CN109409111A - It is a kind of to search for method generally towards encrypted image - Google Patents
It is a kind of to search for method generally towards encrypted image Download PDFInfo
- Publication number
- CN109409111A CN109409111A CN201811220283.5A CN201811220283A CN109409111A CN 109409111 A CN109409111 A CN 109409111A CN 201811220283 A CN201811220283 A CN 201811220283A CN 109409111 A CN109409111 A CN 109409111A
- Authority
- CN
- China
- Prior art keywords
- image
- search
- encrypted
- data
- feature vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Method is searched for generally towards encrypted image the invention discloses a kind of, communication is broadly divided into encryption and uploads and search for generally two parts between entity in this method, the participant that encryption uploads part includes data owner and Cloud Server, the participant for searching for part generally includes data access person and Cloud Server, searches for process generally and is not related to data owner;Can solve it is existing can search for the problem of encipherment scheme depends critically upon key, solve the problems, such as cipher key management difficult in distributed environment.This method saves key management overhead without executing the cipher key management operations such as key secure storage, key safe transmission;This method can execute image and search for generally operating without access mandate, save the expense of access mandate operation;This method can execute image decryption without decryption and authorization, simplify decryption process, while method guarantees correctness and certain safety.
Description
Technical field
The invention belongs to Internet technical fields, and in particular to a kind of to search for method generally towards encrypted image.
Background technique
The prosperity of the digital actives such as mobile phone browsing, Webpage search, social media application, causes data volume to explode.And Internet of Things
Net (IoT), autonomous driving vehicle, the emerging deployment of information sensor in the scenes such as video monitoring will inevitably lead to need
It collects, stores, access and use huge extra data, it is estimated that, until the year two thousand twenty, global metadata total amount is up to
40ZB.Obviously, these data are excavated with very big prospect, but be not limited access to bring user and data-privacy
Significant threat.It is considered for data carrying cost, data management cost, data storage efficiency etc. are various, big data cannot
The storage of centralization is used as conventional systems again, as the new models such as cloud computing, distributed storage are rapidly growing, more
Come more personal user and enterprise's selection for the data of oneself and business migration to cloud, by Cloud Server on behalf of storage and meter
It calculates, is paid wages with this to save data management expense and system maintenance.However cloud storage service provider is not believable, storage
Data on Cloud Server face the threat of privacy leakage.In order to guarantee the safety of cloud storage environment, user's selection is being uploaded
Data are encrypted before data, then by the storage of ciphertext data into Cloud Server, although this method protects data hidden
Private can still directly result in can not carry out normal semantic search to ciphertext data, download all ciphertext numbers from cloud server end
According to the mode for carrying out conventional semantic search after decryption again will lead to calculating and communication overhead is excessively high, and search efficiency is low.
Can search for encryption mechanism proposition make it possible in ciphertext data execute search operation, data owner will
Cloud server end is uploaded to after data encryption, Cloud Server not only can store ciphertext data but also can execute search to ciphertext data
Operation is without leak data privacy.In this approach, data owner needs to save data encryption key, so as to ciphertext number
According to being decrypted, and when non-data owner wants access to data, the operation such as access mandate, key management is also related to.?
That is can search for encryption mechanism is the mechanism for depending critically upon key, only possess key, could to ciphertext data into
Row decryption.
And in fully distributed working environment, the management of key is very difficult, for example, in an Internet of Things ring
In border, from different source collection mass data, these data need to be to be stored for camera and sensor, can be accessed in many ways,
So how to carry out key management is a major issue, and core problem does not generate and saves these keys, whom determines
These keys should be possessed, because not knowing that whom data owner is in this scene, this data are a kind of " each
The data of people ", everyone can submit data and everyone can access it, be difficult to judge that who should in this scene
With access authority.
In plaintext search process, it often case occur that between the input of search and target information and exist
Perhaps deviation.And user then wishes still return to target information in this case, i.e., user wishes that search process can be with
Realization is searched for generally, in search input there are still can normally execute search operation in the case where noisy data, is returned correct
Search result.Equally, cipher text searching operates the demand for equally having realization to search for generally.
Image data be in a kind of special data mode and daily life using most common data mode it
One, it is widely used in fields such as medical treatment, education, resident information management, design, social activities, these fields usually all construct
Large-scale image data base, and image data base is contracted out to Cloud Server, how to be realized in image data base efficient
The problem of picture search is also present researcher concern.
To sum up, how to realize encrypted image search for generally and how to cut down can search for encipherment scheme in distributed environment
Key management overhead and access mandate expense are a problem to be solved.
Summary of the invention
For the problems of the prior art, the present invention, which provides, a kind of searches for method, this method generally towards encrypted image
The proximity search of ciphertext image may be implemented, while this method can eliminate key management overhead and access mandate expense, simplifies
Process is decrypted, and ensure that certain safety and correctness.
Technical solution of the present invention:
A kind of to search for method generally towards encrypted image, the entity of participation mainly has tripartite: Cloud Server, data possess
Person and data access person.Wherein Cloud Server is the half sincere storage equipment for storing encrypted image information, and data owner is
The holder of raw image data, data access person are data query sides, may exist one or more data access in scheme
Person, data owner can also be used as data access person, three's progress information exchange.
The Cloud Server stores tally set, encrypted image and the symmetric key of encryption secret shadow to encryption data
Library.Its function in this programme includes constructing Security Index for encrypting database, receives the search token of data access person, holds
Row searches for generally operating and the person's fuzzy search results that return to data access.
Data owner's initial method parameter generates symmetric key, mentions to local original image to be encrypted
Characteristic pattern vector is taken, image tag collection is generated using feature vector, image is encrypted, encrypted image is used symmetrical close
Key carries out privacy sharing, and the secret shadow after privacy sharing is split encrypts.Finally by tally set, encryption image and
The symmetric key secret shadow of encryption is uploaded to Cloud Server together and is stored.
The data access person sends mould to Cloud Server to search image zooming-out feature vector, building search token
Searching request is pasted, restores key from the fuzzy search results that Cloud Server returns, and then decrypt original image.
Communication is broadly divided into encryption and uploads and search for generally two parts between entity in this programme, and encryption uploads the ginseng of part
It include data owner and Cloud Server with person, the participant for searching for part generally includes data access person and Cloud Server, mould
Paste search process is not related to data owner, eliminates key management overhead and access mandate expense, simplifies decryption process.
It is a kind of to search for method generally towards encrypted image, include the following steps:
Step 1: data owner pre-processes the original image of storage to be encrypted, and image is extracted from original image
Feature describes image using characteristics of image, and then realizes similar image search.
Step 2: image is encrypted in the data owner, encrypts original image using symmetric encryption method,
Symmetric key is subjected to privacy sharing again, and secret shadow is encrypted, in addition, also to generate label for image;
Step 3: the encryption information of original image is sent to Cloud Server and stored by the data owner, including is added
Close image, encrypted symmetric key secret shadow and image tag collection;
Step 4: the Cloud Server constructs Security Index according to encryption data;
Step 5: the data access person searches for token according to search picture construction, and search token is sent to the cloud
Server;
Step 6: the Cloud Server carries out similar image search according to the search token and Security Index received, if searching
Rope image and encrypted image are then returned the encrypted image as similar image there are the feature vector of number of thresholds is similar, if searching
It is similar that rope image and encrypted image are unsatisfactory for number of thresholds feature vector, does not return to the encrypted image;
Step 7: the similar image of return is decrypted in the data access person, recovers original image.
Further, the pretreatment operation of above-mentioned steps 1 can extract characteristics of image from original image, utilize image
The visual characteristic of feature description graph picture.
Optionally, the step 1 includes:
Data owner executes local feature extraction algorithm to original image, extracts the feature of the preceding n characteristic point of image
Vector, that is, V=(V1,V2,…Vn);
Further, the cryptographic operation of above-mentioned steps 2 is executed by data owner, mainly realizes image encryption, symmetrical close
The encryption of key secret shadow and image tag collection calculate.
Optionally, the step 2 includes:
Step 2-1: according to system security parameter, the data owner generates key K, executes symmetric cryptography to image and calculates
Method, key K generate encrypted image C;
Step 2-2: privacy sharing algorithm is executed to symmetric key K, K is split into n secret shadow (s1,…,sn),
The quantity of image feature vector of quantity and extraction of the secret shadow of fractionation is consistent;
Step 2-3: building expanding location sensitive hash function (eLSH), for solving asking for high dimensional data proximity search
Topic;
Step 2-3: to the feature vector V of original imagei∈ V (i ∈ [n]) executes eLSH, obtains L cryptographic Hash gj(Vi)
(j∈[L]);
Step 2-4: selected hash function H calculates H (gj(Vi)) (j ∈ [L]), by H (gj(Vi)) corresponding as key pair
Privacy sharing share siIt is encrypted to obtain share siA ciphertext, L encryption symmetric key secret shadow
Form share siSecret encryption share set EncShi;
Step 2-5: selected hash function G calculates G (gj(Vi)) it is used as identification characteristics vector ViA label, L mark
Sign G (gj(Vi)) (j ∈ [L]) composition characteristic vector ViTag set Tagsi, and then obtain feature vector ViSecret encryption part
Volume set and tag set CTi, i.e. CTi←EncShi||Tagsi;
Step 2-3 and subsequent step are repeated, until completing aforesaid operations to n feature vector.
Further, above-mentioned steps 4 construct the operation of Security Index, can generate index for encrypting database to improve mould
Paste the efficiency of search.
Optionally, step 4 building is by Hash barrel number and chained list index dimerous, using label value as mark
The barrel number Bucket_id of Hash bucket stores the data element in the Hash bucket with chained list Bucket_list, in a Hash bucket
There are multiple data elements, the label of data element has overlapping in the same Hash bucket.Step 4 specifically includes:
Step 4-1: data element C is extracted from encrypting database DB | | CT, wherein CT=CT1∪CT2…∪CTn, CTi
Indicate feature vector ViUnder secret encryption share set and tag set;
Step 4-2: CT is spliti=EncShi||Tagsi, obtain the feature vector V of encrypted imageiCorresponding tag set
Tagsi,
Step 4-3: pass through feature vector ViLabelTo identify encrypted image, and then building Hash barrel structure, bucket
Number(ID (C), ID (V), ID (Tags)) is stored in bucket, identifies the feature vector V of encrypted image Ci?
J-th of label.
Optionally, the step 5 includes:
Step 5-1: the data access person executes the local shape factor algorithm in step 1 to search image, extracts figure
Feature vector, that is, V '=(V of the preceding n characteristic point of picture1′,V2′,…Vn′);
Step 5-2: to the feature vector V of search imagei' ∈ V ' (i ∈ [n]) executes eLSH, obtains L cryptographic Hash gj
(Vi′)(j∈[L]);
Step 5-3: G (g is calculatedj(Vi)) it is used as identification characteristics vector ViA label, L label G (gj(Vi))(j∈
[L]) composition characteristic vector ViTag set T [i], tally set T=T [1] ∪ T [2] ∪ ... the ∪ T [n] of n feature vector makees
For the image search token and send it to the Cloud Server.
Further, above-mentioned steps 6 determine that the approximate standard of image is the feature vector phase that two images have number of thresholds
Seemingly, determine that the similar standard of two feature vectors is the label that two feature vectors have overlapping.
Optionally, the step 6 includes:
Step 6-1: according to search token lookup Security Index, all and search matched Hash bucket of token is found, is extracted
Element (ID (C), ID (V), ID (Tags)) in Hash bucket arrives set Ctmp(T) in;
Step 6-2: set of computations Ctmp(T) frequency that each encrypted image identifier ID (C) in occurs, frequency represent
The quantity of the encrypted image and search image similar features vector;
Step 6-3: whether the frequency for judging that ID (C) occurs is greater than threshold value, if so, thinking encrypted image C and search
Image is similar, and encrypted image C is added to similar image set Cclose(T) in;
Step 6-4: the Cloud Server is by Cclose(T) the data access person is returned to.
Further, 7 decrypted image of above-mentioned steps operates, it is necessary first to decrypt symmetric key secret shadow, then by right
Claim cipher key secret share to reconstruct symmetric key used in encrypted image, finally goes out original graph using the symmetric key decryption
Picture.
Optionally, the step 7 includes:
Step 7-1: the data access person judges whether there is G (g according to the feature vector of search imagej(Vi′))∈
TagsiIt sets up, such as if so, utilize H (gj(Vi')) decryptionObtain the secret shadow s of symmetric keyi, by siAddition
Into set Shares.
Step 7-1 is repeated until judging whole feature vectors of search image.
Step 7-2: the restructing algorithm of privacy sharing is executed to set Shares, recovers the symmetric key K of encrypted image.
Step 7-3: being decrypted encrypted image C using symmetric key K, restores original image.
The device have the advantages that as follows:
It is of the invention it is a kind of search for method generally towards encrypted image, can solve that existing to can search for encipherment scheme serious
The problem of dependent on key, solves the problems, such as cipher key management difficult in distributed environment.This method is without executing key safety
The cipher key management operations such as storage, key safe transmission, save key management overhead;This method can be executed without access mandate
Image is searched for generally operating, and saves the expense of access mandate operation;This method can execute image decryption without decryption and authorization,
Decryption process is simplified, while method guarantees correctness and certain safety.
Detailed description of the invention
Fig. 1 searches for method configuration diagram generally towards encrypted image for the present invention;
Fig. 2 searches for eLSH product process figure in method generally towards encrypted image for the present invention;
Fig. 3 searches for image encryption flow chart in method generally towards encrypted image for the present invention;
Fig. 4 searches for symmetric key secret shadow encryption flow figure in method generally towards encrypted image for the present invention;
Fig. 5 searches for label product process figure in method generally towards encrypted image for the present invention;
Fig. 6 searches for method safety index structure schematic diagram generally towards encrypted image for the present invention;
Fig. 7 is that search in method Security Index of the present invention towards encrypted image generates flow chart;
Fig. 8, which is the present invention, searches for search token product process figure in method generally towards encrypted image;
Fig. 9 be the present invention towards encrypted image search for generally search for flow chart in method generally.
Specific embodiment
In order to preferably explain the present invention, in order to understand, with reference to the accompanying drawing, by specific embodiment, to this hair
It is bright to be described in detail.
Present embodiment searches for method framework generally towards encrypted image, as shown in Figure 1, method includes three types
Entity.One is data owner (owner of image data), the second is Cloud Server (is responsible for storage encryption data and structure
Build Security Index), the third is data access person (data owner can also be used as data access person).As can be seen from Figure 1
Data access person is first handled original image, obtains encrypted image, tag set and encrypted symmetric key secret shadow
Collection, which merges, is uploaded to Cloud Server, and then, Cloud Server is stored to it and constructed Security Index, data access person into
When row inquiry, using search picture construction search token and to send to Cloud Server, Cloud Server utilizes search token and peace
Full index executes the operation searched for generally, the person's search result that returns to data access, and data owner utilizes search image reconstruction
The decryption of key pair search result.
It is a kind of to search for method generally towards encrypted image mainly and have following steps composition:
Step 1: data owner extracts image local feature, extracts image feature vector by executing ORB algorithm, utilizes
Image feature vector describes image.Detailed process are as follows:
Step 1-1: setting and extract characteristics of image quantity as n, executes ORB algorithm and carries out characteristic point detection, extracts image
Preceding n characteristic point;
Step 1-2: son is described using the binary features of 256 dimensions to each characteristic point and is described, that is, uses 256bit
Feature vector ViThe binary features of n 256 dimension are described sub- V as the feature vector of image, V=(V by Expressive Features point1,
V2,…Vn);
Step 2: encrypted image, encrypted image mainly include encryption original image, encrypted symmetric key secret shadow and life
At three parts of label, and this three is uploaded into Cloud Server;
Specific preparation is as follows:
Firstly, symmetric key needed for generating encrypted image, image encryption is the thought using symmetric cryptography, the present embodiment
The middle encryption method used is AES, by calling the AutoSeededRandomPool in Crypto++ function library to be at random
Aes algorithm generates symmetric key, generates the symmetric key K that length is 128bit.
Secondly, being generated expanding location sensitive hash function (eLSH), this reality to solve the problems, such as high dimensional data proximity search
It applies in example mainly using the expanding location sensitive hash family of functions projected based on random bit, i.e. position sensitive hash family of functions
(L, k)-eLSH extension, eLSH is by L hash function gi() composition, wherein gi(x)=(hi,1(x),hi,2(x),…,hi,k
(x)),As shown in Fig. 2, generating giThe detailed process of () are as follows:
1) data owner generates the random value r between k 0-255 range using rand () functionj(j ∈ [k]) is generated
Random number seed when rand () generation random number is set during random value using function srand (), by being arranged not
With seed, available different random number sequence, in the realization of this system, generated using system clock it is different with
The several sons of machine, i.e., by srand, ((unsignedint) (time (NULL)) generates k random value rj(j∈[k]);
2) data owner utilizes riGenerate random bit projection function
3) k-bit random bit projection function g is generatedi(x)=(hi,1(x),hi,2(x),…,hi,k(x))。
4) step 1) and subsequent step are repeated, until generating L gi() forms eLSH=(g1(x),g2
(x),…,gL(x))。
Step 2 detailed process are as follows:
Step 2-1: data owner encrypts original image, generates image ciphertext C;
As shown in figure 3, the detailed process of step 2-1 are as follows:
1) piecemeal processing is carried out as unit of byte to original digital image, sequentially from the upper left corner of image to the lower right corner
The matrix for dividing the image into 4 × 4, for be not 4 × 4 multiple character matrix, zero padding is carried out to the ranks of lower right square;
2) AES encryption, key K are carried out to each 4 × 4 matrix, and encrypted result is newly stored into former piecemeal;
3) these piecemeals are sequentially connected to the ciphertext as original image.
Step 2-2: data owner executes privacy sharing algorithm, splits symmetric key K, detailed process are as follows:
1) a Big prime p is chosen, (t-1) a element a is then arbitrarily choseni, i=1,2 ..., t-1 constitute t-1 rank
Polynomial f (x)=a0+a1x+…+at-1xt-1Modp, so that f (0)=a0=K;
2) key K is split into n secret shadow, wherein n is the quantity of the feature vector of image zooming-out, from ZpMiddle selection
N different parameter { d1,d2,…,dnBe used to identify n participant, secret shadow s is calculated for all participantsi=f
(di), i ∈ [n];
Step 2-3: data owner's encrypted symmetric key secret shadow, as shown in figure 4, detailed process are as follows:
1) to feature vector ViELSH is executed, L cryptographic Hash g is generatedj(Vi)(j∈[L]);
2) to L cryptographic Hash gj(Vi) SHA1 algorithm H is applied, generate L hashed value H (gj(Vi))(i∈[n],j∈
[L]), using this L hashed value as secret encryption share siL key, i.e.,
3) L key is utilizedTo secret shadow siAES encryption algorithm is executed, secret shadow s is obtainediL
A ciphertext
It repeats the above process, until all being encrypted to n secret shadow.
Step 2-4: tag set is generated for image, as shown in figure 5, detailed process are as follows:
1) to feature vector ViELSH is executed, L cryptographic Hash g is generatedj(Vi)(j∈[L]);
2) to L cryptographic Hash gj(Vi) SHA1 algorithm G is applied, generate L hashed value G (gj(Vi))(i∈[n],j∈
[L]), using this L hashed value as identification characteristics vector ViLabel,
It repeats the above process, until generating label for n feature vector.
Step 3: to improve search efficiency, the data with same label are stored in together building Security Index by Cloud Server
In one Hash bucket, and using label value as barrel number, Security Index structure as shown in FIG. 6 is generated, from fig. 6, it can be seen that peace
Full index structure be the multiple Hash buckets constructed according to encrypting database, and the barrel number of Hash bucket is label value, in a Hash bucket
There are multiple set of metadata of similar data, each data has a unique identifier (ID (C), ID (V), ID (Tags)).Such as Fig. 7
It is shown, construct the detailed process of Security Index are as follows:
Step 3-1: data element C is extracted from encrypting database DB | | CT, CT=CT1∪CT2…∪CTn, CTiIt indicates
Feature vector ViUnder secret encryption share set and tag set;
Step 3-2: CT is spliti=EncShi||Tagsi, obtain the feature vector V of encrypted imageiCorresponding tag set
Tagsi,
Step 3-3: pass through feature vector ViLabelTo identify encrypted image, and then building Hash barrel structure, head
First, it searches whether that there are already existing Hash buckets, if it does not exist, constructs Hash bucketAnd will (ID (C),
ID (V), ID (Tags)) it is put into the Hash bucket;The Hash bucket constructed if it exists, willWith the bucket of generated Hash bucket
It number is matched, if equal, (ID (C), ID (V), ID (Tags)) is put into the Hash bucket, if unequal, create Hash bucket(ID (C), ID (V), ID (Tags)) is put into the Hash bucket.
Step 4: data access person holds search picture construction search token, and search token is sent to Cloud Server, such as
Shown in Fig. 8, the detailed process of building search token are as follows:
Step 4-1: data access person to search image execute step 1-1 and step 1-2, extract search image feature to
Measure V '=(V1′,V2′,…Vn′);
Step 4-2: for each feature vector Vi' ∈ V ' (i ∈ [n]) carries out eLSH, then to L Hash result gj
(Vi') SHA-1 algorithm G is executed, G (g will be exportedj(Vi')) it is used as ViTally set T [i];
Step 4-2 is repeated, until for n characteristic vector pickup outgoing label collection of search image, as searching for search image
Rope token T, i.e. T=T [1] ∪ T [2] ∪ ... ∪ T [n].
Step 5: Cloud Server receives search token, executes similar image using search token and Security Index and searches for, such as
Shown in Fig. 9, detailed process is searched for generally are as follows:
Step 5-1: it according to search token lookup Security Index, finds and the search matched Hash bucket of token;
Step 5-2: the element (ID (C), ID (V), ID (Tags)) extracted in matched Hash bucket arrives set Ctmp(T) in;
Step 5-3: C in set of computationstmp(T) frequency that each encrypted image identifier ID (C) occurs, is denoted as
Match, frequency represent the encrypted image and search for the quantity of image similar features vector;
Step 5-4: judging whether match is greater than threshold value thr, if match > thr, then it is assumed that the encrypted image and search graph
As similar, encrypted image C is added to similar image set Cclose(T) in.
Cloud Server will set Cclose(T) it is returned as fuzzy search results.
Step 6: the result for searching for generally returning is decrypted in data access person, restores plaintext image, detailed process are as follows:
Step 6-1: judge G (gj(Vi′))∈TagsiIt is whether true, such as if so, utilize H (gj(Vi')) decryption EncSh
[j] obtains the secret shadow s of symmetric keyi, by siIt is added in set Shares;
Step 6-2: executing the restructing algorithm of privacy sharing to set Shares, draws the element application in set Shares
Ge Lang interpolation formulaRecover the symmetric key K of encrypted image;
Step 6-3: AES decipherment algorithm is executed to encrypted image C using symmetric key K, recovers original image.
Claims (7)
1. a kind of search for method generally towards encrypted image, which comprises the steps of:
Step 1: data owner pre-processes the original image of storage to be encrypted, and it is special that image is extracted from original image
Sign describes image using characteristics of image, and then realizes similar image search;
Step 2: image is encrypted in the data owner, encrypts original image using symmetric encryption method, then will
Symmetric key carries out privacy sharing, and encrypts to secret shadow, generates label for image;
Step 3: the encryption information of original image is sent to Cloud Server and stored by the data owner, the encryption
Information includes encrypted image, encrypted symmetric key secret shadow and image tag collection;
Step 4: the Cloud Server constructs Security Index according to encryption data;
Step 5: data access person searches for token according to search picture construction, and search token is sent to the Cloud Server;
Step 6: the Cloud Server carries out similar image search according to the search token and Security Index received, if search graph
As to encrypted image there are the feature vector of number of thresholds it is similar then using the encrypted image as similar image return, if search graph
It is similar as being unsatisfactory for number of thresholds feature vector to encrypted image, the encrypted image is not returned;
Step 7: the similar image of return is decrypted in the data access person, recovers original image.
2. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 1
Pretreatment operation, characteristics of image is extracted from original image, the visual characteristic of image is described using characteristics of image;Specifically:
Data owner executes local feature extraction algorithm to original image, extracts the feature vector i.e. V=of the preceding n characteristic point of image
(V1,V2,…Vn)。
3. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 2
Include:
Step 2-1: according to system security parameter, the data owner generates key K, executes symmetric encipherment algorithm to image,
Key is K, generates encrypted image C;
Step 2-2: privacy sharing algorithm is executed to symmetric key K, K is split into n secret shadow (s1,…,sn), it splits
Secret shadow quantity it is consistent with the quantity of the image feature vector of extraction;
Step 2-3: building expanding location sensitive hash function (eLSH), for solving the problems, such as high dimensional data proximity search;
Step 2-3: to the feature vector V of original imagei∈ V (i ∈ [n]) executes eLSH, obtains L cryptographic Hash gj(Vi)(j∈
[L]);
Step 2-4: selected hash function H calculates H (gj(Vi)) (j ∈ [L]), by H (gj(Vi)) it is used as the corresponding secret of key pair
Shared share siIt is encrypted to obtain share siA ciphertext, L encryption symmetric key secret shadowGroup composition
Volume siSecret encryption share set EncShi;
Step 2-5: selected hash function G calculates G (gj(Vi)) it is used as identification characteristics vector ViA label, L label G (gj
(Vi)) (j ∈ [L]) composition characteristic vector ViTag set Tagsi, and then obtain feature vector ViSecret encryption share collection
It closes and tag set CTi, i.e. CTi←EncShi||Tagsi;
Step 2-3 and subsequent step are repeated, until completing aforesaid operations to n feature vector.
4. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 4
Building is used by Hash barrel number and chained list index dimerous using label value as the barrel number Bucket_id of mark Hash bucket
Chained list Bucket_list stores the data element in the Hash bucket, and there are multiple data elements, the same Kazakhstan in a Hash bucket
The label of data element has overlapping in uncommon bucket;Specific step is as follows:
Step 4-1: data element C is extracted from encrypting database DB | | CT, wherein CT=CT1∪CT2…∪CTn, CTiIndicate special
Levy vector ViUnder secret encryption share set and tag set;
Step 4-2: CT is spliti=EncShi||Tagsi, obtain the feature vector V of encrypted imageiCorresponding tag set Tagsi,
Step 4-3: pass through feature vector ViLabelTo identify encrypted image, and then building Hash barrel structure, barrel number(ID (C), ID (V), ID (Tags)) is stored in bucket, identifies the feature vector V of encrypted image Ci?
J label.
5. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 5
Include:
Step 5-1: the data access person executes the local shape factor algorithm in step 1 to search image, extracts image
Feature vector, that is, V '=(V of preceding n characteristic point1′,V2′,…Vn′);
Step 5-2: to the feature vector V of search imagei' ∈ V ' (i ∈ [n]) executes eLSH, obtains L cryptographic Hash gj(Vi′)(j
∈[L]);
Step 5-3: G (g is calculatedj(Vi)) it is used as identification characteristics vector ViA label, L label G (gj(Vi))(j∈[L])
Composition characteristic vector ViTag set T [i], tally set T=T [1] ∪ T [2] ∪ ... the ∪ T [n] of n feature vector was as should
The search token of image simultaneously sends it to the Cloud Server.
6. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 6
Determine that the approximate standard of image is that two images have the feature vector of number of thresholds similar, determines the similar mark of two feature vectors
There are the label of overlapping, specific steps for two feature vectors in standard are as follows:
Step 6-1: according to search token lookup Security Index, all and search matched Hash bucket of token is found, Hash is extracted
Element (ID (C), ID (V), ID (Tags)) in bucket arrives set Ctmp(T) in;
Step 6-2: set of computations Ctmp(T) frequency that each encrypted image identifier ID (C) in occurs, frequency, which represented, to be added
The quantity of close image and search image similar features vector;
Step 6-3: whether the frequency for judging that ID (C) occurs is greater than threshold value, if so, thinking encrypted image C and search image
It is similar, encrypted image C is added to similar image set Cclose(T) in;
Step 6-4: the Cloud Server is by Cclose(T) the data access person is returned to.
7. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 7
Decrypted image operation, it is necessary first to decrypt symmetric key secret shadow, then encryption figure is reconstructed by symmetric key secret shadow
As used symmetric key, finally go out original image using the symmetric key decryption, specifically:
Step 7-1: the data access person judges whether there is G (g according to the feature vector of search imagej(Vi′))∈TagsiAt
It is vertical, such as if so, utilize H (gj(Vi')) decryptionObtain the secret shadow s of symmetric keyi, by siIt is added to set
In Shares;Step 7-1 is repeated until judging whole feature vectors of search image;
Step 7-2: the restructing algorithm of privacy sharing is executed to set Shares, recovers the symmetric key K of encrypted image;
Step 7-3: being decrypted encrypted image C using symmetric key K, restores original image.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2018111674947 | 2018-10-08 | ||
CN201811167494 | 2018-10-08 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109409111A true CN109409111A (en) | 2019-03-01 |
CN109409111B CN109409111B (en) | 2021-09-17 |
Family
ID=65468582
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811220283.5A Active CN109409111B (en) | 2018-10-08 | 2018-10-19 | Encrypted image-oriented fuzzy search method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109409111B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110727951A (en) * | 2019-10-14 | 2020-01-24 | 桂林电子科技大学 | Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function |
CN111651779A (en) * | 2020-05-29 | 2020-09-11 | 广西师范大学 | Privacy protection method for encrypted image retrieval in block chain |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106815350A (en) * | 2017-01-19 | 2017-06-09 | 安徽大学 | Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment |
CN107480163A (en) * | 2017-06-19 | 2017-12-15 | 西安电子科技大学 | The efficient ciphertext image search method of secret protection is supported under a kind of cloud environment |
-
2018
- 2018-10-19 CN CN201811220283.5A patent/CN109409111B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106815350A (en) * | 2017-01-19 | 2017-06-09 | 安徽大学 | Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment |
CN107480163A (en) * | 2017-06-19 | 2017-12-15 | 西安电子科技大学 | The efficient ciphertext image search method of secret protection is supported under a kind of cloud environment |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110727951A (en) * | 2019-10-14 | 2020-01-24 | 桂林电子科技大学 | Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function |
CN110727951B (en) * | 2019-10-14 | 2021-08-27 | 桂林电子科技大学 | Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function |
CN111651779A (en) * | 2020-05-29 | 2020-09-11 | 广西师范大学 | Privacy protection method for encrypted image retrieval in block chain |
CN111651779B (en) * | 2020-05-29 | 2022-03-18 | 广西师范大学 | Privacy protection method for encrypted image retrieval in block chain |
Also Published As
Publication number | Publication date |
---|---|
CN109409111B (en) | 2021-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Hao et al. | Towards efficient and privacy-preserving federated deep learning | |
CN106127075B (en) | Encryption method can search for based on secret protection under a kind of cloud storage environment | |
CN108632248B (en) | Data ciphering method, data query method, apparatus, equipment and storage medium | |
JP6180177B2 (en) | Encrypted data inquiry method and system capable of protecting privacy | |
US20130262863A1 (en) | Searchable encryption processing system | |
Cui et al. | Harnessing encrypted data in cloud for secure and efficient mobile image sharing | |
CN107113286A (en) | The roaming content erasing operation of striding equipment | |
CN108400970A (en) | Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment | |
Guo et al. | Enabling secure cross-modal retrieval over encrypted heterogeneous IoT databases with collective matrix factorization | |
CN109361644A (en) | A kind of Fog property base encryption method for supporting fast search and decryption | |
CN115269938B (en) | Homomorphic encryption-based keyword track hiding query method, system and related device | |
CN113411323B (en) | Medical record data access control system and method based on attribute encryption | |
Yuan et al. | Towards privacy-preserving and practical image-centric social discovery | |
CN112000632A (en) | Ciphertext sharing method, medium, sharing client and system | |
CN109934001A (en) | A kind of data ciphering method based on normal cloud model | |
Cui et al. | Harnessing encrypted data in cloud for secure and efficient image sharing from mobile devices | |
CN115767722A (en) | Indoor positioning privacy protection method based on inner product function encryption in cloud environment | |
CN113630250B (en) | Model training method and system based on data encryption | |
CN109409111A (en) | It is a kind of to search for method generally towards encrypted image | |
CN113436008A (en) | Loan purpose monitoring method and device, storage medium and electronic equipment | |
CN107360252A (en) | A kind of Data Access Security method that isomery cloud domain authorizes | |
CN116248289A (en) | Industrial Internet identification analysis access control method based on ciphertext attribute encryption | |
Shankar et al. | An optimal lightweight cryptographic hash function for secure image transmission in wireless sensor networks | |
CN114547684A (en) | Method and device for protecting multi-party joint training tree model of private data | |
Hsu et al. | Private data preprocessing for privacy-preserving Federated Learning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |