Facial Data Minimization: Shallow Model as Your Privacy Filter

Download PDF
Open Webpage

Yuwen Pu, Jiahao Chen, Jiayu Pan, Diqun Yan, Xuhong Zhang, Shouling Ji

Published: 01 Jan 2025, Last Modified: 05 Jan 2026IEEE Transactions on Dependable and Secure ComputingEveryoneRevisionsCC BY-SA 4.0
Abstract: Face recognition service has been widely adopted across various domains, offering significant convenience and enhancing efficiency in numerous applications. However, once a user's facial data is transmitted to a service provider, the user will lose control over his/her biometric data. In recent years, there have been various security and privacy issues due to the leakage of facial data. Although many privacy enhancement methods have been proposed, they usually fail when they are not accessible to adversaries’ strategies or the complete face recognition model. Therefore, in this work, we propose a Privacy Minimization Transformation (PMT) method, designed to address two common scenarios in practical face recognition systems: the uploading of facial images and facial features. This method can process the private facial data based on the shallow network of the face recognition model to obtain the obfuscated data. The obfuscated data cannot only maintain satisfactory performance on the authorized models (i.e. the models specified by the user) and restrict the performance on other unauthorized models (i.e. the models not specified by the user) but also prevent privacy data from leaking by AI methods and human visual theft. Additionally, since a service provider may execute preprocessing operations on the received data, we propose an enhanced perturbation method to improve the robustness of PMT. Besides, to authorize one facial image to multiple service models simultaneously, a multiple-restriction mechanism is proposed to improve the scalability of PMT. Finally, we conduct extensive experiments and evaluate the effectiveness of the proposed PMT against face reconstruction, function creep, and face attribute estimation attacks. Experimental results demonstrate that PMT performs well in preventing facial function creep and privacy leakage while maintaining high face recognition accuracy.