Public ppt - IIIT Hyderabad

dashingincestuousΑσφάλεια

22 Φεβ 2014 (πριν από 3 χρόνια και 5 μήνες)

107 εμφανίσεις

IIIT Hyderabad

Efficient Privacy Preserving

Protocols for

Visual Computation


Maneesh Upmanyu


Advisors:

C. V. Jawahar , Anoop M. Namboodiri, Kannan Srinathan,


Center for Visual Information Technology

Center for Security, Theory & Algorithmic Research

IIIT
-

Hyderabad


IIIT Hyderabad

Security and Privacy of Visual Data


Development of secure computational algorithms in computer vision
and related areas
.



To develop
“highly
-
secure”

solutions



To develop
“computationally efficient”
solutions




To develop solutions to problems with
immediate impact


Broad Objective

Project Web
-
Page:
http://cvit.iiit.ac.in/projects/SecureVision

IIIT Hyderabad

Research Directions

Private Content Based Image
Retrieval (PCBIR)







A
2

Q
2

Q
1

A
1

Feature vector (f
query
)

……..

Root Info

f
query
, f(A
1
)

f
query
, f(A
2
)


Publication
:

Shashank

J,

Kowshik

P,

Kannan

Srinathan

and

C
.
V
.

Jawahar
;

Private

Content

Based

Image

Retrieval
;

In

Proceedings

of

Computer

Vision

and

Pattern

Recognition

(CVPR

2008
)



Publication
:

Maneesh

Upmanyu,

Anoop

M
.

Namboodiri,

K
.

Srinathan

and

C
.
V
.

Jawahar
;

Blind

Authentication

-

A

Secure

Crypto
-
Biometric

Verification

Protocol
:

Appears

in

IEEE
-
Transactions

on

Information

Forensics

and

Security

(IEEE
-
TIFS),

June

2010

Publication
:

Maneesh

Upmanyu,

Anoop

M
.

Namboodiri,

K
.

Srinathan

and

C
.
V
.

Jawahar
;

Efficient

Privacy

Preserving

Video

Surveillance
:

Proceedings

of

the

12
th

International

Conference

on

Computer

Vision

(ICCV

2009
)

Blind Authentication
: A Secure
Crypto
-
Biometric Verification
Protocol







Efficient Privacy Preserving
Video Surveillance







IIIT Hyderabad

Our Security Goal


What is meant by ‘
Privacy
’?


Design protocols to limit the information leakage through what is
learned in addition to the designated output.



What is the ‘
Adversary

Model
’?


Semi
-
honest vs. Malicious adversary



Analysis

outline:


Correctness


Security


Complexity

IIIT Hyderabad

Assumptions


Reliable and secure communication channel



Players are passively corrupt, that is, honest but curious.



Players are computationally bounded.



Players do not collude.

IIIT Hyderabad

Thesis Objective


Traditional Approaches
uses highly interactive protocols.


Limitation: massive datasets


Example: Blind Vision



Paradigm Shift


Compute directly in encrypted domain.


Encrypt
-
> Communicate
-
> Compute
-
> Decrypt



Domain specific encryption schemes.


PKC is data independent and generic.



Can the paradigm be generic yet efficient?

IIIT Hyderabad

Contribution of Thesis

A method that provides
provable security
, while allowing
efficient computations
for generic vision algorithms have
remained elusive
.


We show that, one can exploit certain properties inherent to
visual data to break this seemingly impenetrable barrier.


IIIT Hyderabad

Dilemma of Privacy vs. Accuracy

IIIT Hyderabad

What is Blind Authentication?

A

biometric authentication protocol
that does not
reveal any:



information about the
biometric samples

to the
authenticating server.



information regarding the
classifier
, employed by the
server, to the user or client

IIIT Hyderabad

Biometric Authentication System

IIIT Hyderabad

Primary Concerns in a Biometric System


Template Protection



Non
-
Repudiable



Network and Client
-
side Security



Revocability



IIIT Hyderabad

Previous Work

“A template protection scheme with provable security and acceptable
recognition performance has thus far remained elusive.”



A.K. Jain, Eurasip 2008

IIIT Hyderabad

Homomorphic

Encryption


An

encryption

scheme

using

which

some

algebric

operation

,

like

addition

or

multiplication,

can

be

directly

done

on

the

cipher

text
.




Let x
1

= 20 and x
2

= 22, to compute x
1
+x
2
= 42

Use an encryption scheme, for example E(x) = e
x

Server stores E(x
1
) = e
20

and E(x
2
) = e
22

Compute using encrypted data


y = E(x
1
) E(x
2
) = e
20
.e
22

= e
42

Decrypt z = D(y) =
ln
(y)


z = D(y)
ln

(e
42
) = 42


IIIT Hyderabad

User Enrollment


Enrollment based on a trusted third party
.

IIIT Hyderabad

Authentication using a Linear Kernel

IIIT Hyderabad

Extensions to Kernels & Neural Networks


Kernel based classifier
uses a discriminating function like




Similarly, in Neural Network the basic units are for
example
perceptron or sigmoid




Model above functions as arithmetic circuits consisting of
add and multiplication gates over a finite domain.



Consider two encryptions E
+

and E
*




IIIT Hyderabad

Implementation and Analysis


Experiments designed to evaluate the
efficiency and
accuracy

of proposed approach.



For evaluation, an SVM based verifier based on client
-
server architecture was implemented.


Accuracy:
as no assumptions are made, accuracy remains same.


Verified this on various public domain (UCI, Statlog) datasets.


IIIT Hyderabad

Case

study

shows

that

matching

using

fixed

length

feature

representation

is

comparable

to

variable

length

methods

such

as

dynamic

warping
.



IIIT Hyderabad

Security, Privacy and Trust


Server Security


Template database security


Hacker sitting in server



Client Security


Hacker has user’s key or biometric


Passive attacks at client end



Network Security


Network is susceptible to snooping attacks

IIIT Hyderabad


Advantages of Blind Authentication



Fast

and

Provably

Secure

authentication

without

trading

off

accuracy
.



Supports

generic

classifiers

such

as

Neural

Network

and

SVMs
.



Useful

with

wide

variety

of

fixed
-
length

biometric
-
traits
.



Ideal

for

applications

such

as

biometric

ATMs
,

login

from

public

terminals
.

IIIT Hyderabad

Proposed Surveillance System

Plain Video


Captured by Camera

Encrypted Video

As seen by one of the

Computational Servers

Processed Video

As seen by the

Computational Server

Result Video

Received by

Observer

How do we carry out surveillance

on

‘Randomized’ i
mages
?

IIIT Hyderabad

Motivation

Can we do surveillance without

‘seeing’ the original video
?

Ability to run video surveillance algorithms,
completely in encrypted domain can address most
privacy concerns
.

Existing methods are either too slow for surveillance
applications or do not provide provable privacy.

IIIT Hyderabad

Paradigm Shift


Trusted Third Party

(TTP)


In practice, do not have the luxury of a
trusted entity


Selective

Encryption

(Smart Camera)


No provable privacy, costly and tedious
to upgrade


Homomorphic

Encryption
(Doubly)


Computationally expensive




Secure Multiparty
Computation
(SMC)


Highly inefficient,

High level of privacy, an overkill in
practice



Traditionally
Explored
Paradigms

We

use

the

paradigm

of

secret

sharing

to

achieve

private

and

efficient

surveillance
.


IIIT Hyderabad

Protocol in a nutshell

Propose a
‘Cloud
-
Computing’

based solution using

k>2 non
-
colluding

servers

Shatter

Image


The camera splits each captured frame F, into k ( > 2 )
shares using a pixel level shatter function:



Each share is then sent to an independent server for
processing.

Compute


To carry out a basic operation
f
on the input image, each
server blindly carries out the equivalent basic operation
f’

on
its share.

Merge

Result


The results of operations on the shares are integrated by
the observer using a merge function ( CRT), to obtain final
result.

IIIT Hyderabad

Secret Sharing


A method of
distributing a secret
among a group of servers,
such that:


Each server on its own has no meaningful information


Secret is reconstructed only when all shares combine together








Existing methods are highly inefficient


Asmuth
-
Bloom overcomes this limitation by working in
Residue Number System (RNS).

IIIT Hyderabad

RNS
( m
1

= 37, m
2

= 49; M = m
1

x

m
2

= 1813)


Example to do Addition in RNS


CRT
(z
1
, z
2
)

X = 973
%(m
1
, m
2
)

(x
1
, x
2
) = (11, 42)

Y = 678
%(m
1
, m
2
)

(y
1
, y
2
) = (12, 41)


x
1

= 11, y
1

= 12


z
1

= (x
1

+ y
1
) % m
1


= (11+12) % 37


= 23


x
2

= 42, y
2

= 41


z
2

= (x
2

+ y
2
) % m
2


= (42+41) % 49


= 34

Z = 1651

Shatter:
f
(
x
) = (
x
.
S
+
h
)
mod

m
i

Merge:
m
(
x
i
,

m
i
) = CRT(
x
i
,

m
i
) /
S

IIIT Hyderabad

Data Properties


While general purpose secure computation appears
inherently complex and oftentimes impractical.



We show certain properties of the data can be used to ensure
efficiency while ensuring privacy.



Following properties are of interest to us.


Limited and Fixed Range


Scale Invariant


Approximate Nature


Non
-
General Operands

IIIT Hyderabad

Characteristics of the System


Carry out surveillance on random
looking images.

Preserve Privacy


Encrypted domain representation
should allow efficient computations.

Light weight


Obfuscation process should not blow
up the video data.

Limited data
expansion


Obfuscation should be provably secure
to ensure security at un
-
trusted servers.

Secure Storage


Only authorized people should be able
to recover original plain video.

Reconstruction of
data

IIIT Hyderabad

Implementation

Challenges


Representation of negative numbers:
Use an Implicit sign
representation.


Use
(0, M/2)
as positive and rest as negative.


Sign conversion is carried out using
additive inversion
of
Z
.



Overflow and Underflow:
Operations are valid and correct as
long as range of data
is (
-
M/2, M/2).



Integer Division and Thresholding:
RNS domain is finite and
hence not all divisions are defined.


Dividing integer
A

by
B

is defined as
A/B

= (a
i
.b
i
-
1
) mod m
i



Defining Equivalent operations:
For every
f(x),
we need to
define
f`(x)
such that merging
f`(x
i
)
would give
f(x).

IIIT Hyderabad

Experimental Results

IIIT Hyderabad

IIIT Hyderabad

Properties of the Protocol

Circumvent

theoretical
bounds. Extremely
efficient over SMC

Not only
efficient
, but
also
provably secure

Scalable, inexpensive
and generic, thus
practical


Servers

are

un
-
trusted

and

the

network

may

be

insecure
.


Near

loss
-
less

data

encoding

(PSNR~
51
)
.


No

compromise

in

accuracy
.


Inexpensive

capture

device,

and

a

unidirectional

data

flow
.


Negligible

overheads

to

make

private

computation

practical
.


Secure

as

long

as

servers

do

not

collude
.

Our approach shows that privacy and efficiency co
-
exists


in the domain of visual data

IIIT Hyderabad

K
-
Means Clustering


Data

clustering

is

one

of

the

most

important

techniques

for

discovery

of

patterns

in

a

dataset
.


K
-
Means

clustering

is

a

simple

and

extensively

used

technique

that

automatically

partitions

a

dataset

into

k

clusters
.








The

technique

becomes

more

effective

with

larger

amount

of

data

such

as

when

multiple

businesses

share

their

data

to

carry

out

the

clustering

together
.


However,

the

data

may

contain

sensitive

information
.

IIIT Hyderabad

Secure K
-
Means Algorithms


Trusted Third Party (TTP)

based solutions


Dwork
et al.
( Crypto 2004)


Very Efficient


No TTP in Real World, Possible security compromise



Data Perturbation

techniques


Stanley
et al.

(BSD 03), Kargupta
et al.
(ICDM 03)


Negligible communication overhead


Partial security, Non
-
invertible transformations used



Those employing
Multiparty Computations


Vaidya
et al.

(KDD 03), Jha
et al.

(ESORICS 05)
Wright
et al.
(KDD 05), Inan
et al
(DKE 07)


Complete privacy


Highly in
-
efficient


IIIT Hyderabad

Our

Distributed

Solution


We simulate TTP on a set of un
-
trusted servers over an in
-
secure network.










Secret Sharing is a method of distributing a secret among a
group of servers.

IIIT Hyderabad

Proposed Protocol


Protocol consists of two phases


Phase One:

Secure Data Distribution


Phase Two:

Secure K
-
Means



Phase One:
Secure Storage of data at servers


Selection of an optimal RNS.


Shattering of the user’s private data.

Privacy
: Server stores only the shattered shares of data.



Phase Two:
Secure K
-
Means


Initialization


Lloyd Step


Knowledge Revelation

IIIT Hyderabad

Phase Two: Secure K
-
Means


Clusters are initialized using the shattered shares



Lloyd Step involves iteratively computing the closest
centers in a Euclidean space


Secure protocols for division and comparison



Securely evaluate the termination criteria


Send the shattered cluster centers to users who uses the Merge
function on it



Privacy:
No information is leaked to the servers


Data for operations such as division secured using randomization


Randomization done so as to secure against possible GCD and
factorization based attacks


IIIT Hyderabad

Overview of the Protocol

User 1

User 2

IIIT Hyderabad

Analysis


Overheads calculated over the naïve TTP based protocol.



Division and Comparison operations introduce
communication overhead.


Limited to one round per operation



Traditional approaches uses SMC for this.


Based on OT, a communicational intensive protocol.


O(n
2
)
communication overhead to multiply two vectors (length
n
)



Limited data expansion


Eg: 32bit data shattered into 5 shares requires 54bits while
traditional SS requires 160bits.

IIIT Hyderabad

Algorithm Properties


We

have

proposed

a

highly

secure

framework

using

paradigm

of

secret

sharing
.


Negligible overheads in simulating algebraic operations.


Achieve efficiency by exploiting the data properties.


Solution

does

not

demand

any

trust

and

the

clustering

is

carried

out

directly

on

the

encrypted

data
.

IIIT Hyderabad

Conclusion


The traditional methods of ensuring privacy are
communication and computation expensive.



We show that domain specific knowledge can be
incorporated to ensure efficiency while retaining privacy.



Moreover, our methods do not trade off accuracy.




Development of secure computational algorithms in computer vision
and related areas
.



To develop
“highly
-
secure”

solutions



To develop
“computationally efficient”
solutions




To develop solutions to problems with
immediate impact


Broad Objective

IIIT Hyderabad

Related Publications

Maneesh Upmanyu, Anoop M. Namboodiri, K. Srinathan and C.V. Jawahar;


“Blind Authentication
-

A Secure Crypto
-
Biometric Verification Protocol”


In IEEE
-
Transactions on Information Forensics and Security

(IEEE
-
TIFS, June 2010)




Efficient Biometric Verification in Encrypted Domain”


In Proceedings of 3
rd

International Conference on Biometrics

(ICB 2009)



Efficient Privacy Preserving Video Surveillance”


Proceedings of the 12th International Conference on Computer Vision

(ICCV 2009)



Efficient Privacy Preserving K
-
Means Clustering”


Proceedings of the Pacific Asia Workshop on Intelligence and Security Informatics

(PAISI 2010)





IIIT Hyderabad

Thank you

for your attention

IIIT Hyderabad

RNS & CRT


Residue Number System
(RNS)
is an integer using a set of
smaller integers.


RNS is defined by a set of
k

integer constants.
{m
1
, m
2
, m
3
, …, m
k
}


Secret
A

is represented by
k

smaller integers.
{a
1
, a
2
, a
3
, …, a
k
}
where
a
i

= A modulo m
i


This representation is valid as long as
0 < A < M
, where
M

is
LCM

of
m
i
’s



Chinese Remainder Theorem
(CRT)
is the method of
recovering the integer value from a given set of smaller
integers.


Define
M
i

= M/m
i


Compute
c
i
= M
i

x (M
i
-
1

mod m
i
)


The above equation is always valid in our system, therefore unique solution
exists

IIIT Hyderabad

Shatter & Merge Functions


Shatter function :
Compute and store the secret shares
of the private data.




Where
x
i

is the
i
th

secret share, and
η

is a uniform randomness



Merge function :
Reconstruct the secret.


Given for different primes
P
i
’s,
secret is
recovered using
CRT