Visual Security Evaluation of Learnable Image Encryption Methods against Ciphertext-only Attacks
This work addresses security vulnerabilities in privacy-preserving DNNs for users relying on visual information protection, but it is incremental as it focuses on evaluating existing methods rather than proposing new ones.
The paper evaluates the robustness of visual protection methods for privacy-preserving deep neural networks against ciphertext-only attacks, finding that most methods, including pixel-wise encryption, are insufficiently robust against GAN-based attacks, while a few show adequate resilience.
Various visual information protection methods have been proposed for privacy-preserving deep neural networks (DNNs). In contrast, attack methods on such protection methods have been studied simultaneously. In this paper, we evaluate state-of-the-art visual protection methods for privacy-preserving DNNs in terms of visual security against ciphertext-only attacks (COAs). We focus on brute-force attack, feature reconstruction attack (FR-Attack), inverse transformation attack (ITN-Attack), and GAN-based attack (GAN-Attack), which have been proposed to reconstruct visual information on plain images from the visually-protected images. The detail of various attack is first summarized, and then visual security of the protection methods is evaluated. Experimental results demonstrate that most of protection methods, including pixel-wise encryption, have not enough robustness against GAN-Attack, while a few protection methods are robust enough against GAN-Attack.