maneesh thesis ppt
DESCRIPTION
sdfdsfdsfdsfdsfdsfsdfTRANSCRIPT
IIIT
Hyd
erab
ad
Efficient Privacy PreservingEfficient Privacy PreservingProtocols forProtocols for
Visual ComputationVisual Computation
Maneesh Upmanyu
Advisors: C. V. Jawahar , Anoop M. Namboodiri, Kannan Srinathan,
Center for Visual Information Technology
Center for Security, Theory & Algorithmic Research
IIIT- Hyderabad
IIIT
Hyd
erab
ad
Security and Privacy of Visual Data
• Development of secure computational algorithms in computer vision
and related areas.– To develop “highly-secure” solutions
– To develop “computationally efficient” solutions
– To develop solutions to problems with immediate impact
Broad Objective
Project Web-Page: http://cvit.iiit.ac.in/projects/SecureVision
IIIT
Hyd
erab
ad
Research Directions
Private Content Based Image Retrieval (PCBIR)
A2
Q2
Q1
A1
Feature vector (fquery)
……..
Root Info
fquery, f(A1)
fquery, f(A2)
Publication: Shashank J, Kowshik P, Kannan Srinathan and C.V. Jawahar; Private Content Based Image Retrieval; In Proceedings of Computer Vision and Pattern Recognition (CVPR 2008)
Publication: Maneesh Upmanyu, Anoop M. Namboodiri, K. Srinathan and C.V. Jawahar; Blind Authentication - A Secure Crypto-Biometric Verification Protocol: Appears in IEEE-Transactions on Information Forensics and Security (IEEE-TIFS), June 2010
Publication: Maneesh Upmanyu, Anoop M. Namboodiri, K. Srinathan and C.V. Jawahar; Efficient Privacy Preserving Video Surveillance: Proceedings of the 12th International Conference on Computer Vision (ICCV 2009)
Blind Authentication: A Secure Crypto-Biometric Verification
Protocol
Efficient Privacy Preserving Video Surveillance
IIIT
Hyd
erab
ad
Our Security Goal
• What is meant by ‘Privacy’?– Design protocols to limit the information leakage through what is
learned in addition to the designated output.
• What is the ‘Adversary Model’?– Semi-honest vs. Malicious adversary
• Analysis outline: – Correctness
– Security
– Complexity
IIIT
Hyd
erab
ad
Assumptions
• Reliable and secure communication channel
• Players are passively corrupt, that is, honest but curious.
• Players are computationally bounded.
• Players do not collude.
IIIT
Hyd
erab
ad
Thesis Objective
• Traditional Approaches uses highly interactive protocols.– Limitation: massive datasets
– Example: Blind Vision
• Paradigm Shift– Compute directly in encrypted domain.
• Encrypt -> Communicate -> Compute -> Decrypt
– Domain specific encryption schemes.• PKC is data independent and generic.
– Can the paradigm be generic yet efficient?
IIIT
Hyd
erab
ad
Contribution of Thesis
A method that provides provable security, while allowing efficient computations for generic vision algorithms have remained elusive.
We show that, one can exploit certain properties inherent to visual data to break this seemingly impenetrable barrier.
IIIT
Hyd
erab
ad
Dilemma of Privacy vs. Accuracy
IIIT
Hyd
erab
ad
What is Blind Authentication?
A biometric authentication protocol that does not reveal any:
– information about the biometric samples to the authenticating server.
– information regarding the classifier, employed by the server, to the user or client
IIIT
Hyd
erab
ad
Biometric Authentication System
IIIT
Hyd
erab
ad
Primary Concerns in a Biometric System
• Template Protection
• Non-Repudiable
• Network and Client-side Security
• Revocability
IIIT
Hyd
erab
ad
Previous Work
“A template protection scheme with provable security and acceptable recognition performance has thus far remained elusive.”
– A.K. Jain, Eurasip 2008
IIIT
Hyd
erab
ad
Homomorphic Encryption• An encryption scheme using which some algebric
operation , like addition or multiplication, can be directly done on the cipher text.
Let x1 = 20 and x2 = 22, to compute x1+x2 = 42
Use an encryption scheme, for example E(x) = ex
Server stores E(x1) = e20 and E(x2) = e22
Compute using encrypted data
y = E(x1) E(x2) = e20.e22 = e42
Decrypt z = D(y) = ln(y) z = D(y) ln (e42) = 42
IIIT
Hyd
erab
ad
User Enrollment
Enrollment based on a trusted third party.
IIIT
Hyd
erab
ad
Authentication using a Linear Kernel
IIIT
Hyd
erab
ad
Extensions to Kernels & Neural Networks
• Kernel based classifier uses a discriminating function like
• Similarly, in Neural Network the basic units are for example perceptron or sigmoid
• Model above functions as arithmetic circuits consisting of add and multiplication gates over a finite domain.
• Consider two encryptions E+ and E*
IIIT
Hyd
erab
ad
Implementation and Analysis• Experiments designed to evaluate the efficiency and
accuracy of proposed approach.
• For evaluation, an SVM based verifier based on client-server architecture was implemented.– Accuracy: as no assumptions are made, accuracy remains same.
• Verified this on various public domain (UCI, Statlog) datasets.
IIIT
Hyd
erab
ad
Case study shows that matching using fixed length feature representation is comparable to variable length methods such as dynamic warping.
IIIT
Hyd
erab
ad
Security, Privacy and Trust
• Server Security– Template database security
– Hacker sitting in server
• Client Security– Hacker has user’s key or biometric
– Passive attacks at client end
• Network Security– Network is susceptible to snooping attacks
IIIT
Hyd
erab
ad
Advantages of Blind Authentication
• Fast and Provably Secure authentication without trading off accuracy.
• Supports generic classifiers such as Neural Network and SVMs.
• Useful with wide variety of fixed-length biometric-traits.
• Ideal for applications such as biometric ATMs, login from public terminals.
IIIT
Hyd
erab
ad
Proposed Surveillance System
Plain Video Captured by Camera
Encrypted Video As seen by one of the
Computational Servers
Processed Video As seen by the
Computational Server
Result Video Received by
Observer
How do we carry out surveillance
on ‘Randomized’ images ?
IIIT
Hyd
erab
ad
Motivation
Can we do surveillance without
‘seeing’ the original video ?
IIIT
Hyd
erab
ad
Paradigm Shift
We use the paradigm of secret sharing to achieve private and efficient surveillance.
IIIT
Hyd
erab
ad
Protocol in a nutshellPropose a ‘Cloud-Computing’ based solution using k>2 non-colluding servers
IIIT
Hyd
erab
ad
Secret Sharing• A method of distributing a secret among a group of servers,
such that:– Each server on its own has no meaningful information
– Secret is reconstructed only when all shares combine together
• Existing methods are highly inefficient
• Asmuth-Bloom overcomes this limitation by working in Residue Number System (RNS).
IIIT
Hyd
erab
ad
RNS ( m1 = 37, m2 = 49; M = m1 x m2 = 1813)
Example to do Addition in RNS
CRT (z1, z2)
X = 973%(m1, m2)
(x1, x2) = (11, 42)Y = 678%(m1, m2)
(y1, y2) = (12, 41)
x1 = 11, y1 = 12
z1 = (x1 + y1) % m1
= (11+12) % 37 = 23
x2 = 42, y2 = 41
z2 = (x2 + y2) % m2
= (42+41) % 49 = 34
Z = 1651
Shatter: (x) = (x.S+) mod mi
Merge: (xi, mi) = CRT(xi, mi) /S
IIIT
Hyd
erab
ad
Data Properties
• While general purpose secure computation appears inherently complex and oftentimes impractical.
– We show certain properties of the data can be used to ensure efficiency while ensuring privacy.
• Following properties are of interest to us.– Limited and Fixed Range
– Scale Invariant
– Approximate Nature
– Non-General Operands
IIIT
Hyd
erab
ad
Characteristics of the System
IIIT
Hyd
erab
ad
Implementation Challenges
• Representation of negative numbers: Use an Implicit sign representation.– Use (0, M/2) as positive and rest as negative.
– Sign conversion is carried out using additive inversion of Z.
• Overflow and Underflow: Operations are valid and correct as long as range of data is (-M/2, M/2).
• Integer Division and Thresholding: RNS domain is finite and hence not all divisions are defined.
– Dividing integer A by B is defined as A/B = (ai.bi-1) mod mi
• Defining Equivalent operations: For every f(x), we need to define f`(x) such that merging f`(xi) would give f(x).
IIIT
Hyd
erab
ad
Experimental Results
IIIT
Hyd
erab
ad
IIIT
Hyd
erab
ad
Properties of the Protocol
• Servers are un-trusted and the network may be insecure.
• Near loss-less data encoding (PSNR~51).
• No compromise in accuracy.
• Inexpensive capture device, and a unidirectional data flow.
• Negligible overheads to make private computation practical.
• Secure as long as servers do not collude.Our approach shows that privacy and efficiency co-exists
in the domain of visual data
Con
trib
utio
n
IIIT
Hyd
erab
ad
K-Means Clustering• Data clustering is one of the most important techniques for discovery
of patterns in a dataset.
• K-Means clustering is a simple and extensively used technique that automatically partitions a dataset into k clusters.
• The technique becomes more effective with larger amount of data such as when multiple businesses share their data to carry out the clustering together.
• However, the data may contain sensitive information.
IIIT
Hyd
erab
ad
Secure K-Means Algorithms• Trusted Third Party (TTP) based solutions
– Dwork et al. ( Crypto 2004) Very Efficient No TTP in Real World, Possible security compromise
• Data Perturbation techniques– Stanley et al. (BSD 03), Kargupta et al. (ICDM 03) Negligible communication overhead Partial security, Non-invertible transformations used
• Those employing Multiparty Computations– Vaidya et al. (KDD 03), Jha et al. (ESORICS 05)
Wright et al. (KDD 05), Inan et al (DKE 07) Complete privacy Highly in-efficient
IIIT
Hyd
erab
ad
Our Distributed Solution
• We simulate TTP on a set of un-trusted servers over an in-secure network.
• Secret Sharing is a method of distributing a secret among a group of servers.
IIIT
Hyd
erab
ad
Proposed Protocol
• Protocol consists of two phases– Phase One: Secure Data Distribution
– Phase Two: Secure K-Means
• Phase One: Secure Storage of data at servers– Selection of an optimal RNS.
– Shattering of the user’s private data.
Privacy: Server stores only the shattered shares of data.
• Phase Two: Secure K-Means– Initialization
– Lloyd Step
– Knowledge Revelation
IIIT
Hyd
erab
ad
Phase Two: Secure K-Means• Clusters are initialized using the shattered shares
• Lloyd Step involves iteratively computing the closest centers in a Euclidean space– Secure protocols for division and comparison
• Securely evaluate the termination criteria– Send the shattered cluster centers to users who uses the Merge
function on it
• Privacy: No information is leaked to the servers– Data for operations such as division secured using randomization
– Randomization done so as to secure against possible GCD and factorization based attacks
IIIT
Hyd
erab
ad
Overview of the Protocol
User 1 User 2
IIIT
Hyd
erab
ad
Analysis• Overheads calculated over the naïve TTP based protocol.
• Division and Comparison operations introduce communication overhead.– Limited to one round per operation
• Traditional approaches uses SMC for this.– Based on OT, a communicational intensive protocol.
– O(n2) communication overhead to multiply two vectors (length n)
• Limited data expansion– Eg: 32bit data shattered into 5 shares requires 54bits while
traditional SS requires 160bits.
IIIT
Hyd
erab
ad
Algorithm Properties
• We have proposed a highly secure framework using paradigm of secret sharing.
• Negligible overheads in simulating algebraic operations.
• Achieve efficiency by exploiting the data properties.
• Solution does not demand any trust and the clustering is carried out directly on the encrypted data.
IIIT
Hyd
erab
ad
Conclusion
• The traditional methods of ensuring privacy are communication and computation expensive.
• We show that domain specific knowledge can be incorporated to ensure efficiency while retaining privacy.
• Moreover, our methods do not trade off accuracy.
• Development of secure computational algorithms in computer vision
and related areas.– To develop “highly-secure” solutions
– To develop “computationally efficient” solutions
– To develop solutions to problems with immediate impact
Broad Objective
IIIT
Hyd
erab
ad
Related Publications
Maneesh Upmanyu, Anoop M. Namboodiri, K. Srinathan and C.V. Jawahar;
“Blind Authentication - A Secure Crypto-Biometric Verification Protocol” In IEEE-Transactions on Information Forensics and Security(IEEE-TIFS, June 2010)
“Efficient Biometric Verification in Encrypted Domain” In Proceedings of 3rd International Conference on Biometrics(ICB 2009)
“Efficient Privacy Preserving Video Surveillance” Proceedings of the 12th International Conference on Computer Vision (ICCV 2009)
“Efficient Privacy Preserving K-Means Clustering” Proceedings of the Pacific Asia Workshop on Intelligence and Security Informatics(PAISI 2010)
IIIT
Hyd
erab
ad
Thank you for your attention
IIIT
Hyd
erab
ad
RNS & CRT
• Residue Number System (RNS) is an integer using a set of smaller integers.
– RNS is defined by a set of k integer constants. {m1, m2, m3, …, mk}
– Secret A is represented by k smaller integers. {a1, a2, a3, …, ak} where ai = A modulo mi
– This representation is valid as long as 0 < A < M, where M is LCM of mi’s
• Chinese Remainder Theorem (CRT) is the method of recovering the integer value from a given set of smaller integers.
– Define Mi = M/mi
– Compute ci = Mi x (Mi-1 mod mi)
– The above equation is always valid in our system, therefore unique solution exists
IIIT
Hyd
erab
ad
Shatter & Merge Functions
• Shatter function : Compute and store the secret shares of the private data.
– Where xi is the ith secret share, and η is a uniform randomness
• Merge function : Reconstruct the secret.– Given for different primes Pi’s, secret is
recovered using CRT