Scaling & fuzzing: Personal image privacy from automated attacks in mobile cloud computing

摘要

The mobile cloud computing (MCC) paradigm provides a range of useful services to smart phone users and enhances the user experience significantly. But, as MCC requires the data to be offloaded to an external server, there are serious concerns regarding the privacy of the users' personal data such as images. For instance, a cloud server could perform image segmentation on user images to extract interesting artifacts such as restaurants, user's clothing preferences, tourist locations, participation in social events and so on, which characterize the user's personal life. The leakage of such private information could lead to milder consequences like targeted advertising or more serious consequences like identity theft. In this work, to protect the privacy of user images, we describe a privacy-preserving image filtering for mobile cloud computing that protects against automated inference attacks based on techniques like image segmentation. The key intuition of our approach is to leverage the inherent properties of the discrete Fourier transform (DFT), which transforms each image pixel into a complex value real and imaginary parts which can be processed independently. By dividing the image in this manner, we are able to process distinct parts of the image on different non-colluding servers and aggregate the results at the client. Furthermore, to prevent information leakage at individual servers, we obfuscate the data sent to any given server using an efficient reversible transformation. We prove our approach to be secure under the semi-honest model and non-colluding servers where at least one server does not collude with the rest of the servers. In comparison to the existing paradigm of outsourced privacy preserving computation, i.e., processing encrypted data using homomorphic encryption, our approach employs easy-to implement obfuscation techniques without any key management overhead at the client. Using experimental evaluation as well as information theoretic leakage evaluation, we show that our approach is efficient and suitable for users of mobile devices.