Secure ID: MyPhoto Uses AES-256 — The Highest Encryption Standard


MyPhoto allows the upload of a government ID — a driver’s license, passport, or other government-issued ID — to authenticate identity securely for web photo upload. This option is ideal for remote situations where students never physically step foot onto campus. You know the campus student ID is authentic.

As more schools embrace virtual learning and the online classroom, government ID upload provides a secure way of confirming students are who they say they are. Security in web photo upload is everything. 

But is the government ID itself secure from hackers in our system?

Absolutely! Our campus photo ID upload uses AES-256 (Advanced Encryption Standard) — the first and only publicly accessible cipher approved by the US National Security Agency (NSA) for protecting top-secret information. It’s the same type used by the likes of WhatsApp, Paypal, and the financial company Affirm. In fact, AES powers most encryption security on the web.


How AES Works


Web Photo Security

AES uses a hardware-based set of security modules and an AES engine to secure data. As the host writes data to a flash storage device, a Random Name Generator generates a 256-bit symmetric cipher key. This key is then passed to the AES engine, which encrypts the plain text (source data) into ciphertext (encrypted data). The encrypted ciphertext data is then sent to the NAND flash for storage.

To retrieve data from the storage device, these steps are reversed: the AES engine decrypts the ciphertext in the NAND flash, and then transmits data to the host in plain text. Since the whole process is done at the flash level, no host intervention is required. There’s no loss in performance nor slow down of data transfer.

The encrypted key is only available as a source in hash values with Super Admin access. Each key is 512 bytes in length with an SHA-512 hash algorithm. The protocol is not included in the MyPhoto code nor available as a resource file.

As soon as images are approved or disapproved, they are wiped from the MyPhoto system. Your campus photo IDs are protected and secured.


Why AES? Advantages & Considerations


The beauty of AES is its high complexity that ensures security for even top-secret government needs — without being too redundant or burdensome to suppress performance. It includes a robust settlement of round keys, byte substitution, shifting rows, and mixing columns to alter the data and prevent shortcut attacks using current methods and technology.

MyPhoto uses 256-bit AES — the highest security protocol available for private entities.


Securing Web Photo IDMinimal Security Issues


Technically, no code is 100% secure. Some degree of potential compromise will always exist. But rest assured cryptographers continually probe AES for weaknesses to ensure its integrity. So far, only theoretical breaks and side-channel attacks have been detected. Theoretical risks identified are estimated to take a billion years to break using current technology.

A series of related-key attacks were discovered globally by cryptographers in 2009. Related-key attacks are a type of cryptanalysis that observes how a cipher operates under different keys. The risk was only possible when certain protocols aren’t implemented properly. MyPhoto is designed to ensure these protocols are not compromised.

Side-channel attacks do pose a risk but only if the university’s system itself is leaking information. The attacker listens to the leaked data to gather algorithm inferences which can then be used to break the code.

MyPhoto further uses firewalls and virus protection to secure your system. This combined with your own effective password management and staff education should prevent data compromisation. We provide a secure campus photo ID — uploaded to the web through a fortified system of security that’s safe from hackers.