Wenke Lee (Georgia Tech)- Privacy and Reliability Issues of AI Systems
Abstract:
Recent advances in AI promise to change virtually all aspects of our lives. Before we get too excited, we should first examine why and how we should use AI for critical applications. In this talk, I discuss the privacy issues in biometric-based authentication and surveillance, deepfakes, and the logical reasoning capabilities of LLM in the context of SAT solving. State-of-the-art deep learning (DL) solutions are now used for face-based and voice- based authentication. However, conventional biometric authentication (e.g., access control to a building) requires the enrollment data of a user to be stored in a remote server, unprotected, for comparison at authentication time. We have developed a system called Justitia to provide privacy-preserving biometric-based authentication. At enrollment time a client device processes a user’s facial image with a DL pipeline, derives encryption keys from the face data, and uses the keys to encrypt some random secrets. The server only stores the encrypted secrets and the hash of the secrets and authenticates a user if the client device can decrypt the secrets and send the correct hash back, essentially making biometric authentication like password-based authentication. There are privacy concerns in biometric-based surveillance, where the process of identifying “persons of interest” involves using the images of everybody on the scene. We have developed a privacy-preserving biometric search approach called Fuzzy Labeled Private Set Intersection (FLPSI), where the server holding a large biometric database learns nothing about the query or the result, and the querier also learns nothing about the database other than the query’s match(es). Of course, we should worry about deepfakes in biometric-based applications and beyond (e.g., fake video announcements). I will share my thoughts on this arms race. Finally, as to the question “What can LLMs do (well)?” I will share our recent work on formally showing a transformer can be programmed to perform SAT solving and empirically evaluating whether it can be trained to do so.
Speakers
Wenke Lee
Wenke Lee is a Regents’ Professor and John P. Imlay Jr. Chair at Georgia Tech. His research interests include systems and network security, malware analysis, applied cryptography, and machine learning. He received his Ph.D. in Computer Science from Columbia University and is an ACM Fellow and an IEEE Fellow.
