Seminar from Thomas Thebaud, PhD student Orange/Lium
Localisation: IC2, boardroom
Speaker: Thomas Thebaud
With the widening use of biometrics such as voice, face or digits for authentification, potential security breaches in those systems can become problematic. The low explainability of neural networks drives us to consider the encoded outputs (embeddings/templates/x-vectors) more as secured data than personal informations.
Here I chose to attack an handwritten digit system developped by Orange.
Using the unlabelled output embeddings of a Network designed to detect identities and digits from drawings, and the knowledge of the architecture (not the weights) of that network, I labelled those embeddings and reconstructed the originals drawings to spoof the authentification system. This work shows that embeddings produced by a neural network, even with little to no informations about the network, still contain personnal information (enought to spoof a system).