Security News > 2021 > July > Storing Encrypted Photos in Google’s Cloud

Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user's credentials give attackers unfettered access to all of the user's photos.

We have created Easy Secure Photos to enable users to protect their photos on cloud photo services such as Google Photos.

ESP encrypts image data such that the result is still a standard format image like JPEG that is compatible with cloud photo services.

ESP's key management makes it simple to authorize multiple user devices to view encrypted image content via a process similar to device pairing, but using the cloud photo service as a QR code communication channel.

We have implemented ESP in a popular Android photos app for use with Google Photos and demonstrate that it is easy to use and provides encryption functionality transparently to users, maintains good interactive performance and image quality while providing strong privacy guarantees, and retains the sharing and storage benefits of Google Photos without any changes to the cloud service.

News URL

https://www.schneier.com/blog/archives/2021/07/storing-encrypted-photos-in-googles-cloud.html