 Research
 Open Access
 Published:
Markov processbased retrieval for encrypted JPEG images
EURASIP Journal on Information Security volume 2016, Article number: 1 (2016)
Abstract
This paper develops a retrieval scheme for encrypted JPEG images based on a Markov process. In our scheme, the stream cipher and permutation encryption are combined to encrypt discrete cosine transform (DCT) coefficients for protecting JPEG image content’s confidentiality. And thus, it is easy for the content owner to achieve the encrypted JPEG images uploaded to a database server. In the image retrieval stage, although the server does not know the plaintext content of a given encrypted query image, he can still extract image feature calculated from the transition probability matrices related to DCT coefficients, which indicate the intrablock, interblock, and intercomponent dependencies among DCT coefficients. And these three types of dependencies are modeled by the Markov process. After that, with the multiclass support vector machine (SVM), the feature of the encrypted query image can be converted into a vector with low dimensionality determined by the number of image categories. The encrypted database images are conducted similarly. After lowdimensional vector representation, the similarity between the encrypted query image and database image may be evaluated by calculating the distance of their corresponding feature vectors. At the client side, the returned encrypted images similar to the query image can be decrypted to the plaintext images with the help of the encryption key.
Introduction
As cloud computing becomes increasingly popular, more and more customers want to outsource their multimedia data into the cloud server for cost saving and flexibility. In order to protect privacy of sensitive data, the content owners tend to convert the multimedia data into unrecognizable data before outsourcing, which may be not compliant with plaintextbased traditional information retrieval techniques. So, the need for privacypreserving and effective information retrieval becomes urgent.
The problem of information retrieval in encrypted domain has been investigated for many years. In particular, secure searchable mechanisms for text documents have become an active research area that considers an application scenario where the content owners supply encrypted text documents and indices, while the servers provide search service without knowing the plaintext contents. In early studies, secure searchable encryption mechanisms only support conventional Boolean keyword search. In [1], Song et al. propose their early method to determine whether a given query keyword exists in encrypted documents by using twolevel encryption based on single word. To do better in efficiency, Goh [2] constructs an efficient secure index based on Bloom filter for each encrypted text document. Using this method, the search performance that is linear to the number of database files can be obtained while supporting addition and deletion of files in dynamic fashion. Curtmola et al. [3] employ a keywordbased inverted index to aid the system for returning the files containing the required query keyword at a faster search speed compared to the method [2]. Differing from the previous schemes [1–3] based on symmetric encryption, the scheme by Boneh et al. [4] is the first to address the problem of the privacyassured text retrieval with a public key system and allows multiusers to participate. Recent studies mainly focus on the diversity of functionalities for secure searchable systems, such as multidimensional range search [5], multikeyword ranked search [6], privacyassured similarity search [7], and so on [8, 9].
For the same application scenario, there are few schemes to perform image retrieval in the encrypted domain. Lu et al. [10] introduce the three schemes to realize image retrieval in encrypted domain without first decrypting a query image of a ciphertext, where the encryption methods can remain the original relevance between the images approximately. In another work [11], two efficient secure search indices instead of visual features adopted by [10] are built by exploiting orderpreserving encryption and minhash function, respectively. Based on the works [10, 11], the literature [12] gives a comprehensive discussion on privacypreserving image retrieval. With these methods [10–12], the content owners can extract the features from the images and then encrypt the features and images separately before outsourcing. However, the feature extraction/encryption will lead to higher computation overload and greater storage cost for users. In contrast, the authors [13] propose a histogrambased retrieval method for encrypted JPEG images, in which the feature extraction/encryption is needless. But there is one disadvantage with this scheme, namely, file size for the encrypted image will increase as discrete cosine transform (DCT) coefficients are shuffled.
It is known that there exist the intrablock, interblock, and intercomponent dependencies among DCT coefficients of a color JPEG image. Moreover, in some sense, the three types of dependencies are similar between similar images. Based on the analysis given above, we propose a novel scheme for encrypted JPEG images, where intrablock, interblock, and intercomponent dependencies among DCT coefficients are introduced. With this scheme, the encrypted JPEG images can be obtained through a combination of the stream cipher and permutation encryption and outsourced to a server. And also, with the given encrypted query image and the encrypted database images, it is easy for the server to calculate their similarities in encrypted domain by employing the techniques of a Markov process and multiclass support vector machine (SVM). In general, the contributions of this paper are summarized as follows:

1.
The major originality of this paper lies that it utilizes the intrablock, interblock, and intercomponent dependencies of the encrypted color JPEG image to construct retrieval feature and reduces feature dimensionality by combining with multiclass SVM.

2.
For a color JPEG image, this scheme can ensure both format compliance and file size preservation before and after encryption.

3.
The scheme realizes privacypreserving effective image retrieval in encrypted domain. Experiment results show that the overall retrieval performance of the proposed scheme is significantly improved.
The remainder of the paper is organized as follows. The scheme of the proposed method is elaborated in Section 2. Experimental results and analysis are given in Section 3. Finally, some conclusions are drawn in Section 4. The paper is an extended version of [14], where intercomponent dependency of color JPEG image is newly employed to further improve the retrieval performance. And also, the paper also includes novel performance result and comparison.
Proposed scheme
Consider a privacypreserving image retrieval scheme which involves three parties: content owner, authorized user, and server. The content owner encrypts images in the JPEG format and then stores them into cloud servers. The authorized user, may be a content owner, has desire to retrieval images similar to the encrypted query image from encrypted database images. When receiving the encrypted query image, the server can calculate the distances between the encrypted query image and database images and then returns encrypted images similar to the query image in plaintext content, without knowing anything about the plaintext contents of the involved encrypted images. In the following, we will present the mechanisms of image encryption and retrieval in detail.
Image encryption
As the purpose of our scheme is to address the problem of image retrieval in encrypted domain while preserving the file size and format compliance for JPEG images, here, we first take a partial image encryption technique into account to encrypt JPEG images. The problem is difficult to solve for the traditional cryptography. The most existing partial encryption techniques [15–17] for JPEG images are mainly based on blocks shuffle, DCT coefficient permutation, and encrypting the signs of DCT coefficients. Recent work by Qian et al. [18] presents a novel partial encryption method based on a JPEG bitstream, which aims to implement reversible data hiding in an encrypted gray JPEG image. The proposed encryption method in [18] cannot only meet the requirements of format compliance and file size preservation but also provide valuable information regarding the length of each variable length integer (VLI) code for DCT coefficients. More importantly, the encryption method in [18] can make the length of each VLI code remain unchanged before and after encryption. It means that one can still obtain the original length of any VLI code related to DCT coefficients from an encrypted JPEG image. Due to the dependencies of DCT coefficients in each component, their corresponding VLI code length may have similar relationships, which can be exploited to generate feature for image retrieval. Therefore, this paper designs a novel retrieval scheme for encrypted JPEG images, in which the encryption method in [18] is extended to color JPEG image.
Before presenting the details of image encryption, it is necessary to show the encoding process of a color JPEG image as most of the operations in the proposed scheme, such as image encryption and feature generation, are based on the encoded binary sequences of the DCT coefficients. The color JPEGencoding process is summarized as follows.
As commonly known, a color JPEG image is composed of Y, U, and V components, each of which is partitioned into nonoverlapped blocks sized 8 × 8. In each block, there are 64 DCT coefficients, namely, one DC and 63 AC coefficients. According to JPEG standard [19], DC and AC coefficients can be transformed into intermediate symbols by utilizing the onedimensional predictor and the run length coding (RLC), respectively, and then are further Huffmancoded into binary sequences, each of which consists of two parts: the Huffman code and the VLI code. Obviously, the generation of the abovementioned binary sequences is conditioned by the Huffman and VLI code tables, which are beforehand stored in the JPEG file header. In general, the Huffman code of the DC coefficient only contains the information about the length of the VLI code. But the Huffman code for the AC coefficient also has other information about the number of consecutive zero AC coefficients before the next nonzero AC coefficient in the zigzag sequence. The final JPEG bitstream will be formed by concatenating the JPEG file header and binary sequences of all DCT coefficients of all components. As a matter of fact, the JPEG bitstream is also a binary sequence and thus converts into a JPEG file when writing to a file byte by byte.
Based on the above knowledge about color JPEG image encoding, the procedure of performing the color JPEG image encryption is described as follows.
First, parse the JPEG bitstream and extract entropyencoded binary sequences associated with DCT coefficients for each certain component. The step is easily handled according to the JPEG file header information comprising image size, Huffman tables, and so on. Next, concatenate the VLI codes of all the AC coefficients of the Y component to form a new binary sequence and then encrypt by using the stream cipher. For example, denote the binary sequence needed to be encrypted as A = [a _{1}, a _{2},…, a _{ l }] and let a pseudorandom binary sequence be E = [e _{1}, e _{2},…, e _{ l }] with the same bit length as the binary sequence A. Then calculate the encrypted version A′ = [a _{1} ′, a _{2} ′, …, a _{ l } ′] through an exclusiveor operation
where e _{ i } is determined by an encryption key using a standard stream cipher. Instead of the bits a _{ i }, the encrypted bits a _{ i } ′ are placed at the original positions of bits a _{ i } .
The U and V components can be done similarly. But different encryption keys are adopted. After that, encrypt the quantization tables stored in the JPEG file header by using the stream cipher. In brief, the binary sequences with respect to the quantization tables from the file header are encrypted according to formula (1). In particular, different encryption keys are employed to different quantization tables for protecting the privacy of the quantized DCT coefficients. For better encryption, we further pseudorandomly permute encoded binary sequences of DC coefficients in a same component when keeping their frequency position intact. And also, the encrypted bits within the same binary sequence stay their original unencrypted positions. Finally, an encrypted JPEG bitstream is generated. Figure 1 shows an original plaintext JPEG image and its encrypted version. Since the JPEG file structure, Huffman codes, and length of JPEG bitstream remain intact, the resulting encrypted file is still in the JPEG format while keeping the file size unchanged, which means that the file size and format compliance are preserved. With the help of unencrypted Huffman/VLI coding tables stored in the JPEG file header, one can readily decompress the encrypted JPEG image. In addition, since the proposed encryption method can preserve statistical invariance of the lengths of the VLI codes with respect to the DCT coefficients before and after encryption, our scheme can support different multiple users with different encryption keys.
Image retrieval
The key idea behind our retrieval mechanism is that color JPEG images belonging to the same category are characterized by the similar intrablock, interblock, and intercomponent dependencies among DCT coefficients. With the proposed retrieval mechanism, the server without the encryption keys can perform image retrieval in encrypted domain. The details of the image retrieval process are as follows.
Considering an encrypted image, the server first parses its corresponding encrypted JPEG bitstream to extract all Huffman codes for DCT coefficients of each component. The extraction operation, in this step, is readily accomplished because of file format compliance before and after encryption. Next, exploiting the Huffman tables obtained from the file header to decode Huffman codes, we can obtain the length of each VLI code next to the Huffman code. That is, any DC or nonzero AC coefficient can be represented as a nonnegative integer that is equal to the length of the corresponding VLI code. Meanwhile, the number of consecutive zerovalued AC coefficients between two adjacent nonzero AC coefficients can also be achieved during the Huffman decoding. Based on the above results, we can construct the three twodimensional matrices, denoted by D ^{Y}, D ^{U}, and D ^{V}, respectively, with the same size as the corresponding components, i.e., Y, U, and V components. More specifically, an element of each matrix is onetoone mapping to a DCT coefficient of a corresponding component in the same position. The mapping rule is that the elements for DC and zerovalued AC coefficients are set zero and those for nonzero AC coefficients are represented by the lengths of related VLI codes separately. As described above, the three matrices, in fact, are derived from the DCT coefficients of the Y, U, and V components, respectively. Furthermore, there exist intrablock and interblock dependencies among DCT coefficients [20, 21]. Therefore, it is logical and reasonable to argue that these dependencies can also be found in the matrices D ^{x} (x ∈ {Y, U, V}) separately. As is well known, the natural color JPEG image has an intrinsic intercomponent dependency, which is beneficial to clarify the difference between different images. So, except for intrablock and interblock dependencies originated from a certain component, this paper also considers the intercomponent dependency in order to further improve retrieval performance. In short, the dependencies among the corresponding matrices D ^{x} (x ∈ {Y, U, V}) are considered as well. Inspired by [20, 21], the above three types of dependencies can be modeled by using a firstorder Markov process and followed by transition probability matrix reflection. The elements of the resulting transition probability matrices serve as features for image retrieval. The features, in this paper, are mainly composed of three parts: intrablock, interblock, and intercomponent features. The feature extraction is done through the following three steps.
Step 1: Extract intrablock features. We explain the feature extraction only from the matrix D ^{Y} as the other two matrices are processed similarly. To reduce the complexity, the values of elements of the matrix D ^{Y} are set to T when they are larger than the threshold T. In other words, the range of values of elements in the matrix D ^{Y} is [0, T].
Without loss of generality, let d m,n(u,v) denote (u,v)th element in the 8 × 8 blocks of the matrix D ^{Y} sized M × N, where u,v = 0, …,7. m and n are the indices of blocks (1 ≤ m ≤ M, 1 ≤ n ≤ N). Again, we denote the pair d m,n(u _{ k },v _{ k }) and d m,n(u _{ k + 1},v _{ k + 1}) (0 ≤ k ≤ 62) as two immediately neighboring elements in a 8 × 8 block along the zigzag scanning order, where u _{ k } and v _{ k } indicate the coordinates in the block for the kth element in zigzag order (0 ≤ u _{ k }, v _{ k } ≤ 7). For a given k, the value of u _{ k } (or v _{ k }) is fixed. As shown in Fig. 2, the two green dots are denoted as the 2nd (k = 1) and 3rd (k = 2) elements along the zigzag scanning direction (the red arrows), respectively. Based on the above definition, we can know that the coordinates of these two elements within the 8 × 8 block are, correspondingly, (u _{1},v _{1}) = (0,1) and (u _{2},v _{2}) = (1,0). Excluding the element related to DC coefficient, we can obtain 62 mode element pairs. In this case, the value of k ranges from 1 to 62 and just maps to number the order of the element pair in zigzag order, i.e., the kth element pair refers to the pair d m,n(u _{ k },v _{ k }) and d m,n(u _{ k + 1},v _{ k + 1}). Applying the Markov process to model each element pair, we will gain 62 transition probability matrices of size (T + 1) × (T + 1). For kth element pair, its corresponding transition probability matrix is calculated by
and
where x, y ∈ [0, T]. To reduce the feature dimensionality, we average the transition probability matrices generated from the 62 element pairs to generate a new matrix with (T + 1) × (T + 1) elements, all of which are used as features. Thus, we have a (T + 1) × (T + 1) dimensional feature vector for the matrix D ^{Y}. In a similar manner, we can obtain another two feature vectors for the matrices D ^{U} and D ^{V} separately. Concatenate the three feature vectors to form a total of 3 × (T + 1) × (T + 1) dimensional feature vector, which is treated as intrablock features.
Step 2: Extract interblock features. For simplicity, we still take the matrix D ^{Y} as an example to illustrate interblock feature extraction. In this step, we aim to find the dependency among the elements located in the same position within all 8 × 8 blocks. To this end, we operate the matrix D ^{Y} in a way similar to that in step 1. Based on formula (4), we construct the transition probability matrices for mode element pairs, each of which is defined as two elements with the same position of two adjacent blocks along horizontal or vertical directions.
where x, y ∈ [0, T] and δ(∙) = 1 if and only if its arguments are satisfied. m = 1 and n = 0 for horizontal direction, and m = 0 and n = 1 for vertical direction. For each direction, there exist 63 mode element pairs based on the 63 different positions of AC coefficients in an 8 × 8 block. Considering the complexity, we will separately calculate the average of horizontal and vertical transition probability matrices and then jointly form 2 × (T + 1) × (T + 1) dimensional feature vector. Similarly, the interblock features for the matrices D ^{U} and D ^{V} can also be obtained. The final feature vectors with 3 × 2 × (T + 1) × (T + 1) dimensions are produced and referred to as interblock features.
Step 3: Extract intercomponent features. In this paper, the color JPEG images are based on a YUV 4:1:1 format, so the size of the Y component is four times that of the U or V components, namely, every four adjacent 8 × 8 blocks of the Y component corresponds to an 8 × 8 block of the U component and an 8 × 8 block of the V component. The mapping relation is maintained among the matrices D ^{i} (i ∈ {Y, U, V}) as well. We partition a 16 × 16 block into four nonoverlapped 8 × 8 blocks, denoted as Y_{ 1 }, Y_{2}, Y_{3}, and Y_{4}, respectively. Here, Y_{ i } (i ∈{1, 2, 3, 4}) only represents a specific 8 × 8 block in the ith position in the 16 × 16 block. For example, Y_{1} represents the top left 8 × 8 block in the 16 × 16 block. By utilizing the Y_{ i } (i ∈{1, 2, 3, 4}) representation, the matrix D ^{Y} is decomposed into four submatrices D ^{Y} _{ i } (i ∈{1, 2, 3, 4}), each of which only contains the same type of block and has the same size as D ^{U} or D ^{V} with (M/2) × (N/2) dimensions. Below, the intercomponent features are calculated to capture the correlation between two components, namely, {Y, U}, or {Y, V}, or {U, V}. We denote by d(s) m,n(u,v) the (u,v)th element in the (m,n)th 8 × 8 block from some matrix D ^{(s)}, where u, v ∈ [0, 7], m ∈ [1, M/2], n ∈ [1, N/2], and s ∈ {Y_{1}, Y_{2}, Y_{3}, Y_{4}, U, V}. For specific u, v, and all m,n, we can obtain the transition probability matrices given as follows:
where x, y ∈ [0, T], s _{1} ∈{Y_{1}, Y_{2}, Y_{3}, Y_{4}, U}, s _{2} ∈{U, V}, and δ(∙) as step 2. And also, s _{2} should be set to V when s _{1} = U. Note that we calculate the average of four matrices, shown in formula (6), to capture the intercomponent relationships between the Y and U components. The similar operation is done between the Y and V components, but not required for the U and V components.
Corresponding to various u and v except for (u,v) = (0,0), 63 transition probability matrices are formed for each component pair, such as {Y, U}, {Y, V}, and {U, V}. Similarly, in order to lower feature dimensions, we average the 63 matrices for the three component pairs separately. Finally, we utilize the resulting three tradition probability matrices with size (T + 1) × (T + 1) to form a 3 × (T + 1) × (T + 1) dimensional feature vector viewed as intercomponent features for an encrypted color JPEG image.
Based upon the above three steps, we can transform any encrypted color JPEG image into a feature vector with 12 × (T + 1) × (T + 1) dimensions. Here, T = 7 is recommended because the VLI code length of the AC coefficient is in general less than 7. A statistical result in 1000 JPEG images from Corel image database [22] shows that about 99.89 % of all elements of the matrix D ^{Y} are not larger than 7. The threshold operation results in 12 × (7 + 1) × (7 + 1) = 768 dimensional feature vector, which can capture the intrablock, interblock, and intercomponent dependencies of any color JPEG image, and serves for image retrieval.
For further reduced computing complexity and feature dimension, this paper introduces a supervised mechanism for image retrieval when a training image set is available. The mechanism is implemented by utilizing supporting vector machine (SVM) that is widely used to solve the problem of pattern recognition and machine learning. The main idea of SVM is to find a hyperplane to separate the two classes for the purpose of maximizing the distance between the nearest point and the hyperplane. Denote training sample set as {(x _{ i }, y _{ i }), i = 1, 2,…, m}. x _{ i } is a feature vector of real numbers, and y _{ i } indicates the class of x _{ i }, i.e., −1 or +1. Then the desired optimal hyperplane can be achieved by solving the following optimization problem:
where ξ_{ i } ≥ 0, i = 1, 2,…, m. Φ(x) is a nonlinear function and has the capability to map feature vector from lowdimensional space to highdimensional space. When learning ω and b from the training sample set, we can make a class prediction for a new sample (x, y) according to the sign of ω · Φ(x) + b. In general, y = 1 if ω · Φ(x) + b > 1, and y = −1 if ω · Φ(x) + b ≤ −1.
The multiclass SVM is an extension of SVM and can solve multiclass pattern recognition problems, where the class number is larger than two. At present, a common method to implement multiclass SVM is that multiclass problems are decomposed into a set of two class problems solved by SVM. This way, the final result of a multiclass problem can be achieved according to all involved SVM’s individual decisions. Considering the diversity of image class in image retrieval, this paper uses multiclass SVM to solve the problem of highcomputing complexity and feature dimensionality. More specifically, let w the number of categories of images in the training set. First, transform encrypted images of the training set to feature vectors and then train w SVM models by performing multiclass SVM, where the oneagainstall strategy is adopted, i.e., when training the ith SVM model, all images belonging to the ith category are labeled positive and the labels of the remaining images are set negative. After obtaining the w SVM models, the server maps a 768dim feature vector representing a color JPEG image to a new wdim vector, each element of which as the decision value of the corresponding SVM model. In general, the value of w is less than the dimension of the original feature vector. For a pair of similar images, their corresponding wdim vectors are close to each other. When having wdim feature representation, the server may calculate the distance between the encrypted query image and the database image by the following formula:
where Q = [q _{1},…, q _{ w }] is a wdim vector associated with an encrypted query image and F = [f _{1},…, f _{ w }] for any encrypted image in database. Based on d(Q,F), the server can identify the similarities between the query image and images in the image database.
Subsequently, the encrypted images ranked by the distances to the query image are returned to the users for decrypting and other purposes. It should be important to note that the users may use different encryption keys to encrypt query image but require the encryption keys shared by the content owner to decrypt them. Here, assume that the encryption keys are shared through a secure channel.
Experimental results
In this section, we study the performance of the proposed scheme for image retrieval in encrypted domain. The Corel image database containing 1000 images [22] is used for this experimental study. These images are grouped into 10 categories: African, beach, architecture, buses, dinosaurs, elephants, flowers, horses, mountain, and food, each of which contains 100 images of size either 384 × 256 or 256 × 384 in JPEG format. In the experiments, we first encrypt all of the images by using the encryption method served for this paper. Next, employing the rule with taking randomly 50 images from each category, the 1000 images are randomly divided into two halves for the training set and the image database, respectively. Since the category amount of images for our experiment is 10, we can obtain 10 SVM models by applying multiclass SVM to train the training set. In other words, the database images can be transformed into 10dim vectors in the experiment. Again, we select every image from the encrypted image database as the encrypted query image. Meanwhile, the performance is evaluated by utilizing the precisionrecall curve, which is broadly adopted for image retrieval. The precisionrecall curve, however, relies on the query image. Therefore, we take the average precisionrecall curve for all query images as a final performance measure of an image retrieval algorithm. The precision and recall are defined as follows:
where N _{ P } is the number of returned positive images, N _{ R } is the number of all returned images, and N _{ A } is the number of all positive images in the database.
Figure 3 compares the precisionrecall curves of different types of dependencies, i.e., intrablock, interblock, intercomponent, intrablock + interblock, and intrablock + interblock + intercomponent dependencies. Here, the symbol “+” denotes a combination of two different types of dependencies. It can be seen from Fig. 3 that the methods by the combinations of different types of dependencies have shown stronger ability to find similar images than that by single dependencies. Specially, the combination of the first three single dependencies can achieve the better result than intrablock + interblock at all cases. Although the performance of the intercomponent dependency is worst among all single dependencies, the intercomponent dependency can reflect the correlation between gray value and color information at each pixel. Therefore, the intercomponent dependency can further enhance the final performance when it is considered. In addition, we also observe that the performance of interblock dependency outperforms the intrablock dependency over the provided Corel image database with an average gain more than 14 %. The main reason may be that these two types of dependencies employ the matrices D ^{x} (x ∈ {Y, U, V}) to reflect intra and interblock dependencies. Based on subsection 2.2, we can know each element of these matrices is replaced by the length of the VLI code of its corresponding DCT coefficient at the same position. The replacement operation can conceal the actual values of the DCT coefficients, where it is very difficult to identify little changes between neighboring DCT coefficients within the block. This means that we may get the poor performance by employing the intrablock dependency, which can be shown in Fig. 3. However, for the interblock dependency, it can reflect the overall structure of DCT coefficients of the JPEG image. And also, it is not sensitive to little changes between DCT coefficients compared to the intrablock dependency. That is why that the interblock dependency can demonstrate better performance than the intrablock dependency.
To make the comparison fair, we make a performance comparison of our scheme and Zhang’s method [13] in terms of the supervised mechanism. The comparative results are given in Fig. 4. It can demonstrate that our scheme with or without the intercomponent dependency can provide a better performance than Zhang’s method in [13]. For example, when recall = 0.4, our scheme with the intercomponent dependency can obtain a precision of 71.1 %, a precision value about 14.2 % higher than [13]. On average, our scheme with the intercomponent dependency achieves nearly 12 % improvement than [13], while our scheme can also obtain 9 % improvement without consideration of the intercomponent dependency. As for the file size, we also compare our scheme with Zhang [13] over all 1000 images of the Corel image database. As shown in Table 1, for each category, the average file size increase of our scheme is much less than that of Zhang’s method. In fact, the proposed scheme can maintain file size unchanged. It is not surprising that little changes of the file size in our scheme are still found as this problem is mainly attributed to JPEG intrinsic structure and zero padding strategy, but not caused by the encryption method adopted in this paper. In the section, the comparisons between the proposed scheme and Lu’s methods in [10–12] are not made due to the difference of their frameworks. In this paper, the feature extraction/encryption is needless at the client side. It brings convenience to the content owners or authorized users. All of Lu’s methods in [10–12], however, require the content owner to perform the operations of feature extraction/encryption.
In this paper, the proposed encryption mechanism extended from [18] mainly adopts the stream cipher to protect the privacy of JPEG images. It implies that the security of the proposed encryption method can be guaranteed by that of the stream cipher. At the same time, the pseudorandom permutation encryption is also applied to DC coefficients for increasing the security of the proposed encryption method. In addition, since the proposed encryption method can preserve statistical invariance of DCT coefficients’ dependencies before and after encryption, our scheme can support different multiple users with different encryption keys. In this case, the same plaintext image can also be encrypted by different encryption keys. It means that several encrypted versions of a plaintext image are allowed to exist simultaneously in the proposed scheme, which not affects the normal operation of the proposed scheme. Through these above secure measures, it would be difficult for an adversary to perfectly infer the original content from an encrypted image.
Conclusions
A novel scheme for performing image retrieval in encrypted domain is introduced. With this scheme, the content owner can get encrypted images by utilizing stream cipher and permutation encryption and send them to the server for storage and retrieval service. After obtaining an encrypted query image, although the server does not know anything about the plaintext content of the query image, he/she can still extract a 768dim feature vector from the encrypted query image by employing the transition probability matrices based on a Markov process, which reflect intrablock, interblock, and intercomponent dependencies of DCT coefficients. And then, with the aid of the multiclass SVM, the server can further reduce feature dimensions of the involved encrypted images and calculate the distances between the encrypted query image and the database images. Finally, the encrypted images ranked by the similarity to the query image are returned to the users. In future work, the image retrieval techniques for better precisionrecall performance with various encryption methods deserve further investigation.
References
D Song, D Wagner, A Perrig, Practical techniques for searches in encrypted data, in IEEE symp. on research in security and privacy (IEEE, New York, 2000), pp. 44–55
EJ Goh, Secure indexes. IACR Cryptology ePrint Archive. 216 (2003)
R Curtmola, J Garay, S Kamara, R Ostrovsky, Searchable symmetric encryption: improved definitions and efficient constructions, in Proceedings of the 13th ACM conference on computer and communications security (ACM, New York, 2006), pp. 79–88
D Boneh, G Crescenzo, R Ostrovsky, G Persiano, Publickey encryption with keyword search, in Advances in cryptology—Eurocrypt 2004 (Springer, Heidelberg, 2004), pp. 506–522
E Shi, J Bethencourt, TH Chan, D Song, A Perrig, Multidimensional range query over encrypted data, in IEEE Symposium on Security and Privacy 2007 (IEEE, New York, 2007), pp. 350–364
N Cao, C Wang, M Li, K Ren, W Lou, Privacypreserving multikeyword ranked search over encrypted cloud data. Parallel and Distributed Systems, IEEE Trans 25(1), 222–233 (2014)
C Wang, K Ren, S Yu, KMR Urs, Achieving usable and privacyassured similarity search over outsourced cloud data, in INFOCOM, 2012 Proceedings IEEE (IEEE, New York, 2012), pp. 451–459
S Kamara, C Papamanthou, Parallel and dynamic searchable symmetric encryption, in Financial cryptography and data security (Springer, Berlin Heidelberg, 2013), pp. 258–274
D Cash, S Jarecki, C Jutla, H Krawczyk, M Rosu, M Steiner, Highlyscalable searchable symmetric encryption with support for Boolean queries, in Advances in CryptologyCRYPTO (Springer, Berlin Heidelberg, 2013), pp. 353–373
W Lu, AL Varna, A Swaminathan, M Wu, Secure image retrieval through feature protection, in Proc. of the 2009 IEEE International Conference on Acoustics, Speech and Signal Processing (IEEE, New York, 2009), pp. 1533–1536
W Lu, A Swaminathan, AL Varna, M Wu, International Society for Optics and Photonics. Enabling search over encrypted multimedia databases, in IS&T/SPIE Electronic Imaging (SPIE, 2009), pp. 725418725418
W Lu, A Varna, M Wu, Confidentialitypreserving image search: a comparative study between homomorphic encryption and distancepreserving randomization. Access, IEEE 2, 125–141 (2014)
X Zhang, H Cheng, Histogrambased retrieval for encrypted JPEG images, in Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on (IEEE, New York, 2014), pp. 446–449
H Cheng, X Zhang, J Yu, F Li, Markov process based retrieval for encrypted JPEG images, in Availability, Reliability and Security (ARES), 2015 10th International Conference on (IEEE, Toulouse, 2015), pp. 417–421
S Lian, J Sun, Z Wang, A novel image encryption scheme basedon JPEG encoding, in Proceedings of Eighth International Conference on Information Visualization (IEEE, New York, 2004), pp. 217–220
B Yang, C Zhou, C Busch, X Niu, Transparent and perceptually enhanced JPEG image encryption, in Digital Signal Processing, 2009 16th International Conference on (IEEE, New York, 2009), pp. 1–6
W Li, N Yu, A robust chaosbased image encryption scheme, in Multimedia and Expo, 2009. ICME 2009, IEEE International Conference on (IEEE, New York, 2009), pp. 1034–1037
Z Qian, X Zhang, S Wang, Reversible data hiding in encrypted JPEG bitstream. Multimedia, IEEE Trans 16(5), 1486–1491 (2014)
Int. Telecommunication Union, CCITT Recommendation T.81, Information technology: digital compression and coding of continuoustone still images—requirements and guidelines 1992.
YQ Shi, C Chen, W Chen, A Markov process based approach to effective attacking JPEG steganography, in Information hiding (Springer, Berlin Heidelberg, 2007), pp. 249–264
C Chen, YQ Shi, JPEG image steganalysis utilizing both intrablock and interblock correlations, in Proc. IEEE Int. Symp. Circuits and Systems (ISCAS 2008) (IEEE, New York, 2008), pp. 3029–3032
The Corel image database, http://wang.ist.psu.edu/docs/related/.
Acknowledgements
This work was supported by the National Natural Science Foundation of China under Grants 61472235, 61373151, and 61202367; the Program for Professor of Special Appointment (Eastern Scholar) at Shanghai Institutions of Higher Learning, Shanghai Pujiang Program under Grant 13PJ1403200; and the Excellent University Young Teachers Training Program of Shanghai Municipal Education Commission under Grant ZZsdl15105.
Author information
Affiliations
Corresponding author
Additional information
Competing interests
The authors declare that they have no competing interests.
Authors’ contributions
HC carried out the main research of this work and drafted the manuscript. XZ, JY, and FL helped to modify the manuscript. All authors read and approved the final manuscript.
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
About this article
Cite this article
Cheng, H., Zhang, X., Yu, J. et al. Markov processbased retrieval for encrypted JPEG images. EURASIP J. on Info. Security 2016, 1 (2016). https://doi.org/10.1186/s1363501500286
Received:
Accepted:
Published:
DOI: https://doi.org/10.1186/s1363501500286
Keywords
 Image retrieval
 Image encryption
 Markov process
 JPEG