Security News > 2021 > March > Can private data be recovered from “sanitized” images?

In the paper "Subverting Privacy-Preserving GANs: Hiding Secrets in Sanitized Images," researchers explored whether private data could still be recovered from images that had been sanitized by such deep-learning discriminators as privacy protecting GANs and that had even passed empirical tests.

The team found that PP-GAN designs can be subverted to pass privacy checks, while still allowing secret information to be extracted from sanitized images.

Machine-learning-based privacy tools have broad applicability, potentially in any privacy sensitive domain, including removing location-relevant information from vehicular camera data, obfuscating the identity of a person who produced a handwriting sample, or removing barcodes from images.

"Versions of these systems are designed to sanitize images of faces and other sensitive data so that only application-critical information is retained. While our adversarial PP-GAN passed all existing privacy checks, we found that it actually hid secret data pertaining to the sensitive attributes, even allowing for reconstruction of the original private image."

The study provides background on PP-GANs and associated empirical privacy checks, formulates an attack scenario to ask if empirical privacy checks can be subverted, and outlines an approach for circumventing empirical privacy checks.

Using a novel steganographic approach, they adversarially modify a state-of-the-art PP-GAN to hide a secret, from purportedly sanitized face images.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/hMloAOan69M/