SECURE IMAGE FILTERING Nan Hu, Sen-ching S. Cheung University of Kentucky Electrical & Computer Engineering Lexington, KY, 40506 nan.hu@uky.edu, cheung@engr.uky.edu Thinh Nguyen Oregon State University EECS Department Corvallis, OR 97330 thinhq@eecs.oregonstate.edu ABSTRACT In today’s heterogeneous network environment, there is a growing demand for distrusted parties to jointly execute distributed algorithms on private data whose secrecy needed to be safeguarded. Protocols that support such kind of joint computation without complete shar- ing of information are called Secure Multiparty Computation (SMC) protocols. Applying SMC protocols in image processing is a chal- lenging problem. Most of the existing SMC protocols are imple- mented based on cryptographic primitives like Oblivious Transfer that are too computational intensive for pixel-based operations. In this paper, we develop two efﬁcient SMC protocols for distributed linear image ﬁltering between two parties, one party with the orig- inal image and the other with the image ﬁlter. The ﬁrst protocol is based on a combination of rank reduction and random permutation. The second one uses random perturbation with the help of a non- colluding third party. Experimental results show that both of them execute signiﬁcantly faster than oblivious-transfer based techniques. Index Terms— Communication system security, Image Pro- cessing, Distributed Algorithms, Cryptography 1. INTRODUCTION The proliferation of imaging and storage devices and the ubiquitous presence of computer networks make sharing of visual data easier than ever. Such casual exchange of visual data, however, has increas- ingly raised questions on how sensitive visual information can be protected. Consider the scenario in which a user of a cellular-phone camera wants to send his/her pictures to an online photo-processing laboratory for image enhancement such as red-eye removal. The user would be concerned about the privacy of his/her pictures while the online store would need to protect the proprietary enhancement technologies against reverse-engineering. Consider another scenario that the police wants to search for possible suspects in a surveil- lance video owned by private company A, using a proprietary soft- ware from yet another private company B. The three parties involved (police, company A, company B) all have information they do not want to share with each other (criminal biometric database from the police, surveillance tape from company A and proprietary software from company B). To support such kinds of applications, one needs to establish a joint computation and communication platform at the pixel level that can guarantee the secrecy of private data and algo- rithms, and at the same time achieve a well-deﬁned objective that beneﬁts all parties involved. This is, however, not a new problem. Cryptographic protocols that support joint computation among multiple distrusted parties with- out complete sharing of information are called Secure Multiparty Computation (SMC) protocols. The general problem of SMC can be traced back to the classical paper by Yao [1]. The biggest challenge to any SMC technique is how to satisfy the security requirement. There are two types of security models - the ideal model and the real model [2]. In the ideal model, the computation is performed by a separate party trusted by all participants. This is perfectly secure as none of the participants gain information beyond the knowledge of their own data. However, the ideal model is not practical because all critical data reside at a single party and can easily be compro- mised. In the real model, the computation is performed via a SMC protocol agreed upon by all parties. The protocol is said to be secure in a semi-honest environment if all parties respect the protocol and are not able to derive more information than what can be deduced from the ﬁnal results. Most of the SMC protocols, including those described in this paper, are developed under this model. Many SMC problems can be solved by using the Oblivious Transfer (OT) pro- tocol in which one party (Alice) can select a particular item from a set owned by another party (Bob) without Bob knowing Alice’s se- lection or Alice knowing other items from Bob’s set [2]. The OT Transfer is typically implemented using different public-key encryp- tion systems [3]. There has been little work in applying SMC to image processing problems. The only work known to us is by S. Avidan et al. on ap- plying classical SMC protocols for two-party face detection [4]. In a typical classiﬁcation task such as face detection, a signiﬁcant portion of an image is transformed into feature vectors, which in most cases cannot be used to recover the original image. The manipulation of feature vectors is thus secure by deﬁnition and no special SMC pro- tocols are required. As a result, the complex SMC protocols do not signiﬁcantly affect the overall performance of the classiﬁcation task. On the other hand, many common image processing applications require pixel-by-pixel processing. The sheer number of pixels in common images render most of the classical SMC techniques use- less. Thus, it is imperative to develop fast computation techniques for these applications. Among all the image processing techniques, linear ﬁltering is arguably the most basic and useful one. It is used in almost all image processing and computer vision applications such as enhancement, denoising, and feature extraction. Even though lin- ear ﬁltering by itself is inherently insecure as we will demonstrate in Section 2, we focus in this paper on “secure” and efﬁcient linear ﬁltering algorithms that can be used in conjunction with other types of non-linear processing. Our contributions are two novel secure lin- ear ﬁltering protocols that are signiﬁcantly faster than those based on OT. These protocols are capable of processing mega-pixel images in less than one second using common desktops. The organization of the paper is as follows: our starting point in Section 2 is the problem deﬁnition and some notations of linear ﬁlter-