Blurring Images Not So Secure

An anonymous reader writes "Dheera Venkatraman explains in a webpage how an attacker might be able to extract personal information such as check or credit card numbers, from images blurred with a mosaic effect, potentially exposing the data behind hundreds of images of blurred checks found online, and provides a ficticious example. While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

Japanese porn

Will this work on Japanese porn too? My friend wants to know.

Re:Japanese porn

Try GMask [nifty.com]. This method of mosaic masking is often used to make the images legal for Japanese webpages, yet allow perverts to recover the original image.

Now cue about 50 posts talkng about the "CSI Photoshop enhance plugin".

Re:Japanese porn

Only on Slashdot would this man's question get an informative reply. I now remember why I've wasted 9 years of my life browsing this site. Thanks!

Re:Japanese porn

Translation aside, looks like it needs `gnome-config --cflags gnome` instead of `gtk-config --cflags`
in Makefile at a bare minimum.
And a lot of cleanup in general.

Witness the power of Open Source as it is unleashed in Real Time when faced with a pr0n related problem !

Re:Japanese porn

Will this work on Japanese porn too?

Only if the number of possible cunts is fixed and known.
     

and please...

While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

And please, when you cover the information with black bars, use Adobe Acrobat. (this solution brought to you by the CIA)

Re:

If you don't remember or want a refresher on what happened, the original article is at http://it.slashdot.org/article.pl?sid=06/06/22/138 210 [slashdot.org] . It's worth bookmarking in case you ever need to do the same yourself.

Sqinting Works

Squinting [wiktionary.org] your eyes also works.

Re:Sqinting Works

Squinting your eyes also works.

What else would you squint?

Re:Sqinting Works

Either that, or you end up seeing a 3D schooner.

old news - I see this on TV every day.

damn right. I see this happening on CSI all the time, the licence plate, blurred, reflected in a window, with someone standing in front of it.. just 'clean up the image', and bobs your uncle - one licence plate revealed clear as day. :)

Re:old news - I see this on TV every day.

It's hilarious every time they do this. They start with a picture of some guy's face from 500 feet away that looks like a big skin-colored blur, and by the time they're done enhancing it, you can see right up the guy's nose. Of course, they want to keep it realistic: to show that you can only enhance an image so much, his nose hairs are slightly pixelated.

Re:

Of course, they want to keep it realistic:

Whichis why it uses the authentic photpenhance sound effect as the image appears in rows, like dot matrix printer. Us imaging professionals see that every day.

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

Re:old news - I see this on TV every day.

The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

You need to realize that CSI is science fiction masquerading as a cop show. Their impossible tricks with image processsing and the like are the show's equivalent of FTL travel. But despite having miraculous technology, they actually get the method and attidudes of science right, at least on the original series. They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.

Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist.

how about a big DUH.....

Anytime I post a picture, such as a car with a license plate, I BLANK out the numbers/letters with three colors, a block of white, then a block of silver, then a block of black. Not layers, just the colors.

And cover it correctly...

An unclassified report was released with information blacked out to make it unclassified. The problem is that whatever software was used to produce the PDF with classified information hidden had only applied a layer which was easily removed.

People who do not understand the technology they are working with should not have this kind of release authority. And that's the hard part--the higher up you are in the food chain, the less likely you are to understand the new tools your organization is working with.

There are very few users in government who could not do their jobs just fine using Windows 3.11, WordStar 3.x and an e-mail client on a fast but simple machine.

Slaved as the government is to Microsoft's development cycle, however, the government will always be at the cutting edge of compromised.

Summary of technique

He basically points out that a blurred mosaic amounts to a form of inexact hash function. While irreversable, if you have a small enough input space, you can exhaustively hash all possible candidates and pick the one(s) that best match the target.

Interestingly enough, while he points out that most financial account numbers contain a degree of error detection and correction, he chooses to use that to reduce the match set, rather than the candidate set. I suppose this would matter if you wanted to prove a hypothesis (if the best match yields a valid number, you have a p=[valid/total]), but if you just want to steal someone's account info, you'd do better to reduce your processing time and just try the best few results in order.

You can actually go one step further with wavelets

In a lot of advanced image processing where you want to upscale an image, you can actually use a wavelet-based scaling technique that recovers amazing amounts of detail. In most digital TVs these days, they use a two-dimensional polyphase finite impulse response filter tuned for a certain degree of Gibbs phenomenon (ringing around harder edges) versus detail loss. But this has its limits, and it doesn't intelligently reconstruct the image details. In addition, it's notoriously difficult to tune properly for all content.

In contrast, wavelet based scaling can actually reconstruct phenomenal amounts of detail from a degraded image. For digital TV applications where you have DVDs or standard definition content displayed on a high-definition fixed-resolution display, wavelet-based scaling can actually make real details re-emerge where they weren't there before. The bottom line explanation is understanding and interpreting the influence of adjacent pixels with a minimum of error as the article's author demonstrates (although, as the parent post explains, he's going about it in a convoluted way). I've actually seen the preliminary results that some engineers had shown me that makes it look like something a government agency would use to enhance satellite or surveillance camera images. It makes DVDs look almost exactly like HD-DVD or Blu-Ray HD content. In fact, I expressed my concern that this scaling method could be used on digital TVs to actually "unmask" blurred or blocked faces on TV shows and introduce liability issues.

Nevertheless, it is possible to reconstruct a LOT of detail from blocked out or blurred faces or pretty much any content. Doing it in real time on HD resolution displays is a different matter altogether as it requires enormous computing power. But it is coming in the next 3-5 years. If you're really interesting in blocking out content on digital photos, use a solid black color over the part you don't want recognized.

MaxEnt

This is a kind of maximum entropy [maxent.co.uk] method, like the unsharp mask in image processing. Basically, if you know the blurring (convolving) function, you can reverse it. There are more sophisticated algorithms for cases where the blurring function is unknown, based on certain regularities; for example motion blur has a fixed direction and magnitude.

maximum entropy

This kind of problem is indeed quite easy to solve with a good algorithm. It's a hard(!) inverse problem, meaning that there are many possible model solutions (guessed number combinations) that match your data (pixels). The weakest link is knowing exactly the blurring algorithm that was used.

In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.

"But, really..."

(from about 2/3 down the page):
So yes, I used an image against itself and designed it to work here. But the algorithem can surely be improved to work on real stuff. I don't have the time nor desire to improve this any further, though, because I'm not the one after your information.

Yeah, like: surely someone else can make it work - I've only described a fantasy in an article that'll work only under fabricated examples and circumstances and I don't want to put myself in a position of proving it unworkable in general use.

Re:Impossible!

the problem is more the fact that so many people on the internet use just a simple mosaic to do blurring. i can cite enough examples from google image search if i wanted to. others resort to applying a motion blur effect just once which can be reversed by deconvolution if it's not blurred enough. if you use the smudge tool, good for you, i don't think there's a good way to reverse that. the problem is that blurring and mosaic techniques are simple, consistent transformations, while smudging is not.

Re:

not always true. while it's reasonably good today, some day in the future, if we have 16-bit color channel depth ever become a standard (a 16-bit tiff for example), there will be enough data maintained at the edges of the blurred region to reconstruct the data. all you have to do is FFT the region, divide by a gaussian, inverse FFT, then keep repeating for different gaussians - this will basically divide out the system function used for blurring. 8-bit channels of today don't quite make it practical resolut

RTFA

The whole point of the article is that blurring and pixelating beyond recognition isn't enough. You don't need to see the original numbers, you just have to find numbers that blur to a similar blob. It's a dictionary attack with blur as a hash function.

You're new here, aren't you?

You're new here, aren't you?