Storing Encrypted Photos in Google’s Cloud

New paper: “Encrypted Cloud Photo Storage Using Google Photos.”

Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user’s credentials give attackers unfettered access to all of the user’s photos. We have created Easy Secure Photos (ESP) to enable users to protect their photos on cloud photo services such as Google Photos. ESP introduces a new client-side encryption architecture that includes a novel format-preserving image encryption algorithm, an encrypted thumbnail display mechanism, and a usable key management system. ESP encrypts image data such that the result is still a standard format image like JPEG that is compatible with cloud photo services. ESP efficiently generates and displays encrypted thumbnails for fast and easy browsing of photo galleries from trusted user devices. ESP’s key management makes it simple to authorize multiple user devices to view encrypted image content via a process similar to device pairing, but using the cloud photo service as a QR code communication channel. We have implemented ESP in a popular Android photos app for use with Google Photos and demonstrate that it is easy to use and provides encryption functionality transparently to users, maintains good interactive performance and image quality while providing strong privacy guarantees, and retains the sharing and storage benefits of Google Photos without any changes to the cloud service

Posted on July 30, 2021 at 6:34 AM15 Comments


Beatrix Willius July 30, 2021 7:25 AM

Is it April 1st again with an “ESP” software for photos?

Photos need to be treated like any private data. Only public photos should be uploaded.

John Smith July 30, 2021 7:27 AM

And Google detects and blocks encrypted data masquerading as JPEG files in 3 – 2 – 1 …..

JR July 30, 2021 9:00 AM

Images should be treated like certificates, with a fixed validity period, after which it is scrambled..
Good luck in getting anyone to install some dubious “ESP” app

Peter Galbavy July 30, 2021 9:38 AM

Given one of the authors is Steve Bellovin, I think you can begin to trust the concept more that screaming about not installing an app on your phone. Just sayin’

CMYK July 30, 2021 12:26 PM

Personally, other than Google likely puckering up due to an inability to eat one’s PII; I absolutely welcome the idea. It cuts off some low hanging fruit. I’m not sure it’s an actual security layer though, maybe if drive is already protected via a password this is redundancy whether they’re encrypted or not?

SocraticGadfly July 30, 2021 1:40 PM

ESP will be found out to be not so secure as claimed, and/or be selling your data, in 3, 2, 1?

Etienne July 30, 2021 2:07 PM

Overkill Alert

I can see where smart phone users might want to secure their photo’s, but they don’t really want military grade cryptography. A very simple obfuscator would be adequate for 99% of the public.

For professional photographers, most would just want a mountable encrypted drive for their RAW image files.

kiwano July 30, 2021 2:36 PM


Anyone who’s ever had to make an insurance claim in the past decade or so, probably doesn’t think this technology is overkill. Sure 99% of the population doesn’t need that kind of privacy, but if we knew whether or not we’re in that 99%, we wouldn’t need to purchase insurance in the first place 😛

Martin July 31, 2021 3:53 AM

But why? What’s the point?

Sure, encryption is great, but why Google Photos? If you’re not using Photos’ gallery, fancy search, etc, then why not simply store the encrypted results in Google Drive, Dropbox, or some other equivalent service (in which case you wouldn’t need to try to pretend that these really are images).

The authors mentions that it retains the Photos’ “sharing” and “storage” benefits. Well, Drive/Dropbox/etc have equivalent sharing functionality, so sharing isn’t the reason. However, Photos used to provide free storage, so I suppose that’s the reason (though abusing that fact seems like a not-so-nice move). However, Google recently stopped offering free photo storage, so not even that is a reason for doing this nowadays.

I just can’t see why they didn’t use a service that was built for general-purpose file storage instead.

Winter July 31, 2021 5:00 AM

I do like the idea of client side encryption for photos, why stop there?

Instead of using Google photos et al, why not use an end-to-end encrypted storage?

I know that the likes of are less secure than rolling your own on your own cloud hosted storage, but for 99.9% of consumers, that should be enough. No one can access the storage without breaking into your endpoints. And if they break into your endpoints, you are toast anyway.

CMYK July 31, 2021 5:13 PM

the advantage of google v mega would be firewalls and inspectors.

but an anti device policy could stop it.

it could be used to strengthen workers rights.

lurker July 31, 2021 5:17 PM

What problem is this a solution for?
The main security flaw we all know about is described the paper, §2 Threat Model:

We assume that user devices with ESP clients are secure and trustworthy. Protecting users’ devices is an orthogonal concern that should be managed by device hardware or at the operating system level. A compromise of a user’s device would mean the attacker has access to the private keys that can be used to decrypt any encrypted images belonging to the user.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.