A secure image sharing scheme based on SVD and Fractional Fourier Transform

https://doi.org/10.1016/j.image.2017.04.012Get rights and content

Highlights

  • A privacy preserving outsourcing of media information over cloud based architecture was proposed in this article.

  • The media information is obscured into obfuscated shares and a secret information specific to the owner is embedded into some of these encrypted shares.

  • The rightful ownership verification is performed in the encrypted domain at the authentic entity end via extraction of the secret information.

Abstract

Outsourcing multimedia contents to cloud servers without obscuring may lead to an increase in security breaches that might discourage the end users from exploiting the multiple facilities provided by the cloud-based architecture. To secure the content and still be capable enough to provide the cloud services, many homomorphic encryption based schemes are being proposed in the literature. In this article, secured image outsourcing and ownership verification service in a cloud environment on the basis of singular value decomposition (SVD) and Fractional Fourier Transform (FrFT) has been proposed. It disseminates the image information via Shamir secret sharing scheme to create multiple obfuscated shares that reveal no information about the image. To assert the ownership in the encrypted domain at the receiver end, an owner specific information is embedded into some of the shares based on the secret keys. The secret information can be extracted either directly from the cloud servers or obtained after recovery of the cover media. Different attack scenarios have been analyzed considering the possibilities of the attacks that may be attempted by intruders once the information is outsourced to the cloud servers. The proposed scheme was found to be robust against various attacks, hence proving its efficacy.

Introduction

An increase in security and privacy breaches of multimedia data residing over the cloud-based architecture is urging researchers to investigate into new protocols and techniques that can secure the content. Hence, secure signal processing has become a very active research area. Efforts are being made to provide the same cloud services but keeping the data secure and less vulnerable to security breaches. Towards this end, many encryption schemes may be thought of as the solution of obscuring the content before outsourcing at remotely located cloud data centers. However, the limitations prevalent in these encryption schemes might not support facilitating the services on encrypted content and hence, utilization of these services becomes very challenging in encrypted domain. For decades watermarking has served as an efficient solution for protecting the multimedia content in plaintext domain [1], [2], [3], [4], [5], [6], [7]. But to do so in encrypted domain addressing the challenges of processing the encrypted content and providing a prototypical model to assert rightful ownership of encrypted content would be very beneficial. It will serve as a promising solution for scenarios where some sensitive information like a person’s credentials, his medical reports, etc need to be transmitted over cloud-based paradigm without any leakage of information if any interception occurs in between.

To support different applications via secure signal processing, newer versions of transformations suited for encrypted domain processing have been proposed in the literature. Suitability of discrete Fourier transform (DFT), fast Fourier transform (FFT) and discrete cosine transform (DCT) was studied by Bianchi et al. and new variants were proposed for encrypted data [8], [9]. Zheng et al. focused on transforming discrete wavelet transform (DWT) to encrypted domain and thus, reducing the data expansion persisting due to this transformation [10]. Other privacy preserving applications like fingerprint recognition [11], secure electrocardiogram (ECG) classification [12], composite signal representation [13], scale-invariant feature transform (SIFT) [14] based image feature extraction, authentication via encrypted biometrics [15], privacy-preserving face recognition [16] etc. have been proposed in the literature.

Realizing the potential of watermarking in encrypted domain to address the security issues, some works have been proposed in the literature as solutions to varied situations. A buyer-seller watermarking protocol guaranteeing the independency and confidentiality of information among buyer seller has been proposed in the literature [17]. An encrypted fingerprint logo of the buyer was embedded into the publicly encrypted information sold by the seller. Thus, the seller could not get hold of the watermarked image of the buyer and buyer could not know about the original image version. A scheme to address the issue of rightful distributor in a multilevel network distribution and thus tracing the traitor if any dispute arises has been proposed in [18]. It was specifically meant for compressed and encrypted JPEG2000 content distribution.

Another joint encryption and watermarking scheme for protection of medical images has been proposed in [21]. It was aimed at maintaining the integrity of image in the encrypted domain based on stream cipher and block cipher algorithms. Although in the initial protection phase watermarking and encryption were jointly conducted, the decryption and watermark extraction could be done independently at verification stage. Integrating discrete wavelet transform and discrete cosine transform in encrypted domain for proposing a robust watermarking scheme was presented by Guo et al. [20]. Encrypting the content and thereafter compressing the least significant bits of encrypted image to hide additional information was proposed in [19]. The scheme ensured separability of secret information extraction or recovery of the original media depending on the secret keys possessed by the entity. It eradicated the flaws existing in the pipeline system where functionality of one depended on the other. Additional feature of content recovery with a new variant of visible watermarking was also explored in [22]. Reducing computational complexity and data expansion problems persisting in homomorphic encryption schemes and partial encryption schemes were proposed in [23], [24]. Some regions were encrypted while others were kept in plaintext domain to embed the secret information. However, the security of plaintext regions remained vulnerable. Chinese remainder theorem (CRT) based secret sharing schemes have been proposed by Mignotte and Asmuth [25], [26]. Shares are obtained based on the congruence equations and the secret can be recovered by solving the system of congruencies to get the unique solution. However, CRT based encryption schemes have been proven vulnerable to chosen plaintext attack [27].

In this article, a fully secured SVD and FrFT based image outsourcing and ownership verification service in cloud has been proposed. The scheme is based on distributing the sensitive cover media information into multiple obfuscated shares. These shares obtained via Shamir secret sharing scheme are information theoretically secure and reveals no information about the sensitive content. A owner specific secret information is embedded into some of these random looking shares by transforming using Fractional Fourier keeping the order as secret and thereafter exploiting the singular values of the transformed shares. The obtained shared are fully obscured and can be securely distributed over remotely located cloud data centers. The scheme is robust enough to handle various attack scenarios that may be possible against these encrypted shares while residing at the cloud data centers. The scheme facilitates secret information extraction either directly from the cloud data centers or after recovery of the media information at the authentic entity end possessing the secret keys. A comparison of the state-of-the-art approaches with the proposed scheme has been tabulated in Table 1 t0005. The security of the scheme relies on the value of the transform order and the chosen shares for embedding of secret information as neither the ownership information can be extracted nor the cover media can be recovered in visually recognizable quality without knowing its actual value. The proposed scheme caters the aforementioned challenges and furnishes the following goals:

  • Information theoretic security: The shares residing at remotely located cloud data centers are information theoretically secure. This implies no matter how much computation power an adversary has, no information about the secret can be revealed from the shares.

  • Fault tolerant: The scheme can handle the scenarios where few of the cloud data centers fully go down as the information is distributed and can be fetched from the other shares.

  • Separability of secret information extraction and recovery of cover media: Depending on the secret keys, the secret information can either extracted directly from the cloud data centers or fetched after recovery of the cover media.

  • Robustness against different attack scenarios: The robustness of the encrypted shares was tested against different attack scenarios while residing over the cloud data centers and was found to performing satisfactorily well as evaluated by normalized cross correlation (NCC) metrics.

The rest of the paper is organized as follows: In Section 2, some preliminaries are given, Section 3 discusses the proposed approach. Experimental results along with analysis are presented in Section 4 and finally, conclusions are stated in Section 5.

Section snippets

Preliminaries

A brief overview of the concepts used in the proposed approach is given as follows:

The proposed methodology

To facilitate security of the multimedia content residing over remotely located cloud data centers while availing facilities of cloud based architecture, the cover media information is distributed into multiple encrypted shares revealing no information. A secret owner specific information as watermark logo is embedded into some of the random shares based on a secret key. Since the shares are encrypted, they can be securely distributed over the remotely located cloud centers. Only the authentic

Experimental results and discussion

The wide attacking surface of the cloud-based architecture demands for secure approaches that can facilitate usage of cloud infrastructure and storage capacities but in a secured way. The proposed scheme based on Shamir’s secret sharing furnishes one such approach where the information of the cover media is distributed into multiple encrypted shares that are information theoretically secure. It implies that no matter how much power an attacker possesses, no information could be revealed from

Conclusion

For the purpose of decreasing the susceptibility of sensitive multimedia information residing over distributed cloud data centers managed by third party servers, a secure SVD-FrFT based watermarking scheme for encrypted domain has been proposed in this paper. The sensitive information was secured via distributing its content into multiple random looking Shamir shares. A secret information was embedded into some of its random looking shares to prove the rightful ownership of the content on the

References (31)

  • T. Bianchi et al.

    Encrypted domain dct based on homomorphic cryptosystems

    EURASIP J. Inf. Secur.

    (2009)
  • T. Bianchi et al.

    On the implementation of the discrete fourier transform in the encrypted domain

    IEEE Trans. Inf. Forensics Secur.

    (2009)
  • P. Zheng et al.

    Discrete wavelet transform and data expansion reduction in homomorphic encrypted domain

    Trans. Img. Proc.

    (2013)
  • M. Barni, T. Bianchi, D. Catalano, M. D. Raimondo, R. D. Labati, P. Failla, D. Fiore, R. Lazzeretti, V. Piuri, A. Piva,...
  • M. Barni et al.

    Privacy-preserving ecg classification with branching programs and neural networks

    IEEE Trans. Inf. Forensics Secur.

    (2011)
  • Cited by (0)

    View full text