Xiaoqing Liu,Yinyin Peng,Jie Wang,Zhaoxia Yin

DOI: https://doi.org/10.48550/arXiv.1906.03175

2019-05-21

Abstract:Facebook is the online social networks (OSNs) platform with the largest number of users in the world today, information protection based on Facebook social network platform have important practical significance. Since the information users share on social networks is often based on images, this paper proposes a more secure image encryption algorithm based on Facebook social network platform to ensure the loss of information as much as possible. When the sender encrypts the image for uploading, it can first resist the third party's attack on the encrypted image and prevent the image data from leaking, simultaneously processed by some unknown processing such as compression and filtering of the image on the Facebook platform, the receiver can still decrypt the corresponding image data.

Multimedia

Wei-Qi Yan,Mohan S. Kankanhalli

DOI: https://doi.org/10.1007/978-3-319-29451-3_61

2015-01-01

Abstract:Visual information of images and videos usually is encrypted for the purposes of security applications. Straightforward manipulations on the encrypted data without requiring any decryption have the advantage of speed over performing those operations in spatial, temporal, frequency or compressed domain. In this paper, we will investigate encrypted image search. More specifically, given a face image as the target object, we search it amongst encrypted images. We accomplish the search by using a novel method that extracts features and locates the face object region within the given encrypted image. We evaluate the search results by using precision and recall as well as F-measure. Our experiments reveal that there exists a trade-off between the quality of search and the quality of encryption, namely, stronger encryption leads to poorer search results.

Jianli Bai,Xiaowu Zhang,Xiangfu Song,Hang Shao,Qifan Wang,Shujie Cui,Giovanni Russello

2023-07-22

Abstract:Face recognition is a widely-used technique for identification or verification, where a verifier checks whether a face image matches anyone stored in a database. However, in scenarios where the database is held by a third party, such as a cloud server, both parties are concerned about data privacy. To address this concern, we propose CryptoMask, a privacy-preserving face recognition system that employs homomorphic encryption (HE) and secure multi-party computation (MPC). We design a new encoding strategy that leverages HE properties to reduce communication costs and enable efficient similarity checks between face images, without expensive homomorphic rotation. Additionally, CryptoMask leaks less information than existing state-of-the-art approaches. CryptoMask only reveals whether there is an image matching the query or not, whereas existing approaches additionally leak sensitive intermediate distance information. We conduct extensive experiments that demonstrate CryptoMask's superior performance in terms of computation and communication. For a database with 100 million 512-dimensional face vectors, CryptoMask offers ${\thicksim}5 \times$ and ${\thicksim}144 \times$ speed-ups in terms of computation and communication, respectively.

Cryptography and Security

Li Yu,Xingxing Nan,Shufen Niu

DOI: https://doi.org/10.3390/electronics13112175

IF: 2.9

2024-06-03

Electronics

Abstract:In mobile social networks, users can easily communicate with others through smart devices. Therefore, the protection of user privacy in social networks is becoming a significant subject. To solve this problem, this paper proposes a fine-grained data access control scheme that uses attributes to match friends. In our scheme, the friend-making parties generate friend preference and self-description lists, respectively, realizing attribute hiding by converting friendship preference into ciphertext access control policies and self-description into attribute keys. The social platform matches user profiles to quickly eliminate unmatched users and avoids invalid decryption. In order to reduce the computational burden and communication cost of mobile devices, we adopt an algorithm mechanism for outsourcing decryption. When the user meets the matching conditions, the algorithm outsources the bilinear pair operation with large computation to the friend server. After that, the user finally decrypts the ciphertext. Security analysis shows that our scheme is safe and effective. In addition, performance evaluation shows that the proposed scheme is efficient and practical.

engineering, electrical & electronic,computer science, information systems,physics, applied

Wei Qi Yan,Xiaotian Wu,Feng Liu

DOI: https://doi.org/10.4018/ijdcf.2018040104

2019-01-01

Abstract:Despite research work achieving progress in preserving the privacy of user profiles and visual surveillance, correcting problems in social media have not taken a great step. The reason is the lack of effective modelling, computational algorithms, and resultant evaluations in quantitative research. In this article, the authors take social media into consideration and link users together under the umbrella of social networks so as to exploit a way that the potential problems related to media privacy could be solved. The author's contributions are to propose tensor product-based progressive scrambling approaches for privacy preservation of social media and apply our approaches to the given social media which may encapsulate privacy before being viewed so as to achieve the goal of privacy preservation in anonymity, diverse and closeness. These approaches fully preserve the media information of the scrambled image and make sure it is able to be restored. The results show the proposed privacy persevering approaches are effective and have outstanding performance in media privacy preservation.

Jiajie Zhang,Bingsheng Zhang,Jiancheng Lin

DOI: https://doi.org/10.1109/EuroSPW.2019.00030

2019-01-01

Abstract:This work investigates the image privacy problem in the context of social networking under the threat of reverse image search. We introduce a new concept called recessive social networking. Unlike conventional privacy-preserving social networking, in our setting, the aim is to deceive machine learning algorithms that used in reverse image search, while still enabling unaffected ubiquitous social networking among humans. We, for the first time, ultilize adversarial example technique as a defensive mechanism to protect image privacy against content-based image search algorithms in the context of social networking. Finally, rigorous evaluations are conducted to demonstrate the effectiveness, transferability, and robustness of the proposed countermeasure.

Yuxi Mi,Yuge Huang,Jiazhen Ji,Hongquan Liu,Xingkun Xu,Shouhong Ding,Shuigeng Zhou

DOI: https://doi.org/10.1145/3503161.3548303

2022-07-15

Abstract:With the wide application of face recognition systems, there is rising concern that original face images could be exposed to malicious intents and consequently cause personal privacy breaches. This paper presents DuetFace, a novel privacy-preserving face recognition method that employs collaborative inference in the frequency domain. Starting from a counterintuitive discovery that face recognition can achieve surprisingly good performance with only visually indistinguishable high-frequency channels, this method designs a credible split of frequency channels by their cruciality for visualization and operates the server-side model on non-crucial channels. However, the model degrades in its attention to facial features due to the missing visual information. To compensate, the method introduces a plug-in interactive block to allow attention transfer from the client-side by producing a feature mask. The mask is further refined by deriving and overlaying a facial region of interest (ROI). Extensive experiments on multiple datasets validate the effectiveness of the proposed method in protecting face images from undesired visual inspection, reconstruction, and identification while maintaining high task availability and performance. Results show that the proposed method achieves a comparable recognition accuracy and computation cost to the unprotected ArcFace and outperforms the state-of-the-art privacy-preserving methods. The source code is available at <a class="link-external link-https" href="https://github.com/Tencent/TFace/tree/master/recognition/tasks/duetface" rel="external noopener nofollow">this https URL</a>.

Computer Vision and Pattern Recognition,Artificial Intelligence,Cryptography and Security

Michael J. Wilber,Vitaly Shmatikov,Serge Belongie

DOI: https://doi.org/10.48550/arXiv.1602.04504

2020-03-27

Abstract:After decades of study, automatic face detection and recognition systems are now accurate and widespread. Naturally, this means users who wish to avoid automatic recognition are becoming less able to do so. Where do we stand in this cat-and-mouse race? We currently live in a society where everyone carries a camera in their pocket. Many people willfully upload most or all of the pictures they take to social networks which invest heavily in automatic face recognition systems. In this setting, is it still possible for privacy-conscientious users to avoid automatic face detection and recognition? If so, how? Must evasion techniques be obvious to be effective, or are there still simple measures that users can use to protect themselves? In this work, we find ways to evade face detection on Facebook, a representative example of a popular social network that uses automatic face detection to enhance their service. We challenge widely-held beliefs about evading face detection: do our old techniques such as blurring the face region or wearing "privacy glasses" still work? We show that in general, state-of-the-art detectors can often find faces even if the subject wears occluding clothing or even if the uploader damages the photo to prevent faces from being detected.

Computer Vision and Pattern Recognition

Benjie Miao,Shuaiqi Wang,Luoyi Fu,Xiaojun Lin

DOI: https://doi.org/10.1145/3397166.3409127

2020-01-01

Abstract:As the popularity of social networks increases, the privacy of personal information in social networks becomes an issue of great concern. Concealing personal identity in social network is one of the most common methods to protect personal information, but it is insufficient for privacy protection since adversaries may use correlated side information across multiple networks to uncover the identity of anonymous user. Such re-identification process using auxiliary correlated information is called Social Network Deanonymization. The problem is initially proposed by Narayanan and Shimatikov [16]. In the past decades, a large number of works [16][19][14][11][3][13][9][18][24][4][20] have emerged focusing on the de-anonymization problem with different aspect. In this work, our focus is on an important branch of de-anonymization problem: seedless de-anonymization. In seedless de-anonymization, the attacker needs to re-identify the user identity in a published network using an auxiliary network with full identity information. The published network is completely anonymous, where no pre-identified nodes (ie the so-called seeds) are given. The correlation between two networks only lies in the similarity in their topology, since these two networks are supposed to be from the same underlying relationship network. The attacker aims to uncover the identities in this published anonymous network by matching the users in the published network to those in the auxiliary network.Various algorithms for seedless de-anonymization have been proposed [16][19][14][13][9][18][24][4]. Unfortunately, such algorithms may occasionally fail to perfectly de-anonymize the …

Junjie Zhu,Lin Gu,Xiaoxiao Wu,Zheng Li,Tatsuya Harada,Yingying Zhu

DOI: https://doi.org/10.1609/aaai.v37i12.26712

2023-06-26

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:The soaring number of personal mobile devices and public cameras poses a threat to fundamental human rights and ethical principles. For example, the stolen of private information such as face image by malicious third parties will lead to catastrophic consequences. By manipulating appearance of face in the image, most of existing protection algorithms are effective but irreversible. Here, we propose a practical and systematic solution to invertiblely protect face information in the full-process pipeline from camera to final users. Specifically, We design a novel lightweight Flow-based Face Encryption Method (FFEM) on the local embedded system privately connected to the camera, minimizing the risk of eavesdropping during data transmission. FFEM uses a flow-based face encoder to encode each face to a Gaussian distribution and encrypts the encoded face feature by random rotating the Gaussian distribution with the rotation matrix is as the password. While encrypted latent-variable face images are sent to users through public but less reliable channels, password will be protected through more secure channels through technologies such as asymmetric encryption, blockchain, or other sophisticated security schemes. User could select to decode an image with fake faces from the encrypted image on the public channel. Only trusted users are able to recover the original face using the encrypted matrix transmitted in secure channel. More interestingly, by tuning Gaussian ball in latent space, we could control the fairness of the replaced face on attributes such as gender and race. Extensive experiments demonstrate that our solution could protect privacy and enhance fairness with minimal effect on high-level downstream task.

Shouling Ji,Shukun Yang,Anupam Das,Xin Hu,Raheem Beyah

DOI: https://doi.org/10.1109/infocom.2017.8057067

2017-01-01

Abstract:In this paper, we study the correlation between passwords across different datasets which quantitatively explains the success of existing training-based password cracking techniques. We also study the correlation between a user's password and his/her social profile. This enabled us to develop the first social profile-aware password strength meter, namely SocialShield. Our quantification techniques and SocialShield have meaningful implications to system administrators, users, and researchers, e.g., helping them quantitatively understand the threats posed by a password leakage incident, defending against emerging profile-based password attacks, and facilitating the research of countermeasures against existing and newly developed training-based password attacks. We validate our proposed quantification techniques and SocialShield through extensive experiments by leveraging real-world leaked passwords. Experimental results demonstrate that our quantification techniques are accurate in measuring correlation among different leaked datasets and that although SocialShield is light-weight, it is effective in defending against profile-based password attacks.

Chun Pong Lau,Jiang Liu,Rama Chellappa

DOI: https://doi.org/10.48550/arXiv.2305.13548

2023-05-23

Abstract:The increasingly pervasive facial recognition (FR) systems raise serious concerns about personal privacy, especially for billions of users who have publicly shared their photos on social media. Several attempts have been made to protect individuals from unauthorized FR systems utilizing adversarial attacks to generate encrypted face images to protect users from being identified by FR systems. However, existing methods suffer from poor visual quality or low attack success rates, which limit their usability in practice. In this paper, we propose Attribute Guided Encryption with Facial Texture Masking (AGE-FTM) that performs a dual manifold adversarial attack on FR systems to achieve both good visual quality and high black box attack success rates. In particular, AGE-FTM utilizes a high fidelity generative adversarial network (GAN) to generate natural on-manifold adversarial samples by modifying facial attributes, and performs the facial texture masking attack to generate imperceptible off-manifold adversarial samples. Extensive experiments on the CelebA-HQ dataset demonstrate that our proposed method produces more natural-looking encrypted images than state-of-the-art methods while achieving competitive attack performance. We further evaluate the effectiveness of AGE-FTM in the real world using a commercial FR API and validate its usefulness in practice through an user study.

Computer Vision and Pattern Recognition,Cryptography and Security

Yinghong Hu,Zichi Wang,Xinpeng Zhang

DOI: https://doi.org/10.1080/02564602.2020.1721340

2020-01-01

Abstract:This paper proposes a secure steganographic method in social networks based on the behavioral correlation between the sender and his friends. A sender transmits secret data to one of his friends in social network by marking "love" on the news published by his friends. To avoid behavioral abnormality, the sender lets the value of "love" marking probability on each news in proportion to the number of "love" marks made by his friends. As a result, the "love" marks carrying secret data are indistinguishable from other normal "love" marks. Although a receiver does not know the "love" marking probabilities, he can still extract the secret data by observing the "love" marks. The security performance of the proposed steganographic method is satisfactory when examined by a proposed behavioral steganalysis method which is able to defeat existing behavioral steganographic methods.

Jimmy Tekli,Bechara Al Bouna,Gilbert Tekli,Raphaël Couturier,Antoine Charbel

DOI: https://doi.org/10.1007/s00521-024-09703-0

2024-08-25

Neural Computing and Applications

Abstract:Obfuscation techniques (e.g., blurring) are employed to protect sensitive information (SI) in images such as individuals' faces. Recent works demonstrated that adversaries can perform deep learning-assisted (DL) attacks to re-identify obfuscated face images. Adversaries are modeled by their goals, knowledge (e.g., background knowledge), and capabilities (e.g., DL-assisted attacks). Nevertheless, enhancing the evaluation methodology of obfuscation techniques and improving the defense strategies against adversaries requires considering more "pessimistic" attacking scenario, i.e., stronger adversaries. According to a 2019 article published by the European Union Agency for Cybersecurity (ENISA), adversaries tend to perform more sophisticated and dangerous attacks when collaborating together. To address these concerns, our paper investigates a novel privacy challenge in the context of image obfuscation. Specifically, we examine whether adversaries, when collaborating together, can amplify their DL-assisted attacks and cause additional privacy breaches against a target dataset of obfuscated images. We empirically demonstrate that federated learning (FL) can be used as a collaborative attack/adversarial strategy to (i) leverage the attacking capabilities of an adversary, (ii) increase the privacy breaches, and (iii) remedy the lack of background knowledge and data shortage without the need to share/disclose the local training datasets in a centralized location. To the best of our knowledge, we are the first to consider collaborative and more specifically FL-based attacks in the context of face obfuscation.

computer science, artificial intelligence

Zhengxin You,Sheng Li,Zhenxing Qian,Xinpeng Zhang

DOI: https://doi.org/10.1109/icme51207.2021.9428115

2021-01-01

Abstract:In this paper, we propose a novel reversible face privacy-preserving scheme. Before uploading facial images onto the cloud, we first cover the facial region with mosaic and train an encoder to generate protected images with original facial information embedded. We train another classifier with protected images for facial expression recognition and a decoder for recovering original facial images. On the cloud service, protected images provide little identity information to malicious attackers. For low-privileged users, they can use the provided classifier to do computer vision tasks with protected images. For authorized users, after content recovery, the nor-mal usage of the facial images will not be affected. Experimental results show that the proposed method is effective in facial images recovery. In addition, the protected images can maintain similar accuracy on typical computer vision tasks compared to the original images.

Lin Yuan,Wu Chen,Xiao Pu,Yan Zhang,Hongbo Li,Yushu Zhang,Xinbo Gao,Touradj Ebrahimi

DOI: https://doi.org/10.1109/tifs.2024.3388976

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:The advancement of face recognition technology has delivered substantial societal advantages. However, it has also raised global privacy concerns due to the ubiquitous collection and potential misuse of individuals' facial data. This presents a notable paradox: while there is a societal demand for a robust face recognition ecosystem to ensure public security and convenience, an increasing number of individuals are hesitant to release their facial data. Numerous studies have endeavored to find such a utility-privacy trade-off, yet many struggle with the dilemma of prioritizing one at the expense of the other. In response to this challenge, this paper proposes PRO-Face C, a novel paradigm for privacy-preserving recognition of obfuscated faces via a dedicated feature compensation mechanism, aimed at optimizing the equilibrium between privacy preservation and utility maximization. The proposed approach is characterized by a specialized client-server architecture: the client transmits only obfuscated images to the server, which then performs identity recognition using a pre-trained model in conjunction with a suite of privacy-free complementary features. This framework facilitates accurate face identification while safeguarding the original facial appearance from explicit disclosure. Furthermore, the obfuscated image retains its visualization capability, crucial for image preview functionalities. To ensure the desired properties, we have developed an identity-guided feature compensation mechanism, complemented by several privacy-enhancing techniques. Extensive experiments conducted across multiple face datasets underscore the effectiveness of the proposed approach in diverse scenarios.

computer science, theory & methods,engineering, electrical & electronic

Bo Zhao,Yu Zhou

DOI: https://doi.org/10.48550/arXiv.1710.04353

2022-06-24

Abstract:In recent years, the attack which leverages register information (e.g. accounts and passwords) leaked from 3rd party applications to try other applications is popular and serious. We call this attack "database collision". Traditionally, people have to keep dozens of accounts and passwords for different applications to prevent this attack. In this paper, we propose a novel encryption scheme for hiding users' register information and preventing this attack. Specifically, we first hash the register information using existing safe hash function. Then the hash string is hidden, instead a coefficient vector is stored for verification. Coefficient vectors of the same register information are generated randomly for different applications. Hence, the original information is hardly cracked by dictionary based attack or database collision in practice. Using our encryption scheme, each user only needs to keep one password for dozens of applications.

Cryptography and Security

Federico Mazzone,Ahmad Al Badawi,Yuriy Polyakov,Maarten Everts,Florian Hahn,Andreas Peter

2024-09-26

Abstract:The notion that collaborative machine learning can ensure privacy by just withholding the raw data is widely acknowledged to be flawed. Over the past seven years, the literature has revealed several privacy attacks that enable adversaries to extract information about a model's training dataset by exploiting access to model parameters during or after training. In this work, we study privacy attacks in the gray-box setting, where the attacker has only limited access - in terms of view and actions - to the model. The findings of our investigation provide new insights for the development of privacy-preserving collaborative learning solutions. We deploy SmartCryptNN, a framework that tailors homomorphic encryption to protect the portions of the model posing higher privacy risks. Our solution offers a trade-off between privacy and efficiency, which varies based on the extent and selection of the model components we choose to protect. We explore it on dense neural networks, where through extensive evaluation of diverse datasets and architectures, we uncover instances where a favorable sweet spot in the trade-off can be achieved by safeguarding only a single layer of the network. In one of such instances, our approach trains ~4 times faster compared to fully encrypted solutions, while reducing membership leakage by 17.8 times compared to plaintext solutions.

Cryptography and Security

Suo Gao,Rui Wu,Xingyuan Wang,Jiafeng Liu,Qi Li,Xianglong Tang

DOI: https://doi.org/10.1016/j.ins.2022.11.121

IF: 8.1

2022-12-02

Information Sciences

Abstract:Face recognition is a relatively common method humans use to confirm their identity. Protecting the safe transmission of face images has become a hot issue. This paper proposes an encryption method for face images, EFR-CSTP. The EFR-CSTP is very efficient because it only encrypts the facial in the face image. Firstly, the secret keys are generated by Hash. They are the parameters and the initial values of the two-dimensional logistic tent modular map (2D-LTMM), the chaotic sequence required for encryption by 2D-LTMM. Secondly, facial information is recognized by the histogram of oriented gradients (HOG). Note that the entire algorithm only encrypts this facial image. Finally, the facial image is used as the input of the EFR-CSTP, and the ciphertext image is generated by scrambling, STP combined with the XOR diffusion method. We evaluated our algorithm in the IMDB-WIKI dataset. We also evaluate the EFR-CSTP and other algorithms on the same datasets. The evaluation results show that the EFR-CSTP has excellent performance and efficiency.

computer science, information systems

Pengtao Xie,Misha Bilenko,Tom Finley,Ran Gilad-Bachrach,Kristin Lauter,Michael Naehrig

DOI: https://doi.org/10.48550/arXiv.1412.6181

2014-12-24

Abstract:The problem we address is the following: how can a user employ a predictive model that is held by a third party, without compromising private information. For example, a hospital may wish to use a cloud service to predict the readmission risk of a patient. However, due to regulations, the patient's medical files cannot be revealed. The goal is to make an inference using the model, without jeopardizing the accuracy of the prediction or the privacy of the data. To achieve high accuracy, we use neural networks, which have been shown to outperform other learning models for many tasks. To achieve the privacy requirements, we use homomorphic encryption in the following protocol: the data owner encrypts the data and sends the ciphertexts to the third party to obtain a prediction from a trained model. The model operates on these ciphertexts and sends back the encrypted prediction. In this protocol, not only the data remains private, even the values predicted are available only to the data owner. Using homomorphic encryption and modifications to the activation functions and training algorithms of neural networks, we show that it is protocol is possible and may be feasible. This method paves the way to build a secure cloud-based neural network prediction services without invading users' privacy.

Machine Learning,Cryptography and Security,Neural and Evolutionary Computing