A camera-based antifacial recognition technique

Facial recognition systems, computer tools capable of recognizing individuals in images or video sequences, are now widely used around the world. Some users and developers have raised privacy concerns, however, because by definition, facial recognition techniques rely on images that capture people’s faces. It is possible to use facial recognition techniques to identify the person by their face without authorization.

Some recent computer science studies have thus explored the possibility of preventing unauthorized facial recognition of users by obfuscating, synthesizing or modifying images, in order to increase user privacy. This area of ​​research is now widely referred to as anti-facial recognition (AFR).

Researchers at Zhejiang University’s USSLAB recently developed CamPro, a new technique designed to achieve AFR at the camera sensor level, producing images capable of protecting users’ facial privacy without influencing any other applications, such as activity recognition. Their article, accepted by NDSS 2024 and pre-published on the arXiv preprint server, demonstrates the proposed technique using images taken by widely available cameras.

“The rapid development of artificial intelligence (AI) has facilitated various computer vision applications that recognize human activity,” Wenjun Zhu, co-author of the paper, told Tech Xplore. “However, personally identifiable information (PII), especially faces in images, is simultaneously collected and uploaded to untrusted third-party servers. To this end, we offer privacy sensor-based technology. camera, CamPro, which can transform a standard camera into a privacy-friendly camera, unable to capture facial features for identification purposes, i.e. Anti-Facial Recognition (AFR).

Most of the previously introduced AFR approaches are based on post-processing, which essentially means that they modify the images captured by the cameras after they are taken. On the other hand, the CamPro technique developed by USSLAB only starts working when images are generated by the camera sensors, so malicious users will have a harder time bypassing it. Researchers have called this paradigm “privacy by birth.”

“A camera module generally consists of an image sensor (CMOS or CCD) and an image signal processor (ISP),” Zhu explained. “The image sensor converts the perceived lights into raw (RAW) readings, then the ISP, specialized hardware for signal processing, converts the RAW into a standard RGB (sRGB) image consistent with human visual systems.”

ISP systems are essential components of modern digital cameras, serving two main functions. First, they enable the efficient conversion of RAW images to sRGB images. Additionally, they provide control over image capture sensors, such as adjusting shutters and ISO sensitivity to achieve automatic exposure (AE).

“Due to the decoupled design of the image sensor and ISP, ISPs often provide a set of adjustable parameters to respond to different sensors,” Zhu said. “CamPro leverages these tunable ISP settings to achieve privacy functionality. While the initial goal of these settings is to produce a plausible image, we have found that they can also be used to achieve antifacial recognition while providing enough information for benign visual recognition applications, e.g. people detection, pose estimation, etc.

In their recent study, Zhu and his colleagues focused primarily on the gamma (i.e. Gamma) correction process of a camera and the so-called camera correction matrix. colors (CCM). To achieve optimal settings for recognizing people without compromising their privacy, they mimicked the process by which images are captured, while introducing a new optimization technique based on adversarial networks.

“We noticed that the quality of protected images might not meet the requirements of human vision,” Zhu said. “Therefore, we implement an image enhancer trained to restore image quality.”

Unlike other AFR systems, CamPro works inside a camera by adjusting existing ISP settings, without requiring camera redesign. This could greatly simplify its real-world deployment, as it would not involve the introduction of entirely new detection devices.

“We believe this work is groundbreaking. Not only has it enabled image privacy protection at the sensor level, but it also provides a complete chain of functions from information deletion to image restoration to visual tasks, and it’s easy to deploy,” Zhu said.

During initial testing, CamPro was found to generalize well to various black-box face identification systems, reducing the average face identification accuracy to 0.3%. Additionally, it has proven to be resilient to white-box cyberattacks, which require retraining facial recognition models to circumvent the effects of AFR systems.

“CamPro is more suitable for certain specialized cameras, such as those used in smart homes for elderly fall detection, etc. ”Zhu explained. “These cameras need to perform certain visual tasks without requiring facial information. CamPro can effectively prevent facial information from being maliciously obtained and used in various scenarios.”

The new system created by this team of researchers could soon be deployed and tested in real contexts, to further explore its potential. Additionally, CamPro could inspire the development of other AFR approaches exploiting the internal parameters of cameras and sensors.

“We find that a potential attacker can easily collect sensitive personal information from sensor readings,” Zhu added. “We envision that future applications should only obtain related information from sensor data. Therefore, we plan to study more types of sensors, besides camera, with the privacy-preserving paradigm from birth. For CamPro, we plan to improve its overall performance and try to make it into a product.

© 2024 Science X Network