Weidong Du,Min Li,Xiaoyuan Yang,Liqiang Wu,Tanping Zhou

DOI: https://doi.org/10.1016/j.pmcj.2022.101697

IF: 3.848

2022-01-01

Pervasive and Mobile Computing

Abstract:To prevent privacy information leakage through model parameters in federated learning, many works use homomorphic encryption to protect clients' updates. However, most of them result in significant computation and communication overhead. Even worse, few of them have considered the correctness of the aggregated results and collusion attack between internal curious clients and the server. In this paper, we propose VCFL, an efficient verifiable and collusion attack resistant privacy preserving framework for cross-silo federated learning. Firstly, we design a homomorphic signcryption mechanism to sign and encrypt model parameters in one go. Secondly, we employ the blinding technique to resist collusion attack between clients and the server. Moreover, we leverage the batching approach to further reduce its computation and communication overhead. Finally, we simulate VCFL in FedML on real world datasets and models. Extensive experimental results show that VCFL can guarantee model performance while protecting privacy, and it is more efficient in both computation and communication than similar frameworks.(c) 2022 Elsevier B.V. All rights reserved.

Weidong Du,Min Li,Liqiang Wu,Yiliang Han,Tanping Zhou,Xiaoyuan Yang

DOI: https://doi.org/10.1007/s40747-023-00978-9

IF: 6.7

2023-01-01

Complex & Intelligent Systems

Abstract:To ensure no private information is leaked in the aggregation phase in federated learning (FL), many frameworks use homomorphic encryption (HE) to mask local model updates. However, the heavy overheads of these frameworks make them unsuitable for cross-device FL, where the clients are a huge number of mobile and edge devices with limited computing resources. Even worse, some of them also fail to manage the dynamic changes of clients. To overcome these shortcomings, we propose a threshold multi-key HE scheme tMK-CKKS and design an efficient and robust privacy-preserving FL framework. Robustness means that our framework allows clients to join in or drop out during the training process. Besides, because our tMK-CKKS scheme can pack multiple messages in a single ciphertext, our framework significantly reduces the computation and communication overhead. Moreover, the threshold mechanism in tMK-CKKS ensures that our framework can resist collusion attacks between the server and no more than t (threshold value) curious internal clients. Finally, we implement our framework in FedML and conduct extensive experiments to evaluate our framework. Utility evaluations on 6 benchmark datasets show that our framework can protect privacy without sacrificing the model accuracy. Efficiency evaluations on 4 typical deep learning models demonstrate that: our framework can speed up the computation by at least 1.21 × over xMK-CKKS-based framework, 15.84 × over Batchcrypt-based framework, and 20.30 × over CRT-Paillier-based framework. Our framework can reduce the communication burden by at least 8.61 MB over Batchcrypt-based framework, 35.36 MB over xMK-CKKS-based framework and 42.58 MB over CRT-Paillier-based framework. The advantages in both computation and communication expand with the size of deep learning models.

Yange Chen,Lei Liu,Yuan Ping,Mohammed Atiquzzaman,Shahid Mumtaz,Zhili Zhang,Mohsen Guizani,Zhihong Tian

DOI: https://doi.org/10.1109/tnsm.2024.3418786

2024-01-01

Abstract:Federated learning offers a partial safeguard for participants’ data privacy. Nevertheless, the current absence of an efficient privacy-preserving federated learning technology tailored for the Internet of Things (IoT) poses a challenge. Numerous privacy-preserving federated learning frameworks have been proposed, primarily relying on homomorphic cryptosystems, yet their suitability for IoT remains limited. Furthermore, the application of federated learning in IoT confronts two significant obstacles: mitigating the substantial communication costs and communication failure rates, and effectively discerning and utilizing high-quality data while discarding low-quality data for collaborative modeling purposes. In order to address these challenges, this paper introduces a privacy-preserving optimal aggregation federated learning framework that relies on the utilization of the multi-key EC-ElGamal cryptosystem (MEEC) and the federated sum optimization algorithm (FSOA), which are characterized by their lightweight nature and fair properties. The proposed MEEC approach aims to tackle the issue of multi-key collaborative computing within the context of federated learning, thereby resulting in reduced communication costs and enhanced communication efficiency. This is achieved through the leverage of the EC-ElGamal cryptosystem, which is known for its ability to generate short keys and ciphertexts. Furthermore, this paper presents a dynamic federated learning framework that incorporates user dynamic quit and join algorithms. The primary objective of this framework is to mitigate the adverse effects of communication failures and enhance power computation on IoT devices. Additionally, an FSOA is devised to ensure the acquisition of optimal training data, thereby preventing the inclusion of low-quality data in the training process. Subsequently, the proposed scheme undergoes rigorous security analysis and performance evaluation. The obtained results unequivocally demonstrate that our scheme outperforms existing solutions in terms of security, practicality, and efficiency with lower communication and computational costs.

Xinyu Feng,Qingni Shen,Cong Li,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1109/icassp48485.2024.10446283

2024-01-01

Abstract:Federated learning (FL) allows different participants to collaborate on model training without transmitting raw data, thereby protecting user data privacy. However, FL faces a series of security and privacy issues (e.g. the leakage of raw data from publicly shared parameters). Several privacy protection technologies, such as homomorphic encryption, differential privacy and functional encryption, are introduced for privacy enhancement in FL. Among them, the FL frameworks based on functional encryption better balance security and performance, thus receiving increasing attention. The previous FL frameworks based on functional encryption suffer from several security issues, including attacks by combining multiple rounds of ciphertexts and keys, and leakage of global parameters to the central server. To tackle these issues, we propose a novel multi-input functional proxy re-encryption (MI-FPRE) scheme and further design a new FL framework with better privacy based on MI-FPRE. Our framework allows a semi-trusted central server to aggregate the parameters without knowing the intermediate parameters and the result of aggregation, thus achieves better privacy in FL training. The experimental results indicate that our framework achieves less communication overhead and higher computational efficiency without losing accuracy.

Yong Li,Yipeng Zhou,Alireza Jolfaei,Dongjin Yu,Gaochao Xu,Xi Zheng

DOI: https://doi.org/10.1109/jiot.2020.3022911

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a promising new technology in the field of IoT intelligence. However, exchanging model-related data in FL may leak the sensitive information of participants. To address this problem, we propose a novel privacy-preserving FL framework based on an innovative chained secure multiparty computing technique, named chain-PPFL. Our scheme mainly leverages two mechanisms: 1) single-masking mechanism that protects information exchanged between participants and 2) chained-communication mechanism that enables masked information to be transferred between participants with a serial chain frame. We conduct extensive simulation-based experiments using two public data sets (MNIST and CIFAR-100) by comparing both training accuracy and leak defence with other state-of-the-art schemes. We set two data sample distributions (IID and NonIID) and three training models (CNN, MLP, and L-BFGS) in our experiments. The experimental results demonstrate that the chain-PPFL scheme can achieve practical privacy preservation (equivalent to differential privacy with $epsilon $ approaching zero) for FL with some cost of communication and without impairing the accuracy and convergence speed of the training model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Weizhao Jin,Yuhang Yao,Shanshan Han,Jiajun Gu,Carlee Joe-Wong,Srivatsan Ravi,Salman Avestimehr,Chaoyang He

2024-06-17

Abstract:Federated Learning trains machine learning models on distributed devices by aggregating local model updates instead of local data. However, privacy concerns arise as the aggregated local models on the server may reveal sensitive personal information by inversion attacks. Privacy-preserving methods, such as homomorphic encryption (HE), then become necessary for FL training. Despite HE's privacy advantages, its applications suffer from impractical overheads, especially for foundation models. In this paper, we present FedML-HE, the first practical federated learning system with efficient HE-based secure model aggregation. FedML-HE proposes to selectively encrypt sensitive parameters, significantly reducing both computation and communication overheads during training while providing customizable privacy preservation. Our optimized system demonstrates considerable overhead reduction, particularly for large foundation models (e.g., ~10x reduction for ResNet-50, and up to ~40x reduction for BERT), demonstrating the potential for scalable HE-based FL deployment.

Machine Learning,Cryptography and Security

Nasir Ahmad Jalali,Hongsong Chen

DOI: https://doi.org/10.26599/tst.2023.9010007

2024-04-01

Abstract:The widespread use of the Internet of Things (IoTs) and the rapid development of artificial intelligence technologies have enabled applications to cross commercial and industrial band settings. Within such systems, all participants related to commercial and industrial systems must communicate and generate data. However, due to the small storage capacities of IoT devices, they are required to store and transfer the generated data to third-party entity called “cloud”, which creates one single point to store their data. However, as the number of participants increases, the size of generated data also increases. Therefore, such a centralized mechanism for data collection and exchange between participants is likely to face numerous challenges in terms of security, privacy, and performance. To address these challenges, Federated Learning (FL) has been proposed as a reasonable decentralizing approach, in which clients no longer need to transfer and store real data in the central server. Instead, they only share updated training models that are trained over their private datasets. At the same time, FL enables clients in distributed systems to share their machine learning models collaboratively without their training data, thus reducing data privacy and security challeges. However, slow model training and the execution of additional unnecessary communication rounds may hinder FL applications from operating properly in a distributed system. Furthermore, these unnecessary communication rounds make the system vulnerable to security and privacy issues, because irrelevant model updates are sent between clients and servers. Thus, in this work, we propose an algorithm for fully homomorphic encryption called Cheon-Kim-Kim-Song (CKKS) to encrypt model parameters for their local information privacy-preserving function. The proposed solution uses the impetus term to speed up model convergence during the model training process. Furthermore, it establishes a secure communication channel between IoT devices and the server. We also use a lightweight secure transport protocol to mitigate the communication overhead, thereby improving communication security and efficiency with low communication latency between client and server.

computer science, information systems,engineering, electrical & electronic, software engineering

Changti Wu,Lei Zhang,Lin Xu,Kim-Kwang Raymond Choo,Liangyu Zhong

DOI: https://doi.org/10.1109/jiot.2024.3380597

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) when deployed in an Internet of Things (IoT) ecosystem can facilitate the collaborative training of a global model involving different IoT local systems. However, there are a number of challenges in such deployments, and examples include single point of failure / attack, lack of fault tolerance, vulnerability to collusion attacks and accuracy loss. Therefore, we propose a privacy-preserving serverless FL scheme for IoT based on secure multi-party computation. Specifically, in our scheme, no central sever is required to coordinate the generation of global models. In doing so, we avoid the single point of failure / attack limitation. We also mitigate the fault tolerance limitation by using secret sharing. Finally, we provide a formal security proof that demonstrates the resilience of our scheme against collusion attacks, thereby establishing its effectiveness in achieving robust data privacy. Simulations are also implemented to show that our scheme does not suffer from accuracy loss.

Zhaosen Shi,Zeyu Yang,Alzubair Hassan,Fagen Li,Xuyang Ding

DOI: https://doi.org/10.1007/s11235-022-00982-3

2022-12-09

Telecommunication Systems

Abstract:The performance of machine learning models largely depends on the amount of data. However, with the improvement of privacy awareness, data sharing has become more and more difficult. Federated learning provides a solution for joint machine learning, which alleviates this difficulty. Although it works by sharing parameters instead of data, privacy threats like inference attacks still exist owing to the exposed parameters or updates. In this paper, we propose a privacy preserving scheme for federated learning by combining the homomorphism of both secret sharing and encryption. Our scheme ensures the confidentiality of local parameters and tolerates collusion threats under a certain range. Our scheme also tolerates dropping of some clients, performs aggregation without sharing keys and has simple interaction process. Meantime, we use the automatic protocol tool ProVerif to verify its cryptographic functionality, analyze its theoretical complexity and compare them with similar schemes. We verify our scheme by experiment to show that it has less running time compared with some schemes.

telecommunications

Li Zhang,Jianbo Xu,Pandi Vijayakumar,Pradip Kumar Sharma,Uttam Ghosh

DOI: https://doi.org/10.1109/tnse.2022.3185327

IF: 6.6

2022-01-01

IEEE Transactions on Network Science and Engineering

Abstract:In this work, the federated learning mechanism is introduced into the deep learning of medical models in Internet of Things (IoT)-based healthcare system. Cryptographic primitives, including masks and homomorphic encryption, are applied for further protecting local models, so as to prevent the adversary from inferring private medical data by various attacks such as model reconstruction attack or model inversion attack, etc. The qualities of the datasets owned by different participants are considered as the main factor for measuring the contribution rate of the local model to the global model in each training epoch, instead of the size of datasets commonly used in deep learning. A dropout-tolerable scheme is proposed in which the process of federated learning would not be terminated if the number of online clients is not less than a preset threshold. Through the analysis of the security, it shows that the proposed scheme satisfies data privacy. Computation cost and communication cost are also analyzed theoretically. Finally, skin lesion classification using training images provided by the HAM10000 medical dataset is set as an example of healthcare applications. Experimental results show that compared with existing schemes, the proposed scheme obtained promising results while ensuring privacy preserving.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Ruijin Wang,Jinshan Lai,Xiong Li,Donglin He,Muhammad Khurram Khan

DOI: https://doi.org/10.1016/j.jnca.2023.103768

IF: 7.574

2024-01-01

Journal of Network and Computer Applications

Abstract:Federated Learning for the Internet of Things(FL for IoT) contributes to the enhancement of security in smart cities. However, the privacy disclosure attacks within the FL for IoT framework exposes user’s local data . Although differential privacy mechanism (DP) ensures the privacy of IoT data, one crucial issue is DP affects model accuracy and reduces model reliability. Besides, DP cannot provide comprehensive privacy preservation in the IoT environment. To tackle the above problems, we propose reliable federated learning with privacy-preserving for IoT(RPIFL). Our approach comprises three key components. First, we leverage a lightweight network to hide the private data locally, then use the output to perform the next model training. Second, we propose a multi-modal fine-grained model optimization, which significantly improves the accuracy of the IoT model. Third, we implement adaptive differential privacy mechanisms tailored to dynamic privacy requirements, thereby safeguarding the confidentiality of IoT data. To empirically validate our framework, we conducted a simulation experiment on an image classification dataset. Our methodology concurrently ensures privacy protection and achieves superior accuracy compared to the baseline model with an average accuracy increase of 1.1% over the two prevailing federated privacy protection methods, coupled with an average reduction in convergence time of over 9%.

Jing Ma,Si-Ahmed Naas,Stephan Sigg,Xixiang Lyu

DOI: https://doi.org/10.1002/int.22818

2021-04-14

Abstract:With the advance of machine learning and the internet of things (IoT), security and privacy have become key concerns in mobile services and networks. Transferring data to a central unit violates privacy as well as protection of sensitive data while increasing bandwidth demands.Federated learning mitigates this need to transfer local data by sharing model updates only. However, data leakage still remains an issue. In this paper, we propose xMK-CKKS, a multi-key homomorphic encryption protocol to design a novel privacy-preserving federated learning scheme. In this scheme, model updates are encrypted via an aggregated public key before sharing with a server for aggregation. For decryption, collaboration between all participating devices is required. This scheme prevents privacy leakage from publicly shared information in federated learning, and is robust to collusion between $k<N-1$ participating devices and the server. Our experimental evaluation demonstrates that the scheme preserves model accuracy against traditional federated learning as well as secure federated learning with homomorphic encryption (MK-CKKS, Paillier) and reduces computational cost compared to Paillier based federated learning. The average energy consumption is 2.4 Watts, so that it is suited to IoT scenarios.

Cryptography and Security

Ping Zhao,Zhikui Cao,Jin Jiang,Fei Gao

DOI: https://doi.org/10.1109/jiot.2022.3201231

IF: 10.6

2022-12-24

IEEE Internet of Things Journal

Abstract:Federated learning (FL) enables multiple worker devices share local models trained on their private data to collaboratively train a machine learning model. However, local models are proved to imply the information about the private data and, thus, introduce much vulnerabilities to inference attacks where the adversary reconstructs or infers the sensitive information about the private data (e.g., labels, memberships, etc.) from the local models. To address this issue, existing works proposed homomorphic encryption, secure multiparty computation (SMC), and differential privacy methods. Nevertheless, the homomorphic encryption and SMC-based approaches are not applicable to large-scale FL scenarios as they incur substantial additional communication and computation costs and require secure channels to delivery keys. Moreover, differential privacy brings a substantial tradeoff between privacy budget and model performance. In this article, we propose a novel FL framework, which can protect the data privacy of worker devices against the inference attacks with minimal accuracy cost and low computation and communication cost, and does not rely on the secure pairwise communication channels. The main idea is to generate the lightweight keys based on computational Diffie–Hellman (CDH) problem to encrypt the local models, and the FL server can only get the sum of the local models of all worker devices without knowing the exact local model of any specific worker device. The extensive experimental results on three real-world data sets validate that the proposed FL framework can protect the data privacy of worker devices, and only incurs a small constant of computation and communication cost and a drop in test accuracy of no more than 1%.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sathwik Narkedimilli,Amballa Venkata Sriram,Satvik Raghav

2024-10-27

Abstract:This study proposes an advanced Federated Learning (FL) framework designed to enhance data privacy and security in IoT environments by integrating Decentralized Attribute-Based Encryption (DABE), Homomorphic Encryption (HE), Secure Multi-Party Computation (SMPC), and Blockchain technology. Unlike traditional FL, our framework enables secure, decentralized authentication and encryption directly on IoT devices using DABE, allowing sensitive data to remain locally encrypted. Homomorphic Encryption permits computations on encrypted data, and SMPC ensures privacy in collaborative computations, while Blockchain technology provides transparent, immutable record-keeping for all transactions and model updates. Local model weights are encrypted and transmitted to fog layers for aggregation using HE and SMPC, then iteratively refined by the central server using differential privacy to safeguard against data leakage. This secure, privacy-preserving FL framework delivers a robust solution for efficient model training and real-time analytics across distributed IoT devices, offering significant advancements in secure decentralized learning for IoT applications.

Cryptography and Security

Konstantin Burlachenko,Abdulmajeed Alrowithi,Fahad Ali Albalawi,Peter Richtarik

DOI: https://doi.org/10.1145/3630048.3630182

2023-12-05

Abstract:Traditional AI methodologies necessitate centralized data collection, which becomes impractical when facing problems with network communication, data privacy, or storage capacity. Federated Learning (FL) offers a paradigm that empowers distributed AI model training without collecting raw data. There are different choices for providing privacy during FL training. One of the popular methodologies is employing Homomorphic Encryption (HE) - a breakthrough in privacy-preserving computation from Cryptography. However, these methods have a price in the form of extra computation and memory footprint. To resolve these issues, we propose an innovative framework that synergizes permutation-based compressors with Classical Cryptography, even though employing Classical Cryptography was assumed to be impossible in the past in the context of FL. Our framework offers a way to replace HE with cheaper Classical Cryptography primitives which provides security for the training process. It fosters asynchronous communication and provides flexible deployment options in various communication topologies.

Cryptography and Security,Machine Learning,Optimization and Control

Xi Zhu,Junbo Wang,Wuhui Chen,Kento Sato

DOI: https://doi.org/10.1016/j.future.2022.10.026

2023-01-01

Abstract:Federated learning (FL) as a collaborative learning paradigm has attracted extensive attention due to its characteristic of privacy preserving, in which the clients train a shared neural network model collaboratively by their local dataset and upload their model parameters merely instead of original data by wireless network in the whole training process. Because FL reduces transmission significantly, it can further meets the efficiency and security of the next generation wireless system. Although FL has reduced the size of information that needs to be transmitted, the update of model parameters still suffers from privacy leakage and communication bottleneck especially in wireless networks. To address the problem of privacy and communication, this paper proposes a model compression based FL framework. Firstly, the designed model compression framework provides effective support for efficient and secure model parameters updating in FL while keeping the personalization of all clients. Then, the proposed perturbed model compression method can further reduce the size of the model and protect the privacy of the model without sacrificing much accuracy. Besides, it also facilitates the simultaneous execution of decryption and decompressing operations by reconstruction algorithm on encrypted and compressed model parameters which is obtained by the proposed perturbed model compression method. Finally, the illustrative results demonstrate that the proposed model compression based FL framework can significantly reduce the number of model parameters for uploading with a strong privacy preservation property. For example, when the compression ratio is 0.0953 (i.e., only 9.53% of the parameters are uploaded), the accuracy of MNIST achieves 97% while the accuracy without compression is 98%.

Wei Yang,Yuan Yang,Yingjie Xi,Hailong Zhang,Wei Xiang

DOI: https://doi.org/10.1007/s10489-024-05521-y

IF: 5.3

2024-05-28

Applied Intelligence

Abstract:Within the federated learning (FL) framework, the client collaboratively trains the model in coordination with a central server, while the training data can be kept locally on the client. Thus, the FL framework mitigates the privacy disclosure and costs related to conventional centralized machine learning. Nevertheless, current surveys indicate that FL still has problems in terms of communication efficiency and privacy risks. In this paper, to solve these problems, we develop an FL framework with communication-efficient and privacy-preserving (FLCP). To realize the FLCP, we design a novel compression algorithm with efficient communication, namely, adaptive weight compression FedAvg (AWC-FedAvg). On the basis of the non-independent and identically distributed (non-IID) and unbalanced data distribution in FL, a specific compression rate is provided for each client, and homomorphic encryption (HE) and differential privacy (DP) are integrated to provide demonstrable privacy protection and maintain the desirability of the model. Therefore, our proposed FLCP smoothly balances communication efficiency and privacy risks, and we prove its security against "honest-but-curious" servers and extreme collusion under the defined threat model. We evaluate the scheme by comparing it with state-of-the-art results on the MNIST and CIFAR-10 datasets. The results show that the FLCP performs better in terms of training efficiency and model accuracy than the baseline method.

computer science, artificial intelligence

Hu Xiong,Hang Yan,Mohammad S. Obaidat,Jingxue Chen,Mingsheng Cao,Sachin Kumar,Kadambri Agarwal,Saru Kumari

DOI: https://doi.org/10.1145/3688002

2024-01-01

Abstract:With the rapid development of smart device technology, the current version of the Internet of Things (IoT) is moving towards a multimedia IoT because of multimedia data. This innovative concept seamlessly integrates multimedia data with the IoT-Edge Continuum. Recently, a distributed learning framework shows promise in revolutionizing various industries, including smart cities, healthcare, etc. However, these applications may face challenges such as the presence of malicious devices that invade the privacy of other devices or corrupt uploaded model parameters. Additionally, the existing synchronous federated learning (FL) methods face challenges in effectively training models on local datasets due to the diversity of IoT devices. To tackle these concerns, we propose an efficient and privacy-enhanced asynchronous federated learning approach for multimedia data in edge-based IoT. In contrast to traditional FL methods, our approach combines revocable attribute-based encryption (RABE) and differential privacy (DP). This guarantees the privacy of the entire process while allowing seamless collaboration between multiple devices and the aggregation server during model training. Also, this combination brings a dynamic nature to the system. Furthermore, we utilize an asynchronous weight-based aggregation algorithm to improve the efficiency of training and the quality of the final returned model. Our proposed scheme is confirmed by theoretical safety proofs and experimental results with multimedia data. Performance evaluation shows that our framework reduces the cryptography runtime by 63.3% and the global model aggregation time by 61.9% compared to cutting-edge schemes. Moreover, our accuracy is comparable to the most primitive FL schemes, maintaining 86.7%, 70.8%, and 86.1% on MNIST, CIFAR-10, and Fashion-MNIST, respectively. The experimental results highlight the remarkable practicality, resilience and effectiveness of the proposed scheme.

Siyang Jiang,Hao Yang,Qipeng Xie,Chuan Ma,Sen Wang,Guoliang Xing

2024-08-12

Abstract:In sectors such as finance and healthcare, where data governance is subject to rigorous regulatory requirements, the exchange and utilization of data are particularly challenging. Federated Learning (FL) has risen as a pioneering distributed machine learning paradigm that enables collaborative model training across multiple institutions while maintaining data decentralization. Despite its advantages, FL is vulnerable to adversarial threats, particularly poisoning attacks during model aggregation, a process typically managed by a central server. However, in these systems, neural network models still possess the capacity to inadvertently memorize and potentially expose individual training instances. This presents a significant privacy risk, as attackers could reconstruct private data by leveraging the information contained in the model itself. Existing solutions fall short of providing a viable, privacy-preserving BRFL system that is both completely secure against information leakage and computationally efficient. To address these concerns, we propose Lancelot, an innovative and computationally efficient BRFL framework that employs fully homomorphic encryption (FHE) to safeguard against malicious client activities while preserving data privacy. Our extensive testing, which includes medical imaging diagnostics and widely-used public image datasets, demonstrates that Lancelot significantly outperforms existing methods, offering more than a twenty-fold increase in processing speed, all while maintaining data privacy.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Meng Hao,Hongwei Li,Guowen Xu,Hanxiao Chen,Tianwei Zhang

DOI: https://doi.org/10.1145/3485832.3488014

2021-12-06

Abstract:Federated learning (FL) has demonstrated tremendous success in various mission-critical large-scale scenarios. However, such promising distributed learning paradigm is still vulnerable to privacy inference and byzantine attacks. The former aims to infer the privacy of target participants involved in training, while the latter focuses on destroying the integrity of the constructed model. To mitigate the above two issues, a few works recently explored unified solutions by utilizing generic secure computation techniques and common byzantine-robust aggregation rules, but there are two major limitations: 1) they suffer from impracticality due to efficiency bottlenecks, and 2) they are still vulnerable to various types of attacks because of model incomprehensiveness. To approach the above problems, in this paper, we present SecureFL, an efficient, private and byzantine-robust FL framework. SecureFL follows the state-of-the-art byzantine-robust FL method (FLTrust NDSS’21), which performs comprehensive byzantine defense by normalizing the updates’ magnitude and measuring directional similarity, adapting it to the privacy-preserving context. More importantly, we carefully customize a series of cryptographic components. First, we design a crypto-friendly validity checking protocol that functionally replaces the normalization operation in FLTrust, and further devise tailored cryptographic protocols on top of it. Benefiting from the above optimizations, the communication and computation costs are reduced by half without sacrificing the robustness and privacy protection. Second, we develop a novel preprocessing technique for costly matrix multiplication. With this technique, the directional similarity measurement can be evaluated securely with negligible computation overhead and zero communication cost. Extensive evaluations conducted on three real-world datasets and various neural network architectures demonstrate that SecureFL outperforms prior art up to two orders of magnitude in efficiency with state-of-the-art byzantine robustness.