.0 c31ec1520970b77229393b7d713/vonage.png
You'll find it here:
http://www.dslreports.com/r0/download/800075~433b
Now, unless you know what mosaic settings I used, I don't see anyone cracking these numbers anytime soon. I think this sounds good in theory, but no good in practice unless everyone is using the exact same software to do the mosaic modification.
Import the picture into PS or Fireworks and then draw the black lines on top. Save as the program-specific proprietary format. Upload to teh internets.
Similar to the pfd layers issue, but more readily viewed and edited.
First, this isn't blur, it's pixelation, with big pixels. That's not the same as blur. True blur, like Gaussian blur in Photoshop, doesn't actually destroy that much information. After Gaussian blurring, each pixel has a unique value, but it's a linear combination of values from nearby pixels. There's almost as much information as before blurring; the only true losses are from rounding. That's a reversible process.
Pixelation, though, substantially reduces the amount of information in the image. Before, each pixel had a unique value. After, only each square has a unique value. So information really has been destroyed. However, if, after pixelation, the target object to be identified still has several pixels, some kind of attack might work. You need to use big enough pixel blocks that multiple target objects (like three or more letters or numbers) map to a single block. Of course, visually this will lose you the "there's sort of some number there but I can't make it out" look.
Pixelation with some crypto-grade noise added would probably solve the problem. (Remember, if the attacker can predict the noise algorithm, it doesn't help.)
Here's a once-top story on Digg.e ck_written_for
http://digg.com/offbeat_news/How_much_was_this_ch
Google image search will give you tons more examples... not just of checks but people block all kinds of things. Scanned bills, paystubs, etc. and mosaic parts of images.
Recently, I scanned and placed 20+ pages of my old high school writing on my blog to provide continuity between some old diary entries I had converted to blog and my current blog entries.
I didn't edit the pages much but I did obscure signatures and addresses on the top of some of the pages as some of my poems were submitted for publication in a local zine.
I first tried block selecting and pixellating the text I wanted to obscure with Gimp.
I wasn't happy with the results as there seemed to be a lot of clues left behind that might enable someone to reverse engineer the text.
So, I decided to undo the pixellating and picked the smudge tool instead.
Since you control the H&V coords for the dragging tool manually It's like scrubbing crayon off a wall.
Just scrub until the data is gone.
Seems to me that this is a much safer way than pixellation to strip out unwanted data while still leaving the suggestion of text in the image.
He gets it :)
Ask the guys with talented girlfrends. ;)
Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
I've seen personal info blurred so poorly simple adjustment with the levels tool in photoshop made them visible. The information in question was a credit card number. The guy was lucky, he had an AIM screenname in his profile. I contacted him and he replaced the image.
Does anyone have a link to code doing wavelet-based scaling techniques, especially a GIMP plugin?
Try a Google (Scholar) search for ("blind") "Deconvolution", e.g. the Lucy-Richardson (if I recall correctly) algorithm. MatLab's image processing toolkit has some of them as built-in functions. It's one of the standard machine-learning problems.
In short: "Blurring", as most image processing software does it is a convolution (i.e. a multiplication in Fourier-Space) of the original image with a Gaussian kernel. Since the resulting image is real but the multiplication takes place in the full complex Fourier spectrum, information about the original image is lost during the convolution (the blurring): There is no inverse function to the convolution, in general. Nevertheless we can find the most probable original image, given the blurred one and, using knowledge about the struture of the original images (like, say, its Fourier spectrum, its entropy, etc), we can enhance this reconstruction.
Contemporary de-convolution algorithms (they are used in Astronomy, Microscopy, in Digital Cameras and a lot of other places) are much better than a layman would expect. While they can do no mathematical wonders, they definitely can restore amazingly clear images from what looks to the human eye like one big blurry blob.
an algorithm to "un-blur" a blurred image is a total waste of time
Maybe for a single image, but how about blurred or pixelated informants or (increasingly) logos on TV, with many closely correlated frames?
> If you're really interesting in blocking out content on digital photos, use a
> solid black color over the part you don't want recognized.
No need for black. Just replace the part you don't want recognized with something else rather than blurring it (or better yet replace it and then blur it. Let them waste their computing power).
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Comment removed based on user account deletion
I agree.
If it's in you sig, it's in your post.
Blur is of course insecure. Beyond this reverse-engineering trick, it's also a known visual trick that something which up close looks blurry and unrecognizable is actually more readable from a distance.
I agree that blur is not a great idea, but "black bar" is tacky. Either get the area to match the surrounding area, via copy-and-paste (and then blur or something), or match the color and paint over.
If those techniques make it look obvious, I've used Noise and Scatter in the past. Since Scatter is presumably random, it should obliviate any ability to recover the source, and the added noise shouldn't help.
Terrorists can attack freedom, but only Congress can destroy it.
Just use a black brush and brush over the stuff you want hidden. This is what I always do.
:P)
I don't care what algorithm you're using, you can't reverse a black paint stroke to discover what is underneath, those pixels are gone. (short of using code that exploits the multi-layers aspect of some image formats - but paint is not susceptable to this
So how long before someone writes a new mosaic effect which looks as neat as the existing one while actually having little to do with the underlying image?
Mr. Period: Nine is the one that's right by ten!
Nine: One day I will kill him. Then, I will be Ten.
Yoda of Borg am I! Assimilated shall you be! Futile resistance is, hmm?
Only because you didn't tilt your head and squint... doh!
Indeed!
Okay so I'm replying to this rather late, despite enjoying the post when the article first came out. Is there a way to tell which, if any, HDTVs and/or DVD players on the market employ wavelet based techniques? Cheers, Justin