Loading Seminars

« All Seminars

  • This seminar has passed.

Are perceptual hashing-based client-side scanning mechanisms robust to adversarial attacks?

11 August 2021 @ 3:00 pm - 4:00 pm

End-to-end encryption (E2EE) in messaging platforms enable people to securely and privately communicate with one another. Its widespread adoption has however raised concerns that illegal content might now be shared undetected. Following the global pushback against key escrow systems, client-side scanning based on perceptual hashing has been recently proposed by governments and researchers to detect illegal content in E2EE communications.

Last week, Apple announced that it will use client-side scanning to detect child sexual abuse material in iCloud photos, users’ personal photo libraries. The announcement has triggered concerns among experts about the trade-off achieved by client-side scanning mechanisms and the risk of them being misused.

In this talk, we will present what is to the best of our knowledge the first framework to evaluate the robustness of perceptual hashing-based client-side scanning which we proposed two months ago. We will present a general black-box attack against any perceptual hashing algorithm and two white-box attacks for discrete cosine-based algorithms. Using these, we will show in a large-scale evaluation that more than 99.9% of images can be successfully attacked in a black-box setting while preserving the content of the image. We will then show our attack to generate diverse perturbations, suggesting that straightforward mitigation strategies would be ineffective. Taken together, our results raise concerns on the robustness of perceptual hashing-based client-side scanning mechanisms to black-box adversarial machine learning attacks.

This talk is based on “Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning” by Shubham Jain*, Ana-Maria Cretu*, Yves-Alexandre de Montjoye and available as preprint here.


[NEW] Zoom Meeting: https://imperial-ac-uk.zoom.us/j/98149690180?pwd=V0lwVEc0dXlNM2dsYnR6SkNaUlFXdz09

[NEW] Meeting ID: 981 4969 0180
[NEW] Passcode: DG&.2b

YouTube Livestream: https://youtu.be/-EWHECuzxqc


11 August 2021
3:00 pm - 4:00 pm
Seminar Tags:


Yves-Alexandre de Montjoye (Imperial College London)

Yves-Alexandre de Montjoye is an Associate Professor at Imperial College London, where he heads the Computational Privacy Group. He currently is a Special Adviser on AI and Data Protection to EC Justice Commissioner Reynders and a Parliament-appointed expert to the Belgian Data Protection Agency (APD-GBA). In 2018-2019, he was a Special Adviser to EC Competition Commissioner Vestager co-authoring the Competition Policy for the Digital Era report. His research has been published in Science and Nature Communications and has enjoyed wide media coverage (BBC, CNN, New York Times, Wall Street Journal, Harvard Business Review, etc.). His work on the shortcomings of anonymization has appeared in reports of the World Economic Forum, FTC, European Commission, and the OECD. Yves-Alexandre worked for the Boston Consulting Group and acted as an expert for both the Bill and Melinda Gates Foundation and the United Nations. He received his PhD from MIT in 2015 and obtained, over a period of 6 years, an M.Sc. from UCLouvain in Applied Mathematics, an M.Sc. (Centralien) from École Centrale Paris, an M.Sc. from KULeuven in Mathematical Engineering as well as his B.Sc. in engineering from UCLouvain.

View Presenter Website

Leave a Reply