Article
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

The evolution of cloud computing and a drastic increase in image size are making the outsourcing of image storage and processing an attractive business model. Although this outsourcing has many advantages, ensuring data confidentiality in the cloud is one of the main concerns. There are state-of-the-art encryption schemes for ensuring confidentiality in the cloud. However, such schemes do not allow cloud datacenters to perform operations over encrypted images. In this paper, we address this concern by proposing 2DCrypt, a modified Paillier cryptosystem-based image scaling and cropping scheme for multi-user settings that allows cloud datacenters to scale and crop an image in the encrypted domain. To anticipate a high storage overhead resulted from the naive per-pixel encryption, we propose a space-efficient tiling scheme that allows tile-level image scaling and cropping operations. Basically, instead of encrypting each pixel individually, we are able to encrypt a tile of pixels. 2DCrypt is such that multiple users can view or process the images without sharing any encryption keys - a requirement desirable for practical deployments in real organizations. Our analysis and results show that 2DCrypt is INDistinguishable under Chosen Plaintext Attack secure and incurs an acceptable overhead. When scaling a 512 × 512 image by a factor of two, 2DCrypt requires an image user to download approximately 5.3 times more data than the un-encrypted scaling and need to work approximately 2.3 s more for obtaining the scaled image in a plaintext.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Multiple parties can perform ciphertext calculation, ciphertext search and so on, while protecting privacy data. For instance, Mohanty et al. in [7] proposed a modified Paillier cryptosystem-based image processing scheme, where a image outsourcer, a cloud server and an image user were involved. The cloud server in [7] can perform scaling and cropping operations over encrypted images with the help of the image outsourcer and the image user. ...
... For instance, Mohanty et al. in [7] proposed a modified Paillier cryptosystem-based image processing scheme, where a image outsourcer, a cloud server and an image user were involved. The cloud server in [7] can perform scaling and cropping operations over encrypted images with the help of the image outsourcer and the image user. Ayday et al. in [8] introduced a privacy-preserving disease susceptibility test. ...
Preprint
Full-text available
The modified Paillier cryptosystem has become extremely popular and applied in many fields, owning to its additive homomorphism. This cryptosystem provides weak private keys and a strong private key. A weak private key only can decrypt ciphertexts under the corresponding public key. The strong private key can decrypt all ciphertexts even under different public keys. When the modified Paillier cryptosystem is applied in a system, the member, often the system administrator, has the strong private key and can decrypt all ciphertexts. If this system administrator is attacked or compromised, the security of the application system absolutely break down. Thus, it is important to stop the decryption of the strong private key. To address this issue, we propose an restrained version of the modified Paillier cryptosystem (Restrained-Paillier), by endowing the multiplicative homomorphism. We perform the additive encryption on the multiplicative ciphertext and generate the mixed ciphertext, which can not be decrypted by the strong private key. Based on this Restrained-Paillier, we develop two applications. Firstly, we realize access control of common secret of two owners. In our scheme, only one owner cannot access secret. Secondly, we present three protocols for identity distribution and key management, identity authentication and private key recovery. Security analysis shows that the Restrained-Paillier cryptosystem can resist the chosen plaintext attack. The experimental results illustrate the utility and efficiency of the proposed protocols.
... Among the additive homomorphic encryption schemes, Paillier is the widely used for image processing works on encrypted domain [21,25,32]. The basic image scaling and cropping operations in encrypted domain is proposed in [21]. ...
... Among the additive homomorphic encryption schemes, Paillier is the widely used for image processing works on encrypted domain [21,25,32]. The basic image scaling and cropping operations in encrypted domain is proposed in [21]. A reversible data hiding approach based on Paillier scheme, where the hidden data is directly embedded into the encrypted images is proposed in [32]. ...
Article
Full-text available
The exponential growth in the medical images is making the healthcare industry move towards cloud-based paradigm, which has vast storage and high end processing facilities. However, moving medical images containing highly sensitive data to third-party cloud servers brings in serious security threats. Even though encrypting medical images before outsourcing using traditional encryption schemes seem to be a feasible solution, that can not support encrypted domain processing. In this paper, we propose an affine Hill cipher based scheme for encrypted domain medical image fusion. The random vectors used in this scheme are carefully designed to preserve the randomness and security properties when operations are performed on the encrypted data. The proposed scheme offers data privacy and supports encrypted domain processing with no additional storage burden at the cloud side and very low computational burden at the healthcare provider side. The security of the proposed scheme is evaluated through extensive cryptanalysis in terms of resistance against various statistical attacks. The performance of the proposed scheme is analyzed by comparing various metrics of encrypted domain MR-CT/PET image fusion results with those of plaintext domain fusion. The values of structural similarity index, normalized correlation coefficient and structural content are 1 and the image quality index is 0.999, which show that the proposed encrypted domain image fusion provides same accuracy levels as that of plaintext domain image fusion.
... Existing privacy-preserving multimedia computing schemes [15,18,25] primarily use Homomorphic Encryption (HE) for secure data processing. HE is a special form of encryption which allows specific computations to be performed over the encrypted data, such that, the decryption result matches the same operations being performed over the plain data. ...
Article
Full-text available
This study aims to process the private medical data over eHealth cloud platform. The current pandemic situation, caused by Covid19 has made us to realize the importance of automatic remotely operated independent services, such as cloud. However, the cloud servers are developed and maintained by third parties, and may access user’s data for certain benefits. Considering these problems, we propose a specialized method such that the patient’s rights and changes in medical treatment can be preserved. The problem arising due to Melanoma skin cancer is carefully considered and a privacy-preserving cloud-based approach is proposed to achieve effective skin lesion segmentation. The work is accomplished by the development of a Z -score-based local color correction method to differentiate image pixels from ambiguity, resulting the segmentation quality to be highly improved. On the other hand, the privacy is assured by partially order homomorphic Permutation Ordered Binary (POB) number system and image permutation. Experiments are performed over publicly available images from the ISIC 2016 and 2017 challenges, as well as PH dataset, where the proposed approach is found to achieve significant results over the encrypted images (known as encrypted domain), as compared to the existing schemes in the plain domain (unencrypted images). We also compare the results with the winners of the ISBI 2016 and 2017 challenges, and show that the proposed approach achieves a very close result with them, even after processing test images in the encrypted domain. Security of the proposed approach is analyzed using a challenge-response game model.
... To the best of our knowledge, no previous effort has been made for encrypted domain camera attribution that guarantees both utility and privacy. Some previous works, however, have focused on encrypted domain image processing [30]- [33] using partial homomorphic encryption schemes, such as Shamir's secret sharing and Paillier encryption. ...
Article
Photo Response Non-Uniformity (PRNU) noise-based source camera attribution is a popular digital forensic method. In this method, a camera fingerprint computed from a set of known images of the camera is matched against the extracted noise of an anonymous questionable image to find out if the camera had taken the anonymous image. The possibility of privacy leak, however, is one of the main concerns of the PRNU-based method. Using the camera fingerprint (or the extracted noise), an adversary can identify the owner of the camera by matching the fingerprint with the noise of an image (or with the fingerprint computed from a set of images) crawled from a social media account. In this article, we address this privacy concern by encrypting both the fingerprint and the noise using the Boneh-Goh-Nissim (BGN) encryption scheme, and performing the matching in encrypted domain. To overcome leakage of privacy from the content of an image that is used in the fingerprint calculation, we compute the fingerprint within a trusted environment, such as ARM TrustZone. We present e-PRNU that aims at minimizing privacy loss and allows authorized forensic experts to perform camera attribution. The security analysis shows that the proposed approach is semantically secure.
... For multi-user settings Mohanty et al. [19] have presented a 2DCRYPT, a changed Paillier cryptosystem-based image scaling and cropping plan. The main drawback of this method is security and incurs of the acceptable overhead. ...
Article
Full-text available
Managing and using industrial Big Data is a big challenge for every industrial enterprise manager. By using the cloud technology, enterprises can handover the task of heavy data management to reliable hands and focus on their main business. Though cloud technology has numerous advantages, there are several privacy and security issues involved. One way in which cloud providers respond to this issue is with their key management service, where encryption keys are used to protect sensitive data present in the cloud. This paper discusses crucial hierarchy-based key management technique called Privacy-Preserving Based on Characteristic Encryption for privacy preservation in the cloud environment.
Article
The advanced Internet technologies have migrated the people to rejoice a virtual environment known as cloud computing. The user can avail the desired services on a pay-as-you-go model, without worrying about the burden of infrastructure maintenance. However, privacy is one of the major issues in cloud computing. This issue is further widened for highly confidential multimedia data like surveillance images and videos. In the context of cloud based smart multimedia systems, it has been found that due to inconsistent weather conditions, there is a usual requirement of post-processing the captured multimedia for better appearance. However, privacy related concerns are resisting users to move their data to the cloud. One such problem is addressed in this paper, specializing the task of efficient nighttime haze removal using privacy-preserving cloud based automatic reference image selection and color transfer as a service. Different from daytime conditions, nighttime haze image consists of multiple light sources, which makes an ambiguous situation for haze removal. We address this problem by first selecting an appropriate gray image as the reference and then transferring its colors to nighttime haze image. This makes the transformed image a suitable candidate for radiance recovery. The proposed protocol is designed to securely outsource this considerable burden from user end. We accomplish this by first proposing an automatic reference gray image selection method, followed by efficient handling mechanisms for technical challenges arising due to performing color transfer operations securely over cloud. Experimental results and validation demonstrates superiority of the proposed method over state-of-the-art schemes. Security analysis of the proposed protocol is established through a challenge-response game model.
Article
Due to its large storage facility and high-end computing capability, cloud computing has received great attention as a huge amount of personal multimedia data and computationally expensive tasks can be outsourced to the cloud. However, the cloud being third-party semi-trusted, is prone to information leakage, raising privacy risks. Signal processing in the encrypted domain has emerged as a new research paradigm on privacy-preserving processing over outsourced data by semi-trusted cloud. In this article, we propose a solution for non-integer mean value computation in the homomorphic encrypted domain without any interactive protocol between the client and the service provider. Using the proposed solution, various image processing operations, such as local smoothing filter, un-sharp masking, and histogram equalization, can be performed in the encrypted domain at the cloud server without any privacy concerns. Our experimental results from standard test images reveal that these image processing operations can be performed without pre-processing, without client-server interactive protocol, and without any error between the encrypted domain and the plain domain.
Article
Resource-constrained users outsource the massive image data to the cloud to reduce storage and computation overhead locally, but security and privacy concerns seriously hinder the applications of outsourced image processing services. Besides, existing image processing solutions in the encrypted domain still bring high computation overhead, and even lead to characteristic loss. To this end, we propose a Privacy-Preserving Krawtchouk Moment (PPKM) feature extraction framework over encrypted image data by utilizing the Paillier cryptosystem. First, a mathematical framework for PPKM implementation and image reconstruction is presented in the encrypted domain. Then, the detailed expanding factor and upper bound analysis shows that plaintext Krawtchouk moment and plaintext image reconstruction can be realized over encrypted image with PPKM. Furthermore, the computation complexity of PPKM can be significantly reduced with the block-based parallel algorithm. Experimental results verify that the PPKM is feasible and acceptable in practice in terms of image reconstruction capability and image recognition accuracy.
Article
Cloud-based expert systems are highly emerging nowadays. However, the data owners and cloud service providers are not in the same trusted domain in practice. For the sake of data privacy, sensitive data usually has to be encrypted before outsourcing which makes effective cloud utilization a challenging task. Taking this concern into account, we propose a novel cloud-based approach to securely recognize human activities. A few schemes exist in the literature for secure recognition. However, they suffer from the problem of constrained data and are vulnerable to re-identification attack, where advanced deep learning models are used to predict an object’s identity. We address these problems by considering color and depth data, and securing them using position based superpixel transformation. The proposed transformation is designed by actively involving additional noise while resizing the underlying image. Due to this, a higher degree of obfuscation is achieved. Further, in spite of securing the complete video, we secure only four images, that is, one motion history image and three depth motion maps which are highly saving the data overhead. The recognition is performed using a four stream deep Convolutional Neural Network (CNN), where each stream is based on pre-trained MobileNet architecture. Experimental results show that the proposed approach is the best suitable candidate in “security-recognition accuracy (%)” trade-off relation among other image obfuscation as well as state-of-the-art schemes. Moreover, a number of security tests and analyses demonstrate robustness of the proposed approach.
Article
Full-text available
In this paper, we propose privacy-enhancing technologies for medical tests and personalized medicine methods that use patients' genomic data. Focusing on genetic disease-susceptibility tests, we develop a new architecture (between the patient and the medical unit) and propose a "privacy-preserving disease susceptibility test" (PDS) by using homomorphic encryption and proxy re-encryption. Assuming the whole genome sequencing to be done by a certified institution, we propose to store patients' genomic data encrypted by their public keys at a "storage and processing unit" (SPU). Our proposed solution lets the medical unit retrieve the encrypted genomic data from the SPU and process it for medical tests and personalized medicine methods, while preserving the privacy of patients' genomic data. We also quantify the genomic privacy of a patient (from the medical unit's point of view) and show how a patient's genomic privacy decreases with the genetic tests he undergoes due to (i) the nature of the genetic test, and (ii) the characteristics of the genomic data. Furthermore, we show how basic policies and obfuscation methods help to keep the genomic privacy of a patient at a high level. We also implement and show, via a complexity analysis, the practicality of PDS.
Article
Full-text available
Recent years have seen increasing popularity of storing and managing personal multimedia data using online services. Preserving confidentiality of online personal data while offering efficient functionalities thus becomes an important and pressing research issue. In this paper, we study the problem of content-based search of image data archived online while preserving content confidentiality. The problem has different settings from those typically considered in the secure computation literature, as it deals with data in rank-ordered search, and has a different security-efficiency requirement. Secure computation techniques, such as homomorphic encryption, can potentially be used in this application, at a cost of high computational and communication complexity. Alternatively, efficient techniques based on randomizing visual feature and search indexes have been proposed recently to enable similarity comparison between encrypted images. This paper focuses on comparing these two major paradigms of techniques, namely, homomorphic encryption-based techniques and feature/index randomization-based techniques, for confidentiality-preserving image search. We develop novel and systematic metrics to quantitatively evaluate security strength in this unique type of data and applications. We compare these two paradigms of techniques in terms of their search performance, security strength, and computational efficiency. The insights obtained through this paper and comparison will help design practical algorithms appropriate for privacy-aware cloud multimedia systems.
Conference Paper
Full-text available
Cloud computing is an emerging paradigm offering companies (virtually) unlimited data storage and computation at attractive costs. It is a cost-effective model because it does not require deployment and maintenance of any dedicated IT infrastructure. Despite its benefits, it introduces new challenges for protecting the confidentiality of the data. Sensitive data like medical records, business or governmental data cannot be stored unencrypted on the cloud. Companies need new mechanisms to control access to the outsourced data and allow users to query the encrypted data without revealing sensitive information to the cloud provider. State-of-the-art schemes do not allow complex encrypted queries over encrypted data in a multi-user setting. Instead, those are limited to keyword searches or conjunctions of keywords. This paper extends work on multi-user encrypted search schemes by supporting SQL-like encrypted queries on encrypted databases. Furthermore, we introduce access control on the data stored in the cloud, where any administrative actions (such as updating access rights or adding/deleting users) do not require re-distributing keys or re-encryption of data. Finally, we implemented our scheme and presented its performance, thus showing feasibility of our approach.
Article
Full-text available
Privacy has received considerable attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario where the server is resource-abundant, and is capable of finishing the designated tasks. It is envisioned that secure media applications with privacy preservation will be treated seriously. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to target the importance of privacy-preserving SIFT (PPSIFT) and to address the problem of secure SIFT feature extraction and representation in the encrypted domain. As all of the operations in SIFT must be moved to the encrypted domain, we propose a privacy-preserving realization of the SIFT method based on homomorphic encryption. We show through the security analysis based on the discrete logarithm problem and RSA that PPSIFT is secure against ciphertext only attack and known plaintext attack. Experimental results obtained from different case studies demonstrate that the proposed homomorphic encryption-based privacy-preserving SIFT performs comparably to the original SIFT and that our method is useful in SIFT-based privacy-preserving applications.
Conference Paper
Full-text available
We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email gateway wants to test whether the email contains the keyword “urgent” so that it could route the email accordingly. Alice, on the other hand does not wish to give the gateway the ability to decrypt all her messages. We define and construct a mechanism that enables Alice to provide a key to the gateway that enables the gateway to test whether the word “urgent” is a keyword in the email without learning anything else about the email. We refer to this mechanism as Public Key Encryption with keyword Search. As another example, consider a mail server that stores various messages publicly encrypted for Alice by others. Using our mechanism Alice can send the mail server a key that will enable the server to identify all messages containing some specific keyword, but learn nothing else. We define the concept of public key encryption with keyword search and give several constructions.
Conference Paper
Full-text available
Face recognition is increasingly deployed as a means to unobtrusively verify the identity of people. The widespread use of biometrics raises important privacy concerns, in particular if the biometric matching process is performed at a central or untrusted server, and calls for the implementation of Privacy-Enhancing Technologies. In this paper we propose for the first time a strongly privacy-enhanced face recognition system, which allows to efficiently hide both the biometrics and the result from the server that performs the matching operation, by using techniques from secure multiparty computation. We consider a scenario where one party provides a face image, while another party has access to a database of facial templates. Our protocol allows to jointly run the standard Eigenfaces recognition algorithm in such a way that the first party cannot learn from the execution of the protocol more than basic parameters of the database, while the second party does not learn the input image or the result of the recognition process. At the core of our protocol lies an efficient protocol for securely comparing two Pailler-encrypted numbers. We show through extensive experiments that the system can be run efficiently on conventional hardware.
Conference Paper
Full-text available
The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted. In fact, we now know a number of constructions of fully homomorphic encryption schemes that allow arbitrary computation on encrypted data. In the last two years, solutions for fully homomorphic encryption have been proposed and improved upon, but it is hard to ignore the elephant in the room, namely efficiency -- can homomorphic encryption ever be efficient enough to be practical? Certainly, it seems that all known fully homomorphic encryption schemes have a long way to go before they can be used in practice. Given this state of affairs, our contribution is two-fold. First, we exhibit a number of real-world applications, in the medical, financial, and the advertising domains, which require only that the encryption scheme is "somewhat" homomorphic. Somewhat homomorphic encryption schemes, which support a limited number of homomorphic operations, can be much faster, and more compact than fully homomorphic encryption schemes. Secondly, we show a proof-of-concept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the "ring learning with errors" (Ring LWE) problem. The scheme is very efficient, and has reasonably short ciphertexts. Our unoptimized implementation in magma enjoys comparable efficiency to even optimized pairing-based schemes with the same level of security and homomorphic capacity. We also show a number of application-specific optimizations to the encryption scheme, most notably the ability to convert between different message encodings in a ciphertext.
Conference Paper
Full-text available
This paper investigates a novel computational problem, na- mely the Composite Residuosity Class Problem, and its applications to public-key cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes : a trapdoor permu- tation and two homomorphic probabilistic encryption schemes computa- tionally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model.
Conference Paper
Full-text available
At Eurocrypt ‘02 Cramer and Shoup [7] proposed a general paradigm to construct practical public-key cryptosystems secure against adaptive chosen-ciphertext attacks as well as several concrete examples. Among the others they presented a variant of Paillier’s [21] scheme achieving such a strong security requirement and for which two, independent, decryption mechanisms are allowed. In this paper we revisit such scheme and show that by considering a different subgroup, one can obtain a different scheme (whose security can be proved with respect to a different mathematical assumption) that allows for interesting applications. In particular we show how to construct a perfectly hiding commitment schemes that allows for an on-line / off-line efficiency tradeoff. The scheme is computationally binding under the assumption that factoring is hard, thus improving on the previous construction by Catalano et al. [5] whose binding property was based on the assumption that inverting RSA[N,N] (i.e. RSA with the public exponent set to N) is hard.
Conference Paper
Full-text available
We introduce SCiFI, a system for Secure Computation of Face Identification. The system performs face identification which compares faces of subjects with a database of registered faces. The identification is done in a secure way which protects both the privacy of the subjects and the confidentiality of the database. A specific application of SCiFI is reducing the privacy impact of camera based surveillance. In that scenario, SCiFI would be used in a setting which contains a server which has a set of faces of suspects, and client machines which might be cameras acquiring images in public places. The system runs a secure computation of a face recognition algorithm, which identifies if an image acquired by a client matches one of the suspects, but otherwise reveals no information to neither of the parties. Our work includes multiple contributions in different areas: A new face identification algorithm which is unique in having been specifically designed for usage in secure computation. Nonetheless, the algorithm has face recognition performance comparable to that of state of the art algorithms. We ran experiments which show the algorithm to be robust to different viewing conditions, such as illumination, occlusions, and changes in appearance (like wearing glasses). A secure protocol for computing the new face recognition algorithm. In addition, since our goal is to run an actual system, considerable effort was made to optimize the protocol and minimize its online latency. A system - SCiFI, which implements a secure computation of the face identification protocol. Experiments which show that the entire system can run in near real-time: The secure computation protocol performs a preprocessing of all public-key cryptographic operations. Its online performance therefore mainly depends on the speed of data communication, and our experiments show it to be extremely efficient.
Article
Full-text available
Signal processing in the encrypted domain (s.p.e.d.) appears an elegant solution in application scenarios, where valuable signals must be protected from a possibly malicious processing device. In this paper, we consider the application of the Discrete Cosine Transform (DCT) to images encrypted by using an appropriate homomorphic cryptosystem. An s.p.e.d. 1-dimensional DCT is obtained by defining a convenient signal model and is extended to the 2-dimensional case by using separable processing of rows and columns. The bounds imposed by the cryptosystem on the size of the DCT and the arithmetic precision are derived, considering both the direct DCT algorithm and its fast version. Particular attention is given to block-based DCT (BDCT), with emphasis on the possibility of lowering the computational burden by parallel application of the s.p.e.d. DCT to different image blocks. The application of the s.p.e.d. 2D-DCT and 2D-BDCT to 8-bit greyscale images is analyzed; whereas a case study demonstrates the feasibility of the s.p.e.d. DCT in a practical scenario.
Article
We study-the setting in which a user stores encrypted documents (e.g. e-mails) on an untrusted server. In order to retrieve documents satisfying a certain search criterion, the user gives the server a capability that allows the server to identify exactly those documents. Work in this area has largely focused on search criteria consisting of a single keyword. If the user is actually interested in documents containing each of several keywords (conjunctive keyword search) the user must either give the server capabilities for each of the keywords individually and rely on an intersection calculation (by either the server or the user) to determine the correct set of documents, or alternatively, the user may store additional information on the server to facilitate such searches. Neither solution is desirable; the former enables the server to learn which documents match each individual keyword of the conjunctive search and the latter results in exponential storage if the user allows for searches on every set of keywords. We define a security model for conjunctive keyword search over encrypted data and present the first schemes for conducting such searches securely. We propose first a scheme for which the communication cost is linear in the number of documents, but that cost can be incurred "offline" before the conjunctive query is asked. The security of this scheme relies on the Decisional Diffie-Hellman (DDH) assumption. We propose a second scheme whose communication cost is on the order of the number of keyword fields and whose security relies on a new hardness assumption.
Conference Paper
With the rapid advancement of cloud computing, the use of third-party cloud datacenters for storing and processing (e.g, scaling and cropping) personal and critical images is becoming more common. For storage and bandwidth efficiency, the images are almost always compressed. Although cloud-based imaging has many advantages, security and privacy remain major issues. One way to address these two issues is to use Shamir’s (k, n) secret sharing-based secret image sharing schemes, which can distribute the secret image among n number of participants in such a way that no less than k (where k ≤ n) participants can know the image content. Existing secret image sharing schemes do not allow processing of a compressed image in the hidden domain. In this paper, we propose a scheme that can scale and crop a CDF (Cohen Daubechies Feauveau) wavelet-based compressed image (such as JPEG2000) in the encrypted domain by smartly applying secret sharing on the wavelet coefficients. Results and analyses show that our scheme is highly secure and has acceptable computational and data overheads.
Conference Paper
Secret image sharing is a method for distributing a secret image amongst n data stores, each storing a shadow image of the secret, such that the original secret image can be recovered only if any k out of the n shares is available. Existing secret image sharing schemes, however, do not support scaling and cropping operations on the shadow image, which are useful for zooming on large images. In this paper, we propose an image sharing scheme that allows the user to retrieve a scaled or cropped version of the secret image by operating directly on the shadow images, therefore reducing the amount of data sent from the data stores to the user. Results and analyses show that our scheme is highly secure, requires low computational cost, and supports a large number of scale factors with arbitrary crop.
Conference Paper
A new signature scheme is proposed together with an implementation of the Diffie - Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Article
In this paper, we propose a method such that a secret image is shared by n shadow images, and any r shadow images (r⩽n) of them can be used to restore the whole secret image. The size of each shadow image is smaller than the secret image in our method. This property gives the benefit in further process of the shadow images, such as storage, transmission, or image hiding.
Article
A new probabilistic model of data encryption is introduced. For this model, under suitable complexity assumptions, it is proved that extracting any information about the cleartext from the cyphertext is hard on the average for an adversary with polynomially bounded computational resources. The proof holds for any message space with any probability distribution. The first implementation of this model is presented. The security of this implementation is proved under the interactability assumptin of deciding Quadratic Residuosity modulo composite numbers whose factorization is unknown.
Article
In recent years, the chaos based cryptographic algorithms have suggested some new and efficient ways to develop secure image encryption techniques. In this communication, we propose a new approach for image encryption based on chaotic logistic maps in order to meet the requirements of the secure image transfer. In the proposed image encryption scheme, an external secret key of 80-bit and two chaotic logistic maps are employed. The initial conditions for the both logistic maps are derived using the external secret key by providing different weightage to all its bits. Further, in the proposed encryption process, eight different types of operations are used to encrypt the pixels of an image and which one of them will be used for a particular pixel is decided by the outcome of the logistic map. To make the cipher more robust against any attack, the secret key is modified after encrypting each block of sixteen pixels of the image. The results of several experimental, statistical analysis and key sensitivity tests show that the proposed image encryption scheme provides an efficient and secure way for real-time image encryption and transmission.
Conference Paper
We study the setting in which a user stores encrypted documents (e.g. e-mails) on an untrusted server. In order to retrieve documents satisfying a certain search criterion, the user gives the server a capability that allows the server to identify exactly those documents. Work in this area has largely focused on search criteria consisting of a single keyword. If the user is actually interested in documents containing each of several keywords (conjunctive keyword search) the user must either give the server capabilities for each of the keywords individually and rely on an intersection calculation (by either the server or the user) to determine the correct set of documents, or alternatively, the user may store additional information on the server to facilitate such searches. Neither solution is desirable; the former enables the server to learn which documents match each individual keyword of the conjunctive search and the latter results in exponential storage if the user allows for searches on every set of keywords. We define a security model for conjunctive keyword search over encrypted data and present the first schemes for conducting such searches securely. We propose first a scheme for which the communication cost is linear in the number of documents, but that cost can be incurred “offline” before the conjunctive query is asked. The security of this scheme relies on the Decisional Diffie-Hellman (DDH) assumption. We propose a second scheme whose communication cost is on the order of the number of keyword fields and whose security relies on a new hardness assumption.
Conference Paper
Prior verifiable secret-ballot election protocols all suffer from a common defect whkhrenderst hemunsuitablef orpracticalu se: they allow voters to (if they wish) carry away from the protocol receipts which can be used to prove to others how they voted. This simple defect enables vote buying and coercion which are impractical in current physical election systems due to the “plausible deniability” offered by a voting booth. This defect is embedded, not only within prior election protocols, but within all of the more general protocols for collective computation of a public function from private inputs. This paper presents the first verifiable secret-ballot election protocols in which participants are unable to prove to others how they voted.
Conference Paper
In this paper, we propose a new robust digital image blind watermark scheme that is used to protect color medical images. In this scheme, K-L transform is applied to an RGB medical image and the binary watermark is embedded into low frequency sub-band of DWT of the principal component of medical images. The embedding positions are chosen according to the human visual system (HVS). The embedding method is based on the relationship between center coefficients and the mean values of the nearest neighborhood coefficients. The watermark is extracted from the watermarked image only according to the relationship. The experimental results show that the proposed algorithm is robust, imperceptible and practicable.
Conference Paper
We describe a working implementation of a variant of Gentry’s fully homomorphic encryption scheme (STOC 2009), similar to the variant used in an earlier implementation effort by Smart and Vercauteren (PKC 2010). Smart and Vercauteren implemented the underlying “somewhat homomorphic” scheme, but were not able to implement the bootstrapping functionality that is needed to get the complete scheme to work. We show a number of optimizations that allow us to implement all aspects of the scheme, including the bootstrapping functionality. Our main optimization is a key-generation method for the underlying somewhat homomorphic encryption, that does not require full polynomial inversion. This reduces the asymptotic complexity from \(\tilde{O}(n^{2.5})\) to \(\tilde{O}(n^{1.5})\) when working with dimension-n lattices (and practically reducing the time from many hours/days to a few seconds/minutes). Other optimizations include a batching technique for encryption, a careful analysis of the degree of the decryption polynomial, and some space/time trade-offs for the fully-homomorphic scheme. We tested our implementation with lattices of several dimensions, corresponding to several security levels. From a “toy” setting in dimension 512, to “small,” “medium,” and “large” settings in dimensions 2048, 8192, and 32768, respectively. The public-key size ranges in size from 70 Megabytes for the “small” setting to 2.3 Gigabytes for the “large” setting. The time to run one bootstrapping operation (on a 1-CPU 64-bit machine with large memory) ranges from 30 seconds for the “small” setting to 30 minutes for the “large” setting.
Conference Paper
Automatic recognition of human faces is becoming increasingly popular in civilian and law enforcement applications that require reliable recognition of humans. However, the rapid improvement and widespread deployment of this technology raises strong concerns regarding the violation of individuals’ privacy. A typical application scenario for privacy-preserving face recognition concerns a client who privately searches for a specific face image in the face image database of a server. In this paper we present a privacy-preserving face recognition scheme that substantially improves over previous work in terms of communication-and computation efficiency: the most recent proposal of Erkin et al. (PETS’09) requires O(logM)\mathcal{O}(\log M) rounds and computationally expensive operations on homomorphically encrypted data to recognize a face in a database of M faces. Our improved scheme requires only O(1)\mathcal{O}(1) rounds and has a substantially smaller online communication complexity (by a factor of 15 for each database entry) and less computation complexity. Our solution is based on known cryptographic building blocks combining homomorphic encryption with garbled circuits. Our implementation results show the practicality of our scheme also for large databases (e.g., for M = 1000 we need less than 13 seconds and less than 4 MByte online communication on two 2.4GHz PCs connected via Gigabit Ethernet).
Article
In 1998, Blaze, Bleumer, and Strauss (BBS) proposed an application called atomic proxy re-encryption, in which a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure re-encryption will become increasingly popular as a method for managing encrypted le systems. Although efciently computable, the wide-spread adop- tion of BBS re-encryption has been hindered by considerable security risks. Following recent work of Ivan and Dodis, we present new re-encryption schemes that realize a stronger notion of security and we demonstrate the usefulness of proxy re-encryption as a method of adding access control to the SFS read- only le system. Performance measurements of our experimental le system demonstrate that proxy re-encryption can work effectively in practice.
Article
An encryption method is presented with the novel property that publicly re- vealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: 1. Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. 2. A message can be \signed" using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed en- cryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in \electronic mail" and \electronic funds transfer" systems. A message is encrypted by representing it as a number M, raising M to a publicly specied
Article
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n , of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d = 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n .
Article
In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.
Article
Cited By (since 1996): 131, Export Date: 15 September 2011, Source: Scopus
Conference Paper
It is desirable to store data on data storage servers such as mail servers and file servers in encrypted form to reduce security and privacy risks. But this usually implies that one has to sacrifice functionality for security. For example, if a client wishes to retrieve only documents containing certain words, it was not previously known how to let the data storage server perform the search and answer the query, without loss of data confidentiality. We describe our cryptographic schemes for the problem of searching on encrypted data and provide proofs of security for the resulting crypto systems. Our techniques have a number of crucial advantages. They are provably secure: they provide provable secrecy for encryption, in the sense that the untrusted server cannot learn anything about the plaintext when only given the ciphertext; they provide query isolation for searches, meaning that the untrusted server cannot learn anything more about the plaintext than the search result; they provide controlled searching, so that the untrusted server cannot search for an arbitrary word without the user's authorization; they also support hidden queries, so that the user may ask the untrusted server to search for a secret word without revealing the word to the server. The algorithms presented are simple, fast (for a document of length n, the encryption and search algorithms only need O(n) stream cipher and block cipher operations), and introduce almost no space and communication overhead, and hence are practical to use today
A public key cryptosystem and a signature scheme based on discrete logarithms
Protecting and evaluating genomic privacy in medical tests and personalized medicine
  • E Ayday
  • J L Raisaro
  • J.-P Hubaux
  • J Rougemont
E. Ayday, J. L. Raisaro, J.-P. Hubaux, and J. Rougemont, "Protecting and evaluating genomic privacy in medical tests and personalized medicine," in Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, 2013, pp. 95-106.