exposure starts right at the beginning of the ON period. Let
N = te/tl, which is the number of whole flicker cycles covered
by exposure time, and trem = (te mod tl), which is the remain-
ing duration after multiple whole cycles, and the light accu-
mulation of the brightest rows QB is:
( 3)
Since the brightest rows appear when the exposure captures
most ON periods possible (e.g., row 2 to row u in Figure 1(a) )
and rolling shutter effect converts temporal variation into
pixels with sampling interval ts, the width of QB is:
( 4)
Likewise, when the exposure captures least ON periods
possible (e.g., from row v to row w in Figure 1(a)), we get
the darkest rows with light accumulation QD:
( 5)
and the width of QD is:
( 6)
We refer to a collection of consecutive brightest rows as
“bright stripe” and consecutive dark rows as “dark stripe,”
as shown in Figure 1(b). In addition, there exist intermedi-
ate rows containing linear intensity transition between dark
and bright, referred to as “transitional stripe.”
Meanwhile, if the LED were not flickering and provided
the same average brightness, the pixel intensity would be:
( 7)
Since Dc ⋅ te remains constant within each frame, the image
captured under LiShield is equivalent to the original image
multiplied by a piecewise function (cf. Equations ( 3) and ( 5) ).
Other common camera parameters (i.e., ISO, white balance, and resolution) do not affect the structure of the
stripe pattern. By default, we assume that the attacker sets
the ISO to its minimum (typically 100) to maximally suppress noise.
Optimizing the LED waveform. Since the stripe pattern
follows a piecewise function, a closed form expression
of PSNR and SSIM becomes hard to analyze. We thus use
numerical simulation to evaluate the impact of LiShield,
based on the above model. We generate the piecewise function with QB(i, j), WB, QD(i, j), and WD and multiply it on reference images to obtain the disrupted image Q just like
the process inside real cameras. We assume ts = 1/75,000 s,
which matches the capability of a Nexus 5 camera. The quality metrics are calculated between the reference image P and
LiShield-corrupted image Q with same average intensity. We
make pixel intensity range infinite, which allows quantifying quality loss caused by overexposure.
By default, we use OOK waveform with frequency f = 100 Hz,
peak intensity Ip = 10 kLx, and duty cycle Dc = 0.5. We vary one
parameter while keeping others to the defaults. Note that the
typical light intensity is ∼700 Lx in office environments and
∼100,000 Lx outdoor in sunny days. Our numerical results
lead to the following design choices for LiShield.
(i) A single frequency cannot ensure robust protection. For a
given waveform frequency f, there exist several exposure time
settings that lead to high-quality images. This is because
when te ≈ N tl, the stripes become smoothed out (Figure 1(e) ).
Although the waveform parameters are unknown to the
attacker, a determined attacker may launch a brute-force
search for the te that satisfies this condition, thus circum-
venting the protection. To counteract such attackers, LiShield
includes a countermeasure called frequency randomization,
which we discuss in “Frequency scrambling” section.
(ii) LiShield must leverage overexposure to prevent
attackers from using long exposures. The image quality
increases with exposure time te, until overexposure happens, because longer exposure leads to more waveform
cycles being included as a constant base in the brightness of
the stripes (larger N in Equations ( 3) and ( 5) ), making the
contrast of stripes QB/QD lower and weakening the quality
degradation. LiShield should leverage overexposure to limit
attacker’s exposure time. On the other hand, when exposure
goes beyond a threshold, the image always suffers from
over-exposure. If not, the image is always corrupted due to
the dominance of stripes under LiShield’s frequency randomization mechanism (“Frequency scrambling” section).
With power efficiency and eye health in mind, LiShield
sets Ip to 20 kLx by default. Optimal parameters may vary
slightly across different scenes (e.g., different reflectivity)
but can be easily obtained by running the aforementioned
simulation.
2. 2. Circumventing potential attacks
Based on the foregoing analysis, we identify the following potential holes that can be exploited by attackers to
overcome the striping effect. (i) Manual exposure attack. If
an attacker can configure te to satisfy te ≈ N tl, it can guarantee that every row receives almost the same illumination,
thus eliminating the stripes during a capture (Figure 1(e)).
In practice, tl is unknown to the attacker, but it can try to
capture images with different te, until seeing a version without obvious stripes. (ii) Multiframe attack. When the scene is
static, an attacker may also combine multiple frames (
taking a video and playback) to mitigate the stripes with statistical clues, for example, by averaging or combining rows with
maximum intensities from multiple frames. Note that the
attacker must keep the camera highly stable, otherwise even
pixel-level shift will cause severe deformation when combining multiple frames. (iii) Post-processing attack. Common
postprocessing techniques (e.g., denoising and de-banding)
might be used to repair the corrupted images.
In what follows, we introduce countermeasures to the
first two attacks. In Section 6. 4, we will verify that LiShield’s
distortion does not fit empirical noise or banding models, so
the common post-processing schemes become ineffective.
Frequency scrambling. To thwart the manual exposure
attack, we design a frequency scrambling mechanism, which
packs multiple waveforms with different frequencies within
each image frame duration. Since the camera exposure time