2327-4662 (c) 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2017.2732357, IEEE Internet of Things Journal 1 Harnessing the Hybrid Cloud for Secure Big Image Data Service Yushu Zhang, Member, IEEE, Hui Huang, Yong Xiang, * Senior Member, IEEE, Leo Yu Zhang, Member, IEEE, and Xing He Abstract—Various kinds of image sensors capture a large number of images in Internet of Things (IoT) every day. It is increasingly concerned how to securely store and share these big image data from IoT. In this paper, we harness the hybrid cloud to provide secure big image data storage and share service for users. The basic idea is to partition each image into a small set of sensitive data and a large set of insensitive data, which are secure- ly stored in the private cloud and the public cloud, respectively. Specially, the private cloud divides each image into the sensitive data (<20%) and the insensitive data (>80%) based on sensitivity identification approaches like Sobel edge detector. The sensitive data are encrypted in parallel at a counter mode and then stored in the private cloud. The insensitive data are encrypted- then-subsampled and then placed in the public cloud, in which the encryption employs the permutation-diffusion architecture and the subsampling utilizes compressed sampling technique. The keystreams used in encryption operations are managed by the Tent-Logistic system with high initial value sensitivity. Once users make a request for an image, the public cloud provides a privacy-guaranteed insensitive data reconstruction service, and the private cloud decrypts the sensitive and insensitive data and regroups them into a complete image. Experimental results demonstrate that the proposed framework can provide secure big image data service. Index Terms—Private cloud, public cloud, big image data encryption, sensitivity. I. I NTRODUCTION W ith the era of IoT, CCD/CMOS image sensors are pervasively deployed in everywhere such as digital camera, smartphone, traffic camera, satellite reconnaissance, astronomical observation, medical microendoscopy and robot vision. A great number of images are captured by these image sensors every day and the dramatically increasing number is drawing to people’s concerns for big image data’ storage and privacy. To protect the image privacy, people are accustomed This work was supported in part by the Fundamental Research Funds for the Central Universities under Grant XDJK2017B046, in part by the National Natural Science Foundation of China under Grant 61502399, Grant 61572089, Grant 61602158, Grant 61672038, and Grant U1536204. * Corresponding author: Y. Xiang (e-mail: yxiang@deakin.edu.au) Y. Zhang is with the Chongqing Key Laboratory of Nonlinear Circuits and Intelligent Information Processing, School of Electronics and Information Engineering, Southwest University, Chongqing 400715, China, and also with the School of Information Technology, Deakin University, Victoria 3125, Australia (e-mail: yushuboshi@163.com). H. Huang and X. He are with the School of Electronics and Information Engineering, Southwest University, Chongqing 400715, China (e-mail: cqyy- huang@163.com and hexingdoc@swu.edu.cn). Y. Xiang is with the School of Information Technology, Deakin University, Victoria 3125, Australia (e-mail: yxiang@deakin.edu.au). L. Zhang is with the Department of Electronic Engineering, City University of Hong Kong, Hong Kong (e-mail: leocityu@gmail.com). to store the image data in the private cloud of their own, as the private cloud, in general, is credible. But with the expansion of big image data, the storage space in the private cloud is not vast enough. Thus, the private cloud has to seek help to the public cloud which possesses abundant storage and computing resources. However, the public cloud is often not trusted. As a result, the image data to be transmitted to the public cloud need to be encrypted. Meanwhile, compressing these encrypted image data appropriately before transmission is essential to reduce the consumption of communication resources. Nevertheless, it is not an easy task to exploit the image compression over encrypted domain [1]. On the other hand, it is highly expected that not all the data in an image are stored in the public cloud and a hand of data in an image, in which people are the most interested, can be placed in the private cloud for easy looking-up. Therefore, it is necessary to let the hybrid cloud provide an efficient image service while maintaining the privacy. In this paper, we design such an efficient secure image service framework for users through the hybrid cloud. Firstly, the private cloud divides an image into two parts, which are referred to as sensitive data and insensitive data, respectively. This division method can be selected by the private cloud which relies on the users’ interests and requirements. In our work, we take the image’s edge and contour for an example. An edge detector method is selected and used for distinguishing the sensitive data and the insensitive data. The sensitive data account for a tiny percentage (less than 20%) in an image while the remaining data are considered insensitive. Secondly, the insensitive data are appropriately encrypted and then compressed using compressed sampling technique. The compressed measurements are transmitted to a public cloud for storage. In addition, the sensitive data are directly encrypted and stored in the private cloud. Finally, once receiving a user’s request, the public cloud exploits a privacy-preserving decom- pression and deliveries the decompressed data to the private cloud. The private cloud decrypts these decompressed data and encrypted sensitive data, and then assembles the decrypted results into a whole image for the user. Our contributions can be summarized as follows: • We harness the hybrid cloud to provide secure image service for the users. • The proposed framework can save larger than 80% space for the private cloud. • The proposed framework has a privacy-guaranteed decod- ing scheme in the public cloud. The remainder of this paper is organized as follows. The