Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection

Matteo Cardaioli; Mauro Conti; Pier Paolo Tricomi; Gene Tsudik

doi:10.1109/PerCom53586.2022.9762394

Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection

Matteo Cardaioli, Mauro Conti, Pier Paolo Tricomi, Gene Tsudik

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

2 Citations (Scopus)

525 Downloads (Pure)

Abstract

Ideally, secure user sessions should start and end with authentication and de-Authentication phases, respectively. While the user must pass the former to start a secure session, the latter's importance is often ignored or underestimated. Dangling or unattended sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, the research community focused on automated de-Authentication systems. Unfortunately, no single approach offers security, privacy, and usability. For instance, although facial recognition-based methods might be a good fit for security and usability, they violate user privacy by constantly recording the user and the surrounding environment.In this work, we propose BLUFADE, a fast, secure, and transparent de-Authentication system that takes advantage of blurred faces to preserve user privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection continuously. To assess BLUFADE's practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The former was used to train and evaluate the deauthentication system performances, the latter to assess the privacy and to increase variance in training data. We show that our approach outperforms state-of-The-Art methods in detecting blurred faces, achieving up to 95% accuracy. Furthermore, we demonstrate that BLUFADE effectively de-Authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements.

Original language	English
Title of host publication	2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	197-206
Number of pages	10
ISBN (Electronic)	978-1-6654-1643-6
DOIs	https://doi.org/10.1109/PerCom53586.2022.9762394
Publication status	Published - 2022
Event	20th IEEE International Conference on Pervasive Computing and Communications, PerCom 2022 - Pisa, Italy Duration: 21 Mar 2022 → 25 Mar 2022

Publication series

Name	2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022

Conference

Conference	20th IEEE International Conference on Pervasive Computing and Communications, PerCom 2022
Country/Territory	Italy
City	Pisa
Period	21/03/22 → 25/03/22

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

Blurred Face Detection
De-Authentication
Deep Learning
Lunchtime Attacks
Privacy
Usability

Access to Document

10.1109/PerCom53586.2022.9762394

Privacy_Friendly_De_authentication_with_BLUFADE_Blurred_Face_DetectionFinal published version, 7 MB

Cite this

Cardaioli, M., Conti, M., Tricomi, P. P., & Tsudik, G. (2022). Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection. In 2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022 (pp. 197-206). (2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/PerCom53586.2022.9762394

Cardaioli, Matteo ; Conti, Mauro ; Tricomi, Pier Paolo et al. / Privacy-Friendly De-Authentication with BLUFADE : Blurred Face Detection. 2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022. Institute of Electrical and Electronics Engineers (IEEE), 2022. pp. 197-206 (2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022).

@inproceedings{5c53fdeb5ce64175a0a9b61fa4a66e41,

title = "Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection",

abstract = "Ideally, secure user sessions should start and end with authentication and de-Authentication phases, respectively. While the user must pass the former to start a secure session, the latter's importance is often ignored or underestimated. Dangling or unattended sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, the research community focused on automated de-Authentication systems. Unfortunately, no single approach offers security, privacy, and usability. For instance, although facial recognition-based methods might be a good fit for security and usability, they violate user privacy by constantly recording the user and the surrounding environment.In this work, we propose BLUFADE, a fast, secure, and transparent de-Authentication system that takes advantage of blurred faces to preserve user privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection continuously. To assess BLUFADE's practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The former was used to train and evaluate the deauthentication system performances, the latter to assess the privacy and to increase variance in training data. We show that our approach outperforms state-of-The-Art methods in detecting blurred faces, achieving up to 95% accuracy. Furthermore, we demonstrate that BLUFADE effectively de-Authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements.",

keywords = "Blurred Face Detection, De-Authentication, Deep Learning, Lunchtime Attacks, Privacy, Usability",

author = "Matteo Cardaioli and Mauro Conti and Tricomi, {Pier Paolo} and Gene Tsudik",

note = "Green Open Access added to TU Delft Institutional Repository {\textquoteleft}You share, we take care!{\textquoteright} – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. ; 20th IEEE International Conference on Pervasive Computing and Communications, PerCom 2022 ; Conference date: 21-03-2022 Through 25-03-2022",

year = "2022",

doi = "10.1109/PerCom53586.2022.9762394",

language = "English",

series = "2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

pages = "197--206",

booktitle = "2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022",

address = "United States",

}

Cardaioli, M, Conti, M, Tricomi, PP & Tsudik, G 2022, Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection. in 2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022. 2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022, Institute of Electrical and Electronics Engineers (IEEE), pp. 197-206, 20th IEEE International Conference on Pervasive Computing and Communications, PerCom 2022, Pisa, Italy, 21/03/22. https://doi.org/10.1109/PerCom53586.2022.9762394

Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection. / Cardaioli, Matteo; Conti, Mauro; Tricomi, Pier Paolo et al.
2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022. Institute of Electrical and Electronics Engineers (IEEE), 2022. p. 197-206 (2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Privacy-Friendly De-Authentication with BLUFADE

T2 - 20th IEEE International Conference on Pervasive Computing and Communications, PerCom 2022

AU - Cardaioli, Matteo

AU - Conti, Mauro

AU - Tricomi, Pier Paolo

AU - Tsudik, Gene

N1 - Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

PY - 2022

Y1 - 2022

N2 - Ideally, secure user sessions should start and end with authentication and de-Authentication phases, respectively. While the user must pass the former to start a secure session, the latter's importance is often ignored or underestimated. Dangling or unattended sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, the research community focused on automated de-Authentication systems. Unfortunately, no single approach offers security, privacy, and usability. For instance, although facial recognition-based methods might be a good fit for security and usability, they violate user privacy by constantly recording the user and the surrounding environment.In this work, we propose BLUFADE, a fast, secure, and transparent de-Authentication system that takes advantage of blurred faces to preserve user privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection continuously. To assess BLUFADE's practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The former was used to train and evaluate the deauthentication system performances, the latter to assess the privacy and to increase variance in training data. We show that our approach outperforms state-of-The-Art methods in detecting blurred faces, achieving up to 95% accuracy. Furthermore, we demonstrate that BLUFADE effectively de-Authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements.

AB - Ideally, secure user sessions should start and end with authentication and de-Authentication phases, respectively. While the user must pass the former to start a secure session, the latter's importance is often ignored or underestimated. Dangling or unattended sessions expose users to well-known Lunchtime Attacks. To mitigate this threat, the research community focused on automated de-Authentication systems. Unfortunately, no single approach offers security, privacy, and usability. For instance, although facial recognition-based methods might be a good fit for security and usability, they violate user privacy by constantly recording the user and the surrounding environment.In this work, we propose BLUFADE, a fast, secure, and transparent de-Authentication system that takes advantage of blurred faces to preserve user privacy. We obfuscate a webcam with a physical blur layer and use deep learning algorithms to perform face detection continuously. To assess BLUFADE's practicality, we collected two datasets formed by 30 recruited subjects (users) and thousands of physically blurred celebrity photos. The former was used to train and evaluate the deauthentication system performances, the latter to assess the privacy and to increase variance in training data. We show that our approach outperforms state-of-The-Art methods in detecting blurred faces, achieving up to 95% accuracy. Furthermore, we demonstrate that BLUFADE effectively de-Authenticates users up to 100% accuracy in under 3 seconds, while satisfying security, privacy, and usability requirements.

KW - Blurred Face Detection

KW - De-Authentication

KW - Deep Learning

KW - Lunchtime Attacks

KW - Privacy

KW - Usability

UR - http://www.scopus.com/inward/record.url?scp=85129932447&partnerID=8YFLogxK

U2 - 10.1109/PerCom53586.2022.9762394

DO - 10.1109/PerCom53586.2022.9762394

M3 - Conference contribution

AN - SCOPUS:85129932447

T3 - 2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022

SP - 197

EP - 206

BT - 2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022

PB - Institute of Electrical and Electronics Engineers (IEEE)

Y2 - 21 March 2022 through 25 March 2022

ER -

Cardaioli M, Conti M, Tricomi PP, Tsudik G. Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection. In 2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022. Institute of Electrical and Electronics Engineers (IEEE). 2022. p. 197-206. (2022 IEEE International Conference on Pervasive Computing and Communications, PerCom 2022). doi: 10.1109/PerCom53586.2022.9762394

Privacy-Friendly De-Authentication with BLUFADE: Blurred Face Detection

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this