submitted on 2024-12-23, 08:27 and posted on 2024-12-26, 07:46authored byElmahdi Bentafat
Surveillance systems on a massive scale can be a vital tool for law enforcement agencies. In fact, an effective surveillance system automatically monitors all available data feeds in search of known suspects. These data could be directly linked to individuals as biometrics (face images, voice recordings, fingerprints, etc.) or indirectly linked, for example, through a vehicle’s license plate number. Once these data are collected, the system extracts the individuals’ feature vectors, compares them against a suspects’ database, and raises an alarm when a match is detected. Nevertheless, this approach raises significant privacy concerns, because all individuals with known feature vectors can be tracked on a daily basis. Analyzing such information-rich datasets may reveal sensitive personal information, including home and work locations, health issues, religious affiliations, etc. Even if we trust law enforcement authorities to protect the citizens’ location privacy, malicious users, such as rogue insiders or hackers, may still access the stored location data.To mitigate the severe privacy concerns of wide-scale surveillance systems, researchers have designed secure and privacy-preserving protocols that obliviously match live feeds against a suspects’ database. However, existing approaches are very expensive in terms of computation and communication costs and, as a result, they do not scale well for ubiquitous deployment. To this end, we designed scalable and practical surveillance systems that can operate in near real-time. In particular, we addressed three types of privacy-preserving surveillance systems in this thesis: face recognition, speaker identification, and license plate recognition. We first proposed a general privacy-preserving framework that operates by storing an encrypted version of the suspects’ database at the surveillance devices. Based on this framework, we built three open-source systems (available on GitHub) and conducted extensive real-life experiments to illustrate their scalability and practicality.Our last contribution addresses privacy-preserving traffic flow estimation in road networks. This is another scenario where the users’ location privacy can be compromised. Specifically, to measure the precise traffic flow across a given path on the road network, we need to identify the number of common vehicles that pass through a series of intermediate points (where roadside units, or RSUs, are installed). However, disclosing the vehicles’ IDs to the distributed network of RSUs clearly violates the users’ privacy. Instead, our approach is to have the RSUs communicate with the passing vehicles in order to construct encrypted Bloom filters stemming from random vehicle IDs that are chosen secretly by the individual vehicles. Each Bloom filter represents the set of vehicle IDs that contacted the RSU, but may also be used to estimate the traffic flow between any number of RSUs. More precisely, we designed a probabilistic model that approximates multi-point traffic flows, by estimating the number of common vehicles among a given set of Bloom filters.