Download presentation
Presentation is loading. Please wait.
Published byHelen Newton Modified over 9 years ago
1
Blind Vision Shai Avidan, Moshe Butman Yuval Schwartz
2
Ethic Problems Proliferation of surveillance cameras leads to privacy concerns Protection by all-the-way video encryption Problems: –What happens if a virus attacks the server? –What if the service provider is not trusted? Common Examples: –Web face detection –Government agency compares private images to suspects –CPU shortage –Blind OCR
3
Introduction Face Detection: –Alice: a set of images privacy is a must –Bob: a face detection algorithm a secret algorithm Demands: –Alice: will learn nothing about Bob ’ s detector –Bob: will learn nothing about Alice ’ s images nor the detector ’ s result Apply secure multi-party techniques to vision algorithms to enforce the demands –Computationally intensive –Domain specific constaints new schemes secure enough (?)
4
Agenda Secure multi-party computation –Secure two-party problem and algorithm –Oblivious Transfer –Specific: Millionaire problem Secure dot-product Secure Classifier –Complexity and Efficiency New Scheme to Accelerate: –Image Hashing using HoG Experiments Results
5
Secure two-party problem 1 Problem description: –F – polytime function –X – Alice ’ s input –Y – Bob ’ s input –F(X,Y) – output –Demands: Alice won ’ t know Y Bob won ’ t know X Alice and/or Bob will know F(X,Y) 1. A.C. Yao, How to generate and exchange secrets, 27th FOCS, pp. 162-167, 1986
6
Yao ’ s Protocol General Idea: –Imagine F as a boolean circuit C (has boolean gates) –A method to run the circuit: without revealing the input wires values The output must be exposed
7
Boolean Gate 1 2 3 Demands: Can ’ t reveal input bits and if it ’ s a middle gate then also the output bit Wire Problem: Seams impossible to calculate the gate with values unknown
8
Boolean Gate 1 2 3 Computation Table: Output Wire W 3 Input Wire W 2 Input Wire W 1 Example: OR Gate Output Wire W 3 Input Wire W 2 Input Wire W 1 Output Wire W 3 Input Wire W 2 Input Wire W 1 Garbled Wire W 3
9
Garbled Circuit G1 E(E(K) K K G2 E(E(K) K K G3 E(E(K) K K G4 E(E(K) K K G5 E(E(K) K K G6 E(E(K) K K G7 E(E(K) K K G8 E(E(K) K K G9 E(E(K) K K GB E(E(K) K K GC E(E(K) K K GD E(E(K) K K GA E(E(K) K K Output Decryption Table
10
Yao ’ s Protocol Problem: Alice doesn ’ t have the input map Bob can ’ t give the whole input map Solution: Oblivious Transfer
11
Oblivious Transfer 2,3 2. M.O. Rabin, How to exchange secrets by oblivious transfer, Tech. Memo TR-81, Aiken Computation Laboratory, 1984 3. S. Even, O. Goldreich and A. Lempel, A Randomized Protocol for Signing Contracts, Communications of the ACM 28, pp. 637-647, 1985
12
Oblivious Transfer S0S0 S1S1 K1K1 K0K0 K K0K0 K K’K’ S0S0
13
Secure Dot-Product Input: –Alice: –Bob: Output: –Demands: Bob won ’ t know x and Alice won ’ t know y Idea: –Break the result of the dot product to a+b, where a is known only to Alice and b is known only to Bob.
14
Secure Dot-Product OT
15
Secure Dot-Product Security: –From Alice to Bob: the use of OT hides x i –From Bob to Alice: b as a random vector hides y Complexity: L – the dimensionality of x and y
16
Secure Millionaire Idea: represent the two numbers in binary format and scan it from the MSB to the LSB with a map made by Bob and Alice traversing the map > < =
17
Secure Millionaire Input: Alice has a number x = 855 = 1101010111 Bob has a number y = 810 = 1100101010 Output: Alice and Bob find out if x > y 1. Bob defines three states: Alice has a larger numberA Bob has a larger numberB UndecidedU 2. For MSB, Bob constructs a 2-entry lookup table z (n) y n =1y n =0 BUx n =0 UAx n =1 Alice uses with x n as her index to obtain s (n)= z (n) (x n )
18
Secure Millionaire 3. For each i=n-1, …,1: (a) Bob constructs a 6-entry lookup table z (i) that is indexed by s (i+1) and x i : UA BB AA BU BB AA y i =1y i =0 (b) Alice uses with s (i+1) and x i as her indices to obtain s (i) =Z (i) (s (i+1),x i ) 4. Bob sends Alice the meaning of the three states of s (1) Alice knows which number is larger (and can send the result to Bob) x = 855 = 1101010111 y = 810 = 1100101010
19
Secure Millionaire Security: –From Alice to Bob: Alice uses OT so Bob can ’ t learn nothing about x –From Bob to Alice: the values of the state s are represented using random numbers for each bit Complexity: n – number of bits in x and y
20
Secure Classifier Input: Alice has input test pattern Bob has a strong classifier of the form Output: Alice has the result H(x) and nothing else Bob learns nothing about the test pattern x Secure Dot-Product Secure Millionaire > < =
21
Secure Classifier Security: –Secure dot-product –s as a random vector for obfuscating the real parameters –Alice can learn the number of week classifiers Complexity: O(NLK) N – number of weak classifiers L – dimensionality of the test vector x K – number of bits in the dot-product x T y n Problem: a few seconds to a few minutes to classify a detection window
22
Accelerating Blind Vision Reduce number of operations taken for OT Bob reveals stripped-down classifier to Alice One-way hash functions: –Hides Alice ’ s Image –Still let Bob correctly classify the patterns –Classifier won ’ t work on hashed space
23
HoG Usefull in a variety of object recognition and detection applications Parameters for hash function: –Destroys the spatial order of the pixels –Destroys the absolute values of the pixels –Coarsely binned
24
HoG
25
18 bins Build an image for every bin (18 response images) where a pixel ’ s intensity represents the bin value Scrambling the order of pixels destroys spatial relationship between the HoGs
26
Experiments Secure Viola-Jones type face detector: –Small number of critical visual features from a larger set –Cascade rejectors –Adjustments were made –Alice and Bob are allowed to a decide after every level of the cascade
27
Results A single 24x24 detection window can be classified in several minutes using all cascade levels Usually the first two levels are enough to reject a pattern Accelerating: using scrambled HoGs and neural network to analyse – several seconds to process a single 240x320 image (rejects 90%)
28
Results
29
Flaws No mathematical security proofs
30
More Reading … S. Avidan, M. Butman, Efficient Methods for Privacy Preserving Face Detection, Advances in Neural Information Systems (NIPS 18), 2006 A.C. Yao, How to generate and exchange secrets, 27th FOCS, pp. 162-167, 1986
31
Questions
32
Oblivious Transfer Protocol (based on public-key encryption): –Bob sends Alice two different public encryption keys K 0,K 1 –Alice generates a random key K and encrypts it with Bob ’ s public key that suites the message index she wants K i –Bob decrypts with both private keys. He thus obtains both the real key K and a bogus one K ’ –Bob sends Alice E(M i,K) and E(E(M 1-i,K ’ ) (in the same order he send the keys) –Alice Decrypts her message with K and obtains M i Security Issue: Can Alice or Bob learn something they shouldn ’ t? 1-out-of-2 oblivious transfer algorithm can be easily extended to 1-out-of-M oblivious transfer
33
Secure Dot-Product Bob generates a random vector For each i=1 … L: –Bob enumerates all possible x i values and constructs a 256D vector a, s.t. –Alice uses with x i as her index, to choose the appropriate element from the vector a and stores it as a i Alice and Bob sum their private vectors a and b, respectively, to obtain the shares and of the dot-product
34
Secure Classifier Input: Alice has input test pattern Bob has a strong classifier of the form Output: Alice has the result H(x) and nothing else Bob learns nothing about the test pattern x 1. Bob generates a set of N random numbers: s 1, …,s n, such that 2. For n=1 … N: (a) using secure dot-product of x T y n, Alice and Bob obtain private shared a and b (b) using the secure Millionaire protocol to detemine which number is larger: a or Instead of returning A or B, Alice will get or Alice will store the result in c n 3. Using the secure Millionaire to determine which number is larger: s or c. If c is larger then x is positively classified, otherwise x is negatively classified
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.