Zhaosen Shi,Zeyu Yang,Alzubair Hassan,Fagen Li,Xuyang Ding

DOI: https://doi.org/10.1007/s11235-022-00982-3

2022-12-09

Telecommunication Systems

Abstract:The performance of machine learning models largely depends on the amount of data. However, with the improvement of privacy awareness, data sharing has become more and more difficult. Federated learning provides a solution for joint machine learning, which alleviates this difficulty. Although it works by sharing parameters instead of data, privacy threats like inference attacks still exist owing to the exposed parameters or updates. In this paper, we propose a privacy preserving scheme for federated learning by combining the homomorphism of both secret sharing and encryption. Our scheme ensures the confidentiality of local parameters and tolerates collusion threats under a certain range. Our scheme also tolerates dropping of some clients, performs aggregation without sharing keys and has simple interaction process. Meantime, we use the automatic protocol tool ProVerif to verify its cryptographic functionality, analyze its theoretical complexity and compare them with similar schemes. We verify our scheme by experiment to show that it has less running time compared with some schemes.

telecommunications

Dong Mao,Qiongqian Yang,Hongkai Wang,Zuge Chen,Chen Li,Yubo Song,Zhongyuan Qin

DOI: https://doi.org/10.3390/electronics13061028

IF: 2.9

2024-03-10

Electronics

Abstract:Federated learning (FL) is increasingly challenged by security and privacy concerns, particularly vulnerabilities exposed by malicious participants. There remains a gap in effectively countering threats such as model inversion and poisoning attacks in existing research. To address these challenges, this paper proposes the Effective Private-Protected Federated Learning Aggregation Algorithm (EPFed), a framework that utilizes a blockchain platform, homomorphic encryption, and secret sharing to fortify the data privacy and computational efficiency in a federated learning environment. EPFed works by establishing "trust groups" through the unique integration of a Chinese Remainder Theorem-based secret sharing scheme with Paillier homomorphic encryption, streamlining secure model parameter exchange and aggregation while minimizing the computational load. Our performance-driven aggregation strategy leverages local performance metrics to safeguard against malicious contributions, ensuring both the integrity and efficiency of the learning process. The evaluations demonstrate that EPFed achieves a remarkable accuracy rate of 92.5%, thereby confirming the advanced nature of the proposed solution in addressing the pressing challenges of FL.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xuan Jin,Yuanzhi Yao,Nenghai Yu,,

DOI: https://doi.org/10.52396/justc-2022-0116

2023-01-01

JUSTC

Abstract:Federated learning allows multiple mobile participants to jointly train a global model without revealing their local private data. Communication-computation cost and privacy preservation are key fundamental issues in federated learning. Existing secret sharing-based secure aggregation mechanisms for federated learning still suffer from significant additional costs, insufficient privacy preservation, and vulnerability to participant dropouts. In this paper, we aim to solve these issues by introducing flexible and effective secret sharing mechanisms into federated learning. We propose two novel privacy-preserving federated learning schemes: federated learning based on one-way secret sharing (FLOSS) and federated learning based on multishot secret sharing (FLMSS). Compared with the state-of-the-art works, FLOSS enables high privacy preservation while significantly reducing the communication cost by dynamically designing secretly shared content and objects. Meanwhile, FLMSS further reduces the additional cost and has the ability to efficiently enhance the robustness of participant dropouts in federated learning. Foremost, FLMSS achieves a satisfactory tradeoff between privacy preservation and communication-computation cost. Security analysis and performance evaluations on real datasets demonstrate the superiority of our proposed schemes in terms of model accuracy, privacy preservation, and cost reduction.

Weizhao Jin,Yuhang Yao,Shanshan Han,Jiajun Gu,Carlee Joe-Wong,Srivatsan Ravi,Salman Avestimehr,Chaoyang He

2024-06-17

Abstract:Federated Learning trains machine learning models on distributed devices by aggregating local model updates instead of local data. However, privacy concerns arise as the aggregated local models on the server may reveal sensitive personal information by inversion attacks. Privacy-preserving methods, such as homomorphic encryption (HE), then become necessary for FL training. Despite HE's privacy advantages, its applications suffer from impractical overheads, especially for foundation models. In this paper, we present FedML-HE, the first practical federated learning system with efficient HE-based secure model aggregation. FedML-HE proposes to selectively encrypt sensitive parameters, significantly reducing both computation and communication overheads during training while providing customizable privacy preservation. Our optimized system demonstrates considerable overhead reduction, particularly for large foundation models (e.g., ~10x reduction for ResNet-50, and up to ~40x reduction for BERT), demonstrating the potential for scalable HE-based FL deployment.

Machine Learning,Cryptography and Security

Jiachen Shen,Yekang Zhao,Shitao Huang,Yongjun Ren

DOI: https://doi.org/10.3390/electronics13224478

IF: 2.9

2024-11-20

Electronics

Abstract:Federated learning avoids centralizing data in a central server by distributing the model training process across devices, thus protecting privacy to some extent. However, existing research shows that model updates (e.g., gradients or weights) exchanged during federated learning may still indirectly leak sensitive information about the original data. Currently, single-key homomorphic encryption methods applied in federated learning cannot solve the problem of privacy leakage that may be caused by the collusion between the participant and the federated learning server, whereas existing privacy-preserving federated learning schemes based on multi-key homomorphic encryption in semi-honest environments have deficiencies and limitations in terms of security and application conditions. To this end, this paper proposes a privacy-preserving federated learning scheme based on multi-key fully homomorphic encryption to cope with the potential risk of privacy leakage in traditional federated learning. We designed a multi-key fully homomorphic encryption scheme, mMFHE, that encrypts by aggregating public keys and requires all participants to jointly participate in decryption sharing, thus ensuring data security and privacy. The proposed privacy-preserving federated learning scheme encrypts the model updates through multi-key fully homomorphic encryption, ensuring confidentiality under the CRS model and in a semi-honest environment. As a fully homomorphic encryption scheme, mMFHE supports homomorphic addition and homomorphic multiplication for more flexible applications. Our security analysis proves that the scheme can withstand collusive attacks by up to N−1 users and servers, where N is the total number of users. Performance analysis and experimental results show that our scheme reduces the complexity of the NAND gate, which reduces the computational load and improves the efficiency while ensuring the accuracy of the model.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yong Li,Yipeng Zhou,Alireza Jolfaei,Dongjin Yu,Gaochao Xu,Xi Zheng

DOI: https://doi.org/10.1109/jiot.2020.3022911

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a promising new technology in the field of IoT intelligence. However, exchanging model-related data in FL may leak the sensitive information of participants. To address this problem, we propose a novel privacy-preserving FL framework based on an innovative chained secure multiparty computing technique, named chain-PPFL. Our scheme mainly leverages two mechanisms: 1) single-masking mechanism that protects information exchanged between participants and 2) chained-communication mechanism that enables masked information to be transferred between participants with a serial chain frame. We conduct extensive simulation-based experiments using two public data sets (MNIST and CIFAR-100) by comparing both training accuracy and leak defence with other state-of-the-art schemes. We set two data sample distributions (IID and NonIID) and three training models (CNN, MLP, and L-BFGS) in our experiments. The experimental results demonstrate that the chain-PPFL scheme can achieve practical privacy preservation (equivalent to differential privacy with $epsilon $ approaching zero) for FL with some cost of communication and without impairing the accuracy and convergence speed of the training model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jaehyoung Park,Hyuk Lim

DOI: https://doi.org/10.3390/app12020734

2022-01-12

Applied Sciences

Abstract:Federated learning (FL) is a machine learning technique that enables distributed devices to train a learning model collaboratively without sharing their local data. FL-based systems can achieve much stronger privacy preservation since the distributed devices deliver only local model parameters trained with local data to a centralized server. However, there exists a possibility that a centralized server or attackers infer/extract sensitive private information using the structure and parameters of local learning models. We propose employing homomorphic encryption (HE) scheme that can directly perform arithmetic operations on ciphertexts without decryption to protect the model parameters. Using the HE scheme, the proposed privacy-preserving federated learning (PPFL) algorithm enables the centralized server to aggregate encrypted local model parameters without decryption. Furthermore, the proposed algorithm allows each node to use a different HE private key in the same FL-based system using a distributed cryptosystem. The performance analysis and evaluation of the proposed PPFL algorithm are conducted in various cloud computing-based FL service scenarios.

Meng Shen,Jing Wang,Jie Zhang,Qinglin Zhao,Bohan Peng,Tong Wu,Liehuang Zhu,Ke Xu

DOI: https://doi.org/10.1109/tnse.2024.3360311

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Federated Learning (FL) is a machine learning approach that enables multiple users to share their local models for the aggregation of a global model, protecting data privacy by avoiding the sharing of raw data. However, frequent parameter sharing between users and the aggregator can incur high risk of membership privacy leakage. In this paper, we propose LiPFed, a computationally lightweight privacy preserving FL scheme using secure decentralized aggregation for edge networks. Under this scheme, we ensure privacy preservation on the aggregation side, and promote lightweight computation on the user side. By incorporating blockchain and additive secret sharing algorithm, we effectively protect the membership privacy of both local models and global models. Furthermore, the secure decentralized aggregation mechanism safeguards against potential compromises of the aggregator. Meanwhile, smart contract is introduced to identify malicious models uploaded by edge nodes and return trustworthy global models to users. Rigorous security analysis shows the effectiveness of this scheme in privacy preservation. Extensive experiments verify that LiPFed outperforms the state-of-the-art schemes in terms of training efficiency, model accuracy, and privacy preservation.

Xue Yang,Zifeng Liu,Xiaohu Tang,Rongxing Lu,Bo Liu

2024-05-31

Abstract:With the emergence of privacy leaks in federated learning, secure aggregation protocols that mainly adopt either homomorphic encryption or threshold secret sharing have been widely developed for federated learning to protect the privacy of the local training data of each client. However, these existing protocols suffer from many shortcomings, such as the dependence on a trusted third party, the vulnerability to clients being corrupted, low efficiency, the trade-off between security and fault tolerance, etc. To solve these disadvantages, we propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully modify the variant ElGamal encryption technique to achieve homomorphic addition operation, which has two important advantages: 1) The server and each client can freely select public and private keys without introducing a trust third party and 2) Compared to the variant ElGamal encryption, the plaintext space is relatively large, which is more suitable for the deep model. Besides, for the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into 1-D, which can greatly reduce encryption and decryption times as well as communication for ciphertext transmission. Detailed security analyses show that our proposed scheme achieves the semantic security of both individual local gradients and the aggregated result while achieving optimal robustness in tolerating both client collusion and dropped clients. Extensive simulations demonstrate that the accuracy of our scheme is almost the same as the non-private approach, while the efficiency of our scheme is much better than the state-of-the-art homomorphic encryption-based secure aggregation schemes. More importantly, the efficiency advantages of our scheme will become increasingly prominent as the number of model parameters increases.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition,Machine Learning

Ling-ling Wang,Lung-Chuang Wang,Xueqin Zhao,Zhongkai Lu

DOI: https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys57074.2022.00187

2022-12-01

Abstract:Federated learning (FL) is an emerging privacy-preserving machine learning framework, where users individually train a shared global model maintained by a central coordinating server without leaking local data. However, intrinsic privacy issue still exists, e.g., training samples could be revealed from inferring gradients. Moreover, identity privacy will be exposed when a participant performs a task. In this paper, we propose a privacy-preserving federated learning scheme (PPFL), which aims to enhance the privacy protection of participants, including data privacy and identity privacy. Specifically, we propose a lightweight linkable ring signature scheme to protect identity privacy, and we mask gradients via random number generator to protect data privacy. Moreover, compared with existing schemes, the communication overhead in unmasking phase remains constant regardless of the number of participants. Finally, we provide privacy and security analysis and experimental evaluations to corroborate the practical performance of the presented scheme with high efficiency.

Computer Science

Meng Hao,Hongwei Li,Guowen Xu,Sen Liu,Haomiao Yang

DOI: https://doi.org/10.1109/icc.2019.8761267

2019-05-01

Abstract:Deep learning has been applied in many areas, such as computer vision, natural language processing and emotion analysis. Differing from the traditional deep learning that collects users’ data centrally, federated deep learning requires participants to train the networks on private datasets and share the training results, and hence has more gratifying efficiency and stronger security. However, it still presents some privacy issues since adversaries can deduce users’ privacy from local outputs, such as gradients. While the problem of private federated deep learning has been an active research issue, the latest research findings are still inadequate in terms of security, accuracy and efficiency. In this paper, we propose an efficient and privacy-preserving federated deep learning protocol based on stochastic gradient descent method by integrating the additively homomorphic encryption with differential privacy. Specifically, users add noises to each local gradients before encrypting them to obtain the optical performance and security. Moreover, our scheme is secure to honest-but-curious server setting even if the cloud server colludes with multiple users. Besides, our scheme supports federated learning for large-scale users scenarios and extensive experiments demonstrate our scheme has high efficiency and high accuracy compared with non-private model.

Xue Yang,Zifeng Liu,Xiaohu Tang,Rongxing Lu,Bo Liu

DOI: https://doi.org/10.1109/tsc.2024.3451165

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:In light of the emergence of privacy breaches in federated learning, secure aggregation protocols, which mainly adopt either homomorphic encryption or threshold secret sharing techniques, have been extensively developed to preserve the privacy of each client's local gradient. Nevertheless, many existing schemes suffer from either poor capability of privacy protection or expensive computational and communication overheads. Accordingly, in this paper, we propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully design a multi-private key secure aggregation algorithm that achieves homomorphic addition operation, with two important benefits: 1) both the server and each client can freely select public and private keys without introducing a trusted third party, and 2) the plaintext space is relatively large, making it more suitable for deep models. Besides, for dealing with the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into one dimension, which greatly reduces encryption and decryption times as well as communication for ciphertext transmission. Detailed security analyses show that our proposed scheme can achieve semantic security of both individual local gradients and the aggregated result while achieving optimal robustness in tolerating client collusion. Extensive simulations demonstrate that the accuracy of our scheme is almost the same as the non-private approach, while the efficiency of our scheme is much better than the state-of-the-art baselines. More importantly, the efficiency advantages of our scheme will become increasingly prominent as the number of model parameters increases.

computer science, information systems, software engineering

Xia Zhang,Haitao Deng,Rui Wu,Jingjing Ren,Yongjun Ren

DOI: https://doi.org/10.1038/s41598-024-74377-6

IF: 4.6

2024-10-11

Scientific Reports

Abstract:In federated learning, secret sharing is a key technology to maintain the privacy of participants' local models. Moreover, with the rapid development of quantum computers, existing federated learning privacy protection schemes based on secret sharing will no longer be able to guarantee the data security of participants in the post-quantum era. In addition, existing privacy protection methods have the problem of high communication and computational overhead. Although the multi-stage secret sharing scheme proposed by Pilaram et al. is one of the effective solutions to the above problems, existing studies have proven the privacy leakage risk of this scheme. This paper firstly designs a new lattice-based multi-stage secret sharing scheme Improved-Pilaram to solve the security problem, which allows participants to use public vectors to reconstruct different secret values without changing the secret sharing. Based on Improved-Pilaram , this article proposes a post-quantum secure federated learning scheme PQSF . PQSF uses double masking technology to encrypt model parameters and achieves mask reconstruction through secret sharing. Since Improved-Pilaram is multi-stage, participants do not need to update their local secret shares frequently during training. Analysis and experimental results show that the PQSF proposed in this paper reduces the communication complexity between participants and reduces the computational overhead by about 20% compared with existing solutions.

multidisciplinary sciences

Zhou Zhou,Youliang Tian,Changgen Peng

DOI: https://doi.org/10.1155/2021/6692061

2021-06-26

Wireless Communications and Mobile Computing

Abstract:The requirement for data sharing and privacy has brought increasing attention to federated learning. However, the existing aggregation models are too specialized and deal less with users’ withdrawal issue. Moreover, protocols for multiparty entity matching are rarely covered. Thus, there is no systematic framework to perform federated learning tasks. In this paper, we systematically propose a privacy-preserving federated learning framework (PFLF) where we first construct a general secure aggregation model in federated learning scenarios by combining the Shamir secret sharing with homomorphic cryptography to ensure that the aggregated value can be decrypted correctly only when the number of participants is greater than t . Furthermore, we propose a multiparty entity matching protocol by employing secure multiparty computing to solve the entity alignment problems and a logistic regression algorithm to achieve privacy-preserving model training and support the withdrawal of users in vertical federated learning (VFL) scenarios. Finally, the security analyses prove that PFLF preserves the data privacy in the honest-but-curious model, and the experimental evaluations show PFLF attains consistent accuracy with the original model and demonstrates the practical feasibility.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianzhe Zhao,Chenxi Huang,Wenji Wang,Rulin Xie,Rongrong Dong,Stan Matwin

DOI: https://doi.org/10.1007/s11227-023-05378-x

IF: 3.3

2023-05-27

The Journal of Supercomputing

Abstract:Federated learning (FL) is an emerging distributed machine learning paradigm without revealing private local data for privacy-preserving. However, there are still limitations. On one hand, user’ privacy can be deduced from local outputs. On the other hand, privacy, efficiency, and accuracy are hard to fulfill for conflicting goals. To tackle these problems, we propose a novel privacy-preserving FL (HEFL-LDP) algorithm, which integrates semi-homomorphic encryption and local differential privacy. With the reduction of computational and communication burden, HEFL-LDP resists model inversion attacks and membership inference attacks from a server or malicious client. Moreover, a new utility optimization strategy with accuracy-oriented privacy parameter adjustment and model shuffling is proposed to solve the problem of accuracy decline. The security and cost of the algorithm are verified through theoretical analysis and proof. Comprehensive experimental evaluations on the MNIST dataset and CIFAR-10 dataset demonstrate that HEFL-LDP significantly reduces the privacy budget and outperforms existing algorithms in computational cost and accuracy.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Jing Ma,Si-Ahmed Naas,Stephan Sigg,Xixiang Lyu

DOI: https://doi.org/10.1002/int.22818

2021-04-14

Abstract:With the advance of machine learning and the internet of things (IoT), security and privacy have become key concerns in mobile services and networks. Transferring data to a central unit violates privacy as well as protection of sensitive data while increasing bandwidth demands.Federated learning mitigates this need to transfer local data by sharing model updates only. However, data leakage still remains an issue. In this paper, we propose xMK-CKKS, a multi-key homomorphic encryption protocol to design a novel privacy-preserving federated learning scheme. In this scheme, model updates are encrypted via an aggregated public key before sharing with a server for aggregation. For decryption, collaboration between all participating devices is required. This scheme prevents privacy leakage from publicly shared information in federated learning, and is robust to collusion between $k<N-1$ participating devices and the server. Our experimental evaluation demonstrates that the scheme preserves model accuracy against traditional federated learning as well as secure federated learning with homomorphic encryption (MK-CKKS, Paillier) and reduces computational cost compared to Paillier based federated learning. The average energy consumption is 2.4 Watts, so that it is suited to IoT scenarios.

Cryptography and Security

Neveen Mohammad Hijazi,Moayad Aloqaily,Mohsen Guizani

DOI: https://doi.org/10.1016/j.comcom.2024.107948

IF: 5.047

2024-09-13

Computer Communications

Abstract:Federated Learning (FL) has emerged as a powerful model for training collaborative machine learning (ML) models while maintaining the privacy of participants' data. However, traditional FL methods can exhibit limitations such as increased communication overhead, vulnerability to poisoning attacks, and reliance on a central server, which can impede their practicality in certain IoT applications. In such cases, the necessity of a central server to oversee the learning process may be infeasible, particularly in situations with limited connectivity and energy management. To address these challenges, peer-to-peer FL (P2PFL) offers an alternative approach, providing greater adaptability by enabling participants to collaboratively train their own models alongside their peers. This paper introduces an original framework that combines P2PFL and Homomorphic Encryption (HE), enabling secure computations on encrypted data. Furthermore, a defense approach against poisoning attacks based on cosine similarity is introduced These techniques enable users to collectively learn while preserving data privacy and accounting for ideal energy optimization. The proposed approach has demonstrated superior performance metrics in terms of accuracy, F-scores, and loss when compared to other similar approaches. Furthermore, it offers robust privacy and security measures, leading to an enhanced security level, with improvements ranging from 5.5% to 14.6%. Moreover, we demonstrate that the proposed approach effectively reduces the communication overhead. The proposed approach resulted in impressive reductions in communication overhead ranging from 63.8% to 79.6%. The implementation of these security models was cumbersome, but we have made the code publicly available for your reference 1 .

computer science, information systems,telecommunications,engineering, electrical & electronic

Yong Li,Gaochao Xu,Xutao Meng,Wei Du,Xianglin Ren

DOI: https://doi.org/10.3390/e26050353

IF: 2.738

2024-04-24

Entropy

Abstract:In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL.

physics, multidisciplinary

Yogachandran Rahulamathavan,Charuka Herath,Xiaolan Liu,Sangarapillai Lambotharan,Carsten Maple

2024-10-06

Abstract:The federated learning (FL) technique was developed to mitigate data privacy issues in the traditional machine learning paradigm. While FL ensures that a user's data always remain with the user, the gradients are shared with the centralized server to build the global model. This results in privacy leakage, where the server can infer private information from the shared gradients. To mitigate this flaw, the next-generation FL architectures proposed encryption and anonymization techniques to protect the model updates from the server. However, this approach creates other challenges, such as malicious users sharing false gradients. Since the gradients are encrypted, the server is unable to identify rogue users. To mitigate both attacks, this paper proposes a novel FL algorithm based on a fully homomorphic encryption (FHE) scheme. We develop a distributed multi-key additive homomorphic encryption scheme that supports model aggregation in FL. We also develop a novel aggregation scheme within the encrypted domain, utilizing users' non-poisoning rates, to effectively address data poisoning attacks while ensuring privacy is preserved by the proposed encryption scheme. Rigorous security, privacy, convergence, and experimental analyses have been provided to show that FheFL is novel, secure, and private, and achieves comparable accuracy at reasonable computational cost.

Artificial Intelligence,Cryptography and Security