A Privacy-preserving Image Retrieval Scheme in Edge Computing Environment

Abstract

Traditional cloud computing faces some challenges such as huge energy consumption, network delay and single point of failure. Edge computing is a typical distributed processing platform which includes multiple edge servers closer to the users, thus is more robust and can provide real-time computing services. Although outsourcing data to edge servers can bring great convenience, it also brings serious security threats. In order to provide image retrieval while ensuring users' data privacy, a privacy preserving image retrieval scheme in edge environment is proposed. Considering the distributed characteristics of edge computing environment and the requirement for lightweight computing, we present a privacy-preserving image retrieval scheme in edge computing environment, which two or more "honest but curious" servers retrieve the image quickly and accurately without divulging the image content. Compared with other traditional schemes, the scheme consumes less computing resources and has higher computing efficiency, which is more suitable for resource-constrained edge computing environment. Experimental results show the algorithm has high security, retrieval accuracy and efficiency.

1. Introduction

Nowadays, the number of graphics and images is growing at a very rapid rate. How to retrieve images from the massive image databases becomes a problem. Content-based image retrieval (CBIR) has been proposed which extracts image features to represent image content, compares the distance and get the query results [1]. CBIR has become one of the fundamental trends in the development of image retrieval technology due to its high efficiency and strong retrieval correlation.

More and more image owners outsource their data to the cloud to reduce the consumption of local storage and computing resources. However, cloud computing adopts the centralized architecture, and the concentration of resources means that the average distance between the users and the cloud server is relatively large, its storage, processing and transmission may bring huge energy consumption and network delay problems [2]. With the increase of the physical distance, the cloud server may not be able to support the delay-sensitive tasks, such as image retrieval and other outsourced tasks. Moreover, it is easy to become the target of attackers when all the images are stored on a single cloud server. There may be irreparable security vulnerabilities once it is destroyed, leading to a single point of failure. Therefore, with the explosive growth in the number of images, image retrieval tasks put forward higher requirements for high bandwidth and low delay, and it is an inevitable trend for computing to sink from cloud to edge.

Edge computing extends cloud computing to the edge of the network. Instead of transmission between the device and the cloud, the data is processed on the edge servers near the user which realizes real-time data processing [3]. The application of the edge server can solve some problems of the outsourced tasks in the cloud environment. On the one hand, the multi-server distributed architecture of edge computing environment offloads the computing burden of centralized cloud server, reducing the possibility of single point of failure. On the other hand, compared with cloud servers, edge servers are closer to users which could minimize service latency and bandwidth. In addition, the parallel processing of multiple servers also improves the efficiency of image retrieval. It’s gradually becoming the mainstream paradigm of outsourcing images to edge computing environment to acquire image retrieval services.

Outsourced tasks in edge computing environment can solve some problems of outsourced tasks in cloud computing environment, but multiple edge servers in edge environment are considered “honest but curious” that they may analyze the stored data to learn more information, which may lead to the leakage of image content. To protect data privacy, images should be encrypted locally and then outsourced to the edge environment. However, the encryption operation makes it difficult to maintain the similarity between ciphertext features and plaintext features, which hinders the CBIR operation that are normally performed on plaintext images. Thus, it is essential to develop privacy-preserving image retrieval methods over encrypted domain, which is also known as privacy-preserving content-based image retrieval (PCBIR) [4][5].

The existing PCBIR schemes mainly sort into two main types. The first type is that the image owner constructs the encrypted features and outsources both the cipher-image databases and the encrypted features to the server [6-10,12,13]. These schemes achieve better performance in one aspect of security, accuracy or efficiency, which may damage other performance to a certain extent. The second type is that the image owner only outsources the cipher-image databases to the server, and the server extracts features from the encrypted image and performs the retrieval task [11]. These schemes reduce the computational burden of users, but they increase the huge computational complexity of the server in the query stage which put forward requirements on the performance of the servers, and task deployment on resource-constrained edge servers may result in longer retrieval time. Therefore, the existing PCBIR scheme is hard to be directly applied to resource-constrained edge computing environment.

It's obvious that there are still some new challenges to be addressed in the edge computing environment. Firstly, compared with the centralized cloud computing, edge computing contains multiple edge servers, which can cooperate to complete computing tasks. In the multi-server PCBIR scheme, how to protect the security of data and retrieval process, achieve a balance between security, efficiency and retrieval accuracy is the biggest challenge. Secondly, the computing power of the edge server is limited compared with cloud server, so it is not suitable to use complex encryption algorithms to perform tasks with high computational complexity in the online query stage. Therefore, we need to redesign the security strategy of image retrieval in edge computing, rather than directly using the existing algorithms.

In this paper, we propose a privacy-preserving image retrieval scheme in edge environment. We generate index shares and trapdoor shares with additive secret sharing technology and upload them to several edge servers which can resist statistical attacks with at least k-1 edge servers. To adapt to distribute computing environment of edge computing, we improve the two-party secure multiplication calculation of original Beaver’s multiplication method to k-party secure multiplication calculation so that it can work in k-servers edge environment. Combined with the construction of features, the secure multiplication calculation is converted into the secure Euclidean distance calculation and realize the security similarity calculation by not exposing the real Euclidean distance between the index and trapdoor.

The scheme is mainly divided into offline stage and query stage. In the offline phase, to protect the privacy of images, the image owner extracts features, generates index shares by additive secret sharing technology and uploads them to two or more edge servers respectively together with encrypted image database. In the query phase, the user constructs the trapdoor shares using similar method and uploads them to edge servers respectively. After receiving the trapdoor shares, edge servers calculate the secure Euclidean distance with the improved Beaver’s multiplication method and returns the most similar ciphertext images to user. The user decrypts to obtain the plaintext image.

The main contributions in this paper are highlighted as follows:

● This paper presents a PCBIR scheme in edge computing environment, which two or more “honest but curious” servers retrieve the image quickly and accurately without divulging the image content.

● In this scheme, the privacy of image content and image similarity is strictly protected through additive secret sharing and the improved beaver’s multiplication protocol, which can resist the collusion attacks of 𝑘(𝑘 ≥ 2) edge servers under COA model and the collusion attacks of 𝑘 − 1 edge servers under the KPA model.

● Compared with other traditional PCBIR schemes, the scheme consumes less computing resources in online query stage and has higher computing efficiency, which is more suitable for resource-constrained edge computing environment. In addition, the experiment results prove that the method can realize image retrieval without accuracy loss.

The remainder of this paper is organized as follows. In section 2 we introduce the related work. In section 3 we express the preliminaries. The system model, threat model and design goals are introduced in Section 4. The method is proposed in section 5. And we give the security analysis in section 6. We do the performance evaluation of our scheme in section 7 and give the conclusion in section 8.

2. Related works

At present, the research of PCBIR is mainly focused on cloud computing that the encrypted image and secure index are outsourced to a single cloud server. Randomization technology is a simple and fast binary bit sequence encryption algorithm. Lu et al. [6] propose three image feature protection methods based on randomization technology: bit plane randomization, random projection, and random unary encoding, which have high computational efficiency, but are not safe in practical application. Scrambling encryption technology scrambles the content of an image to a certain extent while retaining some statistical information about the image. Zhang et al. [7] encrypt the image by replacing the DCT coefficient and realize image retrieval on the ciphertext. The scheme can efficiently realize the privacy-preserving image retrieval, while the degree of security is not strong. Order preserving encryption (OPSE) technology can keep the order of ciphertext consistent with that of plaintext, and allow direct sorting of encrypted data. Lu et al. [8] design a secure index scheme using order preserving encryption and random hash function that not only protects data privacy but also provides sorting and searching functions, but this scheme may disclose information under known plaintext attack. Asymmetric scalar-product-preserving encryption (ASPE) is an encryption technique that preserves the inner product between data and query data, making it particularly suitable for retrieval tasks. Kai et al. [9] propose an effective privacy-preserving image retrieval scheme combing secure kNN scheme, vector quantization and ASPE technology, which protects database image features and query image features without revealing the exact distance between them. Homomorphic encryption (HE) is a kind of encryption technology that can perform computation directly on encrypted data. Zhang et al. [10] design the scheme which extracts the features, encrypts the features with homomorphic encryption, and measures the similarity between the encrypted features. Hsu et al. [11] propose a secure retrieval scheme that extracts SIFT features in the encryption domain with privacy-preserving. However, the homomorphic encryption schemes [10][11] result in high computational complexity that make them consume too much time. Local sensitive hash (LSH) can perform fast nearest neighbor search in high-dimensional space, which is often used in large-scale image retrieval. Kuzu et al. [12] generate secure index based on local sensitive hash to realize fast similarity search, which can quickly perform large-scale image retrieval, but may affect the accuracy of retrieval. Secure multi-party computing (SMC) refers to the calculation of statistical functions by multiple parties. All parties can obtain correct results using secure multi-party computing, but no more knowledge can be inferred from the public information. M.Shen et al. [13] design a privacy-preserving image retrieval scheme supporting multiple image sources by using secure multi-party computing technology, but the scheme establishes a fully trusted key management center which reduces the practicability of the scheme.

The above schemes outsource images to the cloud server which can provide large storage resources and high computing resources. But the cloud server is deployed far away from users, it may cause network delay and degradation of service quality. Edge servers are deployed on the edge of the network, which is closer to the user, so it can quickly feedback the results of image retrieval and has better real-time performance. However, the resources of edge servers are limited, which make it difficult for complex encryption algorithms suitable for cloud servers to be directly applied in edge servers.

Some researches consider using secure multi-party computing technology to realize PCBIR schemes in edge computing environment. Yan et al. [14] propose a PCBIR scheme in edge computing environment through data exchange between multiple edge servers, while the scheme must be deployed on a specific number of edge servers, which may lead to problems in the scalability and flexibility. Wang et al. [15] propose a secret sharing homomorphism scheme, which divide face feature vector into n shares and store them in n servers respectively. Homomorphic technology is used to calculate the sum of the calculation results of any t(t ≤ n) servers, while the computational cost is extremely huge caused by the utilization of homomorphic encryption in the query phase, resulting in the lack of practicability.

Table 1 exhibits various comparisons among such algorithms and shows a significant improvement by the proposed scheme [16][17][18]. In general, these schemes are usually difficult to strike a balance between security, efficiency and accuracy. In addition, the use of complex encryption algorithms in the edge server will greatly affect the efficiency of image retrieval due to the limited resources of edge servers, resulting in the PCBIR scheme in cloud environment is no longer suitable for edge computing. Therefore, we propose a lightweight PCBIR scheme suitable for edge computing environment, which achieves a certain balance between security, accuracy and efficiency.

Table 1. Comparative analysis among various algorithms with the proposed scheme

3. Preliminaries

3.1 Additive Secret Sharing

The additive secret sharing scheme is a secret sharing technique which ensure the sum of secret shares is equal to the secret. The method splits a secret s into k shares, where each participant will get one share. The secret can be reconstructed when all shares are collected [19]. A typical additive secret sharing system generally consists of two steps:

● The secret sharing algorithm F_S(s, r) = (s₁, s₂, … , s_k) takes a secret s and some randomness r = {r₁, r₂, … , r_k−1} chosen at random as input, then outputs k shares s₁, s₂, … , s_k of this secret:

\(\begin{aligned}si= \begin{cases} r_1 & \mbox i=1, ..., k-1\\ s- \sum_{i=1}^{k-1}r_i &\mbox i=k \end{cases}\end{aligned}\)       (1)

● The secret reconstruction function F_R(s₁, s₂, … , s_k) = s takes the full set of k shares as input, and the secret can be reconstructed by:

s = ∑_i=1^ks_i       (2)

where si denotes the i^th share of the secret s.

3.2 Beaver’s multiplication

Beaver’s multiplication technology is able to perform multiplication of secret shares with the utilize of triple shares, which is useful for both security and practicality [20][21]. Let x_i(i ∈ {0,1}) indicates a additive secret sharing of x, and suppose that triple shares {a_i, b_i, c_i} for independent random a, b and c = ab is available. Participant P_i has {x_i, y_i}, {a_i, b_i, c_i} and the multiplication works of x, y as follows:

1) P₀ calculates e₀ = x₀ − a₀, v₀ = y₀ − b₀, and sends e₀, v₀ to P₁;

P₁ calculates e₁ = x₁ − a₁, v₁ = y₁ − b₁, and sends e₁, v₁ to P₀.

2) P₀ and P₁ calculate e = e₀ + e₁, v = v₀ + v₁.

3) P₀ calculates z₀ = v ∙ a₀ + e ∙ b₀ + c₀, and sends z₀ to P₁;

P₁ calculates z₁ = e ∙ v + v ∙ a₁ + e ∙ b₁ + c₁, and sends z₁ to P₀.

4) P₀ and P₁ calculate z = z₁ + z₀ = xy.

3.3 Homomorphic encryption

Homomorphic encryption allows operations to be performed on encrypted data without knowing the private key, and the operation results are the same as those performed on ordinary plaintext data [22]. To reduce the burden of user and ensure the safe generation of triple shares, the proposed scheme uses pallier homomorphic encryption [23] to generate triple shares in the offline phase, which is realized through data exchange between servers without the participation of user

4. System Design

4.1 System Model

Fig. 1 illustrates the system model of the proposed scheme. There are three types of entities in our system, including image owners, users, and edge servers.

Fig. 1. System model of the scheme

In Fig. 1, image owner constructs index shares, encrypts image databases, and then outsources index shares and encrypted image databases to the edge servers respectively. Edge servers store encrypted images databases and index shares, construct triple shares, perform privacy-preserving image retrieval, and return cipher-image. Users construct trapdoor shares, upload trapdoor shares to the edge servers respectively, decrypt cipher-image returned by the edge server and obtain the plaintext query result.

4.2 Threat Model

In general, image owners and users are considered trusted. The security threats of the scheme mainly come from “honest but curious” edge servers and external attackers.

1) External attackers

In the process of transforming data between edge servers and sending data to edge servers by users and image owners, external attackers may eavesdrop information on the communication channel.

2) Edge servers

In this model, the edge servers are considered “honest but curious”, which means that the edge servers are following the protocol correctly (“honest”). At the same time, they retain all input from other parties and all intermediate values to infer more knowledge (“curiosity”). Therefore, edge servers will operate normally to avoid being identified by the anomaly detection mechanism, but at the same time they may get the user’s privacy information. In this scheme, the privacy of images and image features must be guaranteed. In addition, the original Euclidean distance between images cannot be obtained by the edge server to prevent the edge server from obtaining more information.

4.3 Design goals

1) Image privacy.

We should protect ①image database: the security of image database should be the primary security goal of the scheme which means edge servers cannot obtain image database uploaded by the image owner. ②Index: index should also be encrypted before outsourcing to edge servers. The edge server cannot crack out image features at any time, and the attacker cannot obtain image features by wiretapping channels. For identical image features, the index shares should be completely different. ③trapdoor: The goal of privacy protection is the same as above. ④image similarity: the edge server cannot obtain true Euclidean distance between database image features and query image features. For two identical query features, the Euclidean distance between the query feature and the same databases image feature should be completely different.

2) Retrieval accuracy.

Retrieval accuracy cannot be significantly reduced by adopting privacy protection technology. In this scheme, we ensure that the retrieval accuracy of the proposed scheme is consistent with plaintext image retrieval.

3) Efficiency.

The computing tasks at the user and image owner side should be as few as possible, so as to reduce the computational burden of the user and image owner. Edge servers should undertake most of the computing tasks.

5. The proposed method

5.1 Notations in this section

The secret and its corresponding share used in the proposed scheme are shown in Table 2.

Table 2. The secret and its corresponding share used in the proposed scheme

5.2 System overview

Fig. 2 shows the flow chart of the proposed scheme, which consists of three entities: image owner users, and edge servers. For the description, the figure only shows four edge servers, in practical application the number of edge servers can be 𝑘(𝑘 ≥ 2).

Fig. 2. The flowchart of the scheme

● Images owners: They are the provider of the image databases. In the offline phase, the image owner extracts image features, generates index shares, and outsources them to the edge servers together with encrypted images databases.

● Users: They are users who want to query images. In the query phase, the user extracts the query image features, generates the trapdoor shares, and sends them to the edge servers. After the edge server returns the cipher-images, they decrypt cipher-images and get plaintext image.

● The edge servers: It takes responsibility for performing image retrieval tasks and stores encrypted images, index shares. It contains 𝑘 edge servers, in which edge server 1 undertakes more computing tasks among all edge servers which needs to aggregate the calculation results and obtains the final similarity ranking.

The specific processing flow is divided into offline phase and query phase as follow:

In the offline phase: ①Image owner constructs index share 𝑓_𝑖′ (𝑖 = 1,2, … , 𝑘) and encrypts the image database D to obtain the encrypted image database ED. ②The edge servers generate the triple shares and store them which are briefly summarized in the figure and explained in detail below.

In the query phase: ①The user requests authorization from the image owner. ②The image owner confirms the identity of the user, and then returns the index encryption key R and the image decryption key 𝐾′. ③After the user is authorized, the user extracts image features, constructs trapdoor shares 𝑞_𝑖′^𝑇 and uploads them to edge server 𝑖 respectively. ④After receiving the trapdoor shares uploaded by the user, the edge server 𝑖 generate intermediate share 𝑒_𝑖 and 𝑣_𝑖 , then sends them to edge server 1. ⑤The edge server 1 calculates and broadcasts intermediate value 𝑒 and 𝑣. ⑥The edge server 𝑖 generates distance shares 𝑧_𝑖 and sends them to edge server 1. ⑦The edge server 1 sums the distance shares and compares the distance, returns the most similar ciphertext image to the user. The users decrypt to get the plaintext image.

5.3 Offline phase

The main task of this phase is to construct triple shares at the edge servers, build encrypted image database and index shares at the image owner side. The processing flow is as follows:

5.3.1 the edge servers

In the offline phase, the edge server 𝑖(𝑖 = 1,2, … , 𝑘) constructs triple shares 𝑎_𝑖, 𝑏_𝑖, 𝑐_𝑖, where 𝑎_𝑖 and 𝑏_𝑖 are completely random integers that randomly selected by the edge server 𝑖, 𝑐_𝑖 satisfy ∑_𝑖=1^k𝑐_𝑖 = ∑_𝑖=1^k𝑎_𝑖 × ∑_𝑖=1^k𝑏_𝑖 which is obtained through the interactive computing between edge servers.

∑_𝑖=1^𝑘𝑐_𝑖 = ∑_𝑖=1^𝑘𝑎_𝑖 × ∑_𝑖=1^𝑘𝑏_𝑖

= (𝑎₁ + ⋯ + 𝑎_𝑘) x ∑_𝑖=1^𝑘𝑏_𝑖

= 𝑎₁ x ∑_𝑖=1^𝑘𝑏_𝑖 + ⋯ + 𝑎_𝑘 x ∑_𝑖=1^𝑘𝑏_𝑖

= 𝑎₁𝑏₁ + 𝑎₁∑_𝑖=2^𝑘𝑏_𝑖 + 𝑎₂𝑏₂ + 𝑎₂∑_{𝑖=1,𝑖≠2}^𝑘𝑏_𝑖 + ⋯       (3)

In the (3), 𝑎_𝑖𝑏_𝑖 can be calculated on edge server 𝑖, so the difficulty of constructing triple shares is how to calculate 𝑎_𝑖 ∑_{𝑗=1,𝑗≠𝑖}^𝑘𝑏_𝑗. Here we employ Paillier homomorphic encryption technology to generate 𝑎_𝑖 ∑_{𝑗=1,𝑗≠𝑖}^𝑘𝑏_𝑗. The Triple() algorithm is shown in Algorithm 1.

Algorithm 1 (𝑐_𝑖) ← Triple(𝑎_𝑖, 𝑏_𝑖)

1： For 𝑖 = 1: 𝑘

2: edge server 𝑖 generates public key 𝑝_𝑖 and private key 𝑠_𝑖.

3： For 𝑗 = 1: 𝑘

4: If 𝑗 ≠ 𝑖

5： edge server 𝑖 sends 𝑥_𝑖 = Enc_𝑝𝑖(𝑎_𝑖) and public key 𝑝_𝑖 to edge server 𝑗.

6： edge server 𝑗 randomly selects 𝜂_𝑖,𝑗 and sends 𝑥_𝑖,𝑗 = 𝑥_𝑖^𝑏_𝑗Enc_𝑝𝑖(−𝜂_𝑖,𝑗) to edge server 𝑖.

7： edge server 𝑖 uses private key 𝑠_𝑖 for decryption and gets 𝑦_𝑖,𝑗 = 𝑎_𝑖𝑏_𝑗 − 𝜂_𝑖,𝑗.

8: End If

9： End For

10： edge server 𝑖 calculates 𝑐_𝑖 = 𝑎_𝑖𝑏_𝑖 + ∑_{𝑗=1,𝑗≠𝑖}^𝑘𝑦_𝑖,𝑗 + ∑_{𝑗=1,𝑗≠𝑖}^𝑘𝜂_𝑗,𝑖.

11： End for

12： Return 𝑐_i

The workflow of constructing triple shares 𝑎_𝑖, 𝑏_𝑖, 𝑐_𝑖 as follow: First, edge server 𝑖(𝑖 = 1,2, … , 𝑘) randomly selects 𝑎_𝑖, 𝑏_𝑖, generates public key 𝑝_𝑖 and private key 𝑠_𝑖, sends 𝑥_𝑖 = Enc_𝑝𝑖(𝑎_𝑖) to edge server 𝑗(𝑗 = 1, … . 𝑘, 𝑗 ≠ 𝑖). Second, after receiving 𝑥_𝑖, edge server 𝑗 randomly selects 𝜂_𝑖,𝑗 and sends 𝑥_𝑖,𝑗 = 𝑥_𝑖^𝑏_𝑗Enc_𝑝𝑖(−𝜂_𝑖,𝑗) to edge server 𝑖. Third, edge server 𝑖 decrypts to obtain 𝑦_𝑖,𝑗 = 𝑎_𝑖𝑏_𝑗 − 𝜂_𝑖,𝑗 using the private key 𝑠_𝑖. Finally, edge server 𝑖 gets 𝑐_𝑖 = 𝑎_𝑖𝑏_𝑖 + ∑_{𝑗=1,𝑗≠𝑖}^𝑘𝑦_𝑖,𝑗 + ∑_{𝑗=1,𝑗≠𝑖}^𝑘𝜂_𝑗,𝑖. In the query phase, the 𝑎_𝑖, 𝑏_𝑖, 𝑐_𝑖 will ensure that all processes of data exchange do not reveal privacy to the “honest but curious” servers.

5.3.2 the image owner

In the offline phase, image owner is mainly responsible for generating encrypted image database and index shares that will be outsourced to the edge servers. Encrypted image database are constructed by two steps: executing KeyGen() to generate the image encryption/decryption key, running Enc() to generate encrypted image database. Index shares are built by two steps: executing IndexGen() to generate the index, carrying out IndexShareBuild() to build index shares. The specific steps of each algorithm are explained below:

1）INDEX SHARE BUILD

\(\begin{aligned}\hat{f} \leftarrow \operatorname{Index} \operatorname{Gen}(I)\end{aligned}\). The image owner extracts the color feature [24] of the database image 𝐼 which can be called database image feature and expressed as 𝑓 = (𝑓₁, … , 𝑓_𝑛), where 𝑛 is the dimension of the feature. Then image owner generates index \(\begin{aligned}\hat{f}=\left(f_{1}, \ldots, f_{n},\|f\|_{2}^{2}\right)^{T}\end{aligned}\), where \(\begin{aligned}\|f\|_{2}^{2}=\sum_{i=1}^{n} f_{i}^{2} \cdot \hat{f}=\left(f_{1}, \ldots, f_{n}\right)^{T}\end{aligned}\)

\(\begin{aligned}f_{i}^{\prime} \leftarrow \text {IndexShareBuild}(\hat{f})\end{aligned}\) . First, the image owner picks an (𝑛 + 1) × (𝑛 + 1) invertible matrix R at random and generates encrypted index 𝑓′:

\(\begin{aligned}f^{\prime}=\boldsymbol{R}^{T} \cdot \hat{f}\end{aligned}\)       (4)

where the matrix R needs to be sent to the user in the query phase.

Second, the image owner takes encrypted index 𝑓′ and 𝑟_𝑑 = {𝑟_𝑑,1, 𝑟_𝑑,2, … , 𝑟_{𝑑,𝑘−1}} chosen uniformly at random as input, and outputs 𝑘 index share 𝑓_𝑖′ of this secret:

𝐹_𝑆(𝑓′, 𝑟_𝑑) = (𝑓₁′, 𝑓₂′ , … , 𝑓_𝑘′ )       (5)

Finally, the image owner sends index share 𝑓_𝑖′ to edge server 𝑖 respectively.

2）ENCRYPTED DATABASE GENERATION

𝐾′ ← KeyGen(1^𝛼). The image owner generates the encryption/decryption key 𝐾′ of the AES algorithm [25] for encrypting the image database, where α is the parameter for generating the key.

ED ← Enc(𝐷, 𝐾′). The image owner encrypts the image database D with image encryption key 𝐾′ and obtains encrypted image database ED that will be uploaded to the edge server.

5.4 query phase

The user generates the trapdoor shares and sends them to the edge servers respectively. The edge servers execute privacy-preserving image retrieval, which measure the similarity using trapdoor shares and index shares, and return the query result. The user decrypts to get the plaintext image. The processing flow is as follows:

5.4.1 the user

In the query phase, the main task of user is to generate the trapdoor shares and decrypt cipher-image returned by the edge server. Trapdoor shares are built by two steps: executing TrapdoorGen() to generate the trapdoor, carrying out TrapshareBuild() to build trapdoor shares. The user executes Dec() to decrypt the cipher image returned by the edge server and obtain the plaintext query result. The specific steps of each algorithm are explained below:

1）TRAPDOOR SHARE BUILD

\(\begin{aligned}\hat{q} \leftarrow \operatorname{TrapdoorGen}\left(\operatorname{Im} g_{q}\right)\end{aligned}\). The user extracts the color feature from the query image Img_𝑞 ,which can be called query image feature and denoted as 𝑞 = (𝑞₁, … , 𝑞_𝑛), where 𝑛 represents the dimension of the feature. Then the user constructs the trapdoor \(\begin{aligned}\hat {q} = \left(-2 q_{1}, \ldots,-2 q_{n}, 1\right)^{T}\\\end{aligned}\).

\(\begin{aligned}q_{i}^{\prime T} \leftarrow \text {TrapshareBuild}(\hat{q})\end{aligned}\). First, the user selects a positive number 𝑟 randomly with uniform probability. The user encrypts \(\begin{aligned}\hat {q}\end{aligned}\) to obtain encrypted trapdoor 𝑞′^𝑇.

\(\begin{aligned}q^{\prime T}=\left(r \boldsymbol{R}^{-1} \cdot \hat{q}\right)^{T}\end{aligned}\)       (6)

Second, the user takes encrypted trapdoor 𝑞′^𝑇 and 𝑟_𝑞 = {𝑟_𝑞,1, 𝑟_𝑞,2, … , 𝑟_{𝑞,𝑘−1}} chosen uniformly at random as input, and outputs 𝑘 trapdoor share 𝑞_𝑖′^𝑇 of this secret:

𝐹_𝑆(𝑞′^𝑇, 𝑟_𝑞) = (𝑞₁′^𝑇, 𝑞₂′^𝑇, … , 𝑞_𝑘′^𝑇)       (7)

Finally, the user uploads trapdoor share 𝑞_𝑖′^𝑇 to edge server 𝑖 respectively.

2）CIPHER IMAGE DECRYPTION

Img ← Dec(Img_𝑒, 𝐾′). After receiving the requested cipher image Img_𝑒 from the edge server 1, the user gets the query result Img by decrypting Img_𝑒 via 𝐾′.

5.4.2 the edge servers

After receiving trapdoor shares, the edge servers compare the distance between the index share 𝑓_𝑖′ and trapdoor share 𝑞_𝑖′^𝑇 through the interactive calculation between edge servers, and sends the most similar ciphertext images to the user. It mainly consists of two steps: distance share generation and distance reconstruction.

1）DISTANCE SHARE GENERATION

(𝑧_𝑖) ← DistShareGen(𝑞_𝑖′^𝑇, 𝑓_𝑖′, 𝑎_𝑖, 𝑏_𝑖, 𝑐_𝑖). After receiving 𝑞_𝑖′^𝑇 sending from the user, the edge server 𝑖 executes Algorithm 2 to acquire distance share 𝑧_𝑖.

Algorithm 2 (𝑧_𝑖) ← DistShareGen(𝑞_𝑖′^𝑇, 𝑓_𝑖′, 𝑎_𝑖, 𝑏_𝑖, 𝑐_𝑖)

1：For 𝑖 = 1: 𝑘

2： edge server 𝑖 sends 𝑒_𝑖 = 𝑓_𝑖′ − 𝑎_𝑖, 𝑣_𝑖 = 𝑞_𝑖′^𝑇 − 𝑏_𝑖 to edge server 1 ;

3：End for

4: edge server 1 broadcasts 𝑒 = ∑_𝑖=1^𝑘𝑒_𝑖, 𝑣 = ∑_𝑖=1^𝑘 𝑣_𝑖 to the other edge servers ;

5：For 𝑖 = 1: 𝑘

edge server 𝑖 sends \(\begin{aligned}zi= \begin{cases} v \times a_i+e {\times} b_i + c_i +e {\times} v &\mbox i=1 \\ v {\times} a_i + e {\times} b_i + c_i &\mbox i=2, 3, ...k \end{cases}\end{aligned}\) to edge server 1;

6：End for

7：Return 𝑧_𝑖

Edge server 𝑖 constructs intermediate share 𝑒_𝑖, 𝑣_𝑖 and sends them to edge server 1.

𝑒_𝑖 = 𝑓_𝑖′ − 𝑎_𝑖 (8)

𝑣_𝑖 = 𝑞_𝑖′^𝑇 − 𝑏_𝑖 (9)

After receiving 𝑒_𝑖, 𝑣_𝑖 from edge server 𝑖, edge server 1 constructs intermediate value 𝑒 = ∑_𝑖=1^𝑘𝑒_𝑖 , 𝑣 = ∑_𝑖=1^𝑘𝑣_𝑖 and broadcasts them to the other edge servers.

After receiving 𝑒, 𝑣 from edge server 1, edge server 𝑖 generates distance share 𝑧_𝑖 and sends them to edge server 1.

\(\begin{aligned}z_i= \begin{cases} v \times a_i+e {\times} b_i + c_i +e {\times} v &\mbox i=1 \\ v {\times} a_i + e {\times} b_i + c_i &\mbox i=2, 3, ...k \end{cases} \end{aligned}\)       (10)

2）DISTANCE RECONSTRUCTION

(Img_e) ← DistRecon(z_i). After g distance share z_i from the other edge servers, edge server 1 reconstructs distance z. The smaller z is, the more similar the database image is to the query image. According to this principle, the retrieved ciphertext images Img_e will be found and sent to the user.

𝑧 = ∑_𝑖=1^𝑘𝑧_𝑖 = 𝑞′^𝑇𝑓′       (11)

Proof Depending on the nature of additive secret sharing, we know 𝑎 = ∑_𝑖=1^𝑘𝑎_𝑖, 𝑏 = ∑_𝑖=1^𝑘𝑏_𝑖, 𝑐 = ∑_𝑖=1^𝑘c_𝑖, 𝑒 = ∑_𝑖=1^𝑘e_𝑖 = 𝑓′ − 𝑎, 𝑣 = ∑_𝑖=1^𝑘𝑣_𝑖 = 𝑞′^𝑇 − 𝑏, then

𝑧 = ∑_𝑖=1^𝑘𝑧_𝑖

= 𝑒𝑣 + 𝑣∑_𝑖=1^𝑘a_𝑖 + 𝑒∑_𝑖=1^𝑘𝑏_𝑖 +∑_𝑖=1^𝑘c_𝑖

= 𝑒𝑣 + 𝑣𝑎 + 𝑒𝑏 + 𝑐

= (𝑞′^𝑇 − 𝑏)(𝑓′ − 𝑎 + 𝑎) + (𝑓′ − 𝑎)𝑏 + 𝑐

= 𝑞′^𝑇𝑓′ − 𝑓′𝑏 + 𝑓′𝑏 − 𝑎𝑏 + 𝑎𝑏

= 𝑞′^𝑇𝑓′       (12)

We have \(\begin{aligned}q^{\prime T} f^{\prime}=\left(r \boldsymbol{R}^{-1} \cdot \hat{q}\right)^{T}\left(\boldsymbol{R}^{T} \cdot \hat{f}\right)=r\left(\|f\|_{2}^{2}-2 \sum_{i=1}^{n} f_{i} q_{i}\right)=r\left(\|q-f\|_{2}^{2}-\|q\|_{2}^{2}\right)\end{aligned}\), where ‖𝑞 − 𝑓‖₂² = ∑_𝑖=1^𝑛(𝑞_𝑖 − 𝑓_𝑖)², ‖𝑞‖₂² = ∑_𝑖=1^𝑛𝑞_𝑖². For each query, the constant is ‖𝑞‖₂² and 𝑟, variable is ‖𝑞 − 𝑓‖₂². It is obvious that the ranking of 𝑧 maintains the ranking of original Euclidean distance ‖𝑞 − 𝑓‖₂² between query image features 𝑞 and database image features 𝑓. Moreover, for two identical query inputs, distance 𝑧 between the images is completely different, so as to prevent the edge servers from obtaining the similarity information between the images. The improved Beaver’s multiplication method transforms the multiplication calculation into the distance calculation, ensures that the original Euclidean distance sorting is completely retained and realizes the security similarity calculation without exposing the real Euclidean distance.

6. Security Analysis

The security of the proposed scheme is analyzed under ciphertext-only attack(COA) [26], known-plaintext attack(KPA). The private information we need to protect includes image database, index, trapdoor, image similarity. The AES technology is used to protect image databases, which has been proved to be a secure encryption algorithm [27]. In a system with 𝑘 edge servers, the security of index, trapdoor and image similarity is discussed as follow.

1) Analysis under COA model

In COA model, the attackers can access the ciphertext stored on the edge servers, but do not know the plaintext and keys.

Theorem 1 Under the premise that all 𝑘 edge servers or fewer edge servers are corrupted by a semi-honest attacker, the proposed scheme can ensure that the edge servers cannot obtain the private information of the user and the image owner under COA model.

Proof Assuming that 𝑘 edge servers are corrupted by the attacker, we analyze their security from the following three aspects:

● Suppose 𝑘 index shares are corrupted, the attacker 𝒜 can obtain the encrypted index 𝑓′ by aggregating index shares. However, encrypted index refers to the index is encrypted using the invertible matrix R. Therefore, the only way for an attacker 𝒜 to get the value of the index is to enumerate all possible values. We assume that the dimension of the index is 𝑛 + 1, and the range of the image features is 𝑇. The computational complexity of an attacker 𝒜 directly simulating index is 𝑇^𝑛+1, so the security strength is log₂(𝑇^𝑛+1). The security of trapdoor is analyzed in a similar way.

● Suppose 𝑘 intermediate shares are corrupted, the attacker 𝒜 can obtain intermediate values 𝑒, 𝑣 by aggregating intermediate shares and triples 𝑎, 𝑏, 𝑐 by aggregating triple shares. So the attacker 𝒜 can get the encrypted index 𝑓′ = 𝑒 + 𝑎, the encrypted trapdoor 𝑞′^𝑇 = 𝑣 + 𝑏. But encrypted indexes do not reflect real information of index, the security strength is log₂(𝑇^𝑛+1).

● Suppose 𝑘 distance shares are corrupted, the attacker 𝒜 can obtain 𝑧 = 𝑟(‖𝑞 − 𝑓‖₂² − ‖𝑞‖₂²). Since 𝑞 and 𝑟 are unknown, the true Euclidean distance cannot be obtained. The attacker 𝒜 tries to get information of true Euclidean distance by exhausting all possibilities, however even if all possible values are exhausted, the correct value cannot be identified from them.

Therefore, the private information of the user and the image owner can be protected.

2) Analysis under KPA model

In KPA model, the attacker 𝒜 can access several pairs of plaintext and the corresponding ciphertext.

Theorem 2 Under the premise that 𝑘 − 1 edge servers or fewer edge servers are corrupted by a semi-honest attacker, the proposed scheme can ensure that the edge servers cannot obtain the private information of the user and the image owner under the KPA model.

Proof Assuming that 𝑘 − 1 or less edge servers are intruded by the attacker 𝒜. Meanwhile, the attacker 𝒜 extracts the feature from the query image as a query user, 𝑘 − 1 secret shares corresponding to this feature are obtained by the attacker 𝒜. However, the nature of the additive secret share explains that no more than 𝑘 − 1 secret shares can not reveal any true information about the secret. Therefore, the attacker 𝒜 cannot obtain any private information.

7. Performance Evaluation

In this chapter, we give the experimental results and evaluate the performance of the proposed scheme in terms of the security evaluation, retrieval accuracy and efficiency. Experiments are performed on two datasets, one dataset is corel1000 [28], another dataset is caltech1000 database. The two image datasets have 10 types of pictures, 100 pictures of each type. The retrieval results of the proposed scheme are compared with several typical privacy-preserving image retrieval schemes, including Lu’s three schemes [6], Homomorphic encryption scheme [10]. All experiments are implemented by MATLAB.

7.1 Evaluation of Security

1) The autocorrelation function

The autocorrelation function describes the correlation degree of neighboring signal [29], the autocorrelation function 𝑅(𝑇) is shown as follows:

𝑅(𝑇) = Σ_𝑖−1^𝑛𝑥(𝑖)𝑥(𝑖 − 𝑇)       (13)

where 𝑛 is the length of the signal, 𝑇 is the delay of the signal.

The autocorrelation function for the plaintext feature, the encrypted features of three methods proposed by Lu [6], the index share which is the encryption feature of the proposed scheme, and the encrypted features in homomorphism scheme [10] are shown in Fig. 3.

Fig. 3. Autocorrelation function of encrypted features

From results, we can see that the plaintext features have strong correlation, which indicates that there is a strong correlation between adjacent features. It is clear that the autocorrelation of the index share is obviously lower than that of encrypted features built by Lu’s three methods. The autocorrelation of the index share is almost zero in the proposed method, which means that attackers cannot infer any plaintext feature information from the shares. It is generally considered that homomorphic encryption algorithm has strong security, and its autocorrelation function fluctuates near zero. The results show that the autocorrelation of index share is similar as that of encrypted features generated by homomorphic encryption, which indicates the share has high security. In addition, the autocorrelation ability of the proposed scheme will be further weakened and the security will be further enhanced with the expansion of the range of random numbers and the increase of the number of edge servers.

2) Information entropy

Information entropy represents the uncertainty of encrypted features, which is defined as follows:

𝐻 = −Σ_𝑖=0^𝑛 𝑝(𝑥(𝑖)) × log₂𝑝(𝑥(𝑖))       (14)

where 𝑥(𝑖) is the encrypted feature, 𝑛 is the length of 𝑥(𝑖), 𝑝(𝑥(𝑖)) is the probability of 𝑥(𝑖). The entropy for the index share of the proposed scheme, the encrypted features of three methods proposed by Lu [6], the encrypted features in homomorphism scheme [10], plaintext features and random data are shown in Table 3.

Table 3. Information entropy of encrypted features

The experimental results show that the entropy of plaintext features is low, thus there is a strong internal correlation between plaintext features. The entropy of the share in this paper is almost the same as that of encrypted features built by homomorphic encryption, and is significantly higher than that of the encryption features obtained by other schemes, which shows that the distribution of share is very random and has high security. It is considered that homomorphic encryption has high computational complexity and low efficiency, and the time consumed of the proposed scheme is significantly less than homomorphic encryption which proves the scheme is in fact practical.

7.2 Evaluation of Retrieval Accuracy

The most common evaluation measures of retrieval accuracy in image retrieval are precision and recall usually presented as a precision vs recall graph (PR graph) [30].

\(\begin{aligned}\begin{array}{c}\text { precision }=\frac{\text { No.relevant images retrieved }}{\text { Total No. images retrieved }} \\ \text { recall }=\frac{\text { No.relevant images retrieved }}{\text { Total No.relevant images in the collection }}\end{array}\end{aligned}\)

In the experiments, a group of 100 query images containing 10 categories of images are retrieved in the Corel1000 dataset and Caltech1000 dataset. We compare the proposed method with the Lu’s three method [6] and homomorphic encryption scheme [10], and the comparison results of PR graph are shown in Figs. 4, 5.

Fig. 4. The accuracy comparison in Corel1000

Fig. 5. The accuracy comparison in Caltech1000

It is obvious that the retrieval result of the proposed scheme performs almost the equal with homomorphic encryption scheme, better than Lu’s three methods. Homomorphic encryption scheme is usually considered as a method with approximately no loss of accuracy, which shows that the scheme can achieve accurate image retrieval.

We also compare our scheme with plaintext image retrieval, the results are shown in Figs. 6, 7. The results demonstrate that the retrieval accuracy of the method is almost consistent with that of plaintext image retrieval. The scheme requires that the number of edge servers should be at least two. On the premise of meeting this condition, the image retrieval accuracy will not decrease with the increase of the number of edge servers. Regardless of the number of edge servers, the precision of the scheme is consistent with that of plaintext image retrieval.

Fig. 6. The accuracy comparison of the scheme and plaintext image retrieval in Corel1000

Fig. 7. The accuracy comparison of the scheme and plaintext image retrieval in Caltech1000

7.3 Evaluation of efficiency

We analyze the efficiency of the scheme from the perspective of computational complexity and interaction time.

7.3.1 Computational complexity

Assume 𝑛 denotes the size of the data, 𝑘 represents the number of the edge server, 𝑔 is the number of bit planes to encrypt, 𝑚 is the dimension of projected features, 𝑀 is the maximum possible value in all the feature vectors, then the computational complexity results are shown in Table 4.

Table 4. Time complexity comparison of different methods

The experimental results express that the time complexity of the homomorphic encryption method is very high. The computational complexity of the proposed scheme is lower than Homomorphic encryption, Randomized unary encoding and Bit-plane randomization. The computational complexity of random projection is 𝑂(mn) which is relatively low. Compare with random projection, the time complexity comparison of the proposed scheme is interrelated to the number of the edge server 𝑘. The larger the value of 𝑘, the greater the computational complexity. However, the accuracy of random projection is relatively low, and its accuracy decreases significantly with the increase of the size of image databases.

7.3.2 Evaluation of interaction time

In addition to computing time, we discuss the overhead of interacting with multiple edge servers. Since all the work in the offline phase can be completed before the user initiates the query, this section mainly discusses the interaction cost in the query phase, and the interaction time includes three parts:

1) The user sends the trapdoor shares to 𝑘 edge servers respectively. This process can happen almost simultaneously.

2) The interactive computing between edge server 1 and the other edge servers for generating distance shares. This process can be regarded as almost simultaneous transmission. Moreover, the communication time of this process does not increase significantly with the increase of the edge server.

3) The edge server 1 returns the query results to the user. This part of the interaction time must be consumed.

Although there is a certain amount of interaction time, most communications can be executed almost at the same time. With the development of 5G communication technology, it can transmit data quickly to ensure the rapid execution of image retrieval.

We conduct experiments on Corel1000 datasets for different encryption methods in a query task, obtain the time comparison results in the offline phase and the query phase shown in Table 5. In the experiment of the proposed scheme, the number of the edge server used is 3, and the number of triple shares generated is one set.

Table 5. Comparison results of time consumption

The experimental results demonstrate that the proposed scheme takes less time than homomorphic encryption, randomized unary encoding, bit-plane randomization in the offline phase and query phase. The scheme is slightly slower than the random projection which is a technique to randomize characteristic disturbances. The performance of random projection in security and retrieval accuracy is obviously worse than that of our scheme, especially its security has been proved to be relatively weak, thus our scheme achieves the balance among security, accuracy and retrieval efficiency to some extent in edge computing environment.

8. Conclusion

In order to solve the problems in the existing PCBIR schemes on cloud computing, such as huge energy consumption, network delay and single point of failure, we present a privacy-preserving image retrieval scheme in edge computing environment, suitable for the distributed and resource-constrained characteristics of edge servers. We encrypt image features with additive secret sharing, so the attacker must corrupt at least 𝑘 − 1 edge servers to crack the system, which greatly enhances the security of the system. We also improve the Beaver’s multiplication to evaluate the similarity of images and avoid exposing original Euclidean distance to the edge servers. Security analysis and experimental results demonstrate the proposed method achieves the balance between security, accuracy and efficiency. Future work will develop the efficiency of preprocessing in the offline stage, and better adapt to the edge computing environment.