Efficient & secure image availability and content protection

Abstract

Digital images are among the most communicated multimedia data types. Many of these images include private data that require a high level of security. The traditional image security schemes rely on cryptographic solutions to ensure the confidentiality or the authentication of image contents, and to ensure that the encryption key is not compromised. However, the continuous evolution of the attackers’ capabilities is making it harder than ever to achieve the goal of safeguarding the private data against breaches. Moreover, the centralization aspect of images’ storage makes them prone to availability attacks. In this paper, we propose a distributed and secure storage scheme for images, based on the Modified Information Dispersal Algorithm (MIDA), and taking into consideration the trade-off between the high security level and the associated computational overhead. The proposed solution applies block permutation on the image to ensure data confidentiality and then, divides it into k fragments that are encoded using the proposed parallel modified IDA. The output consists of n encoded fragments, instead of k, to ensure data availability. Next, each encoded fragment is authenticated using a lightweight Message Authentication Algorithm (MAA) to ensure data integrity with source authentication. Finally, the encoded fragments are distributed over n storage nodes (or multi-cloud providers). The resilience degree of such redundancy is (n − k), since only k fragments are required to reconstruct the original images. All the cryptographic steps such as permutation, IDA encoding and MAA consist of simple operations and they are based on a dynamic key. This ensures a high level of security since in each session, a new key is used to produce different cryptographic primitives as well as the update primitives, which are used to update the permutation and selection tables. The implementation results show that the proposed scheme meets the desired cryptographic properties to guard against different attacks. Finally, the performance tests show that the proposed scheme is lightweight with low overhead in terms of computations, communication and storage.