Leveraging deep learning-assisted attacks against image obfuscation via federated learning

Abstract

Obfuscation techniques (e.g., blurring) are employed to protect sensitive information (SI) in images such as individuals’ faces. Recent works demonstrated that adversaries can perform deep learning-assisted (DL) attacks to re-identify obfuscated face images. Adversaries are modeled by their goals, knowledge (e.g., background knowledge), and capabilities (e.g., DL-assisted attacks). Nevertheless, enhancing the evaluation methodology of obfuscation techniques and improving the defense strategies against adversaries requires considering more "pessimistic” attacking scenario, i.e., stronger adversaries. According to a 2019 article published by the European Union Agency for Cybersecurity (ENISA), adversaries tend to perform more sophisticated and dangerous attacks when collaborating together. To address these concerns, our paper investigates a novel privacy challenge in the context of image obfuscation. Specifically, we examine whether adversaries, when collaborating together, can amplify their DL-assisted attacks and cause additional privacy breaches against a target dataset of obfuscated images. We empirically demonstrate that federated learning (FL) can be used as a collaborative attack/adversarial strategy to (i) leverage the attacking capabilities of an adversary, (ii) increase the privacy breaches, and (iii) remedy the lack of background knowledge and data shortage without the need to share/disclose the local training datasets in a centralized location. To the best of our knowledge, we are the first to consider collaborative and more specifically FL-based attacks in the context of face obfuscation.