CN109409111A - It is a kind of to search for method generally towards encrypted image - Google Patents

It is a kind of to search for method generally towards encrypted image Download PDF

Info

Publication number
CN109409111A
CN109409111A CN201811220283.5A CN201811220283A CN109409111A CN 109409111 A CN109409111 A CN 109409111A CN 201811220283 A CN201811220283 A CN 201811220283A CN 109409111 A CN109409111 A CN 109409111A
Authority
CN
China
Prior art keywords
image
search
encrypted
data
feature vector
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811220283.5A
Other languages
Chinese (zh)
Other versions
CN109409111B (en
Inventor
周福才
张宗烨
秦诗悦
贾强
徐紫枫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northeastern University China
Original Assignee
Northeastern University China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northeastern University China filed Critical Northeastern University China
Publication of CN109409111A publication Critical patent/CN109409111A/en
Application granted granted Critical
Publication of CN109409111B publication Critical patent/CN109409111B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Method is searched for generally towards encrypted image the invention discloses a kind of, communication is broadly divided into encryption and uploads and search for generally two parts between entity in this method, the participant that encryption uploads part includes data owner and Cloud Server, the participant for searching for part generally includes data access person and Cloud Server, searches for process generally and is not related to data owner;Can solve it is existing can search for the problem of encipherment scheme depends critically upon key, solve the problems, such as cipher key management difficult in distributed environment.This method saves key management overhead without executing the cipher key management operations such as key secure storage, key safe transmission;This method can execute image and search for generally operating without access mandate, save the expense of access mandate operation;This method can execute image decryption without decryption and authorization, simplify decryption process, while method guarantees correctness and certain safety.

Description

It is a kind of to search for method generally towards encrypted image
Technical field
The invention belongs to Internet technical fields, and in particular to a kind of to search for method generally towards encrypted image.
Background technique
The prosperity of the digital actives such as mobile phone browsing, Webpage search, social media application, causes data volume to explode.And Internet of Things Net (IoT), autonomous driving vehicle, the emerging deployment of information sensor in the scenes such as video monitoring will inevitably lead to need It collects, stores, access and use huge extra data, it is estimated that, until the year two thousand twenty, global metadata total amount is up to 40ZB.Obviously, these data are excavated with very big prospect, but be not limited access to bring user and data-privacy Significant threat.It is considered for data carrying cost, data management cost, data storage efficiency etc. are various, big data cannot The storage of centralization is used as conventional systems again, as the new models such as cloud computing, distributed storage are rapidly growing, more Come more personal user and enterprise's selection for the data of oneself and business migration to cloud, by Cloud Server on behalf of storage and meter It calculates, is paid wages with this to save data management expense and system maintenance.However cloud storage service provider is not believable, storage Data on Cloud Server face the threat of privacy leakage.In order to guarantee the safety of cloud storage environment, user's selection is being uploaded Data are encrypted before data, then by the storage of ciphertext data into Cloud Server, although this method protects data hidden Private can still directly result in can not carry out normal semantic search to ciphertext data, download all ciphertext numbers from cloud server end According to the mode for carrying out conventional semantic search after decryption again will lead to calculating and communication overhead is excessively high, and search efficiency is low.
Can search for encryption mechanism proposition make it possible in ciphertext data execute search operation, data owner will Cloud server end is uploaded to after data encryption, Cloud Server not only can store ciphertext data but also can execute search to ciphertext data Operation is without leak data privacy.In this approach, data owner needs to save data encryption key, so as to ciphertext number According to being decrypted, and when non-data owner wants access to data, the operation such as access mandate, key management is also related to.? That is can search for encryption mechanism is the mechanism for depending critically upon key, only possess key, could to ciphertext data into Row decryption.
And in fully distributed working environment, the management of key is very difficult, for example, in an Internet of Things ring In border, from different source collection mass data, these data need to be to be stored for camera and sensor, can be accessed in many ways, So how to carry out key management is a major issue, and core problem does not generate and saves these keys, whom determines These keys should be possessed, because not knowing that whom data owner is in this scene, this data are a kind of " each The data of people ", everyone can submit data and everyone can access it, be difficult to judge that who should in this scene With access authority.
In plaintext search process, it often case occur that between the input of search and target information and exist Perhaps deviation.And user then wishes still return to target information in this case, i.e., user wishes that search process can be with Realization is searched for generally, in search input there are still can normally execute search operation in the case where noisy data, is returned correct Search result.Equally, cipher text searching operates the demand for equally having realization to search for generally.
Image data be in a kind of special data mode and daily life using most common data mode it One, it is widely used in fields such as medical treatment, education, resident information management, design, social activities, these fields usually all construct Large-scale image data base, and image data base is contracted out to Cloud Server, how to be realized in image data base efficient The problem of picture search is also present researcher concern.
To sum up, how to realize encrypted image search for generally and how to cut down can search for encipherment scheme in distributed environment Key management overhead and access mandate expense are a problem to be solved.
Summary of the invention
For the problems of the prior art, the present invention, which provides, a kind of searches for method, this method generally towards encrypted image The proximity search of ciphertext image may be implemented, while this method can eliminate key management overhead and access mandate expense, simplifies Process is decrypted, and ensure that certain safety and correctness.
Technical solution of the present invention:
A kind of to search for method generally towards encrypted image, the entity of participation mainly has tripartite: Cloud Server, data possess Person and data access person.Wherein Cloud Server is the half sincere storage equipment for storing encrypted image information, and data owner is The holder of raw image data, data access person are data query sides, may exist one or more data access in scheme Person, data owner can also be used as data access person, three's progress information exchange.
The Cloud Server stores tally set, encrypted image and the symmetric key of encryption secret shadow to encryption data Library.Its function in this programme includes constructing Security Index for encrypting database, receives the search token of data access person, holds Row searches for generally operating and the person's fuzzy search results that return to data access.
Data owner's initial method parameter generates symmetric key, mentions to local original image to be encrypted Characteristic pattern vector is taken, image tag collection is generated using feature vector, image is encrypted, encrypted image is used symmetrical close Key carries out privacy sharing, and the secret shadow after privacy sharing is split encrypts.Finally by tally set, encryption image and The symmetric key secret shadow of encryption is uploaded to Cloud Server together and is stored.
The data access person sends mould to Cloud Server to search image zooming-out feature vector, building search token Searching request is pasted, restores key from the fuzzy search results that Cloud Server returns, and then decrypt original image.
Communication is broadly divided into encryption and uploads and search for generally two parts between entity in this programme, and encryption uploads the ginseng of part It include data owner and Cloud Server with person, the participant for searching for part generally includes data access person and Cloud Server, mould Paste search process is not related to data owner, eliminates key management overhead and access mandate expense, simplifies decryption process.
It is a kind of to search for method generally towards encrypted image, include the following steps:
Step 1: data owner pre-processes the original image of storage to be encrypted, and image is extracted from original image Feature describes image using characteristics of image, and then realizes similar image search.
Step 2: image is encrypted in the data owner, encrypts original image using symmetric encryption method, Symmetric key is subjected to privacy sharing again, and secret shadow is encrypted, in addition, also to generate label for image;
Step 3: the encryption information of original image is sent to Cloud Server and stored by the data owner, including is added Close image, encrypted symmetric key secret shadow and image tag collection;
Step 4: the Cloud Server constructs Security Index according to encryption data;
Step 5: the data access person searches for token according to search picture construction, and search token is sent to the cloud Server;
Step 6: the Cloud Server carries out similar image search according to the search token and Security Index received, if searching Rope image and encrypted image are then returned the encrypted image as similar image there are the feature vector of number of thresholds is similar, if searching It is similar that rope image and encrypted image are unsatisfactory for number of thresholds feature vector, does not return to the encrypted image;
Step 7: the similar image of return is decrypted in the data access person, recovers original image.
Further, the pretreatment operation of above-mentioned steps 1 can extract characteristics of image from original image, utilize image The visual characteristic of feature description graph picture.
Optionally, the step 1 includes:
Data owner executes local feature extraction algorithm to original image, extracts the feature of the preceding n characteristic point of image Vector, that is, V=(V1,V2,…Vn);
Further, the cryptographic operation of above-mentioned steps 2 is executed by data owner, mainly realizes image encryption, symmetrical close The encryption of key secret shadow and image tag collection calculate.
Optionally, the step 2 includes:
Step 2-1: according to system security parameter, the data owner generates key K, executes symmetric cryptography to image and calculates Method, key K generate encrypted image C;
Step 2-2: privacy sharing algorithm is executed to symmetric key K, K is split into n secret shadow (s1,…,sn), The quantity of image feature vector of quantity and extraction of the secret shadow of fractionation is consistent;
Step 2-3: building expanding location sensitive hash function (eLSH), for solving asking for high dimensional data proximity search Topic;
Step 2-3: to the feature vector V of original imagei∈ V (i ∈ [n]) executes eLSH, obtains L cryptographic Hash gj(Vi) (j∈[L]);
Step 2-4: selected hash function H calculates H (gj(Vi)) (j ∈ [L]), by H (gj(Vi)) corresponding as key pair Privacy sharing share siIt is encrypted to obtain share siA ciphertext, L encryption symmetric key secret shadow Form share siSecret encryption share set EncShi
Step 2-5: selected hash function G calculates G (gj(Vi)) it is used as identification characteristics vector ViA label, L mark Sign G (gj(Vi)) (j ∈ [L]) composition characteristic vector ViTag set Tagsi, and then obtain feature vector ViSecret encryption part Volume set and tag set CTi, i.e. CTi←EncShi||Tagsi
Step 2-3 and subsequent step are repeated, until completing aforesaid operations to n feature vector.
Further, above-mentioned steps 4 construct the operation of Security Index, can generate index for encrypting database to improve mould Paste the efficiency of search.
Optionally, step 4 building is by Hash barrel number and chained list index dimerous, using label value as mark The barrel number Bucket_id of Hash bucket stores the data element in the Hash bucket with chained list Bucket_list, in a Hash bucket There are multiple data elements, the label of data element has overlapping in the same Hash bucket.Step 4 specifically includes:
Step 4-1: data element C is extracted from encrypting database DB | | CT, wherein CT=CT1∪CT2…∪CTn, CTi Indicate feature vector ViUnder secret encryption share set and tag set;
Step 4-2: CT is spliti=EncShi||Tagsi, obtain the feature vector V of encrypted imageiCorresponding tag set Tagsi,
Step 4-3: pass through feature vector ViLabelTo identify encrypted image, and then building Hash barrel structure, bucket Number(ID (C), ID (V), ID (Tags)) is stored in bucket, identifies the feature vector V of encrypted image Ci? J-th of label.
Optionally, the step 5 includes:
Step 5-1: the data access person executes the local shape factor algorithm in step 1 to search image, extracts figure Feature vector, that is, V '=(V of the preceding n characteristic point of picture1′,V2′,…Vn′);
Step 5-2: to the feature vector V of search imagei' ∈ V ' (i ∈ [n]) executes eLSH, obtains L cryptographic Hash gj (Vi′)(j∈[L]);
Step 5-3: G (g is calculatedj(Vi)) it is used as identification characteristics vector ViA label, L label G (gj(Vi))(j∈ [L]) composition characteristic vector ViTag set T [i], tally set T=T [1] ∪ T [2] ∪ ... the ∪ T [n] of n feature vector makees For the image search token and send it to the Cloud Server.
Further, above-mentioned steps 6 determine that the approximate standard of image is the feature vector phase that two images have number of thresholds Seemingly, determine that the similar standard of two feature vectors is the label that two feature vectors have overlapping.
Optionally, the step 6 includes:
Step 6-1: according to search token lookup Security Index, all and search matched Hash bucket of token is found, is extracted Element (ID (C), ID (V), ID (Tags)) in Hash bucket arrives set Ctmp(T) in;
Step 6-2: set of computations Ctmp(T) frequency that each encrypted image identifier ID (C) in occurs, frequency represent The quantity of the encrypted image and search image similar features vector;
Step 6-3: whether the frequency for judging that ID (C) occurs is greater than threshold value, if so, thinking encrypted image C and search Image is similar, and encrypted image C is added to similar image set Cclose(T) in;
Step 6-4: the Cloud Server is by Cclose(T) the data access person is returned to.
Further, 7 decrypted image of above-mentioned steps operates, it is necessary first to decrypt symmetric key secret shadow, then by right Claim cipher key secret share to reconstruct symmetric key used in encrypted image, finally goes out original graph using the symmetric key decryption Picture.
Optionally, the step 7 includes:
Step 7-1: the data access person judges whether there is G (g according to the feature vector of search imagej(Vi′))∈ TagsiIt sets up, such as if so, utilize H (gj(Vi')) decryptionObtain the secret shadow s of symmetric keyi, by siAddition Into set Shares.
Step 7-1 is repeated until judging whole feature vectors of search image.
Step 7-2: the restructing algorithm of privacy sharing is executed to set Shares, recovers the symmetric key K of encrypted image.
Step 7-3: being decrypted encrypted image C using symmetric key K, restores original image.
The device have the advantages that as follows:
It is of the invention it is a kind of search for method generally towards encrypted image, can solve that existing to can search for encipherment scheme serious The problem of dependent on key, solves the problems, such as cipher key management difficult in distributed environment.This method is without executing key safety The cipher key management operations such as storage, key safe transmission, save key management overhead;This method can be executed without access mandate Image is searched for generally operating, and saves the expense of access mandate operation;This method can execute image decryption without decryption and authorization, Decryption process is simplified, while method guarantees correctness and certain safety.
Detailed description of the invention
Fig. 1 searches for method configuration diagram generally towards encrypted image for the present invention;
Fig. 2 searches for eLSH product process figure in method generally towards encrypted image for the present invention;
Fig. 3 searches for image encryption flow chart in method generally towards encrypted image for the present invention;
Fig. 4 searches for symmetric key secret shadow encryption flow figure in method generally towards encrypted image for the present invention;
Fig. 5 searches for label product process figure in method generally towards encrypted image for the present invention;
Fig. 6 searches for method safety index structure schematic diagram generally towards encrypted image for the present invention;
Fig. 7 is that search in method Security Index of the present invention towards encrypted image generates flow chart;
Fig. 8, which is the present invention, searches for search token product process figure in method generally towards encrypted image;
Fig. 9 be the present invention towards encrypted image search for generally search for flow chart in method generally.
Specific embodiment
In order to preferably explain the present invention, in order to understand, with reference to the accompanying drawing, by specific embodiment, to this hair It is bright to be described in detail.
Present embodiment searches for method framework generally towards encrypted image, as shown in Figure 1, method includes three types Entity.One is data owner (owner of image data), the second is Cloud Server (is responsible for storage encryption data and structure Build Security Index), the third is data access person (data owner can also be used as data access person).As can be seen from Figure 1 Data access person is first handled original image, obtains encrypted image, tag set and encrypted symmetric key secret shadow Collection, which merges, is uploaded to Cloud Server, and then, Cloud Server is stored to it and constructed Security Index, data access person into When row inquiry, using search picture construction search token and to send to Cloud Server, Cloud Server utilizes search token and peace Full index executes the operation searched for generally, the person's search result that returns to data access, and data owner utilizes search image reconstruction The decryption of key pair search result.
It is a kind of to search for method generally towards encrypted image mainly and have following steps composition:
Step 1: data owner extracts image local feature, extracts image feature vector by executing ORB algorithm, utilizes Image feature vector describes image.Detailed process are as follows:
Step 1-1: setting and extract characteristics of image quantity as n, executes ORB algorithm and carries out characteristic point detection, extracts image Preceding n characteristic point;
Step 1-2: son is described using the binary features of 256 dimensions to each characteristic point and is described, that is, uses 256bit Feature vector ViThe binary features of n 256 dimension are described sub- V as the feature vector of image, V=(V by Expressive Features point1, V2,…Vn);
Step 2: encrypted image, encrypted image mainly include encryption original image, encrypted symmetric key secret shadow and life At three parts of label, and this three is uploaded into Cloud Server;
Specific preparation is as follows:
Firstly, symmetric key needed for generating encrypted image, image encryption is the thought using symmetric cryptography, the present embodiment The middle encryption method used is AES, by calling the AutoSeededRandomPool in Crypto++ function library to be at random Aes algorithm generates symmetric key, generates the symmetric key K that length is 128bit.
Secondly, being generated expanding location sensitive hash function (eLSH), this reality to solve the problems, such as high dimensional data proximity search It applies in example mainly using the expanding location sensitive hash family of functions projected based on random bit, i.e. position sensitive hash family of functions (L, k)-eLSH extension, eLSH is by L hash function gi() composition, wherein gi(x)=(hi,1(x),hi,2(x),…,hi,k (x)),As shown in Fig. 2, generating giThe detailed process of () are as follows:
1) data owner generates the random value r between k 0-255 range using rand () functionj(j ∈ [k]) is generated Random number seed when rand () generation random number is set during random value using function srand (), by being arranged not With seed, available different random number sequence, in the realization of this system, generated using system clock it is different with The several sons of machine, i.e., by srand, ((unsignedint) (time (NULL)) generates k random value rj(j∈[k]);
2) data owner utilizes riGenerate random bit projection function
3) k-bit random bit projection function g is generatedi(x)=(hi,1(x),hi,2(x),…,hi,k(x))。
4) step 1) and subsequent step are repeated, until generating L gi() forms eLSH=(g1(x),g2 (x),…,gL(x))。
Step 2 detailed process are as follows:
Step 2-1: data owner encrypts original image, generates image ciphertext C;
As shown in figure 3, the detailed process of step 2-1 are as follows:
1) piecemeal processing is carried out as unit of byte to original digital image, sequentially from the upper left corner of image to the lower right corner The matrix for dividing the image into 4 × 4, for be not 4 × 4 multiple character matrix, zero padding is carried out to the ranks of lower right square;
2) AES encryption, key K are carried out to each 4 × 4 matrix, and encrypted result is newly stored into former piecemeal;
3) these piecemeals are sequentially connected to the ciphertext as original image.
Step 2-2: data owner executes privacy sharing algorithm, splits symmetric key K, detailed process are as follows:
1) a Big prime p is chosen, (t-1) a element a is then arbitrarily choseni, i=1,2 ..., t-1 constitute t-1 rank Polynomial f (x)=a0+a1x+…+at-1xt-1Modp, so that f (0)=a0=K;
2) key K is split into n secret shadow, wherein n is the quantity of the feature vector of image zooming-out, from ZpMiddle selection N different parameter { d1,d2,…,dnBe used to identify n participant, secret shadow s is calculated for all participantsi=f (di), i ∈ [n];
Step 2-3: data owner's encrypted symmetric key secret shadow, as shown in figure 4, detailed process are as follows:
1) to feature vector ViELSH is executed, L cryptographic Hash g is generatedj(Vi)(j∈[L]);
2) to L cryptographic Hash gj(Vi) SHA1 algorithm H is applied, generate L hashed value H (gj(Vi))(i∈[n],j∈ [L]), using this L hashed value as secret encryption share siL key, i.e.,
3) L key is utilizedTo secret shadow siAES encryption algorithm is executed, secret shadow s is obtainediL A ciphertext
It repeats the above process, until all being encrypted to n secret shadow.
Step 2-4: tag set is generated for image, as shown in figure 5, detailed process are as follows:
1) to feature vector ViELSH is executed, L cryptographic Hash g is generatedj(Vi)(j∈[L]);
2) to L cryptographic Hash gj(Vi) SHA1 algorithm G is applied, generate L hashed value G (gj(Vi))(i∈[n],j∈ [L]), using this L hashed value as identification characteristics vector ViLabel,
It repeats the above process, until generating label for n feature vector.
Step 3: to improve search efficiency, the data with same label are stored in together building Security Index by Cloud Server In one Hash bucket, and using label value as barrel number, Security Index structure as shown in FIG. 6 is generated, from fig. 6, it can be seen that peace Full index structure be the multiple Hash buckets constructed according to encrypting database, and the barrel number of Hash bucket is label value, in a Hash bucket There are multiple set of metadata of similar data, each data has a unique identifier (ID (C), ID (V), ID (Tags)).Such as Fig. 7 It is shown, construct the detailed process of Security Index are as follows:
Step 3-1: data element C is extracted from encrypting database DB | | CT, CT=CT1∪CT2…∪CTn, CTiIt indicates Feature vector ViUnder secret encryption share set and tag set;
Step 3-2: CT is spliti=EncShi||Tagsi, obtain the feature vector V of encrypted imageiCorresponding tag set Tagsi,
Step 3-3: pass through feature vector ViLabelTo identify encrypted image, and then building Hash barrel structure, head First, it searches whether that there are already existing Hash buckets, if it does not exist, constructs Hash bucketAnd will (ID (C), ID (V), ID (Tags)) it is put into the Hash bucket;The Hash bucket constructed if it exists, willWith the bucket of generated Hash bucket It number is matched, if equal, (ID (C), ID (V), ID (Tags)) is put into the Hash bucket, if unequal, create Hash bucket(ID (C), ID (V), ID (Tags)) is put into the Hash bucket.
Step 4: data access person holds search picture construction search token, and search token is sent to Cloud Server, such as Shown in Fig. 8, the detailed process of building search token are as follows:
Step 4-1: data access person to search image execute step 1-1 and step 1-2, extract search image feature to Measure V '=(V1′,V2′,…Vn′);
Step 4-2: for each feature vector Vi' ∈ V ' (i ∈ [n]) carries out eLSH, then to L Hash result gj (Vi') SHA-1 algorithm G is executed, G (g will be exportedj(Vi')) it is used as ViTally set T [i];
Step 4-2 is repeated, until for n characteristic vector pickup outgoing label collection of search image, as searching for search image Rope token T, i.e. T=T [1] ∪ T [2] ∪ ... ∪ T [n].
Step 5: Cloud Server receives search token, executes similar image using search token and Security Index and searches for, such as Shown in Fig. 9, detailed process is searched for generally are as follows:
Step 5-1: it according to search token lookup Security Index, finds and the search matched Hash bucket of token;
Step 5-2: the element (ID (C), ID (V), ID (Tags)) extracted in matched Hash bucket arrives set Ctmp(T) in;
Step 5-3: C in set of computationstmp(T) frequency that each encrypted image identifier ID (C) occurs, is denoted as Match, frequency represent the encrypted image and search for the quantity of image similar features vector;
Step 5-4: judging whether match is greater than threshold value thr, if match > thr, then it is assumed that the encrypted image and search graph As similar, encrypted image C is added to similar image set Cclose(T) in.
Cloud Server will set Cclose(T) it is returned as fuzzy search results.
Step 6: the result for searching for generally returning is decrypted in data access person, restores plaintext image, detailed process are as follows:
Step 6-1: judge G (gj(Vi′))∈TagsiIt is whether true, such as if so, utilize H (gj(Vi')) decryption EncSh [j] obtains the secret shadow s of symmetric keyi, by siIt is added in set Shares;
Step 6-2: executing the restructing algorithm of privacy sharing to set Shares, draws the element application in set Shares Ge Lang interpolation formulaRecover the symmetric key K of encrypted image;
Step 6-3: AES decipherment algorithm is executed to encrypted image C using symmetric key K, recovers original image.

Claims (7)

1. a kind of search for method generally towards encrypted image, which comprises the steps of:
Step 1: data owner pre-processes the original image of storage to be encrypted, and it is special that image is extracted from original image Sign describes image using characteristics of image, and then realizes similar image search;
Step 2: image is encrypted in the data owner, encrypts original image using symmetric encryption method, then will Symmetric key carries out privacy sharing, and encrypts to secret shadow, generates label for image;
Step 3: the encryption information of original image is sent to Cloud Server and stored by the data owner, the encryption Information includes encrypted image, encrypted symmetric key secret shadow and image tag collection;
Step 4: the Cloud Server constructs Security Index according to encryption data;
Step 5: data access person searches for token according to search picture construction, and search token is sent to the Cloud Server;
Step 6: the Cloud Server carries out similar image search according to the search token and Security Index received, if search graph As to encrypted image there are the feature vector of number of thresholds it is similar then using the encrypted image as similar image return, if search graph It is similar as being unsatisfactory for number of thresholds feature vector to encrypted image, the encrypted image is not returned;
Step 7: the similar image of return is decrypted in the data access person, recovers original image.
2. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 1 Pretreatment operation, characteristics of image is extracted from original image, the visual characteristic of image is described using characteristics of image;Specifically: Data owner executes local feature extraction algorithm to original image, extracts the feature vector i.e. V=of the preceding n characteristic point of image (V1,V2,…Vn)。
3. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 2 Include:
Step 2-1: according to system security parameter, the data owner generates key K, executes symmetric encipherment algorithm to image, Key is K, generates encrypted image C;
Step 2-2: privacy sharing algorithm is executed to symmetric key K, K is split into n secret shadow (s1,…,sn), it splits Secret shadow quantity it is consistent with the quantity of the image feature vector of extraction;
Step 2-3: building expanding location sensitive hash function (eLSH), for solving the problems, such as high dimensional data proximity search;
Step 2-3: to the feature vector V of original imagei∈ V (i ∈ [n]) executes eLSH, obtains L cryptographic Hash gj(Vi)(j∈ [L]);
Step 2-4: selected hash function H calculates H (gj(Vi)) (j ∈ [L]), by H (gj(Vi)) it is used as the corresponding secret of key pair Shared share siIt is encrypted to obtain share siA ciphertext, L encryption symmetric key secret shadowGroup composition Volume siSecret encryption share set EncShi
Step 2-5: selected hash function G calculates G (gj(Vi)) it is used as identification characteristics vector ViA label, L label G (gj (Vi)) (j ∈ [L]) composition characteristic vector ViTag set Tagsi, and then obtain feature vector ViSecret encryption share collection It closes and tag set CTi, i.e. CTi←EncShi||Tagsi
Step 2-3 and subsequent step are repeated, until completing aforesaid operations to n feature vector.
4. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 4 Building is used by Hash barrel number and chained list index dimerous using label value as the barrel number Bucket_id of mark Hash bucket Chained list Bucket_list stores the data element in the Hash bucket, and there are multiple data elements, the same Kazakhstan in a Hash bucket The label of data element has overlapping in uncommon bucket;Specific step is as follows:
Step 4-1: data element C is extracted from encrypting database DB | | CT, wherein CT=CT1∪CT2…∪CTn, CTiIndicate special Levy vector ViUnder secret encryption share set and tag set;
Step 4-2: CT is spliti=EncShi||Tagsi, obtain the feature vector V of encrypted imageiCorresponding tag set Tagsi,
Step 4-3: pass through feature vector ViLabelTo identify encrypted image, and then building Hash barrel structure, barrel number(ID (C), ID (V), ID (Tags)) is stored in bucket, identifies the feature vector V of encrypted image Ci? J label.
5. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 5 Include:
Step 5-1: the data access person executes the local shape factor algorithm in step 1 to search image, extracts image Feature vector, that is, V '=(V of preceding n characteristic point1′,V2′,…Vn′);
Step 5-2: to the feature vector V of search imagei' ∈ V ' (i ∈ [n]) executes eLSH, obtains L cryptographic Hash gj(Vi′)(j ∈[L]);
Step 5-3: G (g is calculatedj(Vi)) it is used as identification characteristics vector ViA label, L label G (gj(Vi))(j∈[L]) Composition characteristic vector ViTag set T [i], tally set T=T [1] ∪ T [2] ∪ ... the ∪ T [n] of n feature vector was as should The search token of image simultaneously sends it to the Cloud Server.
6. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 6 Determine that the approximate standard of image is that two images have the feature vector of number of thresholds similar, determines the similar mark of two feature vectors There are the label of overlapping, specific steps for two feature vectors in standard are as follows:
Step 6-1: according to search token lookup Security Index, all and search matched Hash bucket of token is found, Hash is extracted Element (ID (C), ID (V), ID (Tags)) in bucket arrives set Ctmp(T) in;
Step 6-2: set of computations Ctmp(T) frequency that each encrypted image identifier ID (C) in occurs, frequency, which represented, to be added The quantity of close image and search image similar features vector;
Step 6-3: whether the frequency for judging that ID (C) occurs is greater than threshold value, if so, thinking encrypted image C and search image It is similar, encrypted image C is added to similar image set Cclose(T) in;
Step 6-4: the Cloud Server is by Cclose(T) the data access person is returned to.
7. a kind of method is searched for generally towards encrypted image according to claim 1, which is characterized in that the step 7 Decrypted image operation, it is necessary first to decrypt symmetric key secret shadow, then encryption figure is reconstructed by symmetric key secret shadow As used symmetric key, finally go out original image using the symmetric key decryption, specifically:
Step 7-1: the data access person judges whether there is G (g according to the feature vector of search imagej(Vi′))∈TagsiAt It is vertical, such as if so, utilize H (gj(Vi')) decryptionObtain the secret shadow s of symmetric keyi, by siIt is added to set In Shares;Step 7-1 is repeated until judging whole feature vectors of search image;
Step 7-2: the restructing algorithm of privacy sharing is executed to set Shares, recovers the symmetric key K of encrypted image;
Step 7-3: being decrypted encrypted image C using symmetric key K, restores original image.
CN201811220283.5A 2018-10-08 2018-10-19 Encrypted image-oriented fuzzy search method Active CN109409111B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2018111674947 2018-10-08
CN201811167494 2018-10-08

Publications (2)

Publication Number Publication Date
CN109409111A true CN109409111A (en) 2019-03-01
CN109409111B CN109409111B (en) 2021-09-17

Family

ID=65468582

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811220283.5A Active CN109409111B (en) 2018-10-08 2018-10-19 Encrypted image-oriented fuzzy search method

Country Status (1)

Country Link
CN (1) CN109409111B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110727951A (en) * 2019-10-14 2020-01-24 桂林电子科技大学 Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function
CN111651779A (en) * 2020-05-29 2020-09-11 广西师范大学 Privacy protection method for encrypted image retrieval in block chain

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment
CN107480163A (en) * 2017-06-19 2017-12-15 西安电子科技大学 The efficient ciphertext image search method of secret protection is supported under a kind of cloud environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment
CN107480163A (en) * 2017-06-19 2017-12-15 西安电子科技大学 The efficient ciphertext image search method of secret protection is supported under a kind of cloud environment

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110727951A (en) * 2019-10-14 2020-01-24 桂林电子科技大学 Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function
CN110727951B (en) * 2019-10-14 2021-08-27 桂林电子科技大学 Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function
CN111651779A (en) * 2020-05-29 2020-09-11 广西师范大学 Privacy protection method for encrypted image retrieval in block chain
CN111651779B (en) * 2020-05-29 2022-03-18 广西师范大学 Privacy protection method for encrypted image retrieval in block chain

Also Published As

Publication number Publication date
CN109409111B (en) 2021-09-17

Similar Documents

Publication Publication Date Title
Hao et al. Towards efficient and privacy-preserving federated deep learning
CN106127075B (en) Encryption method can search for based on secret protection under a kind of cloud storage environment
CN108632248B (en) Data ciphering method, data query method, apparatus, equipment and storage medium
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
US20130262863A1 (en) Searchable encryption processing system
Cui et al. Harnessing encrypted data in cloud for secure and efficient mobile image sharing
CN107113286A (en) The roaming content erasing operation of striding equipment
CN108400970A (en) Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
Guo et al. Enabling secure cross-modal retrieval over encrypted heterogeneous IoT databases with collective matrix factorization
CN109361644A (en) A kind of Fog property base encryption method for supporting fast search and decryption
CN115269938B (en) Homomorphic encryption-based keyword track hiding query method, system and related device
CN113411323B (en) Medical record data access control system and method based on attribute encryption
Yuan et al. Towards privacy-preserving and practical image-centric social discovery
CN112000632A (en) Ciphertext sharing method, medium, sharing client and system
CN109934001A (en) A kind of data ciphering method based on normal cloud model
Cui et al. Harnessing encrypted data in cloud for secure and efficient image sharing from mobile devices
CN115767722A (en) Indoor positioning privacy protection method based on inner product function encryption in cloud environment
CN113630250B (en) Model training method and system based on data encryption
CN109409111A (en) It is a kind of to search for method generally towards encrypted image
CN113436008A (en) Loan purpose monitoring method and device, storage medium and electronic equipment
CN107360252A (en) A kind of Data Access Security method that isomery cloud domain authorizes
CN116248289A (en) Industrial Internet identification analysis access control method based on ciphertext attribute encryption
Shankar et al. An optimal lightweight cryptographic hash function for secure image transmission in wireless sensor networks
CN114547684A (en) Method and device for protecting multi-party joint training tree model of private data
Hsu et al. Private data preprocessing for privacy-preserving Federated Learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant