Robustness of Practical Perceptual Hashing Algorithms to Hash-Evasion and Hash-Inversion Attacks
This work addresses security concerns for applications relying on perceptual hashing to identify illegal online content, but it is incremental as it builds on existing evaluations.
The paper assessed the adversarial security of three widely used perceptual hashing algorithms (PhotoDNA, PDQ, NeuralHash) against hash-evasion and hash-inversion attacks, finding them significantly robust, with a defense method proposed to enhance security by introducing perturbations into hashes.
Perceptual hashing algorithms (PHAs) are widely used for identifying illegal online content and are thus integral to various sensitive applications. However, due to their hasty deployment in real-world scenarios, their adversarial security has not been thoroughly evaluated. This paper assesses the security of three widely utilized PHAs - PhotoDNA, PDQ, and NeuralHash - against hash-evasion and hash-inversion attacks. Contrary to existing literature, our findings indicate that these PHAs demonstrate significant robustness against such attacks. We provide an explanation for these differing results, highlighting that the inherent robustness is partially due to the random hash variations characteristic of PHAs. Additionally, we propose a defense method that enhances security by intentionally introducing perturbations into the hashes.