towards efficient privacy-preserving image feature extraction in cloud computing
TRANSCRIPT
PRIVATE IMAGE
COMPUTATION: THE CASE
OF OUTSOURCED
PRIVACY-PRESERVING
SIFT
Zhan Qin , Jingbo Yan, Kui Ren, Chang Wen Chen State University of New York at Buffalo
Cong WangCity University of HongKong
iPhoto
Growth of Images
Tremendous growth in various image data.
Millions of images are captured and uploaded from local
devices to internet every day.
E.g. , , , etc.
Mining the Image Data
Valuable information could be mined.
Important role of Image Data Mining
Content Based Image Retrieval.
Social network analyzing.
Behavioral advertising.
Outsourcing them to Cloud
Enormous workload on image processing
tasks.
How about outsourcing them to cloud?
Cloud: Flexible usage of economical
computation resources.
The Problem is the Privacy
Privacy leakage
Outsourced image reveals private info[1].
Various users’ requirements
Sensitivity based on the image content.
Location, Person, Text.
[1] Huang L C, Chu H C, Lien C Y, et al. Privacy preservation and information security protection for patients’ portable
electronic health records[J]. Computers in biology and medicine, 2009, 39(9): 743-750.
Popular Image Processing Algorithm and the
privacy
The state of the art focuses on protecting
image content[2].
Pixel Values.
Global Features.
e.g. Histogram
Local Features.
e.g. SIFT descriptor
[2] Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., & Toft, T. (2009, January). Privacy-preserving face
recognition. In Privacy Enhancing Technologies(pp. 235-253). Springer Berlin Heidelberg.
SIFT Algorithm
SIFT is an useful and popular algorithm to
detect content features to better enable further
image mining applications[3].
[3] Lowe D G. Object recognition from local scale-invariant features. Computer vision, 1999. The proceedings
of the seventh IEEE international conference on. Ieee, 1999, 2: 1150-1157.
Recall Lowe’s SIFT
Two main stages
Scale-space Extrema Detection
Descriptor Generation
D(x, y,s ij ) = [G(x, y,kis )-G(x, y,k js )]* I(x, y)
m(x, y) = Diff (LX (x, y,s ))2 +Diff (LY (x, y,s ))2
q(x, y) = tan-1 Diff (LX (x, y,s ))
Diff (LY (x, y,s ))
Existing Privacy-preserving SIFT
Algorithm
Possible solution
Homomorphic Encryption (HE) [4]
Encryption schemes that enable homomorphic
operations over ciphertext domain.
𝐸(𝑓)𝑓
Homomorphic Property: E( a+b ) = E(a) ⊕ E(b).
E( a×b ) = E(a) ⊗ E(b).
[4] Hsu, Chao-Yung, Chun-Shien Lu, and Soo-Chang Pei. "Secure and robust SIFT."Proceedings of the
17th ACM international conference on Multimedia. ACM, 2009.
Limitation of HE-based
solutions
Limitations of existing HE-based solutions
Functionality
Complicated computation like local features, e.g.
SIFT.
Only protecting pixel values.
Performance
Computational complexity.
No existing practical solutions.
Key Ideas
Balance the tradeoff between utility and privacy
Reduce complexity.
Divide the cloud into multiple independent entities to
overcome the limitation of HE scheme.
Improve privacy protection
Not only protecting pixel values is not enough.
Protecting location of feature point.
Shape of Objects in image
SecSIFT: A Secure SIFT feature detection system
based on Cloud
We propose a privacy-preserving solution to cloud-based
computation framework of SIFT.
We employ secure multiparty computation techniques
integrated with SIFT computation.
Provide fine-grained privacy definition
Enable practical functionality
Achieve efficient performance
SecSIFT: Framework
We divide the original SIFT algorithm into three
stages.
Three entities: Client, Generators, and Comparer.
SecSIFT: Scale-space Cube
Generation
Generator Scale-space Generation
Cube Encryption Cube Permutation: Privacy
Noise Perturbation: Effectiveness
Order Preserving Encryption (OPE) and Permutation
OPE properties:
For all i, j, E(i)>E(j), iff i>j
SecSIFT: Keypoint Discovering
Comparer
Partially recover the encrypted cubes.
Return extremes’ id with dummy ids.
OPEPermutation
OPEPermutation
Insert
Dummy
IDs
SecSIFT: Descriptor Generation
Generator
We utilize four vectors in fixed directions to
approximate the original sift feature vector.
SecSIFT: Experimental
Evaluation
Utility
Precision of SecSIFT descriptors
Location of interesting points.
Image matching results.
Feasibility
Efficiency of SecSIFT system
Time complexity.
Workload Distribution.
Privacy Confidentiality of encrypted value.
Delocalization of interesting points.
SecSIFT: Privacy
Confidentiality of pixel values & descriptors.
One time pad.
Order preserving encryption.
Delocalization of interesting point.
The result shows a quantitative method E.g. Prob.=0.15 provides privacy equivalent to what appears
intended by the HIPAA safe harbor rules.
Pr[ExpM ,N
z (A) =1]=4z
M - z+1
Pr[Expr,dz (A) =1]=
| r |
| r |+ | d |
Conclusion
SecSIFT: a novel approach that integrates
SMC and OPE to enable secure image
computation outsourcing with practical
performance.
The privacy of the image content is well-
defined and protected against cloud.
The performance of SecSIFT is much more
efficient than HE-based existing works.