Evaluating Voice Conversion-based Privacy Protection against Informed Attackers

Srivastava, Brij Mohan Lal; Vauquier, Nathalie; Sahidullah, Md; Bellet, Aurelien; Tommasi, Marc; Vincent, Emmanuel

Type de document :

Communication dans un congrès avec actes

Titre :

Evaluating Voice Conversion-based Privacy Protection against Informed Attackers

Auteur(s) :

Srivastava, Brij Mohan Lal [Auteur]
Machine Learning in Information Networks [MAGNET]
Speech Modeling for Facilitating Oral-Based Communication [MULTISPEECH]
Vauquier, Nathalie [Auteur]
Machine Learning in Information Networks [MAGNET]
Sahidullah, Md [Auteur]
Speech Modeling for Facilitating Oral-Based Communication [MULTISPEECH]
Bellet, Aurelien [Auteur]

Machine Learning in Information Networks [MAGNET]
Tommasi, Marc [Auteur]

Machine Learning in Information Networks [MAGNET]
Vincent, Emmanuel [Auteur]
Speech Modeling for Facilitating Oral-Based Communication [MULTISPEECH]

Titre de la manifestation scientifique :

ICASSP 2020 - 45th International Conference on Acoustics, Speech, and Signal Processing

Organisateur(s) de la manifestation scientifique :

IEEE Signal Processing Society

Ville :

Barcelona

Pays :

Espagne

Date de début de la manifestation scientifique :

2020-05-04

Date de publication :

2020-05-04

Mot(s)-clé(s) en anglais :

linkage attack
privacy
speaker verification
attacker
speech recognition
voice conversion

Discipline(s) HAL :

Informatique [cs]/Apprentissage [cs.LG]
Informatique [cs]/Informatique et langage [cs.CL]

Résumé en anglais : [en]

Speech data conveys sensitive speaker attributes like identity or accent. With a small amount of found data, such attributes can be inferred and exploited for malicious purposes: voice cloning, spoofing, etc. Anonymization ...
Lire la suite >Speech data conveys sensitive speaker attributes like identity or accent. With a small amount of found data, such attributes can be inferred and exploited for malicious purposes: voice cloning, spoofing, etc. Anonymization aims to make the data unlinkable, i.e., ensure that no utterance can be linked to its original speaker. In this paper, we investigate anonymization methods based on voice conversion. In contrast to prior work, we argue that various linkage attacks can be designed depending on the attackers' knowledge about the anonymization scheme. We compare two frequency warping-based conversion methods and a deep learning based method in three attack scenarios. The utility of converted speech is measured via the word error rate achieved by automatic speech recognition, while privacy protection is assessed by the increase in equal error rate achieved by state-of-the-art i-vector or x-vector based speaker verification. Our results show that voice conversion schemes are unable to effectively protect against an attacker that has extensive knowledge of the type of conversion and how it has been applied, but may provide some protection against less knowledgeable attackers.Lire moins >

Langue :

Anglais

Comité de lecture :

Oui

Audience :

Internationale

Vulgarisation :

Non

Projet ANR :

Apprentissage distribué, personnalisé, préservant la privacité pour le traitement de la parole

Collections :