Privacy-Preserving Robotic Perception for Object Detection in Curious Cloud Robotics
Michele Antonazzi, Matteo Alberti, Alex Bassot, Matteo Luperto, Nicola Basilico
AI summary
Problem
Offloading object detection to third-party cloud servers requires transmitting raw images, which exposes sensitive environmental data to curious providers since decryption is unavoidable. Existing privacy techniques either fail against deep-learning reconstruction attacks or lack the real-time efficiency needed for mobile robots.
Approach
A lightweight encoder-decoder runs on the robot to obfuscate images before transmission, co-trained with a pre-trained cloud detector using a weak loss mechanism that selectively computes gradients over a subset of object proposals to distill only task-relevant features.
Key results
- Theoretical proof that standard bottleneck compression fails for object detection
- Novel weak loss via proposal selection balances detection accuracy and privacy
- Obfuscated data resists Model Inversion Attacks and appears as noise to humans
- Validated on public datasets and real-world experiments on a Giraff robot
Why it matters
Enables secure, real-time cloud-based perception for service robots operating in private environments without compromising user privacy.
Abstract
Cloud robotics allows low–power robots to perform computationally intensive inference tasks by offloading them to the cloud, raising privacy concerns when transmitting sensitive images. Although end–to–end encryption secures data in transit, it does not prevent misuse by inquisitive third–party services since data must be decrypted for processing. This paper tackles these privacy issues in cloud–based object detection tasks for service robots. We propose a co–trained encoder–decoder architecture that retains only task–specific features while obfuscating sensitive information, utilizing a novel weak loss mechanism with proposal selection for privacy preservation. A theoretical analysis of the problem is provided, along with an evaluation of the trade–off between detection accuracy and privacy preservation through extensive experiments on public datasets and a real robot.