1 / 31

Blind Vision Shai Avidan, Moshe Butman

Blind Vision Shai Avidan, Moshe Butman. Yuval Schwartz. Ethic Problems. Proliferation of surveillance cameras leads to privacy concerns Protection by all-the-way video encryption Problems: What happens if a virus attacks the server? What if the service provider is not trusted?

orsen
Télécharger la présentation

Blind Vision Shai Avidan, Moshe Butman

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Blind VisionShai Avidan, Moshe Butman Yuval Schwartz

  2. Ethic Problems • Proliferation of surveillance cameras leads to privacy concerns • Protection by all-the-way video encryption • Problems: • What happens if a virus attacks the server? • What if the service provider is not trusted? • Common Examples: • Web face detection • Government agency compares private images to suspects • CPU shortage • Blind OCR

  3. Introduction • Face Detection: • Alice: a set of images  privacy is a must • Bob: a face detection algorithm  a secret algorithm • Demands: • Alice: will learn nothing about Bob’s detector • Bob: will learn nothing about Alice’s images nor the detector’s result • Apply secure multi-party techniques to vision algorithms to enforce the demands • Computationally intensive • Domain specific constaints  new schemes  secure enough (?)

  4. Agenda • Secure multi-party computation • Secure two-party problem and algorithm • Oblivious Transfer • Specific: • Millionaire problem • Secure dot-product • Secure Classifier • Complexity and Efficiency • New Scheme to Accelerate: • Image Hashing using HoG • Experiments • Results

  5. Secure two-party problem1 • Problem description: • F – polytime function • X – Alice’s input • Y – Bob’s input • F(X,Y) – output • Demands: • Alice won’t know Y • Bob won’t know X • Alice and/or Bob will know F(X,Y) 1. A.C. Yao, How to generate and exchange secrets, 27th FOCS, pp. 162-167, 1986

  6. Yao’s Protocol • General Idea: • Imagine F as a boolean circuit C (has boolean gates) • A method to run the circuit: • without revealing the input wires values • The output must be exposed

  7. Boolean Gate 1 3 2 Wire Boolean Gate • Demands: Can’t reveal input bits and if it’s a middle gate then also the output bit • Problem: Seams impossible to calculate the gate with values unknown

  8. Boolean Gate 1 3 2 Input Wire W1 Input Wire W1 Input Wire W2 Input Wire W2 Output Wire W3 Output Wire W3 Input Wire W1 Input Wire W2 Output Wire W3 Garbled Wire W3 Boolean Gate Computation Table: Example: OR Gate

  9. K K K K K K K K K K K K K E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) E(E(K) G2 G6 G4 G5 G3 G1 GB G7 GA G9 GD GC G8 K K K K K K K K K K K K K Garbled Circuit Output Decryption Table

  10. Yao’s Protocol • Problem: • Alice doesn’t have the input map • Bob can’t give the whole input map • Solution: • Oblivious Transfer Alice Bob

  11. Oblivious Transfer2,3 2. M.O. Rabin, How to exchange secrets by oblivious transfer, Tech. Memo TR-81, Aiken Computation Laboratory, 1984 3. S. Even, O. Goldreich and A. Lempel, A Randomized Protocol for Signing Contracts, Communications of the ACM 28, pp. 637-647, 1985

  12. K K K’ S0 S0 K1 K0 K0 S1 Oblivious Transfer

  13. Secure Dot-Product • Input: • Alice: • Bob: • Output: • Demands: Bob won’t know x and Alice won’t know y • Idea: • Break the result of the dot product to a+b,where a is known only to Alice and b is known only to Bob.

  14. OT OT OT Secure Dot-Product Bob Alice

  15. Secure Dot-Product • Security: • From Alice to Bob: the use of OT hides xi • From Bob to Alice: b as a random vector hides y • Complexity:L – the dimensionality of x and y

  16. > < = Secure Millionaire • Idea: represent the two numbers in binary format and scan it from the MSB to the LSB with a map made by Bob and Alice traversing the map

  17. Input: Alice has a number x = 855 = 1101010111 Bob has a number y = 810 = 1100101010 Secure Millionaire Output: Alice and Bob find out if x > y 1. Bob defines three states: 2. For MSB, Bob constructs a 2-entry lookup table z(n) Alice uses with xn as her index to obtain s(n)=z(n)(xn)

  18. yi=0 yi=1 A A B B U B A A B B A U Secure Millionaire x = 855 = 1101010111 y = 810 = 1100101010 3. For each i=n-1,…,1: (a) Bob constructs a 6-entry lookup table z(i) that is indexed by s(i+1) and xi: (b) Alice uses with s(i+1) and xi as her indices to obtain s(i)=Z(i)(s(i+1),xi) 4. Bob sends Alice the meaning of the three states of s(1) Alice knows which number is larger (and can send the result to Bob)

  19. Secure Millionaire • Security: • From Alice to Bob: Alice uses OT so Bob can’t learn nothing about x • From Bob to Alice: the values of the state s are represented using random numbers for each bit • Complexity: n – number of bits in x and y

  20. > < = Secure Dot-Product Secure Millionaire Secure Classifier Input: Alice has input test pattern Bob has a strong classifier of the form Output: Alice has the result H(x) and nothing else Bob learns nothing about the test pattern x

  21. Secure Classifier • Security: • Secure dot-product • s as a random vector for obfuscating the real parameters • Alice can learn the number of week classifiers • Complexity: O(NLK)N – number of weak classifiersL – dimensionality of the test vector xK – number of bits in the dot-product xTyn • Problem: a few seconds to a few minutes to classify a detection window

  22. Accelerating Blind Vision • Reduce number of operations taken for OT • Bob reveals stripped-down classifier to Alice • One-way hash functions: • Hides Alice’s Image • Still let Bob correctly classify the patterns • Classifier won’t work on hashed space

  23. HoG • Usefull in a variety of object recognition and detection applications • Parameters for hash function: • Destroys the spatial order of the pixels • Destroys the absolute values of the pixels • Coarsely binned

  24. HoG

  25. HoG • 18 bins • Build an image for every bin (18 response images) where a pixel’s intensity represents the bin value • Scrambling the order of pixelsdestroys spatial relationship between the HoGs

  26. Experiments • Secure Viola-Jones type face detector: • Small number of critical visual features from a larger set • Cascade rejectors • Adjustments were made • Alice and Bob are allowed to a decide after every level of the cascade

  27. Results • A single 24x24 detection window can be classified in several minutes using all cascade levels • Usually the first two levels are enough to reject a pattern • Accelerating: using scrambled HoGs and neural network to analyse – several seconds to process a single 240x320 image (rejects 90%)

  28. Results

  29. Flaws • No mathematical security proofs

  30. More Reading… • S. Avidan, M. Butman, Efficient Methods for Privacy Preserving Face Detection, Advances in Neural Information Systems (NIPS 18), 2006 • A.C. Yao, How to generate and exchange secrets, 27th FOCS, pp. 162-167, 1986

  31. Questions

More Related