liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
IdDecoder: A Face Embedding Inversion Tool and its Privacy and Security Implications on Facial Recognition Systems
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0003-2391-5951
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0003-1367-1594
2023 (English)In: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy, ACM Digital Library, 2023, p. 15-26Conference paper, Published paper (Refereed)
Abstract [en]

Most state-of-the-art facial recognition systems (FRS:s) use face embeddings. In this paper, we present the IdDecoder framework, capable of effectively synthesizing realistic-neutralized face images from face embeddings, and two effective attacks on state-of-the-art facial recognition models using embeddings. The first attack is a black-box version of a model inversion attack that allows the attacker to reconstruct a realistic face image that is both visually and numerically (as determined by the FRS:s) recognized as the same identity as the original face used to create a given face embedding. This attack raises significant privacy concerns regarding the membership of the gallery dataset of these systems and highlights the importance of both the people designing and deploying FRS:s paying greater attention to the protection of the face embeddings than currently done. The second attack is a novel attack that performs the model inversion, so to instead create the face of an alternative identity that is visually different from the original identity but has close identity distance (ensuring that it is recognized as being of the same identity). This attack increases the attacked system's false acceptance rate and raises significant security concerns. Finally, we use IdDecoder to visualize, evaluate, and provide insights into differences between three state-of-the-art facial embedding models.

Place, publisher, year, edition, pages
ACM Digital Library, 2023. p. 15-26
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:liu:diva-199091DOI: 10.1145/3577923.3583645Scopus ID: 2-s2.0-85158107585ISBN: 9798400700675 (electronic)OAI: oai:DiVA.org:liu-199091DiVA, id: diva2:1811235
Conference
CODASPY '23: Thirteenth ACM Conference on Data and Application Security and Privacy, Charlotte, NC, USA, April 24 - 26, 2023
Available from: 2023-11-11 Created: 2023-11-11 Last updated: 2024-05-06Bibliographically approved
In thesis
1. Beyond Recognition: Privacy Protections in a Surveilled World
Open this publication in new window or tab >>Beyond Recognition: Privacy Protections in a Surveilled World
2024 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This thesis addresses the need to balance the use of facial recognition systems with the need to protect personal privacy in machine learning and biometric identification. As advances in deep learning accelerate their evolution, facial recognition systems enhance security capabilities, but also risk invading personal privacy. Our research identifies and addresses critical vulnerabilities inherent in facial recognition systems, and proposes innovative privacy-enhancing technologies that anonymize facial data while maintaining its utility for legitimate applications.

Our investigation centers on the development of methodologies and frameworks that achieve k-anonymity in facial datasets; leverage identity disentanglement to facilitate anonymization; exploit the vulnerabilities of facial recognition systems to underscore their limitations; and implement practical defenses against unauthorized recognition systems. We introduce novel contributions such as AnonFACES, StyleID, IdDecoder, StyleAdv, and DiffPrivate, each designed to protect facial privacy through advanced adversarial machine learning techniques and generative models. These solutions not only demonstrate the feasibility of protecting facial privacy in an increasingly surveilled world, but also highlight the ongoing need for robust countermeasures against the ever-evolving capabilities of facial recognition technology.

Continuous innovation in privacy-enhancing technologies is required to safeguard individuals from the pervasive reach of digital surveillance and protect their fundamental right to privacy. By providing open-source, publicly available tools, and frameworks, this thesis contributes to the collective effort to ensure that advancements in facial recognition serve the public good without compromising individual rights. Our multi-disciplinary approach bridges the gap between biometric systems, adversarial machine learning, and generative modeling to pave the way for future research in the domain and support AI innovation where technological advancement and privacy are balanced.  

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2024. p. 81
Series
Linköping Studies in Science and Technology. Dissertations, ISSN 0345-7524 ; 2392
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-203225 (URN)10.3384/9789180756761 (DOI)9789180756754 (ISBN)9789180756761 (ISBN)
Public defence
2024-06-12, Ada Lovelace, B-building, Campus Valla, Linköping, 09:15 (English)
Opponent
Supervisors
Note

Funding: This work was supported by the Swedsih Research Council (VR) and the Wallenberg AI, Autonomous Systems and Software Program (WASP) funded by the Knut and Alice Foundation.

Available from: 2024-05-06 Created: 2024-05-06 Last updated: 2024-05-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Le, Minh HaCarlsson, Niklas

Search in DiVA

By author/editor
Le, Minh HaCarlsson, Niklas
By organisation
Database and information techniquesFaculty of Science & Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 78 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf