Deepfakes

• AI to transplant faces onto other person’s face
• Also can fake:
  • Voice
  • Gait
    • Humans very sensitive to gait; character animation is difficult which is why motion capture is usually used
• 2017: r/deepfakes, mostly for porn
  • Existed previously in research institutions since the 90s

Theory:

• Deep learning used to train generative neural networks such as:
  • Autoencoders
  • Generative adversarial networks (GANs)

Autoencoders:

• Reduce image to lower-dimensional latent space
  • Contains key features about facial features and body pose
• Decoder: reconstructs image from latent representation
• Train model for a specific target
  • Match keypoints to superimpose the target’s facial features

Generative adversarial networks (GANs):

• GAN trains generator (decoder) and discriminator
• Generate creates new images; discriminator attempts to determine if the image is generated or not
• Makes them realistic and difficult to spot deepfakes
  • Researchers have made algorithms to detect this
    • Shadow/lighting inconsistencies
    • Light reflections in eyes
    • Wael AbdAlmageed:
      • 1st gen: Spatio-temporal inconsistencies (using RNNs)
      • 2nd gen: end-to-end deep networks to detect frequency information
        • One branch amplifies low frequency information with the Laplacian of Gaussian
        • The second branch propagates color information
    • DARPA competitions
  • But these can then be used to update the discriminator

Use-cases:

• Movies: dead actors/de-aging
• Identity fraud
  • Online/app video-based identification (liveness tests)
• Porn
• Blackmail
  • Revenge porn
  • Related: if there is real compromising footage of a victim, they can just claim that it is a deepfake
• Fake news
  • Declaring war as political leaders
• Sockpuppets
  • Users active online and in traditional media that don’t exist
  • Video footage of people considered to be trustworthy
  • Example: ‘Oliver Taylor’ persona

Exploitation, intimidation, personal sabotage

Prevention:

• Digital signing of images/videos from cameras and smartphones
  • But can also be used to track down dissidents

Future of Autonomous Biosecurity Sensing

In the future, it is reasonable to expect huge swarms of low cost drones that are scanning for biosecurity etc.

Assume a central base station that controls the paths of the drones. How would you would violate the security of the drones?

• Jam signal
  • Frequency hopping?
  • P2P communication will make jamming more difficult
  • If close enough, can locate self relative to other drones visually
• GPS spoofing?
  • Or just jam GPS
    • Use local map and determine position using landmarks, inertial sensors etc.
  • Gradually shift position to cause them to crash?
• Replay attack?
  • Timestamp packets, max age
  • P2P sharing of latest command index/timestamp in system; if one drone can hear the original signal, they can share it with others to prevent replays
• Spoof commands
  • Sign packets with public key encryption
  • Commands from base station sent peer to peer so jamming will be difficult
• PKI to establish symmetric key
  • Shoot down a drone and extract keys?
  • Hardware security modules; no way to access key