Privacy Preserving Face Recognition Utilizing Differential Privacy

TL;DR

This paper introduces PEEP, a privacy-preserving face recognition protocol that applies differential privacy to Eigenfaces, enabling accurate recognition while protecting biometric data from privacy attacks.

Contribution

The paper proposes a novel face recognition method using differential privacy to secure biometric data on third-party servers, addressing privacy concerns in biometric processing.

Findings

Achieves 70%-90% classification accuracy with privacy protections.

Effectively prevents membership inference and model memorization attacks.

Utilizes local differential privacy for biometric data security.

Abstract

Facial recognition technologies are implemented in many areas, including but not limited to, citizen surveillance, crime control, activity monitoring, and facial expression evaluation. However, processing biometric information is a resource-intensive task that often involves third-party servers, which can be accessed by adversaries with malicious intent. Biometric information delivered to untrusted third-party servers in an uncontrolled manner can be considered a significant privacy leak (i.e. uncontrolled information release) as biometrics can be correlated with sensitive data such as healthcare or financial records. In this paper, we propose a privacy-preserving technique for "controlled information release", where we disguise an original face image and prevent leakage of the biometric features while identifying a person. We introduce a new privacy-preserving face recognition protocol named PEEP (Privacy using EigEnface Perturbation) that utilizes local differential privacy. PEEP applies perturbation to Eigenfaces utilizing differential privacy and stores only the perturbed data in the third-party servers to run a standard Eigenface recognition algorithm. As a result, the trained model will not be vulnerable to privacy attacks such as membership inference and model memorization attacks. Our experiments show that PEEP exhibits a classification accuracy of around 70% - 90% under standard privacy settings.