Analysis and Mitigations of Reverse Engineering Attacks on Local Feature Descriptors
This addresses privacy concerns for users in applications like autonomous driving and augmented reality, but it is incremental as it builds on prior work showing reverse engineering is possible.
The paper tackles the problem of reverse engineering attacks on local feature descriptors, which can reconstruct RGB images from descriptors, posing privacy risks; it demonstrates these attacks on popular descriptors and proposes mitigation techniques that reduce information leakage while maintaining similar matching accuracy.
As autonomous driving and augmented reality evolve, a practical concern is data privacy. In particular, these applications rely on localization based on user images. The widely adopted technology uses local feature descriptors, which are derived from the images and it was long thought that they could not be reverted back. However, recent work has demonstrated that under certain conditions reverse engineering attacks are possible and allow an adversary to reconstruct RGB images. This poses a potential risk to user privacy. We take this a step further and model potential adversaries using a privacy threat model. Subsequently, we show under controlled conditions a reverse engineering attack on sparse feature maps and analyze the vulnerability of popular descriptors including FREAK, SIFT and SOSNet. Finally, we evaluate potential mitigation techniques that select a subset of descriptors to carefully balance privacy reconstruction risk while preserving image matching accuracy; our results show that similar accuracy can be obtained when revealing less information.