FaceCloak: Learning to Protect Face Templates
This addresses privacy and security concerns for users of face recognition systems by preventing reconstruction of face images from templates, though it is an incremental improvement on existing protection methods.
The paper tackles the problem of face template privacy by introducing FaceCloak, a neural network framework that generates binary cloaks to protect templates from inversion attacks, achieving fast inference (0.28 ms) and small size (0.57 MB) while maintaining biometric utility.
Generative models can reconstruct face images from encoded representations (templates) bearing remarkable likeness to the original face, raising security and privacy concerns. We present \textsc{FaceCloak}, a neural network framework that protects face templates by generating smart, renewable binary cloaks. Our method proactively thwarts inversion attacks by cloaking face templates with unique disruptors synthesized from a single face template on the fly while provably retaining biometric utility and unlinkability. Our cloaked templates can suppress sensitive attributes while generalizing to novel feature extraction schemes and outperform leading baselines in terms of biometric matching and resiliency to reconstruction attacks. \textsc{FaceCloak}-based matching is extremely fast (inference time =0.28 ms) and light (0.57 MB). We have released our \href{https://github.com/sudban3089/FaceCloak.git}{code} for reproducible research.