结合Kd-树和熵编码的密文图像可逆数据隐藏

目的 密文图像可逆数据隐藏技术既可以保证载体内容不被泄露,又可以传递秘密信息,在军事、医疗等方面发挥着重要的作用。然而,以往的大多数方法存在图像冗余未被充分利用、数据嵌入容量不足等问题。为解决这些问题,提出了一种结合Kd-树和熵编码的高容量密文图像可逆数据隐藏算法。方法 该方法在图像加密之前需要对图像应用中值边缘检测(median-edge detector,MED)算法计算预测误差,并把得到的预测误差绝对值图像划分为两个区域:S0区域和S1区域。根据Kd-树标签算法和熵编码生成辅助信息,在对图像使用加密密钥K_e加密之后嵌入辅助信息,生成加密图像;在秘密数据嵌入阶段,根据附加信息和数据隐藏密钥嵌入秘密数据,生成载密图像;在解密阶段可以根据附加信息、图像加密密钥和数据隐藏密钥提取秘密数据并无损恢复图像。结果 实验测试了BOWS-2(break our watermarking system 2nd)数据集,平均嵌入容量为3.910 bit/像素。与现有的几种方法进行比较,该算法可以获得更高的秘密数据嵌入容量。结论 该方法在图像加密前腾出空间,与相关算法相比,实现了更高的嵌入容量,并且可以实现原始图像的无损恢复。     

Just process me,without knowing me: a secure encrypted domain processing based on Shamir secret sharing and POB number system

High end computational and storage resources provided by the cloud based paradigm are attracting the global infrastructure. However, the wide attacking surface of the public cloud may pose threat to security if outsourcing of the multimedia content is done without obscuring. Employing the traditional encryption schemes may serve as a feasible solution. However, processing in the encrypted domain to fetch the same services as plaintext domain may not be possible due to limitations of the encryption schemes. In this article, a secured scheme based on Shamir’s secret sharing and permutation ordered binary (POB) number system for processing of image in encrypted domain itself over the cloud severs has been proposed. Obfuscated shares are obtained by distributing the image information into multiple shares that can be sent and processed in frequency domain over the cloud servers. The performance of various image operations such as denoising, dehazing, edge sharpening, unsharp masking, contrast enhancement, etc has been validated on these encrypted shares in the frequency domain along with the comparative results in the plaintext domain. The processed image can be obtained from these processed shares only by the authentic entity possessing the secret keys.

     

Enabled/disabled predicate encryption in clouds

Predicate encryption is a cryptographic primitive that provides fine-grained control over access to encrypted data. It is often used for encrypted data search in a cloud storage environment. In this paper, we propose an enabled/disabled predicate encryption scheme, which is the first work that provides timed-release services and data self-destruction (they correspond to the terms “enabled” and “disabled,” respectively). Owing to these properties, the sender can set the readable/unreadable time of the files to be sent to the receiver. The receiver can read the sent file only after the readable time. After the unreadable time, the structure of the file will be destroyed and the file will become unreadable. Furthermore, for practical usage purposes, the extended scheme, which is based on the proposed scheme, provides not only timed-release services and data self-destruction but also long message encryption and undecryptable search. In the extended scheme, the length of encrypted messages does not depend on the order of the group. Moreover, the cloud server can obtain only the matched ciphertexts after the search.     

基于新混沌与矩阵卷积运算的彩色图像加密算法

针对彩色图像加密过程中出现的强相关性和高冗余问题,提出基于云模型的Fibonacci混沌系统与矩阵卷积运算的彩色图像加密算法。首先对彩色图像的R、G、B分量拼接图像像素点坐标变换置乱;然后将混沌序列值作为卷积核的输入值与像素值进行矩阵卷积运算,实现像素值置换;再与云模型Fibonacci混沌序列及前相邻像素值进行正反双向2次异或操作生成加密图像。实验分析表明,加密后的图像直方图更加平滑,像素分布均匀,图像相邻像素相关性低,加密图像RGB分量平均水平、垂直和对角相关系数分别为-0.0010,0.0016和0.0031,能够抵抗差分攻击、明文攻击、噪声攻击和剪切攻击等攻击实验,提出的新加密算法具有加密安全性高、抗干扰性高、鲁棒性强等特点。     

基于离散小波变换和感知哈希的加密医学图像检索算法

针对加密存储在云服务器的医学图像安全检索问题,提出基于离散小波变换（DWT）和感知哈希的加密医学图像检索算法。首先结合Henon映射的特点对图像进行频域加密运算;然后,对加密医学图像进行小波分解,得到逼近原图的子图;其次,根据离散余弦变换（DCT）的特性,通过比较DCT各系数与系数均值的关系得到图像的感知哈希序列;最后通过比较感知哈希序列之间的归一化相关系数来实现对加密医学图像检索。与基于非负矩阵分解（NMF）的哈希算法相比,所提算法在高斯噪声下检索精度提高了近40%,且在JPEG压缩攻击、中值滤波攻击、缩放攻击和扭曲攻击下检索精度与之相差无几。实验结果表明,所提算法对于常规攻击和几何攻击具有较好的鲁棒性,同时降低了图像加密的时间复杂度。     

一种云环境下JPEG图像的安全检索方法

为了保护数据隐私,私密图像在上传到云服务器之前需要进行加密,然而,加密会导致传统的图像特征无法提取,进而给图像检索带来困难。因此,本文提出了一种云环境下JPEG图像的安全检索方法：数据拥有者部分解码JPEG码流得到图像的DCT(Discrete Cosine Transform)系数,对系数进行置乱加密然后生成密文图像并上传到云服务器;然后云服务器在图像密文上提取DC系数差分特征以及LBP(Local Binary Patterns)特征,通过比较图像的特征向量之间的距离来确定图像的相似度,最后返回相似图像。该方法不仅减少了计算复杂度,而且使得数据拥有者与云服务器之间的交互次数尽可能的减少,同时,保证了图像的机密性和检索精确度,能实现对JPEG图像安全高效的检索。最后基于本文提出的方法做了简单的仿真系统,进一步验证了该方法的有效性。     

方阵幂安全外包云计算

为解决计算能力有限的对象(用户)所面临的大维数方阵的高次幂计算问题,利用云计算平台(云端),提出一个安全可验证的方阵幂云计算外包协议。协议中,用户首先构造一个随机置换,再结合克罗内克函数,生成一个非奇异方阵,并求得其逆矩阵,这两个方阵即为密钥;用户用此密钥完成对原方阵的加密,然后将加密所得方阵和原有的幂数发送给云端;云端完成加密所得方阵的求幂运算,并将计算所得方阵返回给用户;用户使用持有的密钥解密云端返回方阵,并随机选取若干解密所得方阵中的元素与相应的正确值进行对比,以验证解密所得方阵是否正确。经过理论分析可知,此协议满足外包协议的四个基本要求,即正确性、安全性、可验证性和高效性。基于此协议模型,在仿真实验中,将方阵幂问题分为方阵维数固定幂数变化和幂数固定方阵维数变化两种情形分别进行仿真。实验结果表明,这两种情形下,与用户自身完成原计算任务相比,外包计算均能大幅减少用户的计算耗时,获得较好的外包性能,且随着方阵维数和幂数的增加,外包效果更加明显。     

同态公钥加密系统的图像可逆信息隐藏算法

同态加密技术在加密信息、对信息进行隐私保护的同时,还允许密文数据进行相应的算术运算(如云端可直接对同态加密后的企业经营数据进行统计分析),已成为云计算领域的一个研究热点.然而,由于云存在多种安全威胁,加密后信息的安全保护和完整性认证问题仍然突出.另外,信息在加密后丢失了很多特性,密文检索成为了云计算需要攻克的关键技术.为了实现对加密图像的有效管理及其安全保护,本文提出了一种基于同态加密系统的图像可逆信息隐藏算法.该算法首先在加密前根据密钥选择目标像素,并利用差分扩展DE(Difference Expansion)的方法将目标像素的各比特数据嵌入到其它像素中.然后,利用Paillier同态加密系统对图像进行加密得到密文图像.在加密域中,利用待嵌入信息组成伪像素,加密后替换目标像素,完成额外信息的嵌入.当拥有相应的密钥时,接收方可以分别在密文图像或明文图像中提取出已嵌入的信息.当图像解密后,通过提取出自嵌入目标像素的各比特数据来恢复原始图像.实验仿真结果表明,该算法能够在数据量保持不变的前提下完成同态加密域中额外信息的嵌入,信息嵌入快速高效,并可分别从加密域和明文域中提取出嵌入的信息.     

An efficient PHR service system supporting fuzzy keyword search and fine-grained access control

Outsourcing of personal health record (PHR) has attracted considerable interest recently. It can not only bring much convenience to patients, it also allows efficient sharing of medical information among researchers. As the medical data in PHR is sensitive, it has to be encrypted before outsourcing. To achieve fine-grained access control over the encrypted PHR data becomes a challenging problem. In this paper, we provide an affirmative solution to this problem. We propose a novel PHR service system which supports efficient searching and fine-grained access control for PHR data in a hybrid cloud environment, where a private cloud is used to assist the user to interact with the public cloud for processing PHR data. In our proposed solution, we make use of attribute-based encryption (ABE) technique to obtain fine-grained access control for PHR data. In order to protect the privacy of PHR owners, our ABE is anonymous. That is, it can hide the access policy information in ciphertexts. Meanwhile, our solution can also allow efficient fuzzy search over PHR data, which can greatly improve the system usability. We also provide security analysis to show that the proposed solution is secure and privacy-preserving. The experimental results demonstrate the efficiency of the proposed scheme.     

Zero knowledge based client side deduplication for encrypted files of secure cloud storage in smart cities

As typical applications in the field of the cloud computing, cloud storage services are popular in the development of smart cities for their low costs and huge storage capacity. Proofs-of-ownership (PoW) is an important cryptographic primitive in cloud storage to ensure that a client holds the whole file rather than part of it in secure client side data deduplication. The previous PoW schemes worked well when the file is in plaintext. However, the privacy of the clients’ data may be vulnerable to honest-but-curious attacks. To deal with this issue, the clients tend to encrypt files before outsourcing them to the cloud, which makes the existing PoW schemes inapplicable any more. In this paper, we first propose a secure zero-knowledge based client side deduplication scheme over encrypted files. We prove that the proposed scheme is sound, complete and zero-knowledge. The scheme can achieve a high detection probability of the clients’ misbehavior. Then we introduced a proxy re-encryption based key distribution scheme. This scheme ensures that the server knows nothing about the encryption key even though it acts as a proxy to help distributing the file encryption key. It also enables the clients who have gained the ownership of a file to share the file with the encryption key generated without establishing secure channels among them. It is proved that the clients’ private key cannot be recovered by the server or clients collusion attacks during the key distribution phase. Our performance evaluation shows that the proposed scheme is much more efficient than the existing client side deduplication schemes.     

基于混沌映射的压缩图像加密算法

在分析现有DCT系数加密算法安全性的基础上,提出了一个空域加密和频域加密相结合的JPEG压缩图像加密算法。理论分析与计算机仿真实验表明,该算法具有很好的加密效果,对压缩算法的压缩效率影响很小,能充分满足压缩图像加密算法的要求。     

云环境下基于自然对数序列的似混沌序列图像加密方案

针对云计算中图像数据的安全问题,提出一种基于自然对数序列的似混沌序列图像加密方案.提出自然对数序列的概念,验证其似混沌特性;使用二维猫映射对图像进行像素置乱,并在此基础上利用SM3杂凑算法和自然对数序列进行像素值扰乱,得到加密图像;在离散对数的假设下,证明方案具有IND-CCA安全.仿真实验表明,该方案在安全性上与混沌...     

图像加密预览算法

针对解密一个加密图像耗时长的问题,基于混沌帐篷映射加密算法提出一种图像加密预览算法。算法首先采用图像识别与图像分割技术选择图像关键区域或采用图像缩略图技术生成原图像的预览图像;然后利用混沌帐篷映射加密算法分别对原图像及其预览图像进行加密;最后将加密后的原图像和预览图像进行整合生成加密图像。该算法在解密原图像前先解密预览图像,实现加密图像预览功能。实验表明,该算法可以对加密图像进行解密前预览,预览效果好,耗时短。     

A new fast reversible method for image safe transfer

In this paper a novel reversible method for fast and safe image transfer is proposed. The method combines compression, data hiding and partial encryption of images in a single processing step. The proposed approach can embed data into the image according to the message size and partially encrypt the image and the message without changing the original image content. Moreover, during the same process the image is lossless compressed. Nevertheless, the compression rate depends on the upper bound of message size to embed in the image. The main idea is to decompose the original image into two sub-images and to apply various processes to each sub-image in order to gain space and increase the amount of embedded data. The two sub-images are then scrambled and partially encrypted. The most significant characteristic of the proposed method is the utilization of a single procedure to simultaneously perform the compression, the reversible data hiding and the partial encryption rather than using three separate procedures. Our approach reduces then the computational effort and the required computation time. This method is specially suited for medical images where one can associate the patient diagnostic to the concerned medical image for safe transfer purpose.     

Combinational domain-based encryption using FrWT and hyper-chaotic system for biometric data security

An efficient hyperchaos-based combinational domain encryption scheme for securing iris images during transmission over unsecured data networks or database storage is presented in this article. From the region of interest (ROI) of an iris image, distinctive features are strategically extracted for template creation. The significant part, i.e., the ROI of an iris image, is encrypted in a transformational domain and the nonsignificant region is encrypted in a spatial domain. The advantage of this encryption scheme is increased key space and high degree of security compared to 1-D chaos-based systems. Apart from security, another advantage is reduced computational time compared to conventional encryption schemes implemented in either the spatial or frequency domain. The proposed scheme inherits the advantages of increased key space due to transform orders of the fractional wavelet transform (FrWT) and complex dynamical characteristics of hyperchaos, making the proposed scheme resistant to attacks. The properties of the FrWT and hyperchaos complement each other, making the system efficient and highly robust. Experimental results indicate that the proposed scheme reduces the computational time without compromising the security. Further security analysis is done for various attacks such as differential, statistical, and perceptual attacks, which give promising results and indicate that the proposed encryption scheme is efficient and robust.     

可验证的云存储医疗加密数据统计分析方案

为满足当前云存储医疗数据对敏感性、完整性以及统计分析可用性的需求,提出一种可验证的医疗加密数据统计分析方案。采用同态加密技术实现密文数据聚合并提高医疗数据的机密性,通过同态签名算法确保外包医疗加密数据的完整性。用户上传经过同态加密和签名的医疗数据到云服务器,云服务器在收到医疗数据分析中心的外包数据聚合请求后对密文医疗数据以及签名值进行聚合运算,并将相应结果返回给医疗数据分析中心,医疗数据分析中心验证云服务器外包同态加密数据聚合的完整性。在此基础上,医疗数据分析中心仅需使用私钥解密就能获得所有用户正确的原始医疗数据聚合结果,并据此进行统计分析。实验结果表明,该方案在医疗隐私大数据分析领域相对SPPDA等方案具有效率优势,医疗数据分析中心在验证数据完整性和分析聚合数据时计算开销保持恒定,与用户数量无关。     

基于MapReduce的并行AES加密算法

针对云计算环境的隐私保护问题,采用加密数据存储是一个可行的选择.为了提高数据加密解密的速度,结合云环境的并行计算特点和AES加密算法,设计了一种并行AES加密方案,给出了具体的并行算法,分析了算法的性能,并通过实验证明了方法的有效性.实验结果表明该并行算法在MapReduce模式下,在16核4节点构成的云计算集群上能够达到15.9的加速比,总加密时间减少了72.7%.     

基于同态加密系统的图像鲁棒可逆水印算法

同态加密技术可用于保护数据隐私并允许对密文数据进行算术操作,在云计算安全上有着很好的应用前景.针对云计算中的隐私保护和数据安全等问题,本文提出了一种基于同态加密系统的图像鲁棒可逆水印算法,主要思想为：1）对原始图像进行分块和利用Paillier加密系统进行加密得到密文图像;2）在加密域中,通过模乘法逆元MMI （Modular Multiple Inverse）方法和查询相应的密文映射表得到每个密文分块的统计量,然后利用同态特性对统计量进行直方图平移来嵌入水印信息;3）在接收方,可从含水印的密文图像的统计量直方图中完整提取水印,并可通过对统计量进行与嵌入过程相反的直方图平移操作来恢复原始密文图像;4）含水印的密文图像在直接解密后可从其统计量直方图中完整提取水印信息和恢复原始图像;5）解密后的含水印图像在受到一定程度的攻击后（如JPEG/JPEG2000压缩和叠加高斯噪声等）,水印仍能正确提取.该算法实现了在不对原始图像进行预处理的情况下可直接在加密后的密文图像中嵌入水印,并可分别在加密域或明文域提取水印和恢复原始密文图像或原始明文图像,而且嵌入的水印对常见的图像处理操作具有一定的鲁棒性.实验仿真结果验证了本文算法的有效性.     

标准模型下高效的基于身份匿名广播加密方案

针对现实中广播加密的安全问题,提出一种标准模型下高效的基于身份匿名广播加密方案。匿名广播加密中广播者加密数据通过广播信道发送给用户,其中只有授权用户能够解密获得数据,同时任何人不能分辨出加密数据是发送给哪个用户的,从而保护了接收者用户的隐私。所提方案利用双系统加密技术,基于合数阶双线性群提出。同时,该方案基于静态假设,在标准模型中证明方案是选择明文安全的,密文和密钥取得了固定长度。和对比方案相比,所提方案密钥长度仅需2个群元素,同时方案满足匿名性。     

基于密文医学图像的可逆信息隐藏算法

针对现有算法嵌入容量低以及应用于医学图像时效果不稳定的问题,提出一种基于斜线分组和梯度算子的密文医学图像的可逆信息隐藏算法。算法利用按位异或操作对医学图像加密,接着对密文图像分块,每块再斜线分为4组,根据待嵌入2比特信息翻转对应像素组的最低3位有效位（3LSBs）。接收端先解密图像,然后根据信息隐藏密钥和梯度算子恢复原始图像并提取信息。实验结果显示,算法能无损地恢复原始医学图像,准确地提取嵌入信息,在分块大小相同的情况下,有更好的嵌入容量,更高的PSNR值和更低的信息提取错误率。