TY - JOUR
AU - Hong, Jing-Wei
AB - I. Introduction With the rapid development of 5G and Internet of Things (IoT) technologies, IoT devices have often uploaded image data to the cloud for storage to prevent image data query attacks. Moreover, while interacting with semi-honest model servers, the analysis of uploaded image data can reduce the risk of servers acquiring sensitive information. However, cloud service providers (CSP) possibly dig and analyze user data without notifying users, which may lead to user privacy leakage. To ensure the data security and the privacy of users, users encrypt the image data before uploading it. Nevertheless, it brings a challenge: the encrypted image data cannot be directly retrieved in its original form. Thus, how to solve the problem of retrieving encrypted image data effectively has become an urgent problem. Content-based image retrieval (CBIR) is extremely important because of the large amount of sensitive information collected by IoT devices, so secure CBIR of encrypted images on third-party servers or in the cloud, as well as on dedicated private servers, is essential to ensure confidentiality during processing and storage. Yang et al. [1] proposed a traceable encrypted image retrieval system based on MU-TEIR, which uses convolutional neural networks to extract image feature vectors and construct indexes, encrypts indexes using distributed double-trap public key cryptography system, and encrypts each pixel through standard stream cryptography to protect image content. In addition, the system also uses a watermarking based mechanism to prevent malicious query users from distributing images in a malicious way, and proves through detailed security analysis that it ensures outsourced image and index security as well as query privacy, and can track malicious users. Hazra [2] proposed a design solution for an encrypted image retrieval system to cope with the security problems caused by the exponential growth of image database capacity and wide application. The solution includes encryption algorithm, feature database construction algorithm, image retrieval mechanism, similarity comparison of key features, and supervised learning algorithm to achieve image retrieval. An et al. [3] propose a new method for achieving traceability and encrypted image retrieval in a multi-user environment. Yang et al. [4] used FrSBFMs, a new method based on fractional order weighted spherical Besser-Fourier moments, and QFrSBFMs, developed in combination with quaternion theory, for image analysis, pattern recognition and computer vision. Experimental results show that these methods are effective in image reconstruction capability, pattern recognition accuracy and zero-watermark verification. Recently, a number of scientists have developed several SSE algorithms to provide ciphertext search on encrypted cloud data. Multi-keyword search is one of the fundamental strategies [5–9]. Compared to single-keyword search [10–13], multi-keyword search can be effective in improving the effectiveness of search results [14–16], In addition, the literatures [6, 17, 18] have further extended the application scope of multi-keyword search by exploring the search effect and performance in different scenes. Upon this foundation, a number of researchers [19–21] have begun to make further discussion and experimental validation for exact keyword search. They significantly have improved the efficiency and accuracy of exact keyword search by improving the search algorithms and optimizing the index structure. However, these programs only support exact keyword searches, considering that users may forget or enter the wrong keywords during a search, they proposed fuzzy search. Li et al. have proposed an efficient and Verifiable Ranked Fuzzy Multi-keyword (VRFMS) Search scheme [22], its scheme uses locality-sensitive hashing and bloom filter to implement fuzzy keyword search. It also employs Term Frequency-Inverse Document Frequency (TF-IDF) to sort the relevant results, significantly enhancing the search accuracy. Then, Chen et al. have proposed an Efficient Leakage-resilient Multi-keyword Fuzzy Search (ELiMFS) [23] framework over encrypted cloud data. In this framework, a novel two-stage index structure is exploited to ensure that search time is independent of file set size, it proved to be efficient and leakage-resilient. However, cloud severs are semi-honest model, which is not always true in actual situation. These schemes for multi-keyword searches have not analyzed the security of their retrieval keywords. Lately, researchers have actively integrated the concepts of homomorphic encryption and federal learning into the design of ciphertext retrieval schemes, introducing not only a series of innovative homomorphic encryption methods [24–27], but also numerous ciphertext retrieval solutions for the field of data security and privacy protection [27–29]. Having accomplished this, Arazzi et al. [30] have further developed an innovative co-learning scheme that cleverly utilizes homomorphic encryption to safeguard the privacy of users’ personal data in IoT scenes, successfully achieving the objective of enhancing privacy protection while maintaining data retrieval efficiency. Moreover, some innovative schemes [31–33] have now provided users with secure and efficient access to information, minimizing the risk of unauthorized information leakage while guaranteeing accurate information retrieval. Notably, Meftah et al. [34] have made a significant breakthrough in the evaluation of neuron activation functions, developing a low-depth, batched neuron scheme that directly evaluates multiple quantized ReLU-activated neurons on encrypted data, eliminating the need for complex approximate simulation processes. This seminal innovation not only enhances the overall security of the retrieval process but also significantly reduces the risk of unauthorized leakage of users’ information. However, these schemes have to perform a considerable number of bootstrap operations, thereby increasing the complexity of the computation, potentially leading to latency of the search, as well as affecting the security. In recent years, IoT security has attracted much attention. Dynamic Searchable Symmetric Encryption (DSSE) [35–38] schemes have made significant progress in achieving efficient search while protecting the privacy of data. Stefanov et al. have proposed an effective DSSE scheme [39]. In addition, Wang et al. have proposed an efficient multiuser forward privacy searchable encryption scheme with dynamic certification [40], though these schemes do not ensure the backward privacy, which restricts their applications to some extent. On the basis of this, Li et al. further have presented an efficient dynamic searchable symmetric encryption scheme for healthcare cloud data security [41], which has combined k-nearest neighbor (KNN) and attribute-based encryption (ABE) techniques to achieve the forward and backward privacy protection. Moreover, in order to solve the real-time renewal problem, researchers have successively proposed schemes [42–44]. It is notable that, aiming to support a wider range of practical application scenarios, Ma et al. have proposed a DSSE scheme that supports recoverable keyword masking in a multiuser environment [45], which has used trapdoor substitutions and encryption to achieve both the forward and backward security. Nevertheless, the indexes of these schemes have been built locally, once they have been compromised, it may be possible for an attacker to infer the contents of the encrypted documents from the indexes. In addition, local index updating has to be done manually and is not available in real-time, which may lead to the inaccuracy of search results. Therefore, we propose a novel searchable encryption scheme based on security neural network to support multi-keyword dynamic authorization based on the above work. The solution supports multi-keyword search while encrypting and protecting the data and computation process during the search process, which effectively improves data security and privacy protection in the IoT environment. It is described as follows: We use homomorphic neural network inference to build the ciphertext index, which can realize the indexing of ciphertexts without decryption, effectively avoiding the privacy leakage problem that may be triggered by the index building process. In addition, homomorphic neural network inference has better fault tolerance and robustness, which can improve the accuracy and reliability of ciphertext indexing. We propose a ciphertext indexing retrieval scheme with dynamic authorization, which can dynamically generate authorization keys according to the user’s query requirements and achieve support for multi-keyword search. We adopt an optimization algorithm to optimize the retrieval process, which improves the retrieval efficiency and accuracy. Through the combination of dynamic authorization and cryptographic protection, we successfully achieve the goal of multi-keyword search with privacy protection. The rest of the paper is organized as follows: we introduce the required math relevant knowledge as well as cryptography related knowledge. It includes mainly bilinear pairs, hard problems in section II. Then, in section III, we provide the formal definition of the scheme as well as give the specific construction of the scheme. In section IV, we further carry out the security proof and correctness analysis of the constructed scheme, then we analyze the performance of the construction scheme and compare it with similar schemes. Finally, we make conclusions in Section V. II. Difficult issues Define 1: Given that p is a large prime, G1×G2 is a cyclic group of order p, and g is a generating element of group G1. Define a bilinear mapping e:G1×G2→G2 having properties (1)–(3): Bilinear: ∀g∈G1, , with . Non-degeneracy: ∃g∈G1, making e(g,g)≠1. Computability: ∀g∈G1, there exists an efficient algorithm to compute e(g,g). Define 2: Choose randomly, and provide a tuple (P,aP,bP). Then calculate abP is hard. Define negl(λ) is a negligible advantage, assuming that the adversary A computes abP in polynomial time with an advantage of , then we compute: . Define 3: Given a random selection of , and a tuple (g,ga,gb,gc)∈G1, computing e(g,g)abc is hard. Define 4: Given an array and an array (g1,ag1,bg1,cg1,R), where and R∈G2, distinguishing between e(g1,g1)abc and R is difficult. Additionally, negl(λ) is a negligible advantage, assuming that the advantage of attacker A in distinguishing e(g1,g1)abc and R in polynomial time is . Then, we compute . Define 5: Given a tuple (P,aP,bP,cP). Besides it is difficult to determine c = ab(mod q). Define negl(λ) is a negligible advantage. If adversary A has an advantage of in solving the DDH tough problem in polynomial time, then we compute: . As a result, in this work, we will concentrate on the difficult problems from Definition 1 through Definition 5. We will present a dynamic authorizable ciphertext picture retrieval scheme based on security neural network inference. The scheme aims to achieve secure and efficient retrieval of image information by combining advanced neural network and encryption methods, while also ensuring that in a dynamic environment, users can perform flexible and controllable authorization operations based on their own needs. III. Program description In this paper, we choose to use the homomorphic neural network proposed by Microsoft to extract ciphertext image features directly on CSP. For details, please refer to [46]. The system model of the scheme in this chapter contains a total of five entities, such as IoT user U, cloud computing service provider CSPC, cloud storage service provider CSPS, trusted authorization TA and query user QU. Trusted authorization TA: run the system parameters, generate public-private key pair of U and QU, distribute the key pair to U and QU, and send authorization pair to cloud computing service provider CSPC. IoT user U: provide symmetric encrypted data to CSPS, homomorphic encrypted data to CSPC, and send public-private key pair request to TA. Cloud storage service provider CSPS: accept and store the IoT user’s symmetric encrypted data as well as the ciphertext of the file identifier encrypted by CSPC, then deliver the file identifier data pair to QU. Query user QU: send a retrieval request to cloud computing service provider CSPS. Receive the authorized ciphertext from CSPC, decode it with the private key, and then upload the keyword trapdoor to the storage service provider CSPC, for searching. Receive and decrypt the encrypted search results returned by CSPS for plaintext data. Obtain and decrypt the corresponding data files. Cloud computing service provider CSPC: Receive the matching authorization pair from TA, search keywords by QU, and homomorphic encrypted data sent by IoT user U. It also conducts a computational task to send the file identifier ciphertext to CSPS. Meanwhile, CSPc will perform feature extraction on homomorphic encrypted images. Based on the above description, the program of this chapter consists of the following seven algorithms: Setup(β)→paras: TA inputs security parameters β, outputs public system parameters pub_params, private system parameters priv_params. : TA inserts system parameters, generates public-private key pair for retrieve user QU and user U. : TA generates matching authorization pair (pkA,sA) and sends to cloud service provider CSPC. : User U uses private key su to symmetrically encrypt original data, generates ciphertext Cs and sends it to cloud storage service provider CSPS. : User U uses public key pku to homomorphically encrypt original data, generates ciphertext CH and sends it to cloud computing service provider CSPC. : CSPC inputs the public system parameter pub_params, the private system parameter priv_params, the public key pkqu of QU and the public key pku of user U. Additionally, CSPC matches authorization pair (pkA,sA), set of file identifiers ind(w) and set of keywords W. Finally, CSPC outputs keyword ciphertext, file identifier ciphertext and authorization ciphertext. : QU executes this algorithm, inputs the public system parameter pub_params, private system parameter priv_params, its own private key squ and keyword wi. QU outputs the keyword search trapdoor . : QU inputs public system parameter pub_params,, private system parameter priv_params, ciphertext C, keyword search trap , and outputs data pair . : QU executes this algorithm, inputs system parameters, authorization ciphertext, data pair , and outputs file identifier . (1) System establishment algorithm: Setup(β)→paras TA executes this algorithm, inputs the system security parameters β, establishes two cyclic groups G1 and G2 of order p in the system to define the bilinear mapping e:G1×G1→G2, selects the generating element M of the cyclic group G to generate the set of file identifiers ind(w) and the set of keywords C, and |ind(w)| denotes the binary length of the set of file identifiers ind(w). Define three secure hash functions: (1) Finally, TA outputs the public system parameters (2) Meanwhile, TA keeps the undisclosed system parameters: priv_params = (rf,rs,rk). rf is the random number used in file identifier generation, rs is the random number used in key generation, and rk is the random number used in search operation. (2) Key generation algorithm: TA inputs system parameter pub_params, randomly select , and lets squ = z1, su = z2. Additionally, TA calculates , and uses (pkqu,squ), (pku,su) as the public and private keys. : TA generates a matching authorization pair (pkA,sA) and sends it to the cloud computing service provider CSPC. : User U uses private key su to symmetrically encrypt original data, generates ciphertext Cs and sends it to cloud storage service provider CSPS. : User U uses public key pku to homomorphically encrypt original data, generates ciphertext CH and sends it to cloud computing service provider CSPC. (3) Data update: CSPC inputs public system parameter pub_params, private system parameter priv_params. Subsequently, CSPC retrieves user’s public key pkqu, user’s public key pku, and keyword set W where . The set of file identifiers ind(w), where , matching authorization pair (pkA,sA). CSPC performs the following operations to generate the ciphertext. (1) Upload keyword ciphertext generation algorithm CSPC retrieves whether exists, where OC is the set of keyword ciphertexts for wi, If (wi,OC) = ⊥, it computes . (2) Retrieve the keyword ciphertext generation algorithm QU retrieves whether (wi,R) exists, where R is the set of keyword ciphertexts for wi. If (wi,R) = ⊥, it calculates . Where s0 is a random number that needs to be negotiated in advance between the user and the cloud storage service center, then the keyword ciphertext is stored into the keyword collection OC and updates the OC. (3) Authorization ciphertext generation algorithm Randomly select , , compute the hash value of retrieved user ID hID = H0(ID).Subsequently, obtain the counter value C = counter(ID),and calculate the hash value of the counter hC = H0(C). Additionally, select a random number and calculate the random factor random = H0(r) to compute the authorization ciphertext: (3) (4) (5) Let be the authorization ciphertext of QU, where is the authorization certificate. (3) File identifier ciphertext generation algorithm Select the random number , , calculate the hash value of user ID hID = H0(ID), get the counter value C = counter(ID), and calculate the hash value of counter hC = H0(C). Additionally, select the random number , calculate the random factor random = H0(r) and the hash value hind = H0(wi) of the file identifier. Finally, calculate: (6) (7) (8) Then is the file identifier ciphertext for identifier ciphertext . (4) CSPC stores into the ciphertext collection C and updates the ciphertext collection. Subsequently CSPC uploads C into CSPS and sends the authorization ciphertext to QU over a secure channel. (4) Trap generation algorithm: QU inputs the public system parameter pub_params, the private system parameter priv_params, its own private key squ and the keyword wi. Additionally, h is the hash function and it outputs the keyword search trapdoor computation . (5) Search Algorithm: After receiving the uploaded keyword trap by QU, CSPC performs the following operations: Obtain the keyword ciphertext by computation Retrieve the keyword ciphertext C from the ciphertext set , and compute . After obtaining the data pair using the previously mentioned calculation, CSPS provides the data pair back to QU. (6) Decryption algorithm When QU receives the data pair CSPS returned from , QU computes . Upon obtaining the data pair , QU can access the corresponding data file through the file identifier since pku is known and can thus retrieve the authorization certificate and file identifier . IV. Experimental demonstration and proof of safety 1. Proof of security Theorem 1: Define the hash function H0, H1, H2 are collision-safe hash functions, and homomorphic encryption relies on the fact that the RLWE problem has no interaction process. As a result, the encryption process is secure, and its proof can be disregarded in this paper. Then the CBDH hard problem is established. The dynamic searchable encryption scheme proposed in this paper satisfies the semantic security. Proof: If there exists an adversary A who can crack the scheme of this chapter in polynomial time by a non-negligible margin, then there exists a challenger B who can crack the CBDH hard problem in polynomial time by a non-negligible margin. Challenger B and adversary A have the following question and answer session. Setup: Challenger B inputs the system security parameters λ, and runs the system building algorithm to generate the system public parameters. (9)(10) The public parameter is returned to adversary A and the private parameter is not returned to A. KeyGen: The challenger B runs the key generation algorithm to generate the public-private key pair of QU and U, and sends the public key pair of QU and U to the adversary. Phase 1: Adversary A makes the following queries adaptively in polynomial time. (1) H0 query: Challenger maintains H0 -list , inputs keyword w, chooses at random, computes z = Mx, inserts tuple (w,x,z = Mx) into list and outputs z. (2) H1 query: The challenger maintains H1 list , computes j∈G2 as input, chooses at random, inserts the tuple (v,y) into the list and outputs y. (3) H2 query: The challenger maintains H2 list , randomly chooses j∈G2 as input, randomly selects , inserts tuple (v,y) into list and outputs y. (4) Update query: Adversary A sends an update query to challenger B with keyword w∈W and file identifier indw∈ind(w) The challenger takes the subsequent steps: (1) The challenger retrieves whether (w,OC) exists, and if (w,OC) = ⊥, computes , where OC is the set of keyword ciphertexts of wi. The challenger stores the keyword OCw into OC and updates it. (2) The challenger randomly selects , and calculates the hash value hID = H0(ID) of the retrieved user ID. After that it obtains the counter value C = counter(ID) and computes the hash value hC = H0(C) of the counter. Then, it chooses random number , computes the random factor random = H0(r). Finally, it calculates the authorization ciphertext: (11)(12)(13) certw is the authorization certificate. The challenger randomly picks to select the random number , certw∈(0,1), calculates the hash value of the user ID hID = H0(ID), obtains the value of the counter C = counter(ID) and computes the hash value of the counter hC = H0(C). The challenger chooses random number , calculates the random factor random = H0(r) and the hash value hind = H0(wi) of the file identifier. Then, it calculates the file identifier ciphertext: (14) (15) (16) (4) The challenger stores (ICw,Ibw) in the ciphertext set C, and updates the ciphertext set. (5) Trap query: Adversary A chooses a keyword w, and sends a trap query to the challenger. After that, the challenger computes and sends it to the adversary A. (6) Search query: Adversary A selects a search trap Tw and sends a search query to the challenger. The challenger executes the search algorithm and returns the result to adversary A. Challenge phase: After phase 1, the adversary sends two challenge pairs (w0,ind(w0)), (w1,ind(w1)) to challenger B. The challenger randomly selects and executes the update algorithm. The challenger randomly chooses b∈{0,1} and uses an updating method to construct a ciphertext, which is then returned to adversary A. Phase 2: The adversary can continue to send update queries, trapdoor queries, and search queries to the challenger, but it cannot continue to use the keywords w0 and w1 for queries. Guessing phase: The opponent outputs b′∈{0,1}, and if b′ = b, the adversary wins the game. Otherwise, the adversary loses. (17) However, since the CBDH problem is hard, the probability that the adversary wins the game in polynomial time is negligible, hence the dynamically searchable encryption scheme satisfies semantic security. 2. Correctness analysis The correctness of the scheme proposed in this chapter in terms of whether the QU can correctly obtain the document identifier from the CSPC is analyzed in two main ways: Based on the keyword trap a submitted by QU and the public key pkqu of QU, CSPC can return to QU by calculation. Given a keyword trap , CSPC can return all file identifiers c containing the keyword wi by computation. First, analyze requirement (1): after receiving the keyword trapdoor submitted by QU, CSPC obtains the keyword ciphertext by calculating ; after that, it retrieves from the ciphertext collection C and further calculates: (18) CSPS obtain the file identifier data pair and send it to QU, QU calculates after receiving the data pair sent by CSPS: (19) Obtain the data pair , and because pku is known, the authorization certificate can be obtained, and then the file identifier , where is the authorization ciphertext sent by CSPC to QU. From the above process, it can be found that CSPC needs to obtain the search trap submitted by QU if it wants to compute the keyword ciphertext and the data pair . The search trap is generated by constructing the private key of QU, and based on the unidirectionality of the hash function and the computational difficulty of the CBDH problem, the adversary is unable to forge the private key of QU by computation, and thus is unable to forge the keyword trap. 3. Experimental demonstration In Table 1, we give the calculation costs of user index construction cost, user retrieval calculating cost and cloud server computation cost, and we compare them with literatures [39–41] respectively. From Table 1, we can see that the proposed scheme cost is less than that of similar literatures. At the same time, the calculation cost of the entire retrieval process after using homomorphic encryption is also given in Fig 1, which shows that homomorphic encryption has a relatively large impact on the entire retrieval process. However, the calculation process of homomorphism is placed in the cloud computing server, and will not bring additional computing cost to the user’s retrieval process. Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 1. Computational costs with different process. https://doi.org/10.1371/journal.pone.0309947.g001 Download: PPT PowerPoint slide PNG larger image TIFF original image Table 1. Computational costs. https://doi.org/10.1371/journal.pone.0309947.t001 Tc: Computational index cost; Ta: Authentication cost; Te: Time consumption of exponentiation; Tr: Generate random numbers; Tm: Multiplication operation; |S|:Size of set S; Tp: Pairing. The experimental analysis shows in Fig 2 that the computational overhead of the scheme proposed in terms of the computational overhead of user construction of indexes, the computational efficiency of the scheme in our scheme is better than the scheme proposed in [39, 41], and lower than the scheme proposed in [40]. But in general, the computational cost for retrieving users is not onerous. In addition, the scheme in this chapter is a dynamic authorizable ciphertext image retrieval scheme, which is more suitable for environments in the IoT where the data needs to be dynamically updated in real time. At the same time, in Fig 3, experiments were conducted to compare the accuracy and precision of retrieval with similar literatures. As can be seen from Fig 3, the retrieval accuracy of the scheme proposed in this paper is higher than that of similar literatures. Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 2. Retrieval computation cost. https://doi.org/10.1371/journal.pone.0309947.g002 Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 3. Retrieval accuracy. https://doi.org/10.1371/journal.pone.0309947.g003 1. Proof of security Theorem 1: Define the hash function H0, H1, H2 are collision-safe hash functions, and homomorphic encryption relies on the fact that the RLWE problem has no interaction process. As a result, the encryption process is secure, and its proof can be disregarded in this paper. Then the CBDH hard problem is established. The dynamic searchable encryption scheme proposed in this paper satisfies the semantic security. Proof: If there exists an adversary A who can crack the scheme of this chapter in polynomial time by a non-negligible margin, then there exists a challenger B who can crack the CBDH hard problem in polynomial time by a non-negligible margin. Challenger B and adversary A have the following question and answer session. Setup: Challenger B inputs the system security parameters λ, and runs the system building algorithm to generate the system public parameters. (9)(10) The public parameter is returned to adversary A and the private parameter is not returned to A. KeyGen: The challenger B runs the key generation algorithm to generate the public-private key pair of QU and U, and sends the public key pair of QU and U to the adversary. Phase 1: Adversary A makes the following queries adaptively in polynomial time. (1) H0 query: Challenger maintains H0 -list , inputs keyword w, chooses at random, computes z = Mx, inserts tuple (w,x,z = Mx) into list and outputs z. (2) H1 query: The challenger maintains H1 list , computes j∈G2 as input, chooses at random, inserts the tuple (v,y) into the list and outputs y. (3) H2 query: The challenger maintains H2 list , randomly chooses j∈G2 as input, randomly selects , inserts tuple (v,y) into list and outputs y. (4) Update query: Adversary A sends an update query to challenger B with keyword w∈W and file identifier indw∈ind(w) The challenger takes the subsequent steps: (1) The challenger retrieves whether (w,OC) exists, and if (w,OC) = ⊥, computes , where OC is the set of keyword ciphertexts of wi. The challenger stores the keyword OCw into OC and updates it. (2) The challenger randomly selects , and calculates the hash value hID = H0(ID) of the retrieved user ID. After that it obtains the counter value C = counter(ID) and computes the hash value hC = H0(C) of the counter. Then, it chooses random number , computes the random factor random = H0(r). Finally, it calculates the authorization ciphertext: (11)(12)(13) certw is the authorization certificate. The challenger randomly picks to select the random number , certw∈(0,1), calculates the hash value of the user ID hID = H0(ID), obtains the value of the counter C = counter(ID) and computes the hash value of the counter hC = H0(C). The challenger chooses random number , calculates the random factor random = H0(r) and the hash value hind = H0(wi) of the file identifier. Then, it calculates the file identifier ciphertext: (14) (15) (16) (4) The challenger stores (ICw,Ibw) in the ciphertext set C, and updates the ciphertext set. (5) Trap query: Adversary A chooses a keyword w, and sends a trap query to the challenger. After that, the challenger computes and sends it to the adversary A. (6) Search query: Adversary A selects a search trap Tw and sends a search query to the challenger. The challenger executes the search algorithm and returns the result to adversary A. Challenge phase: After phase 1, the adversary sends two challenge pairs (w0,ind(w0)), (w1,ind(w1)) to challenger B. The challenger randomly selects and executes the update algorithm. The challenger randomly chooses b∈{0,1} and uses an updating method to construct a ciphertext, which is then returned to adversary A. Phase 2: The adversary can continue to send update queries, trapdoor queries, and search queries to the challenger, but it cannot continue to use the keywords w0 and w1 for queries. Guessing phase: The opponent outputs b′∈{0,1}, and if b′ = b, the adversary wins the game. Otherwise, the adversary loses. (17) However, since the CBDH problem is hard, the probability that the adversary wins the game in polynomial time is negligible, hence the dynamically searchable encryption scheme satisfies semantic security. 2. Correctness analysis The correctness of the scheme proposed in this chapter in terms of whether the QU can correctly obtain the document identifier from the CSPC is analyzed in two main ways: Based on the keyword trap a submitted by QU and the public key pkqu of QU, CSPC can return to QU by calculation. Given a keyword trap , CSPC can return all file identifiers c containing the keyword wi by computation. First, analyze requirement (1): after receiving the keyword trapdoor submitted by QU, CSPC obtains the keyword ciphertext by calculating ; after that, it retrieves from the ciphertext collection C and further calculates: (18) CSPS obtain the file identifier data pair and send it to QU, QU calculates after receiving the data pair sent by CSPS: (19) Obtain the data pair , and because pku is known, the authorization certificate can be obtained, and then the file identifier , where is the authorization ciphertext sent by CSPC to QU. From the above process, it can be found that CSPC needs to obtain the search trap submitted by QU if it wants to compute the keyword ciphertext and the data pair . The search trap is generated by constructing the private key of QU, and based on the unidirectionality of the hash function and the computational difficulty of the CBDH problem, the adversary is unable to forge the private key of QU by computation, and thus is unable to forge the keyword trap. 3. Experimental demonstration In Table 1, we give the calculation costs of user index construction cost, user retrieval calculating cost and cloud server computation cost, and we compare them with literatures [39–41] respectively. From Table 1, we can see that the proposed scheme cost is less than that of similar literatures. At the same time, the calculation cost of the entire retrieval process after using homomorphic encryption is also given in Fig 1, which shows that homomorphic encryption has a relatively large impact on the entire retrieval process. However, the calculation process of homomorphism is placed in the cloud computing server, and will not bring additional computing cost to the user’s retrieval process. Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 1. Computational costs with different process. https://doi.org/10.1371/journal.pone.0309947.g001 Download: PPT PowerPoint slide PNG larger image TIFF original image Table 1. Computational costs. https://doi.org/10.1371/journal.pone.0309947.t001 Tc: Computational index cost; Ta: Authentication cost; Te: Time consumption of exponentiation; Tr: Generate random numbers; Tm: Multiplication operation; |S|:Size of set S; Tp: Pairing. The experimental analysis shows in Fig 2 that the computational overhead of the scheme proposed in terms of the computational overhead of user construction of indexes, the computational efficiency of the scheme in our scheme is better than the scheme proposed in [39, 41], and lower than the scheme proposed in [40]. But in general, the computational cost for retrieving users is not onerous. In addition, the scheme in this chapter is a dynamic authorizable ciphertext image retrieval scheme, which is more suitable for environments in the IoT where the data needs to be dynamically updated in real time. At the same time, in Fig 3, experiments were conducted to compare the accuracy and precision of retrieval with similar literatures. As can be seen from Fig 3, the retrieval accuracy of the scheme proposed in this paper is higher than that of similar literatures. Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 2. Retrieval computation cost. https://doi.org/10.1371/journal.pone.0309947.g002 Download: PPT PowerPoint slide PNG larger image TIFF original image Fig 3. Retrieval accuracy. https://doi.org/10.1371/journal.pone.0309947.g003 V. Conclusion In this paper, we offer a dynamic authorizable ciphertext image retrieval scheme based on security neural network inference that delivers considerable results in safeguarding user data privacy while also improving image retrieval security. We successfully generate efficient image indexes in an encrypted environment using secure neural networks for feature extraction, protecting the privacy of the source images. In addition, we present a dynamic authenticatable ciphertext retrieval mechanism that not only increases the system’s flexibility but also improves the users’ ability to obtain images within the approved range. Users can retrieve the required images quickly and accurately while maintaining data privacy, which further enhances the security of the system. In our experimental analysis, we comprehensively evaluate the user retrieval computation cost, user construction indexing cost, cloud computing computation cost (with homomorphism), and cloud computing computation cost (without homomorphism). And, while ensuring the user’s information security, it achieves a reasonable computational cost to fulfill the user’s needs in realistic applications. In summary, the research in this paper not only provides a new secure and flexible solution in the field of ciphertext image retrieval, but also serves a useful reference for the application of security neural network reasoning technology in other related fields. In the future, we will continue to explore and optimize the solution, in order to realize its full potential in more practical circumstances and provide consumers with more efficient and safe image retrieval services. Supporting information S1 File. Minimal data set. https://doi.org/10.1371/journal.pone.0309947.s001 (XLSX)
TI - A dynamic authorizable ciphertext image retrieval algorithm based on security neural network inference
JO - PLoS ONE
DO - 10.1371/journal.pone.0309947
DA - 2024-10-23
UR - https://www.deepdyve.com/lp/public-library-of-science-plos-journal/a-dynamic-authorizable-ciphertext-image-retrieval-algorithm-based-on-e2b9HEfgcb
SP - e0309947
VL - 19
IS - 10
DP - DeepDyve
ER -