British Machine Vision Conference (BMVC)
As autonomous driving and augmented reality evolve a practical concern is data privacy, notably when these applications rely on user image-based localization. The widely adopted technology uses local feature descriptors derived from the images. While it was long thought that they could not be reverted back, recent work has demonstrated that under certain conditions reverse engineering attacks are possible and allow an adversary to reconstruct RGB user images. This poses a potential risk to user privacy.
We take this further and model potential adversaries using a privacy threat model. We show a reverse engineering attack on sparse feature maps under controlled conditions and analyze the vulnerability of popular descriptors including FREAK, SIFT and SOSNet. Finally, we evaluate potential mitigation techniques that select a subset of descriptors to carefully balance privacy reconstruction risk. While preserving image matching accuracy, our results show that similar accuracy can be obtained when revealing less information.
Donglai Xiang, Timur Bagautdinov, Tuur Stuyck, Fabian Prada, Javier Romero, Weipeng Xu, Shunsuke Saito, Jingfan Guo, Breannan Smith, Takaaki Shiratori, Yaser Sheikh, Jessica Hodgins, Chenglei Wu
Ludwig Sidenmark, Mark Parent, Chi-Hao Wu, Joannes Chan, Michael Glueck, Daniel Wigdor, Tovi Grossman, Marcello Giordano
Simon Vandenhende, Dhruv Mahajan, Filip Radenovic, Deepti Ghadiyaram
