阅读说明：本技术 图像数据安全传输的方法、装置、处理设备、存储介质 (Method, device, processing equipment and storage medium for image data secure transmission ) 是由 周晓勇 梁淑云 刘胜 马影 陶景龙 王启凡 魏国富 夏玉明 徐�明 殷钱安 余贤 于 2021-06-28 设计创作，主要内容包括：本发明公开一种图像数据安全传输的方法、装置、处理设备及计算机可读存储介质,所述方法包括以下步骤：S01.对原图片进行修改,以生成对抗样本图片；S02.比较原图片和对抗样本图片,以生成差异数据；S03.分别对对抗样本图片和差异数据加密,并单独传输；S04.在接收到加密后的对抗样本图片和差异数据后,分别对对抗样本图片和差异数据进行解密；S05.根据解密后的差异数据,对解密后的对抗样本图片进行还原。本发明采用对对抗样本图片数据和差异数据分别加密和传输,提高了窃取者正确还原原图片的难度和成本。(The invention discloses a method, a device, processing equipment and a computer readable storage medium for image data secure transmission, wherein the method comprises the following steps: s01, modifying the original picture to generate a confrontation sample picture; s02, comparing the original picture with the confrontation sample picture to generate difference data; s03, respectively encrypting the countermeasure sample picture and the difference data, and independently transmitting the countermeasure sample picture and the difference data; s04, after receiving the encrypted countermeasure sample picture and the encrypted difference data, decrypting the countermeasure sample picture and the encrypted difference data respectively; and S05, restoring the decrypted confrontation sample picture according to the decrypted difference data. The method and the device respectively encrypt and transmit the resisting sample picture data and the difference data, thereby improving the difficulty and the cost of a thief for correctly restoring the original picture.)

1. A method for secure transmission of image data, comprising the steps of:

s01, modifying the original picture to generate a confrontation sample picture;

s02, comparing the original picture with the confrontation sample picture to generate difference data;

s03, respectively encrypting the countermeasure sample picture and the difference data, and independently transmitting the countermeasure sample picture and the difference data;

s04, after receiving the encrypted countermeasure sample picture and the encrypted difference data, decrypting the countermeasure sample picture and the encrypted difference data respectively;

and S05, restoring the decrypted confrontation sample picture according to the decrypted difference data.

2. The method for securely transmitting image data according to claim 1, wherein the step S02 specifically includes: and carrying out XOR operation on the original picture and the confrontation sample picture to generate the difference data.

3. The method for securely transmitting image data according to claim 1, wherein the step S03 specifically includes: the challenge sample picture and the difference data are encrypted using different encryption algorithms, respectively.

4. An apparatus for secure transmission of image data, comprising:

a confrontation sample generation module: modifying the original picture to generate a confrontation sample picture;

a difference data generation module: comparing the original picture with the confrontation sample picture to generate difference data;

an encryption module: respectively encrypting the countermeasure sample picture and the difference data;

a transmission module: respectively and independently transmitting the encrypted countermeasure sample picture and the difference data;

a decryption module: after receiving the encrypted countermeasure sample picture and the encrypted difference data, decrypting the countermeasure sample picture and the encrypted difference data respectively;

the original picture restoration module: and restoring the decrypted confrontation sample picture according to the decrypted difference data.

5. The apparatus for securely transmitting image data according to claim 4, wherein the difference data generating module is specifically configured to: and carrying out XOR operation on the original picture and the confrontation sample picture to generate the difference data.

6. The apparatus for securely transmitting image data according to claim 4, wherein the encryption module is specifically: the challenge sample picture and the difference data are encrypted using different encryption algorithms, respectively.

7. A processing device comprising at least one processor and at least one memory communicatively coupled to the processor, wherein: the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 3.

8. A computer-readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 3.

Technical Field

The invention relates to computer data security, in particular to a method, a device, processing equipment and a storage medium for realizing image data secure transmission by using countermeasure samples.

Background

In internet/mobile internet applications, there is a need for transmission of a large amount of images, such as portrait photos, identification card photos, etc. used in authentication, and there is a great risk that image data involving personal privacy is intercepted and stolen during transmission. Thieves can use the stolen data to perform criminal activities, such as spoofing a face recognition system using portrait photos, forging id cards using information on id card photos, and the like.

At present, an image encryption algorithm with a secret key is generally used for solving the problem of image secure transmission. The image is transmitted after being encrypted by the encryption key, and is decrypted by the decryption key at the receiving end to be restored into the original image.

The security of the image encryption algorithm is established on the basis of the security of the decryption key, and if the image encryption algorithm type and the decryption key are leaked, stolen or calculated, the image transmission still has no security guarantee. The basic problem is that the existing security guarantee mechanism does not perform individual processing on image data transmitted every time, and the invariable encryption mechanism is easily mastered by thieves.

The method is characterized in that picture coordinate pixel encryption is carried out according to provided time or system time serving as parameters, an encrypted stamp picture is returned, meanwhile, hash is carried out on the encrypted picture, the picture has uniqueness, and the stamp picture obtained every time is different, so that the original stamp picture is not copied, the stamp picture obtained by a user cannot be repeated with stamp pictures of other users, and the used stamp picture can be correctly identified when being stolen. The method adopts the steps of encrypting the virtual seal and carrying out hash so as to achieve the purpose that the original picture is not copied. The method can ensure that the original picture is not identified and copied to a certain extent, particularly, the picture coordinate pixel encryption is carried out according to the time provided by the virtual seal or the system time as a parameter, the encryption method is complex, and the method is not applicable to common pictures.

Disclosure of Invention

The technical problem to be solved by the invention is to provide a safe and effective image data safe transmission method by utilizing the existing encryption technology.

The invention solves the technical problems through the following technical means:

a method for secure transmission of image data, comprising the steps of:

s01, modifying the original picture to generate a confrontation sample picture;

s02, comparing the original picture with the confrontation sample picture to generate difference data;

s03, respectively encrypting the countermeasure sample picture and the difference data, and independently transmitting the countermeasure sample picture and the difference data;

s04, after receiving the encrypted countermeasure sample picture and the encrypted difference data, decrypting the countermeasure sample picture and the encrypted difference data respectively;

and S05, restoring the decrypted confrontation sample picture according to the decrypted difference data.

The method and the device respectively encrypt and transmit the resisting sample picture data and the difference data, thereby improving the difficulty and the cost of a thief for correctly restoring the original picture.

Further, the step S02 is specifically: and carrying out XOR operation on the original picture and the confrontation sample picture to generate the difference data.

Further, the step S03 is specifically: the challenge sample picture and the difference data are encrypted using different encryption algorithms, respectively.

Corresponding to the method, the invention also provides a device for image data secure transmission, which comprises:

a confrontation sample generation module: modifying the original picture to generate a confrontation sample picture;

a difference data generation module: comparing the original picture with the confrontation sample picture to generate difference data;

an encryption module: respectively encrypting the countermeasure sample picture and the difference data, and independently transmitting the data;

a decryption module: after receiving the encrypted countermeasure sample picture and the encrypted difference data, decrypting the countermeasure sample picture and the encrypted difference data respectively;

the original picture restoration module: and restoring the decrypted confrontation sample picture according to the decrypted difference data.

Further, the difference data generating module specifically includes: and carrying out XOR operation on the original picture and the confrontation sample picture to generate the difference data.

Further, the encryption module specifically includes: the challenge sample picture and the difference data are encrypted using different encryption algorithms, respectively.

The present invention also provides a processing device comprising at least one processor, and at least one memory communicatively coupled to the processor, wherein: the memory stores program instructions executable by the processor, which when called by the processor are capable of performing the methods described above.

The present invention also provides a computer-readable storage medium storing computer instructions that cause the computer to perform the above-described method.

The invention has the advantages that:

the method and the device respectively encrypt and transmit the resisting sample picture data and the difference data, thereby improving the difficulty and the cost of a thief for correctly restoring the original picture.

Particularly, the countermeasure sample picture data and the difference data are encrypted by adopting different methods and transmitted by adopting different transmission channels, so that the difficulty of data restoration is further improved.

The method can be used for resisting the sample picture without restoring under the scene that a normal user uses the human eye for identification.

Drawings

FIG. 1 is a flow chart of a method for secure transmission of image data using countermeasure samples according to an embodiment of the invention;

fig. 2 is a block diagram of an apparatus for implementing secure transmission of image data using countermeasure samples according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to the step diagram of fig. 1, the method for securely transmitting image data disclosed in this embodiment includes the following steps:

step 1, a sender modifies an original picture by using a confrontation sample technology to generate a confrontation sample picture;

the countermeasure sample technology is a novel technology for attacking deep neural network models such as image recognition, and in the field of image recognition, the technology achieves the effect that an original image is only slightly modified, and when human eyes can still correctly recognize the image, the image recognition model can output a wrong recognition result.

By taking face recognition application as an example, the invention utilizes the characteristic of a countermeasure sample technology, the transmitted portrait data ensures correct recognition under a human eye observation scene, but under the scene of batch picture recognition by using a face recognition model, a wrong recognition result is output, thereby avoiding the possibility that a thief steals personal privacy data in a large batch.

Step 2, the sender compares the original picture with the confrontation sample picture to generate difference data;

in order to ensure that the receiver can accurately restore the confrontation sample picture to the original picture, the difference data between the original picture and the confrontation sample picture needs to be transmitted.

The picture data stores the pixel value of each pixel point of the picture. The picture data in WHC format is expressed as (W, H, C), wherein W is the width of the picture and represents that the picture transversely has W pixel points; h is the height of the picture, and represents that the picture has H pixel points longitudinally, namely the picture size is W multiplied by H; c is the number of channels of the picture, the number of channels of the gray picture is 1, the pixel value of each pixel point is generally represented by 8 bits, the value range is 0-255, the gray level is represented by the depth, the black is 0, and the white is 255; the number of color picture channels is 3, the pixel value of each pixel point is generally represented by 3 × 8 bits, which are the values of three channels of red, green and blue (RGB format, BGR format is blue, green and red), and the value range is also 0-255, which represents the shades of red, green and blue. Thus, pictures can be stored in binary form of W × H × C × 8 bit.

Taking the MNIST data set as an example, the data in WHC format is (28,28,1), each picture is composed of 28 × 28 pixel points, and the confrontation sample is k (0) of the confrontation sample<k is less than or equal to 28 multiplied by 28) pixel points. Taking a single Pixel Attack algorithm (One Pixel attach, which only modifies the value of One Pixel) as an example, suppose P is to be considered_i,jThe pixel value of the pixel point (coordinate (i, j), i is the row number of the pixel point, j is the column number of the pixel point) is changed from 58 to 34, namely, the corresponding P in the 28 multiplied by 1 multiplied by 8bit data_i,jThe 8bit data segment is modified, i.e., 00111010 is changed to 00100010. The difference data before and after modification is 00011000, i.e. the two data segments 00111010 and 00100010 are XOR-ed. Similarly, for the whole picture, the difference data can also be obtained by performing an exclusive or operation between the 28 × 28 × 1 × 8bit data before and after modification.

Step 3, the sender encrypts the confrontation sample picture and the difference data by using different encryption algorithms and independently transmits the confrontation sample picture and the difference data;

the image encryption technology is designed by utilizing the characteristics of digital images, and the encryption security and the use efficiency are improved. The image encryption algorithm referred to herein includes, but is not limited to, discrete chaotic encryption and other technologies, and technical details are not described herein.

On one hand, the countermeasure sample picture only modifies the pixel values of a plurality of pixel points (only 1 pixel point for a single-pixel attack algorithm) of the original picture, so that human eyes cannot identify the truth after the countermeasure sample picture is stolen, but a wrong identification result is output under a model batch identification scene, and a thief using an identification model can be successfully 'spoofed'.

On the other hand, the countermeasure sample picture and the difference data are respectively encrypted and transmitted, so that the difficulty and the cost of correctly restoring the original picture by a stealer are improved. The thief needs to master two sets of encryption algorithms and keys and successfully intercept all data, so that correct restoration can be realized.

Step 4, the receiver decrypts the data respectively according to two sets of encryption algorithms and keys appointed with the sender;

and the receiver decrypts the received confrontation sample picture and the difference data respectively by using respective decryption keys. The technical details are included in the image encryption technology in step 3, and are not described in detail.

Step 5, the receiver restores the decrypted confrontation sample picture by using the decrypted difference data;

and the receiver finds out all positions with the value of 1 in the image difference data, and performs bit operation of negation on the values of the corresponding positions of the resisting sample image data to restore the original image data.

Take the MNIST dataset and single-pixel attack algorithm of step 2 as an example. After decryption, the receiver obtains the countermeasure sample picture data of 28 × 28 × 1 × 8bit and the picture difference data of 28 × 28 × 1 × 8bit, corresponding to P in the countermeasure sample picture data_i,jThe 8bit data segment is 00100010, corresponding to P in the picture difference data_i,jThe 8bit data segment of (8) is 00011000. Picture differenceThe median of the data is 1 position, namely 4 th and 5 th, the value of 4 th and 5 th bits of the contrast sample picture data is negated to obtain 00111010, namely corresponding P in the original picture_i,j8bit data segment.

Corresponding to the above method, referring to fig. 2, the present embodiment further discloses an apparatus for securely transmitting image data, including:

a confrontation sample generation module: the sender modifies the original picture by using a confrontation sample technology to generate a confrontation sample picture;

the countermeasure sample technology is a novel technology for attacking deep neural network models such as image recognition, and in the field of image recognition, the technology achieves the effect that an original image is only slightly modified, and when human eyes can still correctly recognize the image, the image recognition model can output a wrong recognition result.

By taking face recognition application as an example, the invention utilizes the characteristic of a countermeasure sample technology, the transmitted portrait data ensures correct recognition under a human eye observation scene, but under the scene of batch picture recognition by using a face recognition model, a wrong recognition result is output, thereby avoiding the possibility that a thief steals personal privacy data in a large batch.

A difference data generation module: the sender compares the original picture with the confrontation sample picture to generate difference data;

in order to ensure that the receiver can accurately restore the confrontation sample picture to the original picture, the difference data between the original picture and the confrontation sample picture needs to be transmitted.

The picture data stores the pixel value of each pixel point of the picture. The picture data in WHC format is expressed as (W, H, C), wherein W is the width of the picture and represents that the picture transversely has W pixel points; h is the height of the picture, and represents that the picture has H pixel points longitudinally, namely the picture size is W multiplied by H; c is the number of channels of the picture, the number of channels of the gray picture is 1, the pixel value of each pixel point is generally represented by 8 bits, the value range is 0-255, the gray level is represented by the depth, the black is 0, and the white is 255; the number of color picture channels is 3, the pixel value of each pixel point is generally represented by 3 × 8 bits, which are the values of three channels of red, green and blue (RGB format, BGR format is blue, green and red), and the value range is also 0-255, which represents the shades of red, green and blue. Thus, pictures can be stored in binary form of W × H × C × 8 bit.

Taking the MNIST data set as an example, the data in WHC format is (28,28,1), each picture is composed of 28 × 28 pixel points, and the confrontation sample is k (0) of the confrontation sample<k is less than or equal to 28 multiplied by 28) pixel points. Taking a single Pixel Attack algorithm (One Pixel attach, which only modifies the value of One Pixel) as an example, suppose P is to be considered_i,jThe pixel value of the pixel point (coordinate (i, j), i is the row number of the pixel point, j is the column number of the pixel point) is changed from 58 to 34, namely, the corresponding P in the 28 multiplied by 1 multiplied by 8bit data_i,jThe 8bit data segment is modified, i.e., 00111010 is changed to 00100010. The difference data before and after modification is 00011000, i.e. the two data segments 00111010 and 00100010 are XOR-ed. Similarly, for the whole picture, the difference data can also be obtained by performing an exclusive or operation between the 28 × 28 × 1 × 8bit data before and after modification.

An encryption module: the sender encrypts the anti-sample picture and the difference data by using different encryption algorithms;

a transmission module: respectively and independently transmitting the encrypted countermeasure sample picture and the difference data;

the image encryption technology is designed by utilizing the characteristics of digital images, and the encryption security and the use efficiency are improved. The image encryption algorithm referred to herein includes, but is not limited to, discrete chaotic encryption and other technologies, and technical details are not described herein.

On one hand, the countermeasure sample picture only modifies the pixel values of a plurality of pixel points (only 1 pixel point for a single-pixel attack algorithm) of the original picture, so that human eyes cannot identify the truth after the countermeasure sample picture is stolen, but a wrong identification result is output under a model batch identification scene, and a thief using an identification model can be successfully 'spoofed'.

On the other hand, the countermeasure sample picture and the difference data are respectively encrypted and transmitted, so that the difficulty and the cost of correctly restoring the original picture by a stealer are improved. The thief needs to master two sets of encryption algorithms and keys and successfully intercept all data, so that correct restoration can be realized.

A decryption module: the receiver decrypts the data respectively according to two sets of encryption algorithms and keys appointed with the sender;

and the receiver decrypts the received confrontation sample picture and the difference data respectively by using respective decryption keys. The technical details are included in the image encryption technology in step 3, and are not described in detail.

The original picture restoration module: the receiver restores the decrypted confrontation sample picture by using the decrypted difference data;

and the receiver finds out all positions with the value of 1 in the image difference data, and performs bit operation of negation on the values of the corresponding positions of the resisting sample image data to restore the original image data.

Take the MNIST dataset and single-pixel attack algorithm of step 2 as an example. After decryption, the receiver obtains the countermeasure sample picture data of 28 × 28 × 1 × 8bit and the picture difference data of 28 × 28 × 1 × 8bit, corresponding to P in the countermeasure sample picture data_i,jThe 8bit data segment is 00100010, corresponding to P in the picture difference data_i,jThe 8bit data segment of (8) is 00011000. The median of the picture difference data is 1 position, namely 4 th and 5 th, the value of the 4 th and 5 th bits of the contrast sample picture data is negated to obtain 00111010, namely the corresponding P in the original picture_i,j8bit data segment.

The present embodiment also provides a processing device, including at least one processor, and at least one memory communicatively coupled to the processor, wherein: the memory stores program instructions executable by the processor, which when called by the processor are capable of performing the methods described above.

The present embodiments also provide a computer-readable storage medium storing computer instructions that cause the computer to perform the above-described method.

The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.