CN109409111B - Encrypted image-oriented fuzzy search method - Google Patents

Encrypted image-oriented fuzzy search method Download PDF

Info

Publication number
CN109409111B
CN109409111B CN201811220283.5A CN201811220283A CN109409111B CN 109409111 B CN109409111 B CN 109409111B CN 201811220283 A CN201811220283 A CN 201811220283A CN 109409111 B CN109409111 B CN 109409111B
Authority
CN
China
Prior art keywords
image
encrypted
search
data
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201811220283.5A
Other languages
Chinese (zh)
Other versions
CN109409111A (en
Inventor
周福才
张宗烨
秦诗悦
贾强
徐紫枫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northeastern University China
Original Assignee
Northeastern University China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northeastern University China filed Critical Northeastern University China
Publication of CN109409111A publication Critical patent/CN109409111A/en
Application granted granted Critical
Publication of CN109409111B publication Critical patent/CN109409111B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a fuzzy search method facing encrypted images, wherein the communication between entities is mainly divided into an encrypted uploading part and a fuzzy search part, participants of the encrypted uploading part comprise a data owner and a cloud server, participants of the fuzzy search part comprise a data visitor and the cloud server, and the fuzzy search process does not involve the data owner; the problem that the existing searchable encryption scheme depends heavily on the key can be solved, and the problem of difficult key management in a distributed environment is solved. The method does not need to execute key management operations such as key safe storage, key safe transmission and the like, thereby saving the key management overhead; the method can execute the fuzzy image search operation without access authorization, thereby saving the expense of the access authorization operation; the method can execute image decryption without decryption authorization, simplifies decryption process, and simultaneously ensures correctness and certain safety.

Description

Encrypted image-oriented fuzzy search method
Technical Field
The invention belongs to the technical field of internet, and particularly relates to a fuzzy search method for encrypted images.
Background
The proliferation of digital activities such as mobile browsing, web searching, social media applications, etc. has led to a sudden increase in data volume. The emerging deployment of information sensors in internet of things (IoT), autonomous vehicles, video surveillance, etc. scenarios will inevitably lead to the need to collect, store, access and use huge amounts of additional data, which is estimated to reach 40ZB in the global data volume up to 2020. Clearly, mining these data has great promise, but unlimited access poses a significant threat to users and data privacy. Due to the consideration of multiple aspects such as data storage cost, data management cost and data storage efficiency, the big data can not be stored in a centralized manner like a traditional information system, and with the rapid rise of new modes such as cloud computing and distributed storage, more and more individual users and enterprises select to migrate own data and business to the cloud end, and the cloud server replaces the data and the business for storage and computation, so that the data management overhead and the system maintenance overhead are saved. However, the cloud storage service provider is not trusted, and data stored on the cloud server faces the threat of privacy disclosure. In order to ensure the safety of a cloud storage environment, a user selects to encrypt data before uploading the data, and then ciphertext data is stored in a cloud server.
The search operation on the ciphertext data is possible due to the fact that the searchable encryption mechanism is provided, the data owner uploads the encrypted data to the cloud server side, and the cloud server can store the ciphertext data and can perform the search operation on the ciphertext data without revealing data privacy. In this method, the data owner needs to save the data encryption key in order to decrypt the ciphertext data, and when the non-data owner wants to access the data, access authorization, key management, and the like are involved. That is, the searchable encryption mechanism is a mechanism that relies heavily on a key, and only if the key is in possession, the ciphertext data can be decrypted.
In a completely distributed working environment, the management of keys is very difficult, for example, in an internet of things environment, cameras and sensors collect a large amount of data from different sources, the data needs to be stored and can be accessed by multiple parties, so that the key management is an important problem, the core problem is not to generate and store the keys, but to determine who should own the keys, because it is not clear who the owner of the data is in the scene, the data is data of "everyone", and everyone can submit the data and can access the data, and in the scene, it is difficult to determine who should have access rights.
In the plaintext search process, such a situation often occurs: there is some deviation between the input of the search and the target information. And the user hopes that the target information can still be returned under the condition that the user hopes that the search process can realize fuzzy search, the search operation can still be normally executed under the condition that noisy data exists in the search input, and a correct search result is returned. Similarly, ciphertext search operations also have a need to implement fuzzy search.
The image data is a special data form, is one of the most commonly used data forms in daily life, and is widely used in the fields of medical treatment, education, resident information management, design, social contact and the like, wherein a large-scale image database is usually constructed in the fields, the image database is outsourced to a cloud server, and how to realize efficient image search on the image database is also a problem concerned by researchers at present.
In summary, how to implement fuzzy search of encrypted images and how to reduce key management overhead and access authorization overhead of searchable encryption schemes in a distributed environment are problems to be solved urgently.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a fuzzy search method for encrypted images, which can realize approximate search of ciphertext images, eliminate the overhead of key management and the overhead of access authorization, simplify the decryption process and ensure certain safety and correctness.
The technical scheme of the invention is as follows:
a fuzzy search method facing encrypted images, wherein participating entities mainly comprise three parties: cloud server, data owner, and data visitor. The cloud server is a semi-honest storage device for storing encrypted image information, the data owner is a holder of original image data, the data visitor is a data inquiring party, one or more data visitors can exist in the scheme, and the data owner can also serve as a data visitor, so that information interaction is carried out among the cloud server, the data owner and the data visitor.
The cloud server stores the labelsets, the encrypted images, and the encrypted symmetric key secret shares to an encryption database. The functions of the method in the scheme include that a safety index is built for an encrypted database, a search token of a data visitor is received, fuzzy search operation is executed, and a fuzzy search result is returned to the data visitor.
The data owner initializes method parameters, generates a symmetric key, extracts a characteristic pattern vector of a local original image to be encrypted, generates an image tag set by using the characteristic vector, encrypts the image, secretly shares the symmetric key used by the encrypted image, and encrypts a secret share obtained after secret sharing and splitting. And finally, uploading the tag set, the encrypted image and the encrypted symmetric key secret share to a cloud server for storage.
The data accessor extracts a characteristic vector from the search image, constructs a search token, sends a fuzzy search request to the cloud server, recovers a secret key from a fuzzy search result returned by the cloud server, and then decrypts the original image.
According to the scheme, the communication between the entities is mainly divided into an encryption uploading part and a fuzzy searching part, participants of the encryption uploading part comprise a data owner and a cloud server, participants of the fuzzy searching part comprise a data accessor and the cloud server, the fuzzy searching process does not involve the data owner, the key management overhead and the access authorization overhead are saved, and the decryption process is simplified.
An encrypted image-oriented fuzzy search method comprises the following steps:
step 1: and the data owner preprocesses the original image to be encrypted and stored, extracts image features from the original image, describes the image by using the image features and further realizes similar image search.
Step 2: the data owner encrypts the image, encrypts the original image by using a symmetric encryption method, secretly shares a symmetric key, encrypts a secret share and generates a label for the image;
and step 3: the data owner sends the encrypted information of the original image to a cloud server for storage, wherein the encrypted information comprises an encrypted image, an encrypted symmetric key secret share and an image tag set;
and 4, step 4: the cloud server constructs a security index according to the encrypted data;
and 5: the data visitor constructs a search token according to the search image and sends the search token to the cloud server;
step 6: the cloud server searches similar images according to the received search token and the security index, returns the encrypted images as the similar images if the search images are similar to the encrypted images in the number of the feature vectors of the threshold number, and does not return the encrypted images if the search images are not similar to the encrypted images in the number of the feature vectors of the threshold number;
and 7: and the data visitor decrypts the returned similar image to recover the original image.
Further, the preprocessing operation in step 1 can extract image features from the original image, and describe the visual characteristics of the image by using the image features.
Optionally, the step 1 includes:
the data owner executes a local feature extraction algorithm on the original image, and extracts the feature vectors of the first n feature points of the image, namely V ═ V (V)1,V2,…Vn);
Further, the encryption operation of step 2 is performed by the data owner, and mainly implements image encryption, symmetric key secret share encryption and image tag set calculation.
Optionally, the step 2 includes:
step 2-1: according to system security parameters, the data owner generates a secret key K, a symmetric encryption algorithm is executed on the image, the secret key is K, and an encrypted image C is generated;
step 2-2: executing a secret sharing algorithm on the symmetric key K, splitting K into n secret shares(s)1,…,sn) The number of the split secret shares is consistent with the number of the extracted image feature vectors;
step 2-3: constructing an extended position-sensitive hash function (eLSH) for solving the problem of approximate search of high-dimensional data;
step 2-3: for the feature vector V of the original imagei∈V(i∈[n]) Executing eLSH to obtain L hash values gj(Vi)(j∈[L]);
Step 2-4: selecting a hash function H, and calculating H (g)j(Vi))(j∈[L]) H (g)j(Vi) S) as a secret shared share corresponding to the key pairiEncrypted to get the share siL encrypted symmetric key secret shares
Figure BDA0001834584010000054
Composition fraction siIs encrypted secret share set EncShi
Step 2-5: selecting a hash function G, and calculating G (G)j(Vi) As the identifying feature vector ViOne tag of (1), L tags G (G)j(Vi))(j∈[L]) Component feature vector ViTag set of (2)iFurther obtain the feature vector ViCT of encrypted secret share sets and tag setsiI.e. CTi←EncShi||Tagsi
And repeating the steps 2-3 and the subsequent steps until the operation is completed on the n feature vectors.
Further, the operation of building the secure index in step 4 can generate an index for the encrypted database to improve the efficiency of the fuzzy search.
Optionally, in step 4, an index composed of a hash Bucket number and a linked list is constructed, a tag value is used as a Bucket number Bucket _ id for identifying the hash Bucket, the linked list Bucket _ list is used to store data elements in the hash Bucket, a plurality of data elements exist in one hash Bucket, and tags of the data elements in the same hash Bucket are overlapped. The step 4 specifically comprises the following steps:
step 4-1: extracting data element C | | CT from the encrypted database DB, wherein CT | | CT1∪CT2…∪CTn,CTiRepresenting a feature vector ViA lower encrypted secret share set and a tag set;
step 4-2: split CTi=EncShi||TagsiObtaining a feature vector V of the encrypted imageiCorresponding tag set Tagsi
Figure BDA0001834584010000051
Step 4-3, passing the feature vector ViIs marked with a label
Figure BDA0001834584010000052
Identify the encrypted image, and then construct the hash bucket structure, bucket number
Figure BDA0001834584010000053
The barrel stores (ID (C), (V), ID (tags)) and a feature vector V for identifying the encrypted image CiThe jth tag of (1).
Optionally, the step 5 includes:
step 5-1: the data visitor performs the local feature extraction algorithm in step 1 on the search image to extract (V ═ for the feature vectors of the first n feature points of the image1′,V2′,…Vn′);
Step 5-2: feature vector V for search imagei′∈V′(i∈[n]) Executing eLSH to obtain L hash values gj(Vi′)(j∈[L]);
Step 5-3: calculate G (G)j(Vi) As the identifying feature vector ViOne tag of (1), L tags G (G)j(Vi))(j∈[L]) Component feature vector ViSet of tags T [ i ]]The label set of n feature vectors T ═ T [1 ═ T]∪T[2]∪…∪T[n]As a search token for the image and sends it to the cloud server.
Further, the criterion for determining the image approximation in step 6 is that the two images have a threshold number of feature vectors similar, and the criterion for determining the similarity of the two feature vectors is that the two feature vectors have overlapped labels.
Optionally, the step 6 includes:
step 6-1: searching a safety index according to the search token, finding all hash buckets matched with the search token, and extracting elements (ID (C), ID (V), ID (tags)) in the hash buckets to a set Ctmp(T) in (A);
step 6-2: computing a set Ctmp(T) each encrypted image identifier id (c) appears at a frequency representing the number of similar feature vectors for the encrypted image and the search image;
step 6-3: judging whether the frequency of ID (C) appearance is greater than a threshold value, if so, considering that the encrypted image C is similar to the search image, and adding the encrypted image C to a similar image set Cclose(T) in (A);
step 6-4: the cloud server sends Cclose(T) returning to the data visitor.
Further, the operation of decrypting the image in step 7 needs to decrypt the secret share of the symmetric key first, reconstruct the symmetric key used by the encrypted image from the secret share of the symmetric key, and finally decrypt the original image by using the symmetric key.
Optionally, the step 7 includes:
step 7-1: the data accessor judges whether G (G) exists according to the characteristic vector of the search imagej(Vi′))∈TagsiIf true, use H (g)j(Vi')) decryption
Figure BDA0001834584010000061
Obtaining secret shares s of a symmetric keyiA1 is toiAdded to the set Shares.
And (4) repeating the step 7-1 until all the characteristic vectors of the search image are judged.
Step 7-2: and executing a secret sharing reconstruction algorithm on the set Shares to recover the symmetric key K of the encrypted image.
And 7-3: and decrypting the encrypted image C by using the symmetric key K to recover the original image.
The invention has the following beneficial effects:
the encrypted image-oriented fuzzy search method can solve the problem that the existing searchable encryption scheme is seriously dependent on the key and the problem of difficult key management in a distributed environment. The method does not need to execute key management operations such as key safe storage, key safe transmission and the like, thereby saving the key management overhead; the method can execute the fuzzy image search operation without access authorization, thereby saving the expense of the access authorization operation; the method can execute image decryption without decryption authorization, simplifies decryption process, and simultaneously ensures correctness and certain safety.
Drawings
FIG. 1 is a schematic diagram of an encrypted image-oriented fuzzy search method according to the present invention;
FIG. 2 is a flow chart of eLSH generation in the encrypted image-oriented fuzzy search method according to the present invention;
FIG. 3 is a flowchart of image encryption in the fuzzy search method for encrypted images according to the present invention;
FIG. 4 is a flowchart of symmetric key secret share encryption in the fuzzy search method for encrypted images according to the present invention;
FIG. 5 is a flow chart of label generation in the fuzzy search method for encrypted images according to the present invention;
FIG. 6 is a schematic diagram of a security index structure of the fuzzy search method for encrypted images according to the present invention;
FIG. 7 is a flow chart of security index generation in the fuzzy search method for encrypted images according to the present invention;
FIG. 8 is a flowchart of the generation of search tokens in the fuzzy search method for encrypted images according to the present invention;
FIG. 9 is a flowchart of fuzzy search in the fuzzy search method for encrypted images according to the present invention.
Detailed Description
For the purpose of better explaining the present invention and to facilitate understanding, the present invention will be described in detail by way of specific embodiments with reference to the accompanying drawings.
In the fuzzy search method architecture for encrypted images of the present embodiment, as shown in fig. 1, the method includes three types of entities. One is the data owner (owner of the image data), the other is the cloud server (responsible for storing the encrypted data and building the secure index), and the other is the data visitor (the data owner may also act as the data visitor). As can be seen from fig. 1, a data visitor first processes an original image to obtain an encrypted image, a tag set, and an encrypted symmetric key secret share set, and uploads the encrypted image, the tag set, and the encrypted symmetric key secret share set to a cloud server, then the cloud server stores the encrypted image and constructs a security index, when the data visitor queries, the data visitor constructs a search token using a search image and sends the search token to the cloud server, the cloud server performs a fuzzy search operation using the search token and the security index, and returns the fuzzy search result to the data visitor, and the data owner decrypts the search result using a search image reconstruction key.
A fuzzy search method for encrypted images mainly comprises the following steps:
step 1: the data owner extracts local features of the image, extracts image feature vectors by executing an ORB algorithm, and describes the image by using the image feature vectors. The specific process is as follows:
step 1-1: setting the number of extracted image features as n, executing an ORB algorithm to detect the feature points, and extracting the first n feature points of the image;
step 1-2: each feature point is described using a 256-dimensional binary feature descriptor, i.e., using a 256-bit feature vector ViDescribing feature points, using n 256-dimensional binary feature descriptors V as feature vectors of the image, where V is (V)1,V2,…Vn);
Step 2: the method comprises the steps of encrypting an image, wherein the encrypted image mainly comprises an encrypted original image, an encrypted symmetric key secret share and a generated label, and the encrypted original image, the encrypted symmetric key secret share and the generated label are uploaded to a cloud server;
the specific preparation work is as follows:
firstly, a symmetric key required by an encrypted image is generated, the image encryption adopts the concept of symmetric encryption, the encryption method adopted in the embodiment is AES, the symmetric key is randomly generated for an AES algorithm by calling the AutoSeededRandomPool in a Crypto + + function library, and the symmetric key K with the length of 128 bits is generated.
Secondly, to solve the problem of approximate search of high-dimensional data, an extended location-sensitive hash function (eLSH) is generated, and in this embodiment, an extended location-sensitive hash function family based on random bit projection, that is, a location-sensitive hash function family, is mainly used
Figure BDA0001834584010000091
Is extended by L hash functions giComposition of (a), wherein gi(x)=(hi,1(x),hi,2(x),…,hi,k(x)),
Figure BDA0001834584010000092
As shown in fig. 2, g is generatediThe specific process of the (-) is as follows:
1) the data owner generates k random values r in the range of 0-255 using the rand () functionj(j∈[k]) In the process of generating random values, random number seeds when random numbers are generated by using function srand () are set, different random number sequences can be obtained by setting different seeds, in the implementation of the system, different random number seeds are generated by using a system clock, namely, k random values r are generated by using srand (time (null))j(j∈[k]);
2) Data owner utilization riGenerating random bit projection functions
Figure BDA0001834584010000093
3) Generating a k-bit random bit projection function gi(x)=(hi,1(x),hi,2(x),…,hi,k(x))。
4) Repeatedly executing the step 1) and the subsequent steps,until L g are generatedi(. o.) in composition eLSH ═ g1(x),g2(x),…,gL(x))。
The specific process of the step 2 is as follows:
step 2-1: encrypting the original image by the data owner to generate an image ciphertext C;
as shown in fig. 3, the specific process of step 2-1 is:
1) carrying out block processing on an original digital image by taking bytes as a unit, sequentially dividing the image into 4 x 4 matrixes from the upper left corner to the lower right corner of the image, and for digital matrixes which are not multiples of 4 x 4, carrying out zero filling on rows and columns at the lower right of the matrixes;
2) AES encryption is carried out on each 4 x 4 matrix, the key is K, and the encryption result is stored in the original block again;
3) these blocks are concatenated in sequence as the ciphertext of the original image.
Step 2-2: the data owner executes a secret sharing algorithm and splits the symmetric key K, and the specific process is as follows:
1) selecting a large prime number p, and then randomly selecting (t-1) elements aiI-1, 2, …, t-1, and the polynomial f (x) of order t-1 is a0+a1x+…+at-1xt-1modp such that f (0) is a0=K;
2) Splitting the key K into n secret shares, where n is the number of image-extracted feature vectors, from ZpN different parameters d1,d2,…,dnIs used to identify n participants, calculate a secret share s for all participantsi=f(di),i∈[n];
Step 2-3: the data owner encrypts the symmetric key secret shares, as shown in fig. 4, by the specific process:
1) for feature vector ViExecute eLSH, generate L hash values gj(Vi)(j∈[L]);
2) For L hash values gj(Vi) Applying SHA1 Algorithm H, L hash values H (g) are generatedj(Vi))(i∈[n],j∈[L]) The L hash values are respectively used asEncrypting secret shares siL keys, i.e.
Figure BDA0001834584010000101
3) Using L keys
Figure BDA0001834584010000102
For secret shares siPerforming AES encryption algorithm to obtain secret share siOf L ciphertexts
Figure BDA0001834584010000103
The above process is repeated until all n secret shares are encrypted.
Step 2-4: generating a label set for the image, as shown in fig. 5, the specific process is as follows:
1) for feature vector ViExecute eLSH, generate L hash values gj(Vi)(j∈[L]);
2) For L hash values gj(Vi) Applying SHA1 algorithm G to generate L hash values G (G)j(Vi))(i∈[n],j∈[L]) The L hash values are respectively used as identification feature vectors ViThe label of (a) is used,
Figure BDA0001834584010000104
the above process is repeated until labels are generated for the n feature vectors.
And step 3: the cloud server stores data with the same label in the same hash bucket, and takes the label value as a bucket number to generate a security index structure as shown in fig. 6, as can be seen from fig. 6, the security index structure is a plurality of hash buckets constructed according to the encrypted database, the bucket numbers of the hash buckets are label values, a plurality of similar data exist in one hash bucket, and each data has a unique identifier (id (c), id (v), and id (tags)). As shown in fig. 7, the specific process of constructing the security index is as follows:
step 3-1: extracting data element C | | CT from encrypted database DB, CT | | CT1∪CT2…∪CTn,CTiRepresenting a feature vector ViA lower encrypted secret share set and a tag set;
step 3-2: split CTi=EncShi||TagsiObtaining a feature vector V of the encrypted imageiCorresponding tag set Tagsi
Figure BDA0001834584010000111
Step 3-3: by feature vector ViIs marked with a label
Figure BDA0001834584010000112
Identifying the encrypted image and further constructing a hash bucket structure, firstly, searching whether the existing hash bucket exists or not, and if not, constructing the hash bucket
Figure BDA0001834584010000113
And (ID), (C), ID (V), ID (tags)) into the hash bucket; if there is a constructed hash bucket, it will
Figure BDA0001834584010000114
Matching with the generated barrel number of the hash barrel, if equal, (ID (C), (V), ID (tags)) is put into the hash barrel, if not equal, a new hash barrel is created
Figure BDA0001834584010000115
(ID (C), ID (V), ID (tags)) is placed into the hash bucket.
And 4, step 4: the data visitor holds the search image to construct a search token, and sends the search token to the cloud server, as shown in fig. 8, the specific process of constructing the search token is as follows:
step 4-1: the data visitor performs steps 1-1 and 1-2 on the search image, and extracts a feature vector V ═ of the search image1′,V2′,…Vn′);
Step 4-2: for each feature vector Vi′∈V′(i∈[n]) Perform eLSH, then hash L results gj(Vi') execute SHA-1 Algorithm G, and output G (G)j(Vi')) as ViTag set T [ i ] of];
And repeating the step 4-2 until a label set is extracted for the n feature vectors of the search image, wherein the label set is used as a search token T of the search image, namely T ═ T [1 ]. U [ T [2 ]. U [ … ]. U [ T [ n ].
And 5: the cloud server receives the search token, and performs similar image search by using the search token and the security index, as shown in fig. 9, the specific process of fuzzy search is as follows:
step 5-1: searching a safety index according to the search token, and finding a hash bucket matched with the search token;
step 5-2: extract the elements (ID (C), ID (V), ID (tags)) in the matching hash bucket into set Ctmp(T) in (A);
step 5-3: computing C in the settmp(T) the frequency of occurrence of each encrypted image identifier id (c) is denoted as match, and the frequency represents the number of similar feature vectors of the encrypted image and the search image;
step 5-4: judging whether the match is larger than the threshold thr, if so>thr, then the encrypted image is considered to be similar to the search image, and the encrypted image C is added to the similar image set Cclose(T) in (1).
The cloud server will collect Cclose(T) returning as a fuzzy search result.
Step 6: the data visitor decrypts the result returned by the fuzzy search to recover the plaintext image, and the specific process is as follows:
step 6-1: judgment of G (G)j(Vi′))∈TagsiWhether or not this is true, if so, H (g) is utilizedj(Vi')) decrypt EncSh [ j]Obtaining secret shares s of the symmetric keyiA1 is toiAdding to the set Shares;
step 6-2: performing a secret sharing reconstruction algorithm on the set Shares, applying a lagrange interpolation formula to elements in the set Shares
Figure BDA0001834584010000121
Recovering a symmetric key K of the encrypted image;
step 6-3: and performing an AES decryption algorithm on the encrypted image C by using the symmetric key K to recover the original image.

Claims (6)

1. An encrypted image-oriented fuzzy search method is characterized by comprising the following steps:
step 1: a data owner preprocesses an original image to be encrypted and stored, extracts image features from the original image, describes the image by using the image features and further realizes similar image search;
step 2: the data owner encrypts the image, encrypts the original image by using a symmetric encryption method, secretly shares the symmetric key, encrypts the secret share and generates a label for the image; the method specifically comprises the following steps:
step 2-1: according to system security parameters, the data owner generates a secret key K, a symmetric encryption algorithm is executed on the image, the secret key is K, and an encrypted image C is generated;
step 2-2: executing a secret sharing algorithm on the symmetric key K, splitting K into n secret shares(s)1,...,sn) The number of the split secret shares is consistent with the number of the extracted image feature vectors;
step 2-3: constructing an extended position-sensitive hash function (eLSH) for solving the problem of approximate search of high-dimensional data;
step 2-3: for the feature vector V of the original imagei∈V(i∈[n]) Executing eLSH to obtain L hash values gj(Vi)(j∈[L]);
Step 2-4: selecting a hash function H, and calculating H (g)j(Vi))(j∈[L]) H (g)j(Vi) S) as a secret shared share corresponding to the key pairiEncrypted to get the share siL encrypted symmetric key secret shares
Figure FDA0003124132080000011
Composition fraction siIs encrypted secret share set EncShi
Step 2-5: selecting a hash function G, and calculating G (G)j(Vi) As the identifying feature vector ViOne tag of (1), L tags G (G)j(Vi))(j∈[L]) Component feature vector ViTag set of (2)iFurther obtain the feature vector ViCT of encrypted secret share sets and tag setsiI.e. CTi←EncShi||Tagsi
Repeating the steps 2-3 and the subsequent steps until the operation is completed on the n feature vectors;
and step 3: the data owner sends encrypted information of an original image to a cloud server for storage, wherein the encrypted information comprises an encrypted image, an encrypted symmetric key secret share and an image tag set;
and 4, step 4: the cloud server constructs a security index according to the encrypted data;
and 5: the data visitor constructs a search token according to the search image and sends the search token to the cloud server;
step 6: the cloud server searches similar images according to the received search token and the security index, returns the encrypted images as the similar images if the search images are similar to the encrypted images in the number of the feature vectors of the threshold number, and does not return the encrypted images if the search images are not similar to the encrypted images in the number of the feature vectors of the threshold number;
and 7: and the data visitor decrypts the returned similar image to recover the original image.
2. The method for searching for the blur of the encrypted image according to claim 1, wherein the preprocessing operation of step 1 is to extract image features from the original image, and to describe the visual characteristics of the image by using the image features; the method specifically comprises the following steps: the data owner executes a local feature extraction algorithm on the original image, and extracts the feature vectors of the first n feature points of the image, namely V ═ V (V)1,V2,...Vn)。
3. The fuzzy search method for the encrypted image according to claim 1, wherein the step 4 constructs an index composed of a hash Bucket number and a linked list, takes a label value as a Bucket number Bucket _ id for identifying the hash Bucket, and stores data elements in the hash Bucket by using a linked list Bucket _ list, wherein a plurality of data elements exist in one hash Bucket, and labels of the data elements in the same hash Bucket are overlapped; the method comprises the following specific steps:
step 4-1: extracting data element C | | CT from the encrypted database DB, wherein CT | | CT1∪CT2...∪CTn,CTiRepresenting a feature vector ViA lower encrypted secret share set and a tag set;
step 4-2: split CTi=EncShi||TagsiObtaining a feature vector V of the encrypted imageiCorresponding tag set Tagsi
Figure FDA0003124132080000021
Step 4-3, passing the feature vector ViIs marked with a label
Figure FDA0003124132080000022
Identify the encrypted image, and then construct the hash bucket structure, bucket number
Figure FDA0003124132080000023
The barrel stores (ID (C), (V), ID (tags)) and a feature vector V for identifying the encrypted image CiThe jth tag of (1).
4. An encrypted image-oriented fuzzy search method according to claim 1, wherein said step 5 comprises:
step 5-1: the data visitor performs the local feature extraction algorithm in step 1 on the search image to extract a feature vector V ═ V ″, which is a feature vector of the top n feature points of the image'1,V′2,...V′n);
Step 5-2: feature vector V 'to search image'i∈V′(i∈[n]) Executing eLSH to obtain L hash values gj(V′i)(j∈[L]);
Step 5-3: calculate G (G)j(Vi) As the identifying feature vector ViOne tag of (1), L tags G (G)j(Vi))(j∈[L]) Component feature vector ViSet of tags T [ i ]]The label set of n feature vectors T ═ T [1 ═ T]∪T[2]∪...∪T[n]As a search token for the image and sends it to the cloud server.
5. The encrypted image-oriented fuzzy search method according to claim 1, wherein the step 6 determines that the image approximation criterion is that two images have a threshold number of similar feature vectors, and the criterion for determining that two feature vectors are similar is that two feature vectors have overlapping labels, and specifically comprises the steps of:
step 6-1: searching a safety index according to the search token, finding all hash buckets matched with the search token, and extracting elements (ID (C), ID (V), ID (tags)) in the hash buckets to a set Ctmp(T) in (A);
step 6-2: computing a set Ctmp(T) each encrypted image identifier id (c) appears at a frequency representing the number of similar feature vectors for the encrypted image and the search image;
step 6-3: judging whether the frequency of ID (C) appearance is greater than a threshold value, if so, considering that the encrypted image C is similar to the search image, and adding the encrypted image C to a similar image set Cclose(T) in (A);
step 6-4: the cloud server sends Cclose(T) returning to the data visitor.
6. The blurred search method for encrypted images according to claim 1, wherein the step 7 of decrypting the image operation firstly needs to decrypt a secret share of the symmetric key, then reconstructs a symmetric key used by the encrypted image from the secret share of the symmetric key, and finally decrypts the original image by using the symmetric key, specifically:
step 7-1: the data accessor judges whether G (G) exists according to the characteristic vector of the search imagej(V′i))∈TagsiIf true, use H (g)j(V′i) Decryption of
Figure FDA0003124132080000031
Obtaining secret shares s of a symmetric keyiA1 is toiAdding to the set Shares; repeating the step 7-1 until all the characteristic vectors of the searched image are judged;
step 7-2: executing a secret sharing reconstruction algorithm on the set Shares to recover a symmetric key K of the encrypted image;
and 7-3: and decrypting the encrypted image C by using the symmetric key K to recover the original image.
CN201811220283.5A 2018-10-08 2018-10-19 Encrypted image-oriented fuzzy search method Expired - Fee Related CN109409111B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2018111674947 2018-10-08
CN201811167494 2018-10-08

Publications (2)

Publication Number Publication Date
CN109409111A CN109409111A (en) 2019-03-01
CN109409111B true CN109409111B (en) 2021-09-17

Family

ID=65468582

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811220283.5A Expired - Fee Related CN109409111B (en) 2018-10-08 2018-10-19 Encrypted image-oriented fuzzy search method

Country Status (1)

Country Link
CN (1) CN109409111B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110727951B (en) * 2019-10-14 2021-08-27 桂林电子科技大学 Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function
CN111651779B (en) * 2020-05-29 2022-03-18 广西师范大学 Privacy protection method for encrypted image retrieval in block chain

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment
CN107480163A (en) * 2017-06-19 2017-12-15 西安电子科技大学 The efficient ciphertext image search method of secret protection is supported under a kind of cloud environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment
CN107480163A (en) * 2017-06-19 2017-12-15 西安电子科技大学 The efficient ciphertext image search method of secret protection is supported under a kind of cloud environment

Also Published As

Publication number Publication date
CN109409111A (en) 2019-03-01

Similar Documents

Publication Publication Date Title
Zhang et al. Pop: Privacy-preserving outsourced photo sharing and searching for mobile devices
Qin et al. Privacy-preserving image processing in the cloud
Liu et al. Intelligent and secure content-based image retrieval for mobile users
EP2901359B1 (en) Secure private database querying with content hiding bloom filters
WO2018184407A1 (en) K-means clustering method and system having privacy protection
CN109615021B (en) Privacy information protection method based on k-means clustering
CN111541679B (en) Image security retrieval method based on secret sharing in cloud environment
Cui et al. Harnessing encrypted data in cloud for secure and efficient mobile image sharing
CN108400970A (en) Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
CN111914264A (en) Index creation method and device, and data verification method and device
CN115580402B (en) Data hiding query method for secure multi-party computation
Hassan et al. Secure content based image retrieval for mobile users with deep neural networks in the cloud
Yuan et al. Towards privacy-preserving and practical image-centric social discovery
CN112000632A (en) Ciphertext sharing method, medium, sharing client and system
CN109409111B (en) Encrypted image-oriented fuzzy search method
CN115767722A (en) Indoor positioning privacy protection method based on inner product function encryption in cloud environment
CN115269938A (en) Keyword track hiding query method and system based on homomorphic encryption and related device
Cui et al. Harnessing encrypted data in cloud for secure and efficient image sharing from mobile devices
Rong et al. Privacy‐Preserving k‐Means Clustering under Multiowner Setting in Distributed Cloud Environments
CN105743906A (en) Picture file encryption and decryption method and system based on content-associated secret key
Wang et al. Face detection for privacy protected images
Joseph et al. A Novel Algorithm for secured data sharing in cloud using GWOA-DNA cryptography
EP3323220B1 (en) Encryption scheme using multiple parties
CN117349685A (en) Clustering method, system, terminal and medium for communication data
Gbashi et al. Privacy Security System for Video Data Transmission in Edge-Fog-cloud Environment.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210917