towards efficient privacy-preserving image feature extraction in cloud computing

25
COMPUTATION: THE CASE OF OUTSOURCED PRIVACY-PRESERVING SIFT Zhan Qin , Jingbo Yan, Kui Ren, Chang Wen Chen State University of New York at Buffalo Cong Wang City University of HongKong

Upload: si-chen

Post on 20-Jul-2015

175 views

Category:

Science


2 download

TRANSCRIPT

PRIVATE IMAGE

COMPUTATION: THE CASE

OF OUTSOURCED

PRIVACY-PRESERVING

SIFT

Zhan Qin , Jingbo Yan, Kui Ren, Chang Wen Chen State University of New York at Buffalo

Cong WangCity University of HongKong

iPhoto

Growth of Images

Tremendous growth in various image data.

Millions of images are captured and uploaded from local

devices to internet every day.

E.g. , , , etc.

Mining the Image Data

Valuable information could be mined.

Important role of Image Data Mining

Content Based Image Retrieval.

Social network analyzing.

Behavioral advertising.

Outsourcing them to Cloud

Enormous workload on image processing

tasks.

How about outsourcing them to cloud?

Cloud: Flexible usage of economical

computation resources.

The Problem is the Privacy

Privacy leakage

Outsourced image reveals private info[1].

Various users’ requirements

Sensitivity based on the image content.

Location, Person, Text.

[1] Huang L C, Chu H C, Lien C Y, et al. Privacy preservation and information security protection for patients’ portable

electronic health records[J]. Computers in biology and medicine, 2009, 39(9): 743-750.

Popular Image Processing Algorithm and the

privacy

The state of the art focuses on protecting

image content[2].

Pixel Values.

Global Features.

e.g. Histogram

Local Features.

e.g. SIFT descriptor

[2] Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., & Toft, T. (2009, January). Privacy-preserving face

recognition. In Privacy Enhancing Technologies(pp. 235-253). Springer Berlin Heidelberg.

SIFT Algorithm

SIFT is an useful and popular algorithm to

detect content features to better enable further

image mining applications[3].

[3] Lowe D G. Object recognition from local scale-invariant features. Computer vision, 1999. The proceedings

of the seventh IEEE international conference on. Ieee, 1999, 2: 1150-1157.

Recall Lowe’s SIFT

Two main stages

Scale-space Extrema Detection

Descriptor Generation

D(x, y,s ij ) = [G(x, y,kis )-G(x, y,k js )]* I(x, y)

m(x, y) = Diff (LX (x, y,s ))2 +Diff (LY (x, y,s ))2

q(x, y) = tan-1 Diff (LX (x, y,s ))

Diff (LY (x, y,s ))

Existing Privacy-preserving SIFT

Algorithm

Possible solution

Homomorphic Encryption (HE) [4]

Encryption schemes that enable homomorphic

operations over ciphertext domain.

𝐸(𝑓)𝑓

Homomorphic Property: E( a+b ) = E(a) ⊕ E(b).

E( a×b ) = E(a) ⊗ E(b).

[4] Hsu, Chao-Yung, Chun-Shien Lu, and Soo-Chang Pei. "Secure and robust SIFT."Proceedings of the

17th ACM international conference on Multimedia. ACM, 2009.

Limitation of HE-based

solutions

Limitations of existing HE-based solutions

Functionality

Complicated computation like local features, e.g.

SIFT.

Only protecting pixel values.

Performance

Computational complexity.

No existing practical solutions.

Key Ideas

Balance the tradeoff between utility and privacy

Reduce complexity.

Divide the cloud into multiple independent entities to

overcome the limitation of HE scheme.

Improve privacy protection

Not only protecting pixel values is not enough.

Protecting location of feature point.

Shape of Objects in image

SecSIFT: A Secure SIFT feature detection system

based on Cloud

We propose a privacy-preserving solution to cloud-based

computation framework of SIFT.

We employ secure multiparty computation techniques

integrated with SIFT computation.

Provide fine-grained privacy definition

Enable practical functionality

Achieve efficient performance

SecSIFT: Framework

We divide the original SIFT algorithm into three

stages.

Three entities: Client, Generators, and Comparer.

SecSIFT: Image encryption on

Client

Client

Encryption system

SecSIFT: Scale-space Cube

Generation

Generator Scale-space Generation

Cube Encryption Cube Permutation: Privacy

Noise Perturbation: Effectiveness

Order Preserving Encryption (OPE) and Permutation

OPE properties:

For all i, j, E(i)>E(j), iff i>j

SecSIFT: Keypoint Discovering

Comparer

Partially recover the encrypted cubes.

Return extremes’ id with dummy ids.

OPEPermutation

OPEPermutation

Insert

Dummy

IDs

SecSIFT: Descriptor Generation

Generator

We utilize four vectors in fixed directions to

approximate the original sift feature vector.

SecSIFT: Experimental

Evaluation

Utility

Precision of SecSIFT descriptors

Location of interesting points.

Image matching results.

Feasibility

Efficiency of SecSIFT system

Time complexity.

Workload Distribution.

Privacy Confidentiality of encrypted value.

Delocalization of interesting points.

SecSIFT: Precision

Euclidean distance between the corresponding

keypoints.

SecSIFT: Precision

Error rate of image matching

SecSIFT: Efficiency

Computation time

SecSIFT

HE-SIFT

SecSIFT: Efficiency

Workload Distribution

SecSIFT: Privacy

Confidentiality of pixel values & descriptors.

One time pad.

Order preserving encryption.

Delocalization of interesting point.

The result shows a quantitative method E.g. Prob.=0.15 provides privacy equivalent to what appears

intended by the HIPAA safe harbor rules.

Pr[ExpM ,N

z (A) =1]=4z

M - z+1

Pr[Expr,dz (A) =1]=

| r |

| r |+ | d |

Conclusion

SecSIFT: a novel approach that integrates

SMC and OPE to enable secure image

computation outsourcing with practical

performance.

The privacy of the image content is well-

defined and protected against cloud.

The performance of SecSIFT is much more

efficient than HE-based existing works.

Thank You