CN110059630B - Verifiable outsourced monitoring video pedestrian re-identification method with privacy protection - Google Patents

Abstract

The invention relates to a privacy-protecting verifiable outsourced monitoring video pedestrian re-identification method. Firstly, extracting effective pedestrian features by using a Convolutional Neural Network (CNN) and a kernel function-based supervised hash (KSH); then, a Hamming distance calculation protocol based on secret sharing is designed, so that a cloud server is allowed to calculate the similarity between ciphertext feature indexes; in addition, a verification mechanism based on the Merkle hash tree is provided, which allows a user to check the correctness of the matching result. The method of the invention protects the privacy of other non-related pedestrians and realizes the re-identification of the verified pedestrians of the outsourced monitoring video; and the information security of the video data is considered while the local calculation, communication overhead and file storage space are reduced.

Description

Privacy-protection verifiable outsourced monitoring video pedestrian re-identification method

Technical Field

The invention relates to a privacy-protecting verifiable outsourced monitoring video pedestrian re-identification method.

Background

With the increasing popularization of smart cities and digital home concepts, monitoring cameras have been widely adopted in our daily lives, and are generally installed in places such as highways, supermarkets, college campuses and the like. In particular, criminal activities and terrorist attacks have made security issues increasingly prominent, greatly facilitating the rapid growth of the surveillance camera market. In 2018, according to BBC news reports, China has deployed more than 1.7 hundred million monitoring cameras, and it is expected that in the next three years, 4 hundred million cameras will be installed^[1]. Research and marks, as a world-known market Research institute, predicts that the video surveillance market will grow at a composite average growth rate of 11.8%, which is expected to grow from $ 183 billion in 2017 to $ 438 billion in 2025^[2]。

At present, video data from a monitoring camera is widely applied to the fields of traffic monitoring, crime evidence obtaining, activity detection and the like. Among them, re-identification of pedestrians as an important processing task for video data has attracted research interest of broad scholars and enterprises. The purpose of pedestrian re-identification in video data is to retrieve people of interest from different locations and different cameras^[3](as shown in fig. 1). This means that it is possible to identify whether someone in one camera has appeared in other surveillance videos at different times and places. This task of pedestrian re-identification is currently widely used in many security-related fields, especially in the public safety field. For example, it can easily identify whether a suspect exists in different surveillance videos. Based on this information, the police can quickly grasp the whereabouts of the suspect. As the number of cameras continues to increase, the large amounts of video data generated greatly increases the storage and computing costs for the user. It is estimated that global surveillance video data exceeds 560PB per day^[4]These huge amounts of video data are not processable by individuals or enterprises with limited resources.

The mass storage and strong computing power of the cloud server greatly reduce the large-scale data processing cost^[5]. But the problem is that the user has no knowledge of the storage location of the packet data and whether the data has been tampered with. In this case, there is a risk that data security and privacy of the user are revealed. Encrypting data directly with a conventional encryption algorithm prior to outsourcing is a common method of ensuring confidentiality of data. However, it may prevent further processing of such encrypted data, such as pedestrian re-identification. Generally, a simple solution to employing secure pedestrian re-identification techniques is to download all encrypted video data and decrypt them to perform pedestrian re-identification locally. However, such operations introduce high computational and communication costs to the user. Therefore, how to effectively perform pedestrian re-identification and ensure that the confidentiality of video data is not leaked by encrypting the outsourced monitoring video becomes a task which needs to be solved urgently.

At present, signal processing on data of encrypted text and images has become a popular research field, and various research branches such as ciphertext text retrieval, ciphertext image compression, ciphertext domain reversible information hiding and the like successively appear. Compared with texts and images, the research on privacy protection data processing on videos is relatively less, and particularly the research on pedestrian re-identification of outsourced ciphertext monitoring videos is almost blank. Furthermore, another problem is that the cloud server may return a small fraction of the false match results for its malicious purpose, i.e. saving storage costs or hiding data corruption or loss incidents^[6,7]. Currently, a feasible method for supporting privacy protection of a verifiable pedestrian re-identification scheme of outsourced monitoring video is still lacked in the field.

Reference documents:

[1]“Smart cameras catch man in 60,000crowd,”BBC News,April 13,2018,https://www.bbc.com/news/world-asia-china-43751276.

[2]“Video surveillance market to 2025-global analysis and forecasts by platforms(hardware and software),”https://www.researchandmarkets.com/research/zn5s9z/global videow＝5.

[3]Y.-C.Chen,X.Zhu,W.-S.Zheng,and J.-H.Lai,“Person re-identification by camera correlation aware feature augmentation,”IEEE transactions on pattern analysis and machine intelligence,vol.40,no.2,pp.392–408,2018.

[4]L.Tian,H.Wang,Y.Zhou,and C.Peng,“Video big data in smart city:Background construction and optimization for surveillance video processing,”Future Generation Computer Systems,2018.

[5]X.Liu,R.Deng,K.-K.R.Choo,Y.Yang,and H.Pang,“Privacy-preserving outsourced calculation toolkit in the cloud,”IEEE Transactions on Dependable and Secure Computing,2018.

[6]W.Sun,S.Yu,W.Lou,Y.T.Hou,and H.Li,“Protecting your right:verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud,”IEEE Transactions on Parallel and Distributed Systems,vol.27,no.4,pp.1187–1198,2016.

[7]Y.Miao,J.Weng,X.Liu,K.-K.R.Choo,Z.Liu,and H.Li,“Enabling verifiable multiple keywords search over encrypted cloud data,”Information Sciences,vol.465,pp.21–37,2018.。

disclosure of Invention

The invention aims to provide a method for identifying pedestrians in an outsourced surveillance video with verifiable privacy protection, which can protect the privacy of other non-related pedestrians and realize the pedestrian identification of the outsourced surveillance video with verifiable privacy protection; and the information security of the video data is considered while the local calculation, communication overhead and file storage space are reduced.

In order to realize the purpose, the technical scheme of the invention is as follows: a privacy-protecting verifiable outsourced monitoring video pedestrian re-identification method comprises the following steps:

step S1, firstly, extracting effective pedestrian feature vectors from a plaintext monitoring video by a content owner by using a convolutional neural network CNN and a kernel function-based supervision hash KSH, and constructing corresponding feature indexes; then, a content owner divides the feature index into n shares by adopting a secret sharing method based on a CRT and sends the n shares to a cloud data server, and in the process, all encrypted monitoring videos and corresponding identification numbers of the encrypted monitoring videos are outsourced to a cloud storage server;

step S2, the cloud storage server responds to the identification request of the content owner, provides storage service for the content owner, provides identification calculation and returns a monitoring video; in the step, the authorized user submits challenge information to the cloud storage server, and the cloud storage server is responsible for responding to the task of initiating the verification of the correctness of the matching result of the authorized user;

step S3, the cloud data server uses a part of the data storage space to store the shares submitted by the content owners; in addition, the cloud data server performs analog-to-digital addition operation on the shares and sends the calculated result to the cloud storage server;

step S4, the authorized user divides the inquired feature index into different parts and sends the different parts to the corresponding cloud data server at random, and after the returned result is obtained, the authorized user decrypts the index through the secret key to recover the plaintext video; in addition, the authorized user submits the initiated challenge information to the cloud storage server to verify the correctness of the returned data.

In an embodiment of the present invention, in step S1, a clear text surveillance video is set

Encrypt the corresponding ciphertext set as

Effective pedestrian feature vector

Extracted from the pedestrian image, the pedestrian image is a monitoring video from the plaintext

The acquired key frame.

In an embodiment of the present invention, in step S1, a specific implementation process in which a content owner splits a feature index into n shares by using a secret sharing method based on a CRT and sends the n shares to a cloud data server is as follows:

step S11, the content owner fills in z zeros

Therefore, the temperature of the molten metal is controlled,

will be extended to (d + z), denoted as

After step S12, the content owner randomly scrambles the feature vectors

Will replace the position of all elements of

Is converted into

Step S13, obtaining

When the content owner randomly selects a positive odd-number to replace 1 and a positive even-number to replace 0, where the range of selecting odd or even is set to [1, Γ]，

1/0 in different positions may correspond to different odd/even numbers, all feature vectors being arranged according to the above-described replacement rule

Is modified into

Step S14, the content owner continues to modify

The value of the element; here, the telescoping technique is used for further protection

Is not leaked, the scale modification can be completed by the following method

u′＝u·s+ε (4)

Wherein u is

The value of the middle element, s is a scale factor and takes the value as a positive number, epsilon is random noise, and the values are uniformly distributed, namely epsilon-U (0, gamma), (gamma is less than or equal to s); here, s is disclosed and allowed to follow

Elements are different and epsilon is private to the content owner; finally, each pedestrian image p_iIs modified to

Then, the content owner gets

As a pedestrian image p_iCharacteristic index of (1)_iI.e. by

Step S15, after the characteristic preprocessing of the above steps, the content owner will I_iShare in n

π(I_i)＝{I_i,1,I_i,2,…,I_i,n} (6)

I_i,j＝I_i mod m_j (7)

Where π (·) can be expressed as a splitting function based on a modulo operation, i.e., modm_jWherein the number of elements is set { m_j}_1≤j≤nKnown to cloud data servers and cloud storage servers;

let I_iThe w-th component of (A) is I_i(w) then its corresponding share is

π(I_i(w))＝{I_i,1(w),I_i,2(w),…,I_i,n(w)} (8)

Wherein the content of the first and second substances,

I_i,j(w)＝I_i(w)mod m_j (9)

step S16, finally, the content owner sets all encrypted video files C and ID to { ID ═ ID }₁,…,id_mUploading the data to a cloud storage server; furthermore, each of

The n shares are sent to the corresponding cloud data servers; the mapping relationship between these shares and the set D of cloud data servers is as follows:

in an embodiment of the present invention, in step S4, the specific implementation process that the authorized user splits the queried feature index into different parts and randomly sends them to the corresponding cloud data server is as follows:

feature index T for authorized user to query_QSplitting the part into n parts, and satisfying the following formula:

π(T_Q)＝{T_Q,1,T_Q,2,…,T_Q,n} (11)

and

π(T_Q(w))＝{T_Q,1(w),T_Q,2(w),…,T_Q,n(w)} (12)

T_Q,j(w)＝T_Q(w)mod m_j

wherein, T_Q,j(w) is T_QThe jth part of the w-th element of (1)

The user is then authorized to select from { T }_Q,j}_1≤j≤nAnd randomly selecting k shares and respectively and randomly sending the shares to k cloud data servers in the n cloud data servers.

In an embodiment of the present invention, in step S4, after the authorized user splits the queried feature index into different parts and randomly sends them to the corresponding cloud data server, the cloud data server and the cloud storage server execute the following steps:

the cloud data server performs and calculates processes:

feature index T for a given query_QAnd pedestrian image p_iIs indexed by

Activation by an authorized user_jCloud data server is in module m_jThe addition operation is performed, the sum of which is expressed as

Namely, it is

Wherein g represents the dimension of the feature index and is equal to d + z;

in calculating an arbitrary

Then, d_jThe cloud data server sends the intermediate value

Submitting to a cloud storage server;

the cloud storage server executes a similarity calculation process:

when k intermediate results of k cloud data servers are obtained

The cloud storage server will perform the following steps:

1) the cloud storage server firstly adopts a CRT method to reconstruct T_QAnd each I_iOriginal sum vector of

The cloud storage server then reduces the sum vector by the scaling factor s used in the feature pre-processing stage

Suppose that

Is { t }₁,t₂,…,t_gAfter expansion, the

Specifically calculated by the following formula:

cloud storage server based on

Then Q and can be calculated

Hamming distance therebetween;

2) the cloud storage server performs ascending sequencing on all Hamming distances and returns the most relevant encrypted video set

And its corresponding identification set ID ═ ID'₁,…,id′_qGiving the authorized user.

In an embodiment of the present invention, in step S4, the specific implementation process that the authorized user submits the initiated challenge information to the cloud storage server to verify the correctness of the returned data is as follows:

(6-1) adopting an MAC method to set the ID number as ID_i(i∈[1,m]) Encrypted video file c_iGenerating the value of MAC with key k of MAC

Wherein MAC (-) is a secure MAC scheme; accordingly, more than one will be generated

As a MAC set of elements

Namely, it is

Thereafter, MAC aggregation

Outsourcing to a cloud storage server;

(6-2) upon receiving the pedestrian re-recognition result

Thereafter, the authorized user first selects from the collection

In the random selection of subsets

Wherein { l_i}_1≤i≤tIndicating the selected encrypted video is

Q is less than or equal to t; the authorized user then challenges the information l_i}_1≤i≤tSend to cloudA storage server;

(6-3), when obtaining the challenge request from the authorized user, the cloud storage server based on the challenge information { l_i}_1≤i≤tConstructing two Merkle hash numbers for responding; in which MAC sets are assumed

Is a subset of the ciphertext video

A set of corresponding MACs; first, a Merkle hash tree MT is constructed, in which a hash function h is called_T:{0,1}^*→{0,1}^κTo calculate the hash values of all leaf nodes; for the intermediate node, the cloud storage server can obtain the hash value of the node by hashing the hash value obtained by combining the two direct child nodes of the intermediate node; if there is only one child node, the hash value of the parent node can be calculated by only hashing the hash value of the child node; in a similar manner, the cloud storage server may compute a hash value of the MT root node of the Merkle hash tree

And sending to an authorized user; in addition to the hash tree MT, the cloud storage server constructs a second hash tree CT, which is similar to the hash tree MT, except that the leaf nodes of the hash tree CT are directly encoded by the ciphertext video subset

As an input; also, a hash value of a root node is finally generated

And sending to an authorized user;

(6-4) upon reception

And

then, the authorized user correspondingly constructs two hash trees MT 'and CT', and respectively calculates the hash value of the root node

And

wherein the input MAC set of leaf nodes of the hash tree MT

Need to be calculated by an authorized user, i.e. by the MAC method

The generated set is the MAC value of

Wherein the key K involving the MAC is provided by the corresponding content owner in a shared manner; as for

Construction process of

The same as the above;

(6-5) authorized user through analysis

And corresponding

Judging whether the re-identification result of the pedestrian is correct or not according to the relationship; if it is not

The recognition result can be judged to be correct; if it is not

It can be determined that the returned recognition result is tampered by the third party; if it is not

And is

The recognition result is confirmed to be tampered by the cloud storage server.

Compared with the prior art, the invention has the following beneficial effects:

(1) the technology is a first attempt of obtaining privacy-protecting pedestrian re-identification through outsourcing monitoring videos, and the application allows users to store data of the users to a cloud server to obtain safe pedestrian re-identification service;

(2) safe Hamming distance calculation, the application constructs a novel safe Hamming distance protocol; the method allows the cloud server to calculate the Hamming distance on the ciphertext data, and the calculation process does not need to know the plaintext content;

(3) no key encryption, a key generation center is essential in general cryptosystems, which is responsible for managing and distributing the private keys of users. (ii) a However, over-reliance on key centers is highly prone to the problem of heavy key escrow; the present application is directed to allowing a user to encrypt a feature index in a keyless manner;

(4) the method has high precision and low cost, and the invariant pedestrian features are captured by adopting the function based on the CNN so as to obtain better matching performance; moreover, KSH techniques are used to reduce feature dimensions, thereby reducing storage and communication costs;

(5) and the verified pedestrian is identified again, and a double Merkle hash tree is developed by the application, so that the user is allowed to check the correctness of the matching result.

Drawings

FIG. 1 is a graph illustrating a pedestrian re-identification problem;

FIG. 2 is an infrastructure for pedestrian re-identification;

FIG. 3 is an overall framework of the method of the invention;

figure 4 is a verification mechanism based on a double Merkle hash tree.

Detailed Description

The technical scheme of the invention is specifically explained below with reference to the accompanying drawings.

The present invention provides an effective pedestrian re-identification method for privacy protection on outsourced surveillance video, which allows a cloud server to perform pedestrian re-identification tasks without knowing the plaintext content of the video data involved (e.g., video data and query information). In order to obtain effective high-precision retrieval performance, the scheme combines a CNN model and a KSH technology to capture effective characteristics in a video key frame in a binary form; in order to realize efficient and safe calculation among features, a Hamming distance safe calculation protocol aiming at binary expressed features is specially designed by utilizing a secret sharing technology based on the Chinese Remainder Theorem (CRT), so that the similarity among the features can be accurately calculated on the ciphertext features by a server; in addition, an identification result verification mechanism is constructed by utilizing the Merkle hash tree, so that a malicious server and a third party adversary cannot tamper the returned matching result, and the authorized user can judge whether the returned identification result is tampered by the server or the third party by utilizing the verification mechanism.

The invention specifically relates to a privacy-protecting verifiable outsourced monitoring video pedestrian re-identification method, which comprises the following steps:

step S1, firstly, extracting effective pedestrian feature vectors from a plaintext monitoring video by a content owner by using a convolutional neural network CNN and a kernel function-based supervision hash KSH, and constructing corresponding feature indexes; then, a content owner splits the feature index into n shares by adopting a secret sharing method based on CRT and sends the n shares to a cloud data server, and in the process, all encrypted monitoring videos and corresponding identification numbers thereof are outsourced to a cloud storage server;

step S2, the cloud storage server responds to the identification request of the content owner, provides storage service for the content owner, provides identification calculation and returns a monitoring video; in the step, the authorized user submits challenge information to the cloud storage server, and the cloud storage server is responsible for responding to the task of initiating the verification of the correctness of the matching result of the authorized user;

step S3, the cloud data server uses a part of the data storage space to store the shares submitted by the content owner; in addition, the cloud data server performs analog-to-digital addition operation on the shares and sends the calculated result to the cloud storage server;

step S4, the authorized user divides the inquired feature index into different parts and sends the different parts to the corresponding cloud data server at random, and after the returned result is obtained, the authorized user decrypts the index through the secret key to recover the plaintext video; in addition, the authorized user submits the initiated challenge information to the cloud storage server to verify the correctness of the returned data.

The following are specific embodiments of the present invention.

Hereinafter, CO means a content owner, CSS means a cloud storage server, CDS means a cloud data server, and AU means an authorized user.

Referring to fig. 2, the design of an infrastructure for pedestrian re-identification, according to its implementation elements, the present application proposes a safe pedestrian re-identification scheme in a cloud computing environment, which mainly includes four steps: content owners, cloud storage servers, cloud data servers, and authorized users.

The concrete implementation steps are as follows:

(1) and firstly, extracting a feature vector from the plain text surveillance video by a content owner, so that a corresponding feature index can be constructed. The content owner then sends the indexed share to the cloud data server using a CRT-based secret sharing method. While the process is generated, all encrypted monitoring videos and corresponding identification numbers thereof are outsourced to the cloud storage server.

(2) The cloud storage server mainly responds to the identification request of the content owner, provides storage service for the content owner, provides identification calculation and returns monitoring videos. In this step, the authorized user submits challenge information to the cloud storage server, and the cloud storage server is responsible for responding to the task of initiating the verification of the correctness of the matching result by the authorized user.

(3) The cloud data server may use some data storage space to store shares submitted by users. In addition, the cloud data server needs to have the computing capability of performing modular addition operation on the sharing of the feature index, and send the computed result to the cloud storage server.

(4) The authorized user splits the feature index of the query into different parts and sends them to the corresponding cloud data server at random, which does not involve a key. After the returned result is obtained, the authorized user can decrypt and recover the plaintext video by the aid of the secret key. In addition, the authorized user can submit the initiating challenge information to the cloud storage server to verify the correctness of the returned data.

The second embodiment:

assuming that the cloud server is an honest and curious model, the FARRIS (i.e., a set of efficient privacy protection pedestrian scheme) framework designed by the application can implement the task of re-identifying the privacy protection pedestrians by encrypting the outsourcing monitoring video.

The present application generally describes the infrastructure required for a pedestrian re-identification scheme in example one, and then further details of the implementation are described in the present application on the basis of example one. The special points are as follows:

(1) and a key rule: for video files, the present application employs traditional symmetric encryption (e.g., AES) to encrypt the outsourced surveillance video directly. In addition, the CRT-based secret sharing technology can realize the feature index keyless encryption of a content owner or an authorized user. The keyless nature will greatly reduce the cost of key management and storage, it may allow the user to split the data into multiple obfuscated portions, not involving encryption keys, and the original data may be reconstructed as long as a certain number of shares are aggregated.

(2) And index construction: as shown in step (r) of FIG. 3, the content owner will have all video files

Are encrypted one by one, and the corresponding ciphertext set is

Feature vector

Will be extracted from the pedestrian image, which is a video from the plain text

The acquired key frame. Next, preprocessing is performed to generate a feature index, which is performed to avoid leakage of feature vector information to the cloud data server and the cloud storage server. The content owner then splits each feature index into n shares using the CRT method.

More specifically, to achieve secure hamming distance calculation, some modifications should be made to the feature vectors in advance. The details are as follows:

(2-1), CO pack z zeros to

Therefore, the temperature of the molten metal is controlled,

will expand to (d + z), denoted as

This operation is mainly prevented from occurring

The dimension is small and is inferred by CSS in an exhaustive way from the phenomena of the original feature vectors.

(2-2) after the filling operation, CO randomly scrambles the feature vectors

The position of all elements of (a). The replacement operation is to

Is converted into

(2-3) obtaining

CO randomly selects positive odd to replace 1 and positive even to replace 0. Here, the range of selecting odd or even is set to [1, Γ ]]. It is noted that,

1/0 in different locations may correspond to different odd/even numbers. According to the above replacement rule, the CO will assign all feature vectors

Is modified to

The strategy of odd/even replacement aims at changing the fact that the number 1 or 0 always remains unchanged.

(2-4) after the third modification, CO continues to be modified

The value of the element. Here, the present application utilizes telescoping technology for further protection

Is not leaked. The scale modification can be accomplished by the following method

u′＝u·s+ε (4)

Wherein u is

The value of the medium element, s is a scale factor and is a positive number, epsilon is random noise, and the values are uniformly distributed, namely epsilon-U (0, gamma), (gamma is less than or equal to s). Here, s is public and allowed to follow

The elements are different and epsilon is proprietary to CO. Finally, each person image p_iIs modified to

Then, CO is taken out

As a pedestrian image p_iCharacteristic index of (1)_iI.e. by

This scaling step is to avoid that the parity of positive numbers may remain the same with a certain probability under modulo operation, resulting in that the CDS can deduce the original feature vector

1 and 0 in (1).

(2-5) after the characteristic pretreatment of the four modification steps, the CO will I_iShare in n

π(I_i)＝{I_i,1,I_i,2,…,I_i,n} (6)

I_i,j＝I_i mod m_j (7)

Where π (. cndot.) can be expressed as a splitting function, which is based primarily on modulo arithmetic, i.e., mod m_jIn which the number of elements is set { m_j}_1≤j≤nKnown for CDS and CSS.

In fact, I_iAll components of (a) perform a pi operation in FARRIS, respectively. Let I_iThe w-th component of (A) is I_i(w) then its corresponding share is

π(I_i(w))＝{I_i,1(w),I_i,2(w),…,I_i,n(w)} (8)

Wherein the content of the first and second substances,

I_i,j(w)＝I_i(w)mod m_j (9)

(2-6) finally, the CO will encrypt all video files

And ID ═ ID₁,…,id_mAre uploaded to the CSS together. In addition, each of

The n shares are sent to the respective CDS. These collections of sharing and CDS

The mapping relationship between the two is as follows:

(3) and query generation: as shown in step two of FIG. 3, index T is queried_QWill be generated using the four modifications described above prior to outsourcing. Similar to the splitting process of the CO index, the querying user will be T_QThe separation into n parts meets the following requirements.

π(T_Q)＝{T_Q,1,T_Q,2,…,T_Q,n} (11)

And

π(T_Q(w))＝{T_Q,1(w),T_Q,2(w),…,T_Q,n(w)} (12)

T_Q,j(w)＝T_Q(w)mod m_j

wherein T is_Q,j(w) is T_QThe jth part of the w-th element of (a).

AU then follows { T }_Q,j}_1≤j≤nAnd randomly selecting k shares and respectively and randomly sending the shares to k CDSs in the n CDSs. In this case, the CSS need not actively send a request to the CDS with shares to obtain the reconstructed secret, since the k CDSs activated by the AU will automatically have them sentThe intermediate calculation result is sent to the CSS. The method avoids interaction between the CDSs and the CSS and reduces communication overhead.

(4) And calculating: once the query T is obtained from the querying user, step three of FIG. 3_QFor the corresponding shares, the corresponding CDS starts to calculate the sum of its resulting query index share and all index shares stored thereon, respectively. Given a query index T_QAnd any human image p_iIs indexed by

Dth activated by AU_jCDS in mode m_jThe addition operation is performed, the sum of which is expressed as

That is to say that the temperature of the molten steel,

where g represents the dimension of the feature index and is equal to d + z.

In calculating an arbitrary

Then, d_jCDS converts the intermediate value

Submitted to the CSS. Due to the final sum

Is done by the CSS of the FARRIS, so any one CDS is directed to

The values of (A) are unknown. Even though several CDSs may be in series with each other, only if the number of CDS involved is less than the threshold k,

value of (A)Is not leaked.

(5) And similarity calculation: when k intermediate results are obtained, as shown in step (r) of FIG. 3

The CSS will perform the following steps:

(5-1), CSS first reconstructs T using CRT method_QAnd each I_iOriginal sum vector of

The CSS then reduces the sum vector according to the scale factor s used in the feature pre-processing stage

Suppose that

Is { t }₁,t₂,…,t_gAfter expansion, the

Specifically calculated by the following formula

Although the CSS does not know the original feature vectors Q and

but it may still be based on

To calculate the hamming distance between them. In the following, the present application briefly introduces a calculation procedure:

as described in the index building algorithm of step (2),

is to pass the first three modifications during the feature vector preprocessingImprovement from

And (3) the product is obtained. Suppose Q' is a vector of query Q after the first three modifications have been preprocessed. Obviously, only when the random noise ε ≦ s,

exactly Q' and

the sum of (1). It is well known that the number of 1's in the sum of any two binary vectors of the same dimension is exactly equal to the hamming distance between them, and 1's are again odd numbers. This means that the hamming distance can be found by calculating the number of odd elements in the sum vector. Although Q' and after feature vector preprocessing

Significantly different from the corresponding original binary feature vectors, but the sum between them

The number of odd numbers in (b) remains unchanged. The main reason is the replacement rule in the index construction algorithm of the step (2)

The parity of the original binary vector elements is not changed. Furthermore, the odd number invariance is also not affected by the (2-1) padding zero modification step, since the even sum is still even. Based on the above analysis, CSS can be derived directly from the sum of their preprocessed feature vectors by counting the number of elements with odd values

To obtain Q and

hamming distance between.

(5-2) CSS DuchemSequencing the Hamming distance in an ascending order and returning the most relevant encrypted video set

And its corresponding identification set ID ═ ID'₁,…,id′_qGiving the authorized user.

(6) And verifying a matching result: in practical applications, the cloud server is more likely to follow a model that is semi-honest but curious and carries some malicious behavior. This means that the cloud server can forge or tamper with the matching result of the pedestrian re-identification. To address this problem, the present application provides FARRIS with a verifiable mechanism to strengthen it against models that are semi-honest but curious and carry part of the malicious behavior. In addition, the application considers that a third party adversary can distort the result in the transmission process, and also considers the fact that the CSS hides the true falsifier by means of the third party adversary tampering. In order to avoid ambiguity, the application designs an advanced verification mechanism based on a double Merkle hash tree, which is used for checking the correctness of the pedestrian re-identification result and determining a true determined falsifier from the CSS and a third party adversary when the verification fails. The key steps are as follows:

(6-1), the authentication mechanism of the present application herein uses Message Authentication Code (MAC) technology. MAC is a cryptographic primitive used to achieve message integrity and authentication. Firstly, the ID number is set as ID by the MAC method_i(i∈[1,m]) Encrypted video file c_iGenerating the value of MAC with key k of MAC

Where MAC (-) is a secure MAC scheme (e.g., HMAC). Accordingly, more than one will be generated

As a MAC set of elements

Namely, it is

Thereafter, MAC aggregation

Outsourcing to CSS, which may be outsourced with all encrypted video files in step (2) the index construction algorithm.

(6-2) upon receiving the pedestrian re-recognition result

Thereafter, AU first from the set

In the random selection of subsets

Wherein { l_i}_1≤i≤tIndicating the selected encrypted video is

And t is less than or equal to q. AU then challenges the information l_i}_1≤i≤tTo the CSS.

(6-3), when obtaining challenge request from AU, CSS is based on challenge information { l }_i}_1≤i≤tTwo Merkle hash numbers were constructed to respond as shown in figure 4. In which MAC sets are assumed

Is a subset of the ciphertext video

A set of corresponding MACs. First, a Merkle hash tree MT is constructed, in which a hash function h is called_T:{0,1}^*→{0,1}^κTo compute the hash values of all leaf nodes (with the MAC value of the corresponding ciphertext video as input). For the intermediate node, the CSS may be obtained by hashing the hash value of the merged two immediate children of the CSSThe hash value of the node. If there is only one child node, the hash value of the parent node may be calculated by hashing only the hash value of the child node. In a similar manner, CSS may calculate a hash value of Merkle hash tree MT root node

And sent to the AU. In addition to the hash tree MT, the CSS constructs a second hash tree CT, which is similar to the hash tree MT except that the leaf nodes of the hash tree CT are directly encoded in ciphertext video subsets

As an input. Also, a hash value of a root node is finally generated

And sent to the AU.

(6-4) upon receipt

And

then, two hash trees MT 'and CT' are correspondingly constructed by AU, and the hash values of the root nodes are respectively calculated

And

wherein the input MAC set of leaf nodes of the hash tree MT

Need to be calculated by AU itself, i.e. by MAC method

The resulting set is the MAC value of

Where the key K involving the MAC is provided by the respective CO in a shared form. As for

Construction process of

The same applies.

(6-5) AU passage analysis

And corresponding

The relationship between the pedestrian and the pedestrian is used for judging whether the re-identification result of the pedestrian is correct or not. If it is not

The identification result can be judged to be correct; if it is used

It can be determined that the returned recognition result is tampered by the third party; if it is not

And is

It is confirmed that the recognition result is falsified by the CSS.

The invention is characterized in that:

the method has two aspects of characteristics: the method comprises the steps of cooperatively considering two links of monitoring video data security and pedestrian re-identification, researching privacy protection and subsequent similarity measurement calculation of video data and pedestrian feature content, and solving the contradiction between the video data security and the outsourced pedestrian re-identification task; and secondly, the verification problem of the correctness of the identification result is converted into the judgment of the hash value of the root node of the hash tree, and two services of data integrity verification and source tampering judgment can be provided.

The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.

Claims (5)

1. A privacy-protecting verifiable outsourced monitoring video pedestrian re-identification method is characterized by comprising the following steps:

step S1, firstly, extracting effective pedestrian feature vectors from a plaintext monitoring video by a content owner by using a convolutional neural network CNN and a kernel function-based supervision hash KSH, and constructing corresponding feature indexes; then, a content owner divides the feature index into n shares by adopting a secret sharing method based on a CRT and sends the n shares to a cloud data server, and in the process, all encrypted monitoring videos and corresponding identification numbers thereof are outsourced to a cloud storage server;

step S2, the cloud storage server responds to the identification request of the content owner, provides storage service for the content owner, provides identification calculation and returns a monitoring video; in the step, the authorized user submits challenge information to the cloud storage server, and the cloud storage server is responsible for responding to the task of initiating the verification of the correctness of the matching result of the authorized user;

step S3, the cloud data server uses a part of the data storage space to store the shares submitted by the content owner; in addition, the cloud data server performs analog-to-digital addition operation on the shares and sends the calculated result to the cloud storage server;

step S4, the authorized user divides the inquired feature index into different parts and sends the different parts to the corresponding cloud data server at random, and after the returned result is obtained, the authorized user decrypts the index through the secret key to recover the plaintext video; in addition, the authorized user submits the initiated challenge information to the cloud storage server to verify the correctness of the returned data;

in step S4, the specific implementation process that the authorized user submits the initiated challenge information to the cloud storage server to verify the correctness of the returned data is as follows:

(6-1) adopting an MAC method to set the ID number as ID_i,i∈[1,m]Encrypted video file c_iGenerating the value of MAC with key k of MAC

Wherein MAC (-) is a secure MAC scheme; accordingly, more than one will be generated

As a MAC set of elements

Namely, it is

Thereafter, MAC aggregation

Outsourcing to a cloud storage server;

(6-2) upon receiving the pedestrian re-recognition result

Thereafter, the authorized user first selects from the collection

In the random selection of subsets

Wherein { l_i}_1≤i≤tIndicating the selected encrypted video is

Q is less than or equal to t; the authorized user then challenges the information l_i}_1≤i≤tSending the data to a cloud storage server;

(6-3), when obtaining the challenge request from the authorized user, the cloud storage server based on the challenge information { l_i}_1≤i≤tConstructing two Merkle hash trees for response; in which MAC sets are assumed

Is a subset of the ciphertext video

A set of corresponding MACs; first, a Merkle hash tree MT is constructed, in which a hash function h is called_T:{0,1}^*→{0,1}^κTo calculate the hash values of all leaf nodes; for the intermediate node, the cloud storage server obtains the hash value of the node by hashing the hash value obtained by combining the two direct child nodes of the intermediate node; if there is only one child node, calculating the hash value of the parent node only by hashing the hash value of the child node; in a similar manner, the cloud storage server may compute a hash value of the MT root node of the Merkle hash tree

And sending to an authorized user; in addition to the hash tree MT, the cloud storage server constructs a second hash tree CT, which is similar to the hash tree MT, except that the leaf nodes of the hash tree CT are directly encoded in the ciphertext video subset

As an input; also, a hash value of a root node is finally generated

And sending to an authorized user;

(6-4) upon reception

And

later, the authorized user correspondingly constructs two hayesThe Highenki MT 'and CT' respectively calculate the hash value of the root node

And

wherein the input MAC set of leaf nodes of the hash tree MT

Need to be calculated by an authorized user, i.e. by the MAC method

The generated set is the MAC value of

Wherein the key K involving the MAC is provided by the corresponding content owner in a shared manner; as for

Construction process of

The same as the above;

(6-5) authorized user through analysis

And corresponding

Judging whether the re-identification result of the pedestrian is correct or not according to the relationship; if it is used

Judging that the identification result is correct; if it is not

It can be determined that the returned recognition result is tampered by the third party; if it is not

And is

The recognition result is confirmed to be tampered by the cloud storage server.

2. The privacy-preserving verifiable outsourced surveillance video pedestrian re-identification method of claim 1, wherein in step S1, a clear surveillance video is provided

Encrypt the corresponding ciphertext set as

Effective pedestrian feature vector

Extracted from the pedestrian image, the pedestrian image is a monitoring video from the plaintext

The acquired key frame.

3. The privacy-preserving verifiable outsourced surveillance video pedestrian re-identification method according to claim 2, wherein in step S1, the specific implementation process of splitting the feature index into n shares by the content owner using the CRT-based secret sharing method and sending the n shares to the cloud data server is as follows:

step S11, the content owner fills in z zeros

Therefore, the temperature of the molten metal is controlled,

will extend to d + z, denoted as

After step S12, the content owner randomly scrambles the feature vectors

Will replace the position of all elements of

Is converted into

Step S13, obtaining

When the content owner randomly selects a positive odd-number to replace 1 and a positive even-number to replace 0, where the range of selecting odd or even is set to [1, Γ]，

1/0 in different positions of (a) correspond to different odd/even numbers, all feature vectors are substituted according to an alternative rule

Is modified into

Step S14, the content owner continues to modify

The value of the element; here, the telescoping technique is used for further protection

Is not leaked, and the scale modification is performed by the following method

u′＝u·s+ε (4)

Wherein u is

The value of the middle element, s is a scale factor and takes the value as a positive number, epsilon is random noise, the values are uniformly distributed, namely epsilon-U (0, gamma), and gamma is less than or equal to s; here, s is disclosed and allowed to follow

Elements are different and epsilon is private to the content owner; finally, each pedestrian image p_iIs modified to

Then, the content owner gets

As a pedestrian image p_iCharacteristic index of (1)_iI.e. by

Step S15, after the characteristic preprocessing of the above steps, the content owner will I_iShare in n

π(I_i)＝{I_i,1,I_i,2,…,I_i,n} (6)

I_i,j＝I_i mod m_j (7)

Where π (·) can be expressed as a splitting function based on a modulo operation, i.e., mod m_jIn which the number of elements is set { m_j}_1≤j≤nKnown to cloud data servers and cloud storage servers;

let I_iThe w-th component of (A) is I_i(w) then their corresponding share is

π(I_i(w))＝{I_i,1(w),I_i,2(w),…,I_i,n(w)} (8)

Wherein the content of the first and second substances,

I_i,j(w)＝I_i(w)mod m_j (9)

step S16, finally, the content owner encrypts all the encrypted video files

And ID ═ ID₁,…,id_mUploading the data to a cloud storage server; in addition, each I_iN shares of i ≦ 1 ≦ l are sent to the corresponding cloud data servers; these collections of sharing and cloud data servers

The mapping relationship between the two is as follows:

4. the privacy-preserving verifiable outsourced surveillance video pedestrian re-identification method according to claim 3, wherein in the step S4, the specific implementation process of splitting the queried feature index into different parts by the authorized user and randomly sending them to the corresponding cloud data server is as follows:

feature index T for authorized user to query_QSplitting the part into n parts, and satisfying the following formula:

π(T_Q)＝{T_Q,1,T_Q,2,…,T_Q,n} (11)

and

π(T_Q(w))＝{T_Q,1(w),T_Q,2(w),…,T_Q,n(w)} (12)

T_Q,j(w)＝T_Q(w)mod m_j

wherein, T_Q,j(w) is T_QThe jth part of the w-th element of (1)

The user is then authorized to select from { T }_Q,j}_1≤j≤nAnd randomly selecting k shares and respectively and randomly sending the shares to k cloud data servers in the n cloud data servers.

5. The privacy-preserving verifiable outsourced surveillance video pedestrian re-identification method of claim 4, wherein in step S4, after the authorized user splits the queried feature index into different parts and sends them to the corresponding cloud data server at random, the cloud data server and the cloud storage server perform the following steps:

the cloud data server performs and calculates processes:

feature index T for a given query_QAnd a pedestrian image p_iIndex I of_i(1. ltoreq. i. ltoreq.l), d-th activated by an authorized user_jCloud data server on module m_jThe addition operation is performed, the sum of which is expressed as

Namely, it is

Wherein g represents the dimension of the feature index and is equal to d + z;

in calculating an arbitrary

Then, d_jThe cloud data server sends the intermediate value

Submitting to a cloud storage server;

the cloud storage server executes a similarity calculation process:

when k intermediate results of k cloud data servers are obtained

The cloud storage server will perform the following steps:

1) the cloud storage server firstly adopts a CRT method to reconstruct T_QAnd each I_iOriginal sum vector of

The cloud storage server then reduces the sum vector by the scaling factor s used in the feature pre-processing stage

Suppose that

Is { t }₁,t₂,…,t_gAfter expansion, the

Specifically calculated by the following formula:

cloud storage server based on

Then Q and can be calculated

Hamming distance therebetween;

2) the cloud storage server performs ascending sequencing on all Hamming distances and returns the most relevant encrypted video set

And its corresponding identification set ID ═ ID'₁,…,id′_qGiving the authorized user.

Images