Protecting Visual Assets: Digital Image Counter-Forensics

Presented at Black Hat USA 2017, July 26, 2017, 5:05 p.m. (25 minutes).

They say an image is worth a thousand words, and surely that means it's worth spending a few words protecting. While most data security policies and practices today focus on primarily text or document-based asset hardening and protection, visual assets (e.g. photographs) are often left vulnerable to adversarial data collection. To use a simple yet damaging example, can you imagine posting a photo of a location-sensitive data center only to forget to remove GPS coordinates from the image's metadata? What about a student ID number seen on an Instagram feed, which, when coupled with photos of the same target's birthday party, can be used to obtain their university credentials?

Our talk will discuss various counter-forensic measures against both existent and emergent threats targeting image-centric intelligence gathering which adversaries may use to leverage target exploitation attacks.

Specifically, the problem is as follows: visual assets can inadvertently leak valuable information which should be kept private. The target may either not realize that the particular information is being leaked, or may realize that it is being leaked but may not consider the fact that the leaked information should be kept private in the first place. Our presentation will explore the myriad ways that images may be mined for said information, and in turn, offer counter-forensic techniques of preventing said data leakage by focusing on obfuscation, removal, and altercation of the leaked information.


Presenters:

  • Kenneth Brown - Mr., VMware
    Kenneth Brown (CISSP, PMP) is a Federal Program Manager at VMware, USA. Having transitioned from a Senior Consultant Role working with DoD customers, Kenny is currently managing a large federal healthcare program.
  • Nikita Mazurov - Dr, Malmo University
    Nikita Mazurov, PhD, is a Postdoctoral Researcher at the Living Archives Project, Malmo University, Sweden, focusing on privacy issues revolving around data archival.

Links:

Similar Presentations: