Secure OCR Pipelines

OCR is a unique security challenge because it involves converting unsearchable "images" (which might contain sensitive visual data) into searchable text.

The OCR Attack Surface

1. Malicious Images: An image could be crafted to visually look like text but contain "steganographic" data that triggers an exploit in the OCR engine (e.g. Tesseract or a cloud service).
2. Data Leakage in Transit: Many OCR services require uploading images to a cloud bucket. If that bucket is public, your data is at risk.
3. Ghost Text: OCR can misread characters in a way that creates "False Positives" in a security system (e.g. reading 'Permit: No' as 'Permit: Yes').

Building a Secure Pipeline

1. Local OCR (Air-Gapped)

Use libraries like Tesseract or server-side PaddleOCR within your own VPC. This ensures the raw images never leave your infrastructure.

2. Encryption at Rest & In-Transit

• S3 Encryption: Use AWS KMS to encrypt images at rest.
• SSL/TLS: Ensure all API calls to cloud OCR (like AWS Textract) are encrypted.

3. Image Sanitization

Before running OCR, strip all metadata (EXIF data) from the image. This prevents leaking the GPS coordinates or the device ID of the person who took the photo.

4. Limited Persona

Run the OCR service under a restricted IAM role that has "Write-Only" access to the destination text file and "Read-Only" access to the specific image bucket.

Case Study: Medical Records

A medical RAG system processing patient charts must ensure that the images are deleted immediately after the text is extracted and the "Job ID" is cleared.

Exercises

1. Look at the EXIF metadata of a photo taken with your phone. What "Sensitive" info do you see?
2. Why is "Local OCR" safer for internal banking documents?
3. How would you "Sanitize" an image programmatically using Python?