The proliferation of images captured from millions of cameras and the advancement of facial recognition (FR) technology have made the abuse of FR a severe privacy threat. Existing works typically rely on obfuscation, synthesis, or adversarial examples to modify faces in images to achieve anti-facial recognition (AFR). However, the unmodified images captured by camera modules that contain sensitive personally identifiable information (PII) could still be leaked. In this paper, we propose a novel approach, CamPro, to capture inborn AFR images. CamPro enables well-packed commodity camera modules to produce images that contain little PII and yet still contain enough information to support other non-sensitive vision applications, such as person detection. Specifically, CamPro tunes the configuration setup inside the camera image signal processor (ISP), i.e., color correction matrix and gamma correction, to achieve AFR, and designs an image enhancer to keep the image quality for possible human viewers. We implemented and validated CamPro on a proof-of-concept camera, and our experiments demonstrate its effectiveness on ten state-of-the-art black-box FR models. The results show that CamPro images can significantly reduce face identification accuracy to 0.3\% while having little impact on the targeted non-sensitive vision application. Furthermore, we find that CamPro is resilient to adaptive attackers who have re-trained their FR models using images generated by CamPro, even with full knowledge of privacy-preserving ISP parameters.

翻译：摘要：来自数百万摄像头的图像激增以及人脸识别技术的进步，使得人脸识别滥用成为严重的隐私威胁。现有方法通常依赖模糊化、合成或对抗样本修改图像中的人脸以实现抗人脸识别。然而，摄像头模块捕获的未修改图像中仍包含敏感的个人身份信息，可能导致泄露。本文提出一种新型方法CamPro，用于捕获具有“先天”抗人脸识别特性的图像。CamPro能够使高度集成的商用摄像头模块生成几乎不含个人身份信息、但同时保留足够信息以支持其他非敏感视觉应用（如行人检测）的图像。具体而言，CamPro通过调整摄像头图像信号处理器内部的配置参数（即颜色校正矩阵和伽马校正）实现抗人脸识别，并设计图像增强器以保障人眼观察所需的图像质量。我们在概念验证摄像头上实现了CamPro，并在十种最先进的黑盒人脸识别模型上验证其有效性。结果表明，CamPro图像可将人脸识别准确率显著降低至0.3%，同时几乎不影响目标非敏感视觉应用。此外，我们发现即便自适应攻击者完全了解隐私保护ISP参数，并使用CamPro生成的图像重新训练其人脸识别模型，CamPro仍具有鲁棒性。