[RSV24] Controllable Privacy in Face Recognition: A Filter-based Approach

[RSV24] Controllable Privacy in Face Recognition: A Filter-based Approach

[GRG+16] Unlinkable and irreversible biometric template protection based on Bloom filters

• Modality: face
• Row-wise shuffled features via user-specific permutations then BFs are generated
• BF-based BTP is reversible [ZC+23] and lead to the retrieval the template
• Fast comparison
• Trade-off:
  • $\nearrow$ accuracy $\searrow$ privacy & security
  • $\searrow$ accuracy $\nearrow$ privacy & security

[ZC+23] Attacks and Improvement of Unlinkability of Biometric Template Protection Scheme Based on Bloom Filters

[HM22] Towards protecting face embeddings in mobile face verification scenarios.

• Modality: face
• Uses multivariate polynomials over user-specific secrets (exponents and coefficients)
• High risk of reversibility for attackers accessing multiple templates of the same face.
• Leaks soft biometric information [YKR+24]
• Fast comparison
• Trade-off:
  • $\nearrow$ accuracy $\searrow$ privacy & security
  • $\searrow$ accuracy $\nearrow$ privacy & security

[BKD+20] Post-quantum secure two-party computation for iris biometric template protection

• Modality: iris
• Reference and probe are split into shares between two non-colluding servers
• Accuracy preserved
• Privacy and security depend on the freshness of the shares
• Runs in $502.9$ms

• Cosine similarity: $$s(\mathbf{x},\mathbf{y}) = \frac{\mathbf{x}^T\mathbf{y}}{\|\mathbf{x}\|\|\mathbf{y}\|}$$
• For normalized $\mathbf{\tilde{x}}$ and $\mathbf{\tilde{y}}$, cosine becomes inner product (IP): $$< \mathbf{\tilde{x}},\mathbf{\tilde{y}}> = \sum_{i=1}^{d} \tilde{x_i} \tilde{y_i}$$

IP requires $d$ multiplications and $d-1$ additions

[B18] Secure face matching using fully homomorphic encryption

• Modality: face (or any fixed-length representation)
• Inner product over normalized vectors.
• Precision-based quantization.
• Provable privacy and security
• Runs one-to-one comparison in $31.22$ ms
• Operates in the cleartext decision mode

Pre-computation to free IP from multiplication

[BHV+23] Improved Multiplication-Free Biometric Recognition under Encryption

[BHV+23] Improved Multiplication-Free Biometric Recognition under Encryption

• Modality: face (or any fixed-length representation)
• Inner product over normalized vectors.
• Table-based quantization.
• Permutations improves accuracy.
• Provable privacy and security
• Runs one-to-one comparison in $16.94$ ms
• Operates in the cleartext and encrypted decision modes

AutoFHE shows that inference under encryption is feasible and demonstrates it on encrypted $32 \times 32$ images

[AB23] AutoFHE: Automated adaption of CNNs for efficient evaluation over FHE

• No solution is perfect
• State-of-the-art solutions protect biometric data after feature extraction
• Open problems
• End-to-end protected biometric recognition (inference and training)
• Computation integrity check of biometrics under encryption
• Trust-but-verify principle in protected biometric systems