PRACTICAL PRIVACY-PRESERVING CONTENT-BASEDRETRIEVAL IN CLOUD IMAGE REPOSITORIES

 

ABSTRACT

Storage requirements for visual data have been increasing in recent years, following the emergence of many highlyinteractive multimedia services and applications for mobile devices in both personal and corporate scenarios. This has been a keydriving factor for the adoption of cloud-based data outsourcing solutions. However, outsourcing data storage to the Cloud also leads tonew security challenges that must be carefully addressed, especially regarding privacy. In this paper we propose a secure frameworkfor outsourced privacy-preserving storage and retrieval in large shared image repositories. Our proposal is based on IES-CBIR, a novelImage Encryption Scheme that exhibits Content-Based Image Retrieval properties. The framework enables both encrypted storageand searching using Content-Based Image Retrieval queries while preserving privacy against honest-but-curious cloud administrators.We have built a prototype of the proposed framework, formally analyzed and proven its security properties, and experimentallyevaluated its performance and retrieval precision. Our results show that IES-CBIR is provably secure, allows more efficient operationsthan existing proposals, both in terms of time and space complexity, and paves the way for new practical application scenarios

PROPOSED SYSTEM:

In summary, this paper makes the following contributions:(i) We formally define IES-CBIR, a novel Image EncryptionScheme with Content-Based Image Retrieval properties,and propose an efficient construction that achievesits functionality; (ii) We show how to design an outsourcedimage storage, search, and retrieval framework byleveraging IES-CBIR to avoid most heavy computations tobe performed by the client (i.e. indexing of dynamicallyadded/updated images), hence circumventing performancepitfalls that exist in current state of art proposals ; (iii) We formally prove the securityof our framework and IES-CBIR; (iv) We experimentallyshow that when compared with competing alternatives, our framework provides increased scalability, performance(from user’s perspective), and lower bandwidthconsumption, allowing client applications to be increasinglylightweight and mobile; (v) And finally we show that theretrieval precision and recall of the proposed solution is onpar with the current state of art .The work presented in this paper was first introducedin. Here we extend our exposition significantly bydiscussing two use cases where IES-CBIR and the proposedframework can be applied with immediate benefits. Wefurther provide a complete formal security evaluation ofour proposals and a performance analysis of the searchoperation of our framework in comparison with relevantprevious works. Additionally we provide a statistical securityanalysis of IES-CBIR and its entropy levels at each stepof encryption and the complete description of all frameworkoperations.

EXISTING SYSTEM:

Previous proposals for supporting outsourced storage,search, and retrieval of images in the encrypted domain canbe broadly divided in two classes: those based on SearchableSymmetric Encryption (SSE) techniques and those basedon Public-Key partially-Homomorphic Encryption (PKHE).SSE has been widely used in the past by the researchcommunity, especially for text data. In theimage domain, even though not identified as SSE schemes,multiple systems use the same (or similar) techniques forimage search/retrieval. For simplicity,we refer to these as SSE-based solutions. In SSE-basedsolutions, clients process their data before encrypting andoutsourcing it to the Cloud. From this processing, an indexis created, encrypted, and stored in the outsourced infrastructure,which allows clients to search their data efficientlyand in a secure way. Data is typically encrypted with probabilisticsymmetric-key encryption schemes, while the indexis protected through a combination of probabilistic anddeterministic  encryption.Unfortunately, SSE-based approaches in general share thefollowing limitations:(i) Clients either require a trusted proxy or have toindex their images (and encrypt that index) locally ,which entails the use of additional computational power ontheir side and limits the practicality of such solutions forresource-constrained mobile devices. This effect is furtherexacerbated when considering dynamic scenarios, whereimages are constantly being added, updated, and removed.In such dynamic scenarios, SSE solutions usually requiremultiple rounds of communication for updating imagerepositories and their indexes. For instance, a previous approachby Lu et al. uses repository-wide statistics (e.g.inverse-document frequencies), which change as the repositoriesare updated and thus force the re-construction andre-encryption of the index, requiring clients to downloadand decrypt the full contents of the repository. Additionallyindex values are encrypted with an order-preserving encryptionscheme that depends on plaintext domain distribution.With multiple updates this distribution changes, againrequiring the re-construction and re-encryption of the index.This is an important issue from a security viewpoint. Otherapproaches from the literature require multiple rounds ofcommunication for performing such operations.

CONCLUSIONS

In this paper we have proposed a new secure frameworkfor the privacy-preserving outsourced storage, search, andretrieval of large-scale, dynamically updated image repositories,where the reduction of client overheads is a centralaspect. In the basis of our framework is a novel cryptographicscheme, specifically designed for images, namedIES-CBIR. Key to its design is the observation that in images,color information can be separated from texture information,enabling the use of different encryption techniqueswith different properties for each one, and allowing privacypreservingContent-Based Image Retrieval to be performedby third-party, untrusted cloud servers. We formally analyzedthe security of our proposals, and additional experimentalevaluation of implemented prototypes revealed thatour approach achieves an interesting trade-off between precisionand recall in CBIR, while exhibiting high performanceand scalability when compared with alternative solutions.An interesting future work direction is to investigate theapplicability of our methodology – i.e. the separation of informationcontexts when processing data (color and texturein this contribution) – in other domains beyond image data

.REFERENCES

[1] M. Meeker, “Internet Trends 2015,” in Code Conf., 2015.

[2] Global Web Index, “Instagram tops the list of social networkgrowth,” http://tinyurl.com/hnwwlzm, 2013.

[3] C. D. Manning, P. Raghavan, and H. Sch ¨ utze, An Introduction toInformation Retrieval. Cambridge University Press, 2009, vol. 1.

[4] R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka,and J. Molina, “Controlling data in the cloud: outsourcing computationwithout outsourcing control,” in CCSW’09, 2009.[5] D. Rushe, “Google: don’t expect privacy when sending to Gmail,”http://tinyurl.com/kjga34x, 2013.

[6] G. Greenwald and E. MacAskill, “NSA Prism programtaps in to user data of Apple, Google and others,”http://tinyurl.com/oea3g8t, 2013.

[7] A. Chen, “GCreep: Google Engineer Stalked Teens, Spied onChats,” http://gawker.com/5637234, 2010.

[8] J. Halderman and S. Schoen, “Lest we remember: cold-boot attackson encryption keys,” in Commun. ACM, vol. 52, no. 5, 2009.

[9] National Vulnerability Database, “CVE Statistics,”http://web.nvd.nist.gov/view/vuln/statistics, 2014.

[10] D. Lewis, “iCloud Data Breach: Hacking And Celebrity Photos,”https://tinyurl.com/nohznmr, 2014.

[11] P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin, andM. Walfish, “Depot: Cloud Storage with Minimal Trust,” ACMTrans. Comput. Syst., vol. 29, no. 4, pp. 1–38, dec 2011.

[12] C. Gentry, S. Halevi, and N. P. Smart, “Homomorphic evaluationof the AES circuit,” in CRYPTO’12. Springer, 2012, pp. 850–867.

[13] P. Paillier, “Public-key cryptosystems based on composite degreeresiduosity classes,” in EUROCRYPT’99, 1999, pp. 223–238.

[14] T. ElGamal, “A public key cryptosystem and a signature schemebased on discrete logarithms,” in Adv. Cryptol. Springer, 1985.