Adversarial Temporary Tattoo – John Compas

Adversarial Temporary Tattoo

Fooling AI for the price of a sticker

John Compas

Abstract

Researchers have consistently demonstrated over the past three or four years that image and facial recognition techniques are highly susceptible to attack. Many are not designed to be robust in such a manner, making them vulnerable. I aim to create temporary tattoos or other articles of clothing that can disguise the wearer from facial or object recognition. Potentially, this tattoo could not only obscure the wearer but force the AI to classify them as a different person or object.

Technical Details

Researchers at Carnegie Mellon showed two years ago that it was possible to create psychedelic looking glasses that could massively impact how that person’s face was classified by AI [1]. Since then a number of different studies have had similar success attacking classifiers using a variety of techniques. An open source project dedicated to this idea, CVDazzle, has produced many “anti faces” to conceal the wearer. However, both Carnegie Mellon and CVDazzle’s techniques are relatively human obvious. I aim to create a temporary tattoo while looking “normal” has slight, human undetectable modifications that obfuscate the user’s face or body to image detection algorithms. This has been done by [2] although solely on a pixel-by-pixel basis and not in the real world.

[3] Turning a banana into a toaster

A team at Google found that a small patch, applied near an object, could disrupt image classifiers. Many of these techniques counted on access to the internal workings of the classification algorithm to work, however. In [4] a team from MIT showed that a “black box” approach to attack Google’s Cloud Vision. With an evolutionary algorithm, they were able to reduce the time taken to obfuscate an image by multiple orders of magnitude. Using a combination of the aforementioned techniques, I would aim to create patterns for temporary tattoos. Ultimately, the goal would be a tattoo that would be innocuous to humans, yet potent to a classification algorithm.

An example: what you see, what Google’s Cloud Vision or FaceID sees

Actually fabricating the tattoos would be trivial. Tattoo paper is cheap and widely available for use with color printers. Likely the most challenging aspect of the project would be to translate simulated pattern success into a real-world demonstration where the lighting and shadows are inconsistent.

Potentially, other objects and fabrics could be demonstrated, but their fabrication is more challenging.

Goals

The purpose of this project is more experimental. Attempts will be made to make these tattoos look normal, but the main purpose will be to successfully attack commercial face recognition technology.

Applications

The implications of this technology, if successful, are widespread. By simply concealing a wearer’s face, security technology at airports and face-ID technology in large cities like London or New York could be massively compromised for little investment.

If fooling a classifier into recognizing you as a different person is also possible, a whole host of new vulnerabilities are exposed. For example, if Apple’s face ID can be exploited, phones and iPads would instantly be vulnerable.

Confident Skills:

Programming (variety of languages)

Hardware Design, PCB Layout

3D Printing

Laser Cutting

Not Confident:

Sewing

Clothing Design

References

[1] https://www.cs.cmu.edu/~sbhagava/papers/face-rec-ccs16.pdf

[2] https://arxiv.org/pdf/1804.04779.pdf

[3] https://arxiv.org/pdf/1712.09665.pdf

[4] https://arxiv.org/pdf/1712.07113.pdf

February 17, 2019

Initial Project Pitch

Natalie Tack

Sketch

Description

This project is designed to solve the problem of people not knowing when they are overheating or experiencing hypothermia. This product is specifically designed to be worn under a large winter coat and is specifically for people who enjoy spending time outdoors in the winter months (athletes, enthusiasts, etc.).

The high-level idea of this product is that the temperature sensor monitors the body’s temperature within the coat. It is Bluetooth connected to a person’s phone and sends updates to it when there are big degree changes. For example, hypothermia can set in when the body’s temperature is 95 degrees or below, and overheating occurs when the body’s temperature is 104 degrees or higher. However, I am not sure if the temperature inside a coat will be the same as internal body temperature. However, either way, if the person’s body temperature is nearing one of these extremes, it would notify the user so that they can do something to combat either of these two conditions from occurring.

This design is meant to be pragmatic and preventative, it is easier to stop hypothermia/overheating from happening than to fix them when they do happen.

Confident

I am confident in getting the circuit constructed and the Bluetooth connected with a phone.

Less Confident

I am not confident in designing something that is comfortable. I am also not confident in sending the Bluetooth information to any app other than the default application that comes with the Flora Bluefruit LE Module.

A note: In thinking further about this product, this product may also be useful for mountain climbers, and in that regard, it may be useful to have a SPI barometric pressure/altitude sensor as well (Adafruit also makes these). These sensors in combination could help prevent a number of conditions from setting in.

February 17, 2019