Fortifying Reversible Face Anonymization: A Secure Image Embedding Loss to Prevent Identity Leakage

Resumo

With the proliferation of image capture devices and social media, face recognition technology has become widespread, raising significant privacy concerns and leading to the development of data protection regulations like GDPR and LGPD. Reversible face anonymization techniques, which aim to obscure an individual's identity while allowing for its recovery with a secret key, have emerged as a promising solution to balance privacy and data utility. These methods, often based on Generative Adversarial Networks (GANs), generate realistic, anonymized faces that preserve the original image's structure. This paper challenges the presumed security of state-of-the-art reversible face anonymization systems. We introduce a novel attack that bypasses the password-based protection by exploiting information leaked in an intermediate stage of the anonymization pipeline. Our attack on a leading reversible anonymization method, RiDDLE, successfully recovers the original identity from anonymized images in up to 70.2% of cases on the VggFace2 dataset, a stark contrast to the 0.2% chance of a random guess. To counteract this critical vulnerability, we propose a new loss function, the Secure Image Embedding Loss, designed to be integrated into the training of anonymization models. This addition enforces the disassociation of the original identity from the intermediate representations. Experimental results demonstrate the effectiveness of our defense, reducing the success rate of our attack to a mere 0.8% on VggFace2 and showing robust performance on the LFW dataset. These findings highlight a significant, previously overlooked security flaw in reversible face anonymization and provide a concrete solution to fortify these methods against such attacks, marking a crucial step toward ensuring genuine privacy in facial data.