-
Compact: Approximating Complex Activation Functions for Secure Computation
Authors:
Mazharul Islam,
Sunpreet S. Arora,
Rahul Chatterjee,
Peter Rindal,
Maliheh Shirvanian
Abstract:
Secure multi-party computation (MPC) techniques can be used to provide data privacy when users query deep neural network (DNN) models hosted on a public cloud. State-of-the-art MPC techniques can be directly leveraged for DNN models that use simple activation functions such as ReLU. However, these techniques are ineffective and/or inefficient for the complex and highly non-linear activation functi…
▽ More
Secure multi-party computation (MPC) techniques can be used to provide data privacy when users query deep neural network (DNN) models hosted on a public cloud. State-of-the-art MPC techniques can be directly leveraged for DNN models that use simple activation functions such as ReLU. However, these techniques are ineffective and/or inefficient for the complex and highly non-linear activation functions used in cutting-edge DNN models.
We present Compact, which produces piece-wise polynomial approximations of complex AFs to enable their efficient use with state-of-the-art MPC techniques. Compact neither requires nor imposes any restriction on model training and results in near-identical model accuracy. To achieve this, we design Compact with input density awareness and use an application-specific simulated annealing type optimization to generate computationally more efficient approximations of complex AFs. We extensively evaluate Compact on four different machine-learning tasks with DNN architectures that use popular complex AFs silu, gelu, and mish. Our experimental results show that Compact incurs negligible accuracy loss while being 2x-5x computationally more efficient than state-of-the-art approaches for DNN models with large number of hidden layers. Our work accelerates easy adoption of MPC techniques to provide user data privacy even when the queried DNN models consist of a number of hidden layers and trained over complex AFs.
△ Less
Submitted 17 March, 2024; v1 submitted 8 September, 2023;
originally announced September 2023.
-
How Interactions Influence Users' Security Perception of Virtual Reality Authentication?
Authors:
Jingjie Li,
Sunpreet Singh Arora,
Kassem Fawaz,
Younghyun Kim,
Can Liu,
Sebastian Meiser,
Mohsen Minaei,
Maliheh Shirvanian,
Kim Wagner
Abstract:
Users readily embrace the rapid advancements in virtual reality (VR) technology within various everyday contexts, such as gaming, social interactions, shopping, and commerce. In order to facilitate transactions and payments, VR systems require access to sensitive user data and assets, which consequently necessitates user authentication. However, there exists a limited understanding regarding how u…
▽ More
Users readily embrace the rapid advancements in virtual reality (VR) technology within various everyday contexts, such as gaming, social interactions, shopping, and commerce. In order to facilitate transactions and payments, VR systems require access to sensitive user data and assets, which consequently necessitates user authentication. However, there exists a limited understanding regarding how users' unique experiences in VR contribute to their perception of security. In our study, we adopt a research approach known as ``technology probe'' to investigate this question. Specifically, we have designed probes that explore the authentication process in VR, aiming to elicit responses from participants from multiple perspectives. These probes were seamlessly integrated into the routine payment system of a VR game, thereby establishing an organic study environment. Through qualitative analysis, we uncover the interplay between participants' interaction experiences and their security perception. Remarkably, despite encountering unique challenges in usability during VR interactions, our participants found the intuitive virtualized authentication process beneficial and thoroughly enjoyed the immersive nature of VR. Furthermore, we observe how these interaction experiences influence participants' ability to transfer their pre-existing understanding of authentication into VR, resulting in a discrepancy in perceived security. Moreover, we identify users' conflicting expectations, encompassing their desire for an enjoyable VR experience alongside the assurance of secure VR authentication. Building upon our findings, we propose recommendations aimed at addressing these expectations and alleviating potential conflicts.
△ Less
Submitted 3 June, 2023; v1 submitted 20 March, 2023;
originally announced March 2023.
-
Practical Speech Re-use Prevention in Voice-driven Services
Authors:
Yangyong Zhang,
Maliheh Shirvanian,
Sunpreet S. Arora,
Jianwei Huang,
Guofei Gu
Abstract:
Voice-driven services (VDS) are being used in a variety of applications ranging from smart home control to payments using digital assistants. The input to such services is often captured via an open voice channel, e.g., using a microphone, in an unsupervised setting. One of the key operational security requirements in such setting is the freshness of the input speech. We present AEOLUS, a security…
▽ More
Voice-driven services (VDS) are being used in a variety of applications ranging from smart home control to payments using digital assistants. The input to such services is often captured via an open voice channel, e.g., using a microphone, in an unsupervised setting. One of the key operational security requirements in such setting is the freshness of the input speech. We present AEOLUS, a security overlay that proactively embeds a dynamic acoustic nonce at the time of user interaction, and detects the presence of the embedded nonce in the recorded speech to ensure freshness. We demonstrate that acoustic nonce can (i) be reliably embedded and retrieved, and (ii) be non-disruptive (and even imperceptible) to a VDS user. Optimal parameters (acoustic nonce's operating frequency, amplitude, and bitrate) are determined for (i) and (ii) from a practical perspective. Experimental results show that AEOLUS yields 0.5% FRR at 0% FAR for speech re-use prevention upto a distance of 4 meters in three real-world environments with different background noise levels. We also conduct a user study with 120 participants, which shows that the acoustic nonce does not degrade overall user experience for 94.16% of speech samples, on average, in these environments. AEOLUS can therefore be used in practice to prevent speech re-use and ensure the freshness of speech input.
△ Less
Submitted 12 January, 2021;
originally announced January 2021.
-
Beating Attackers At Their Own Games: Adversarial Example Detection Using Adversarial Gradient Directions
Authors:
Yuhang Wu,
Sunpreet S. Arora,
Yanhong Wu,
Hao Yang
Abstract:
Adversarial examples are input examples that are specifically crafted to deceive machine learning classifiers. State-of-the-art adversarial example detection methods characterize an input example as adversarial either by quantifying the magnitude of feature variations under multiple perturbations or by measuring its distance from estimated benign example distribution. Instead of using such metrics…
▽ More
Adversarial examples are input examples that are specifically crafted to deceive machine learning classifiers. State-of-the-art adversarial example detection methods characterize an input example as adversarial either by quantifying the magnitude of feature variations under multiple perturbations or by measuring its distance from estimated benign example distribution. Instead of using such metrics, the proposed method is based on the observation that the directions of adversarial gradients when crafting (new) adversarial examples play a key role in characterizing the adversarial space. Compared to detection methods that use multiple perturbations, the proposed method is efficient as it only applies a single random perturbation on the input example. Experiments conducted on two different databases, CIFAR-10 and ImageNet, show that the proposed detection method achieves, respectively, 97.9% and 98.6% AUC-ROC (on average) on five different adversarial attacks, and outperforms multiple state-of-the-art detection methods. Results demonstrate the effectiveness of using adversarial gradient directions for adversarial example detection.
△ Less
Submitted 30 December, 2020;
originally announced December 2020.
-
DashCam Pay: A System for In-vehicle Payments Using Face and Voice
Authors:
Cori Tymoszek,
Sunpreet S. Arora,
Kim Wagner,
Anil K. Jain
Abstract:
We present our ongoing work on developing a system, called DashCam Pay, that enables in-vehicle payments in a seamless and secure manner using face and voice biometrics. A plug-and-play device (dashcam) mounted in the vehicle is used to capture face images and voice commands of passengers. Privacy-preserving biometric comparison techniques are used to compare the biometric data captured by the das…
▽ More
We present our ongoing work on developing a system, called DashCam Pay, that enables in-vehicle payments in a seamless and secure manner using face and voice biometrics. A plug-and-play device (dashcam) mounted in the vehicle is used to capture face images and voice commands of passengers. Privacy-preserving biometric comparison techniques are used to compare the biometric data captured by the dashcam with the biometric data enrolled on the users' mobile devices over a wireless interface (e.g., Bluetooth or Wi-Fi Direct) to determine the payer. Once the payer is identified, payment is conducted using the enrolled payment credential on the mobile device of the payer. We conduct preliminary analysis on data collected using a commercially available dashcam to show the feasibility of building the proposed system. A prototype of the proposed system is also developed in Android. DashCam Pay can be integrated as a software solution by dashcam or vehicle manufacturers to enable open loop in-vehicle payments.
△ Less
Submitted 8 September, 2020; v1 submitted 7 April, 2020;
originally announced April 2020.
-
Adversarial Light Projection Attacks on Face Recognition Systems: A Feasibility Study
Authors:
Dinh-Luan Nguyen,
Sunpreet S. Arora,
Yuhang Wu,
Hao Yang
Abstract:
Deep learning-based systems have been shown to be vulnerable to adversarial attacks in both digital and physical domains. While feasible, digital attacks have limited applicability in attacking deployed systems, including face recognition systems, where an adversary typically has access to the input and not the transmission channel. In such setting, physical attacks that directly provide a malicio…
▽ More
Deep learning-based systems have been shown to be vulnerable to adversarial attacks in both digital and physical domains. While feasible, digital attacks have limited applicability in attacking deployed systems, including face recognition systems, where an adversary typically has access to the input and not the transmission channel. In such setting, physical attacks that directly provide a malicious input through the input channel pose a bigger threat. We investigate the feasibility of conducting real-time physical attacks on face recognition systems using adversarial light projections. A setup comprising a commercially available web camera and a projector is used to conduct the attack. The adversary uses a transformation-invariant adversarial pattern generation method to generate a digital adversarial pattern using one or more images of the target available to the adversary. The digital adversarial pattern is then projected onto the adversary's face in the physical domain to either impersonate a target (impersonation) or evade recognition (obfuscation). We conduct preliminary experiments using two open-source and one commercial face recognition system on a pool of 50 subjects. Our experimental results demonstrate the vulnerability of face recognition systems to light projection attacks in both white-box and black-box attack settings.
△ Less
Submitted 16 April, 2020; v1 submitted 24 March, 2020;
originally announced March 2020.
-
Universal 3D Wearable Fingerprint Targets: Advancing Fingerprint Reader Evaluations
Authors:
Joshua J. Engelsma,
Sunpreet S. Arora,
Anil K. Jain,
Nicholas G. Paulter Jr
Abstract:
We present the design and manufacturing of high fidelity universal 3D fingerprint targets, which can be imaged on a variety of fingerprint sensing technologies, namely capacitive, contact-optical, and contactless-optical. Universal 3D fingerprint targets enable, for the first time, not only a repeatable and controlled evaluation of fingerprint readers, but also the ability to conduct fingerprint r…
▽ More
We present the design and manufacturing of high fidelity universal 3D fingerprint targets, which can be imaged on a variety of fingerprint sensing technologies, namely capacitive, contact-optical, and contactless-optical. Universal 3D fingerprint targets enable, for the first time, not only a repeatable and controlled evaluation of fingerprint readers, but also the ability to conduct fingerprint reader interoperability studies. Fingerprint reader interoperability refers to how robust fingerprint recognition systems are to variations in the images acquired by different types of fingerprint readers. To build universal 3D fingerprint targets, we adopt a molding and casting framework consisting of (i) digital mapping of fingerprint images to a negative mold, (ii) CAD modeling a scaffolding system to hold the negative mold, (iii) fabricating the mold and scaffolding system with a high resolution 3D printer, (iv) producing or mixing a material with similar electrical, optical, and mechanical properties to that of the human finger, and (v) fabricating a 3D fingerprint target using controlled casting. Our experiments conducted with PIV and Appendix F certified optical (contact and contactless) and capacitive fingerprint readers demonstrate the usefulness of universal 3D fingerprint targets for controlled and repeatable fingerprint reader evaluations and also fingerprint reader interoperability studies.
△ Less
Submitted 22 May, 2017;
originally announced May 2017.
-
Biometrics for Child Vaccination and Welfare: Persistence of Fingerprint Recognition for Infants and Toddlers
Authors:
Anil K. Jain,
Sunpreet S. Arora,
Lacey Best-Rowden,
Kai Cao,
Prem Sewak Sudhish,
Anjoo Bhatnagar
Abstract:
With a number of emerging applications requiring biometric recognition of children (e.g., tracking child vaccination schedules, identifying missing children and preventing newborn baby swaps in hospitals), investigating the temporal stability of biometric recognition accuracy for children is important. The persistence of recognition accuracy of three of the most commonly used biometric traits (fin…
▽ More
With a number of emerging applications requiring biometric recognition of children (e.g., tracking child vaccination schedules, identifying missing children and preventing newborn baby swaps in hospitals), investigating the temporal stability of biometric recognition accuracy for children is important. The persistence of recognition accuracy of three of the most commonly used biometric traits (fingerprints, face and iris) has been investigated for adults. However, persistence of biometric recognition accuracy has not been studied systematically for children in the age group of 0-4 years. Given that very young children are often uncooperative and do not comprehend or follow instructions, in our opinion, among all biometric modalities, fingerprints are the most viable for recognizing children. This is primarily because it is easier to capture fingerprints of young children compared to other biometric traits, e.g., iris, where a child needs to stare directly towards the camera to initiate iris capture. In this report, we detail our initiative to investigate the persistence of fingerprint recognition for children in the age group of 0-4 years. Based on preliminary results obtained for the data collected in the first phase of our study, use of fingerprints for recognition of 0-4 year-old children appears promising.
△ Less
Submitted 17 April, 2015;
originally announced April 2015.