1 Introduction

With the advent of the era of big data, artificial intelligence is developing rapidly. At the same time, the in-depth research on artificial intelligence and deep learning has enabled related technologies to be applied to more fields, and applications in the financial services industry are becoming more and more popular[1,2,3]. On the other hand, with the integration of the rapidly developing multimedia devices and the financial industry, a large number of financial service images have sprung up. For users with constrained resources, especially for an extremely benefit-sensitive industry such as financial services, how to store these images related to financial services has become an urgent issue to be solved. Considering Storage as a Service (STaaS) presented by service provider companies like Amazon, Mosso, Sun, etc is one of the emerging services in cloud technology, it provides a massive and scalable storage capacity of the cloud[4, 5]. To take full advantage of the great convenience brought by the cloud environment, many studies have researched the storage of data in the cloud[6,7,8,9,10,11,12,13,14,15], which also include the outsourced storage of multimedia data. We mainly focus on financial services image storage outsourcing in this paper.

Outsourcing financial services images to the cloud will lose the ability to directly manage data for the local users. Popular social network providers commonly utilize image data to realize behavioral advertising, preference analytics, etc.[16]. Take Facebook and Flickr for example, for improved user experience in social discovery, they extract valuable features from user uploaded images without the knowledge of user and construct corresponding data mining models[17,18,19]. From this perspective, this caused information leakage and brought security risks. Notably, financial service images involve users’ personal property information, and the problems caused by the leakage of sensitive information in such images cannot be ignored. The research of privacy-preserving image storage outsourcing is not new, so “Why do we study this problem again?” This is due to the rapid update of deep learning techniques, especially in the field of image processing, such as panoptic segmentation, object detection, object recognition, face recognition, fingerprint recognition provides technical support for the relevant departments. The organizations apply deep learning methods or models to extract information from massive images to get available models, such as face recognition systems. The service provider exposes the images from users to the organization for commercial benefits. Then the organization uses these images to train face recognition models. For individuals, their identities and other information are equivalent to publicity. If there are evildoers, they are likely to threaten their property and identity security. The artificial intelligence (AI) era has brought the secure issue of the image to a whole new level. In order to deal with the problems caused by these deep learning tools, it is urgent for us to propose corresponding deep learning approaches to efficiently process massive financial service images and protect privacy.

To prevent the servers or others from obtaining sensitive information from the financial service images that the client upload to do other illegal things. Inspired by the approach for text data storage proposed in[20], we considered extending the idea to multi-media data field. However, there are some difficulties: (1) There are many redundant information in the financial service image, and it is unreasonable to directly apply the encryption method for text; (2) The existing more popular image encryption algorithms only consider the encryption of the entire image[20,21,22], which causes a more expensive waste of computing resources; (3) There are also some schemes[12, 23] that introduce deep recognition methods and only process sensitive information. In these schemes, irreversible methods(blur, mosaic, pixilation, etc.) are directly applied to protect the privacy security, direct application of such methods due to different purposes will cause difficulties in the subsequent acquisition and utilization of images. Therefore, we proposed a Web-based practical privacy-preserving distributed image storage for financial service system architecture in cloud computing. The architecture we proposed is designed to distribute financial service images with sensitive information to different cloud servers without causing big overhead and delay. Figure 1 illustrates this architecture of the system model we proposed.

The significance of the proposed architecture is that it can efficiently process a large number of financial service images and protect the privacy of clients. This approach is adaptable to different levels of security requirements for users. For the clients, it can solve the shortcomings of insufficient local storage capacity and protect privacy and security. For the servers, it can make full use of its resources to avoid resource waste. In this paper, our main contributions are as follows.

  • We propose a novel lightweight privacy-preserving system architecture, which can solve the problem of secure outsourcing of a large number of financial service images.

  • We put forward to apply deep networks EfficientDet for multi-class detection and classification of sensitive objects, completing the detection of sensitive objects and further realizing efficient financial service images classification.

  • We propose a simple and reversible image encryption method to protect financial service images with sensitive information. Combined with chaotic map, the original image pixel value is converted to a pseudo-random number in the frequency domain that does not reveal the original information.

  • Experimental results show that our proposed framework can more efficiently and more safely handle a large number of financial service image storage outsourcing comparing with these most popular image encryption algorithms.

This paper is organized as follows. In Section 2, we introduce the related works briefly. Then, we describe the proposed system architecture, security model, and design goals in Section 3. We present our scheme and experiment in Sections 4 and 5, respectively. Finally, we describe our conclusions and future research directions in Section 6.

2 Related work

2.1 Security issues in cloud storage

Although cloud storage brings convenience to users, the security issues that follow it also hinder its development. There are a lot of security issues at the moment: 1)In the process of data transmission, the transmitted data may be attacked by malicious users; 2) On the server-side, the server itself is data abuse or attacked by malicious users for the benefit. In recent years, secure data storage has attracted a lot of attention[24,25,26,27,28]. A new remote data auditing method is proposed by Sookhak et al.[29], which realizes the protection of data storage in cloud computing based on algebraic signatures with less computational overhead, and solves the problem of data integrity verification in insecure and unreliable cloud servers. Kartit et al. proposes an architecture that can achieve encryption/decryption [30]. In this architecture, only authorized users can decrypt data when data is obtained from the cloud, thereby realizing data security issues. A new P2DS architecture is proposed in [31], which is a method of active defense, using attribute-based encryption and data self-determining mode to protect the private information of financial customers. Qiu et al.[32] proposes a method of using attribute-based access control and data word determinism to actively protect the private information of financial customers. This method can actively prevent the user’s data from being affected by unexpected operations in the cloud, can deal with dynamic threats, and has a higher level of security sustainability. As an example to obtain secure real-time multimedia data sharing and transmission, a safe and effective data sharing and transmission model is proposed, which aims to protect cloud-based ITS implementation [33]. The shadow coding method is proposed to ensure the privacy in data transmission without affecting the recovery from multi-party data collection, to solve the distributed data sharing with privacy protection requirements [34]. For the storage of images, Zhang et al.[35] proposes a POP framework and a new non-interactive privacy protection protocol, which achieves the safe outsourcing of image storage and search. And the experiment proved that no additional communication and computing overhead was caused. Starting from the cloud, a picture encryption scheme that simultaneously realizes content-based picture retrieval is proposed[36]. Wang et al.[10] considers a cloud computing environment that requires secure watermark detection and privacy protection of multimedia data storage, and uses secure multi-party computing to propose an architecture based on compressed sensing. However, the main concern of the article is the security watermark detection to ensure that the uploaded pictures are copyright protected. Marwan et al.[11] proposes outsourcing storage for medical data and corresponding privacy protection methods for data protection to achieve safe medical image storage on the cloud. In [12], although an outsourced privacy protection image storage scheme is proposed, which encrypts image features through probabilistic encryption and deterministic encryption to achieve privacy protection, the main focus of this paper is on efficient privacy protection searchable technology. Vengadapurvaja et al.[13] proposes an approach which uses homomorphic encryption to protect the privacy of the medical images, and then outsources them to the cloud for storage. Although the above studies have studied the storage outsourcing of images to varying degrees, there are still very few related studies on massive images. Especially in the current era of artificial intelligence, from this perspective, this paper achieves the secure outsourcing of local image storage in the big data environment.

2.2 Distributed storage

The security of cloud computing has been extensively studied, and many cloud-based privacy protection methods have been proposed. Adopting several techniques to solve the security of data store in the multi-cloud architecture. The distributed storage based cloud can provide the huge number of services and maintain the data secure have been proved[37]. A technique to solve the security issues over data stored in the cloud is proposed called Secure-Split-Merge (SSM) Technique, this technique uses a unique mechanism of performing splitting of data using AES 128 bit encryption key and maintains these chunks of encrypted splits on different cloud server[38]. Olanrewaju et al. propose [39] a Reliable Framework for Data Administration (RFDA) using a split-merge policy using 128 AES encryption key to provide a secure authentication in the data sharing technique in the cloud is proposed. For secure distributed big data storage in cloud computing, Li et al.[40] proposes a framework and a simple data encryption approach. To protect the security of data in the cloud, a secure disintegration protocol (SDP) has been proposed in [41]. A novel framework is proposed by Zibouh et al.[42], which is based on various powerful security techniques such as secret sharing schema, Fully Homomorphic Encryption (FHE), and multi-cloud approach to achieve secure cloud computing. Subramanian et al.[43] used a new security model with an algorithm to reduce the threats caused by malicious insiders and malicious users and ensure the security of data sharing in the multi-cloud.

2.3 Object detection

In recent years, tremendous progress has been made in the field of object detection. State-of-the-art object detectors have emerged for more efficient detection. Existing object detectors are classified as two-stage [44,45,46]and one-stage [47,48,49,50] networks. The criteria depend on whether they have a region-of-interest proposal step or not. Compared with the flexibility and accuracy of the two-stage network, the one-stage network has attracted the attention of a large number of researchers due to its simpler and more efficient performance recently [51,52,53]. In particular, EfficientDet was proposed by [54], which consistently achieves better accuracy with much fewer parameters and FLOPs than previous object detectors. The experimental results confirm that the network can consistently achieve much better efficiency than prior art across a wide spectrum of resource constraints.

2.4 Chaotic map

Chaotic has excellent intrinsic properties of pseudo-randomness, ergodicity, and high sensitivity to initial conditions and parameters, since it is widely applied in image encryption[55]. To improve the complexity of the map and obtain better chaotic performance, researchers have proposed many chaotic maps from simple to complex. Existing chaotic maps are mostly categorized as one dimensional[55,56,57] and hyper-dimensional [20, 58,59,60] according to the dimension. Regardless, with the development of these studies, chaotic maps with better and better performance have been proposed recently [61, 62]. The pseudo-random numbers generated by these chaotic maps provide better basic conditions for the development of image encryption and other fields. In this paper, we mainly take 2D LSCM chaotic map[20] as an example.The 2D-LSCM is defined as:

$$\begin{aligned} \left\{ \begin{array} { c } x _ { i + 1 } = \sin \left( \pi \left( 4 \mu x _ { i } \left( 1 - x _ { i } \right) + ( 1 - \mu ) \sin \left( \pi y _ { i } \right) \right) \right) \\ y _ { i + 1 } = \sin \left( \pi \left( 4 \mu y _ { i } \left( 1 - y _ { i } \right) + ( 1 - \mu ) \sin \left( \pi x _ { i + 1 } \right) \right) \right) \end{array} \right. \end{aligned}$$
(1)

where \(\mu\) is the control parameter and it has an interval of \(\left[ 0,1\right]\). The 2D-LSCM has chaotic behavior when \(\mu \in \left( 0,\ 1\right)\), and has hyperchaotic behavior when \(\mu \in \left( 0,\ 0.34\right) \cup \left( 0.67,\ 1\right)\).

3 Problem formulation

3.1 System architecture

Fig. 1
figure 1

System Architecture of Our Proposed Scheme

Full size image

The system architecture we proposed in this paper is illustrated in Figure 1. Our system mainly involves two different parties: Client and Cloud Servers. Due to the inability to meet the required calculation requirements, the Client would like to outsource an expensive task to Cloud Servers, which possesses massive storage capacity and significant computational power. In our system, the Client classified a large number of pictures at local, and the results include images with sensitive information and normal images. Then for the sensitive images, apply the transformation algorithm we proposed to protect sensitive information from leaking and upload the two results to two different Cloud Servers. The details of the image classification and transformation algorithm are shown in Figure 1. For the normal images, upload directly them to Cloud Servers. The cloud server is mainly responsible for the storage task of a large number of images.

Client

The Client is an entity that possesses many images but low storage capacity. Thus, to make full use of the storage capacity of the cloud server, the Client uses deep learning target detection methods to classify these large numbers of images, and then find sensitive images and execute the transformation algorithm we propose on these images to protect the privacy of the images. At last, upload the obtained results to two cloud servers respectively. For the normal images, upload directly them to Cloud X to cloud storage.

Cloud X

Cloud X is a cloud server that possesses significant storage capacity to meet the storage requirements. This entity mainly stores the images obtained from the Client.

3.2 Security model

However, new challenges and threats to information assets residing in the cloud are introduced because the data stored remotely is out of users’ control. We consider part of the image with sensitive information owned by the Client to be private. The goal of the Client is to enable Cloud X to store a large number of images while protecting the privacy of these images with possibly sensitive information. In our security model, the Cloud X is called the honest-but-curious and independent model. In other words, the Cloud X is assumed to faithfully follow the steps of the protocol, but it still tries to infer from or analyzes the data flow to learn sensitive information. In our design, the Client uploads his/her images with possibly sensitive information in a split form to two independent cloud entities, which store the results respectively. For those normal images, the Client directly uploads them to Cloud X. The assumption that cloud servers are mutually independent is promised by the independent reputation and financial interests of the cloud service provider. Here, Cloud X would explicitly state non-collusion in their legally binding documents. [63] confirmed that it can be achieved in practice to ensure the independence of cloud entities.

3.3 Design goals

Our ultimate goal is to design a practical and lightweight privacy protection image storage system that can outsource local image storage services while protecting client privacy security and maintaining efficiency. The goal is formally defined as a tuple \(\left( ImgP, CompS, StorS, ClouE \right)\) of four different design goals for cloud or client, where:

ImgP

is a privacy protection algorithm that hides the original image plaintext information through encryption or privacy protection, and obtains ciphertext image information that is not related to the plaintext. As mentioned in previous section, the cloud entities should get no access to the possible privacy information of images. Images carry a lot of information, which may reveal sensitive information about the user (face, license plate, personal preferences, friends, family, etc.), and some do not provide personal information about the user, such as landscape, objects, animals, etc. For the necessity to protect the sensitive information \(I_{ sen }\) in the image from leaking, we consider two solutions: 1) Only protect the sensitive information part of the image; 2) Protect the entire image. The latter on the one hand causes a large amount of encryption time consumption, on the other hand, a large amount of additional space consumption in distributed storage. In addition, the part carrying sensitive information may only occupy a small part for an image. Encrypting the entire image directly will inevitably cause a waste of resources. In order to protect privacy while not incurring large computation or storage costs, we finally determine to apply the former. Equation (2) describes the privacy protection process, where \(p_{ij}\) is the pixel value of the plaintext domain, and \(C_{ij}\) represents the ciphertext pixel.

$$\begin{aligned} C_{ij} \leftarrow ImgP\left( P_{ij} \right) , {\forall } P_{ij} \in I_{sen} \end{aligned}$$
(2)

CompS

is a metric. The entire scheme can use the rich computing resources of the cloud to solve the problem of the lack of client resources compared with the traditional solution from the perspective of the client. The computing burden of the Client is mainly involved classifying sensitive images CompC and protecting the privacy of sensitive images CompE. It is undoubtedly an extremely time-consuming task that performing ordinary machine learning methods on a large number of images. Thus, we choose deep learning methods to classify images. It is a key step that the selection of encryption methods for privacy protection. In any case, the computing cost of the Client should be acceptable. This process is defined as:

$$\begin{aligned} Sum \left( CompC \right) + n * CompE_{new} < n * CompE_{original} \end{aligned}$$
(3)

where n is the number of images need to outsource and the Sum function represents the total cost of classifying all images.

StorS

is the local storage space. Obviously, we outsource a large amount of image storage tasks to the cloud, which greatly saves local storage space. It is defined by:

$$\begin{aligned} StorS_{o} \left( client \right) < StorS_{b}(client) \end{aligned}$$
(4)

ClouE

It should be efficient to obtain and use encrypted images which have been outsourced to the cloud. Our system should be simple about obtaining these images, which means that the privacy protection methods are reversible and efficient. The (5) represents the decryption process \(re-{ImgP}\) of the image encryption algorithm.

$$\begin{aligned} P_{ij} \leftarrow re-ImgP\left( C_{ij} \right) , {\forall } P_{ij} \in I_{sen} \end{aligned}$$
(5)

4 The design of our proposed system

The system we proposed mainly contains two components: 1) a sensitive information detection process(SIDP); 2) an image distributed Storage Process(IDSP). The purpose of the former is to determine whether the input image requires a higher level of security guarantee. The latter is designed to protect sensitive information from adversaries. A more detailed description of the design of these two components is as follows:

4.1 Sensitive information detection process

The SIDP determines whether the image needs to be distributed and stored on different cloud servers. The IDSP will be applied to images that carry sensitive information. The sensitive information in the image refers to the part of the information related to the personal identifier that is directly or indirectly leaked, such as: face, fingerprint, license plate, family, friends, etc. The disclosure of this information may bring reputation and property security issues to individuals. For images that carry such information, we call them sensitive images. Our system model only performs conversion operations. The following provides detailed explanations about the process of performing sensitive information detection.

Setup

The security level of the input image is an alternative, and the security level can be determined by the named label. The image owners or cloud service provider configures a label pool to achieve higher security requirements. Based on the labeled pool, the training images are labeled and used as the input of the deep neural network to train the neural network. This paper takes human faces and license plates as examples.

Sensitive Information Detection

Adopt the above trained neural network to detect input images, separate images carrying sensitive information, and mark the location of sensitive information.

Output

In our model, two types of images are output. The one type is a normal image, which is uploaded directly to the cloud server. The other is an image with sensitive information. The following Transformation operations need to be performed to prevent information leakage.

The purpose of performing the Sensitive information detection process(SIDP) in the proposed model is to reduce the cost of computing resources and computing burden by image classification task. In order to meet the needs of lightweight and ensure accuracy, we adopt the EfficientDet as the detection network here. Notably, our target detection network is based on EfficientDet and might not be optimal, but this method is more suitable than other methods in resource-saving. Without loss of generality, training of our model is conducted jointly on WIDER FACE[64]and CCPD2019[65]. The target detection network is trained to handle the detection of face and license plate simultaneously. Notely, the selection of the detection network and the setting of sensitive information are flexible and adjustable. For example, in some scenarios, such as medical, financial, or transportation industries, we can set the corresponding security level, select the corresponding data set, and jointly train the network model to improve the flexibility and wide applicability of the network for meeting the needs of different industries.

4.2 Image distributed storage process

In this section, there are mainly two algorithms to support our security model, including efficient image distributed storage algorithms and efficient image merging algorithms. Finally achieving the privacy protection of images through these algorithms.

1) Secure Efficient Image Distributions Storage algorithm

The Secure Efficient Image Distributions Storage(SEIDS) algorithm is designed to realize image processing before uploading to the cloud. The algorithm is the details of Transformation in Figure 1. The image carrying sensitive information and random parameters as the input. The input is two separated encrypted images. We achieve the transformation of image from the numerical domain to the phase domain before sending them to the cloud by this process. So as to prevent privacy leakage and realize image privacy protection.

Assuming that the image is represented as \(A\), the pixel value in \(A\) is a. The element in the random matrix generated by the 2D LSCM chaotic map is represented as b. In order to perform the transformation process, we first apply the chaotic map to generate a 2D random matrix, where b is in the interval of \(\left[ 0,255\right]\). If necessary, you can refer to [20] for more usage details of 2D LSCM chaotic map. Based on the tangent and arctangent functions, the numerical value can be converted into the phase domain through the (8). Notely, we need to ensure that the denominator a is not equal to zero in fractions. For this reason, during the transformation process, we initialize a buffer to store the pixels of the original image with the pixel value of 0. In addition, if b is 0, \(b\backslash a\) is 0 regardless of the value of a. To solve this problem, we fine-tune the range of values generated by the chaotic map and use (9) to complete the transformation process. As shown in the (7), the value of the generated random number is between 1 and 255.

$$\begin{aligned} b ^ { \prime } = \text {mod} \left( \left\lfloor b \times 10 ^ { 16 } \right\rfloor , 256 \right) \end{aligned}$$
(6)
$$\begin{aligned} b ^ { \prime } = \text {mod} \left( \left\lfloor b \times 10 ^ { 16 } \right\rfloor , 255 \right) + 1 \end{aligned}$$
(7)
$$\begin{aligned} c = \text {mod} \left( \arctan \left( \frac{b ^ { \prime }}{a}\right) , 256 \right) \end{aligned}$$
(8)
$$\begin{aligned} \left\{ \begin{array} { c } c = \text {mod} \left( \arctan \left( \frac{b ^ { \prime }}{a}\right) , 256 \right) , a \ne 0 \\ c = \text {mod} \left( \arctan \left( b ^ { \prime }\right) , 256 \right) , a = 0 \end{array} \right. \end{aligned}$$
(9)

Then, in order to hide the angle information obtained above, we select other parameters to generate a new chaotic matrix \(K\) by (1) and (7). For each \(k \in K\), add it to the value obtained from the (9). It can be described as following:

$$\begin{aligned} \left\{ \begin{array} { c } c = \text {mod} \left( \left( \arctan \left( \frac{b ^ { \prime }}{a}\right) + k \right) , 256 \right) , a \ne 0 \\ c = \text {mod} \left( \left( \arctan \left( b ^ { \prime }\right) + k\right) , 256 \right) , a = 0 \end{array} \right. \end{aligned}$$
(10)

Finally, outsource the segmented images \(C\) and \(K\) to different cloud, respectively.

figure a

The main steps of Algorithm 1 are explained as follows:

  • Input parameters, use 2D LSCM chaotic mapping to generate pseudo-random number matrices \(B\) and \(K\), with dimensions equal to the original picture \(A\)

  • Based on the pseudo-random matrix generated in the previous step, encryption image \(C\) generated by \(\left[ \arctan \left( B / A \right) + K \right] \text {mod} 256\)

  • Upload two separate results: \(B\) and \(C\) to two different cloud servers

The implementation of secure efficient image distributed storage algorithms can prevent information leakage and meet the needs of privacy protection. Untrusted cloud server providers use the acquired user information including appearance, preference, property, and identity, etc. to extract data characteristics, build models to improve user experience or intentionally or unintentionally exposed the obtained user information to some unauthorized users for getting a certain benefit. It is assumed that the cloud server or a malicious user has access to the data on the server and possesses the key. For the cloud, the conditions for obtaining image information from the data are not enough, because the data obtained by the cloud server is partial. Another part of the data is stored elsewhere and cannot be accessed by a cloud server. Partial data do not contain any information since the original image will not be obtained until two parts are operated together. Some malicious users who want to abuse these images for illegal use, also face the same problems as the above model. Since the malicious user only accessed part of the information from the server, he would not obtain any sensitive information about the original image. Last but not least, the security of the pseudo-random matrix depends on the chaotic map used, and its security has been confirmed in[20]. In addition, the key of the encryption algorithm is composed of two chaotic map parameters, which enhances the anti-attack of the algorithm in some extent. Therefore, our proposed algorithm can effectively resist attacks from malicious users or cloud servers in theory. Algorithm 1 shows the pseudo-code of the SEIDS algorithm.

2) Efficient Image Merging algorithm

The Efficient Image Merging algorithm(EIM) algorithm is designed to obtain original image information by the inverse transformation of two image components from two distributed cloud servers. The corresponding stage shown in Figure 1 is the anti-transformation. The input of the algorithm includes data components and parameters from two cloud servers. The output is the original images of the user. Algorithm 2 shows the pseudo-code of EIM.

figure b

The main stages of Algorithm 2 are given as follows:

  • Input parameters, use 2D chaotic mapping to generate pseudo-random number matrices B and K, with dimensions equal to the original picture A

  • Based on the pseudo-random matrix generated in the previous step, get the encryption image C and D from two clouds and then compute the original A by \(D / \left( \tan \left( C -K \right) \text {mod} 256.\right)\)

  • Output the original image A

Using this method, the original image carrying sensitive information can be completely divided into two parts, and any private information about the original image will not be obtained from the cloud server of either party. From the perspective of an attacker or malicious user, it is almost impossible to obtain all the image parts and key information. Even if the adversary has access to the data, he will not obtain sensitive information. Besides, this scheme can effectively protect the user’s sensitive information carried by images since the key value is randomly generated and any separated data does not carry any content information.

5 Experiment

To illustrate the problem of privacy protection image storage, this article implements our experiment with two privacy settings categories of the human face and license plate as examples. Considering the excellent performance of the network model in terms of efficiency and size, we finally selected the EfficientDet D0 as the detection network. In the training phase, we directly finetune and make full use of a trained efficientdet d0 model based on the idea of using transfer learning. Our training is conducted jointly WIDER FACE and CCPD. Specifically, we arbitrarily select more than 6000 images from WIDER and select 10000 from the open data set to form a new dataset. Based on the newly formed dataset, we perform the training process. Thinking of the used dataset, we adjusted the input image size with 1024*1024 and some hyperparameters including the learning rate and others remain unchanged. Finally, we choose from the remaining dataset, more than 2000 images from WIDER FACE and more than 3000 images from CCPD, following the ratio of 1:3. We evaluate our model on this dataset with 5000s training images, achieving 73.8 AP for the detection of license plate and 29.5 AP for the detection of face. For the stage of training the model, considering the resources and efficiency, we can choose to complete it on the cloud server, which has nothing to do with our subsequent experimental evaluation. For the images that need to be outsourced, we first use the above-obtained model locally to identify sensitive information and then use the encryption method we propose to protect the sensitive information. Figures 2 and 3 illustrates the result of detection and encryption, respectively.

Fig. 2
figure 2

Our experimental results on the social images by the proposed system architecture: (a)the orignal images; (b) the detection results of SIDP; (c) the encrypted images of the transformation process; (d) the decrypted images

Full size image
Fig. 3
figure 3

Our experimental results on the social images with sensitive or normal information by the proposed system architecture: (a)the orignal images; (b) the detection results of SIDP; (c) the encrypted images of the transformation process; (d) the decrypted images

Full size image

To protect the security of image data and prevent the impact of information leakage on users, we evaluate the privacy protection methods we proposed in this section. The experiment focuses on the efficiency of the encryption method (in the perspective of the execution time) and makes a comparison with the current popular image encryption methods.

Our experiment designed from two aspects: 1) evaluating whether different image encryption algorithm was impacted on the execution time; 2) the encryption time spent on different numbers of images between different image encryption, which was considered an important aspect in the current multimedia age. To make the experiment more convincing, we have carried out experiments using the same environments. We implement our experiment on python3.7, on Intel(R) Core(TM) i5-8265U CPU at 1.60GHz with 8GB of RAM running Window10.

5.1 Execution time comparison

For keeping fair, we tested 20 social images for different sizes of images(\(256*256\), \(512*512\), and \(1024*1024\)), and averaged them as the execution time. Table 1 conducts experiments on the encryption time required for images of different sizes, and compares them with three popular image encryption algorithms. To ensure that the results are reasonable and convincing, we reproduced the other three algorithms using the same python language as our algorithm. It can be seen from the results that no matter which algorithm, the time required increases as the image size increases. Our proposed scheme takes almost the same time as Fast_en[21] and is lower than the encryption schemes proposed by LSCM_en[20] and CTBCS_en[22].

Table 1 Encryption time (second) of different image encryption algorithms for images with different sizes
Full size table
Fig. 4
figure 4

The comparison of the time required for different size of images with different algorithm

Full size image

Figure 4 shows the comparison result of the size of encrypted data. We only considered the time spent by the encryption algorithm itself, that is to say, at this stage, to compare the efficiency of the encryption algorithm, we discarded the sensitive object recognition stage and encrypt the entire image. It can be seen that our approach is the most time-saving. Under the condition of different sizes of images, the time taken by other algorithm is about 2 to 5 times that of our proposed. The results also show our encryption algorithm in this scheme is more efficient with the comparison of other image encryption algorithms.

5.2 Performance comparison

In evaluating the execution time on different numbers of images with different image encryption, the experimental deployment settings with the different number of images from social network are as follows: 1,10,20,30,40,50,60,70,80,90,100.

Table 2 Performance (second) comparison of different numbers of images under different encryption schemes
Full size table

The Table 2 describes the results of different numbers of images under different encryption schemes compared with our proposed lightweight privacy-preserving scheme. The test images are from the WIDER FACE dataset. In order to ensure the rationality and convincing of the experiment, we do 20 experiments for each group of experimental results, and then calculate the average value as the final result. We test against 10 images, and then calculate the time spent encrypting a single image to obtain the first row in the table. For our scheme, it is mainly composed of two parts: the time spent classifying sensitive part of images CompC and the time spent protecting the privacy of sensitive part of images CompE. The time required to identify sensitive information depends on the deep model we use, and the length of encryption depends on the size of the sensitive area and the number of images. For the other three schemes, the time spent depends on the image size and number of images. From the results in the Table 2, it can be seen that the time required for the two parts of our scheme is mainly CompC. Considering that only the sensitive part needs to be encrypted, so the encryption time is much lower than the other three schemes. Our scheme is lower than the other three schemes related to the total time spent. And as the number of images increases, this gap is getting bigger and bigger. Therefore, our scheme exhibits more superior performance as the number of images increases.

Fig. 5
figure 5

The comparison of the time required for different numbers of images with different algorithm

Full size image

Figure 5 shows the comparison of execution time under the different number of images. It can be seen that our scheme costs less time than Fast_en[21],CTBCS_en[22]and LSCM_en[20]. As the number of images increases, the execution time of any schemes is increasing. However, as can be seen from Figure 5, the growth rate of our program is more gradual. This feature makes our proposed scheme perform better in transmitting a large number of images.

The privacy protection image model we proposed has better efficiency. Due to the encryption algorithm we proposed transforms the sensitive information from the numerical domain to the phase domain, intuitively, it completely changes the original information; In addition, because of our proposed cloud-based distributed storage architecture, for a single cloud server, only part of the information of the picture is stored. Therefore, neither the adversary nor the malicious server can obtain the sensitive information in the picture. From the above comparative experiments, we can see that the privacy protection algorithm proposed in the article is more efficient, especially under a large number of images, the proposed scheme can show higher efficiency. All in all, our proposed architecture shows better performance in terms of efficiency and privacy protection.

6 Conclusion

In this paper, we propose a Web-based privacy-preserving financial service image storage architecture in cloud computing, which realizes the outsourcing of financial service multimedia image storage tasks, prevents the sensitive information leakage of users and protects the privacy of users. In the storage of multimedia data related to financial service, the architecture has strong flexibility and universal applicability. In other words, we can select the corresponding neural network model and sensitive information settings according to the needs. Based on the comparison of the current popular image encryption algorithms, the privacy protection scheme we proposed shows better efficiency in outsourcing the privacy protection of a large number of financial service images. However, there are still some shortcomings. For example, in the outsourcing of financial service image storage, distributed storage, although protecting privacy and security, produces additional information, which causes a certain amount of storage space loss for the cloud. This is also an aspect that we will focus on in the future.