Jinyu Liu,Ziyang Wang,Qing Yang,Sissi Xiaoxiao Wu

DOI: https://doi.org/10.1109/wocc55104.2022.9880591

2022-01-01

Abstract:We focus on the security issues of decentralized federated learning systems for the core requirements of secure environments and trusted computing for applications such as medical big data, distributed cognitive learning, and autonomous driving. We propose a three-layer security assurance model that aims to ensure secure trusted computing in decentralized networks. Therein, the first-layer security model realizes the authentication of trusted users through blockchain technology to ensure the safe access of legitimate users to the greatest extent; the second-layer security model utilizes the trusted execution environment (TEE) technology to realize the privacy protection and trusted computing of each local user; the last layer of security model adopts a set of detection and location algorithms for defending the internal attackers, in case the first two layers of models fail. Our experimental results show that the proposed three-layer security model can effectively defend against external and internal attacks in the network, thereby promoting secure and trusted computing in distributed federated learning networks.

Chuan Ma,Jun Li,Kang Wei,Bo Liu,Ming Ding,Long Yuan,Zhu Han,H. Vincent Poor

DOI: https://doi.org/10.1109/jproc.2023.3306773

IF: 20.6

2023-09-01

Proceedings of the IEEE

Abstract:Motivated by the advancing computational capacity of distributed end-user equipment (UE), as well as the increasing concerns about sharing private data, there has been considerable recent interest in machine learning (ML) and artificial intelligence (AI) that can be processed on distributed UEs. Specifically, in this paradigm, parts of an ML process are outsourced to multiple distributed UEs. Then, the processed information is aggregated on a certain level at a central server, which turns a centralized ML process into a distributed one and brings about significant benefits. However, this new distributed ML paradigm raises new risks in terms of privacy and security issues. In this article, we provide a survey of the emerging security and privacy risks of distributed ML from a unique perspective of information exchange levels, which are defined according to the key steps of an ML process, i.e., we consider the following levels: 1) the level of preprocessed data; 2) the level of learning models; 3) the level of extracted knowledge; and 4) the level of intermediate results. We explore and analyze the potential of threats for each information exchange level based on an overview of current state-of-the-art attack mechanisms and then discuss the possible defense methods against such threats. Finally, we complete the survey by providing an outlook on the challenges and possible directions for future research in this critical area.

engineering, electrical & electronic

Dmitrii Usynin,Alexander Ziller,Daniel Rueckert,Jonathan Passerat-Palmbach,Georgios Kaissis

DOI: https://doi.org/10.48550/arXiv.2112.11040

IF: 5.414

2021-12-21

Machine Learning

Abstract:The utilisation of large and diverse datasets for machine learning (ML) at scale is required to promote scientific insight into many meaningful problems. However, due to data governance regulations such as GDPR as well as ethical concerns, the aggregation of personal and sensitive data is problematic, which prompted the development of alternative strategies such as distributed ML (DML). Techniques such as Federated Learning (FL) allow the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind. We further provide recommendations and examples on how such algorithms can be augmented to provide guarantees of governance, security, privacy and verifiability for a general ML audience without prior exposure to formal privacy techniques.

Yuan Liu,Peng Liu,Weipeng Jing,Houbing Herbert Song

DOI: https://doi.org/10.1109/jiot.2023.3295763

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the rapid development of the Internet of things(IoT), massive terminals and emerging applications bring a large amount of data. As an essential prerequisite for mining potential value from these data, data sharing is crucial and getting more and more attention. However, security and privacy concerns, and the lack of effective incentive mechanisms in the decentralized environment hinder the data owners from sharing their data. In this paper, we propose a federated learning and blockchain based privacy-preserving data sharing system, which solve the privacy leakage problem of federated learning and the scalability problem of blockchain by their technical complementarity. Considering the resource shortage and the heterogeneity of terminals, we first design a cross-layer architecture by exploiting the cloud-edge-terminal collaboration, and innovatively propose differential data sharing by dividing the providers into origin data providers and model providers. Then, we design a targeted incentive mechanism to maximize the utility of requesters and two types of data providers by formulating it into a two-stage Stackelberg game. Finally, a gradient-based algorithm is designed to get the optimal solution. Theoretical analysis and numerical simulations show that the proposed data-sharing system could eliminate privacy concerns and motivate more participants to share data. With 500 nodes, DASC is 1.72 seconds faster than SMC and 2.59 seconds faster than SDC. In terms of utility of requster, DASC is 2.0×103 higher than SDC, and 9.27 higher than SMC in average utility of providers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Will Abramson,Adam James Hall,Pavlos Papadopoulos,Nikolaos Pitropakis,William J Buchanan

DOI: https://doi.org/10.1007/978-3-030-58986-8_14

2020-06-04

Abstract:When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications. These include data poisoning and model theft. This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents; collaboratively performing a privacy-preserving workflow. Our outlined prototype sets industry gatekeepers and governance bodies as credential issuers. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data.

Cryptography and Security,Computers and Society,Distributed, Parallel, and Cluster Computing,Computer Science and Game Theory,Machine Learning

Ruchika Malhotra,Anjali Bansal,Marouane Kessentini

DOI: https://doi.org/10.1007/s10586-024-04266-0

2024-02-21

Cluster Computing

Abstract:There are significant challenges in machine learning models due to information security and data privacy issues. In traditional machine learning approaches, the data used to train the centralized model may be sensitive leading to privacy issues. Federated learning overcomes these issues by following the concept of bringing the code to the data instead of data to the code. In today's era of digital transformation, researchers and industries are focusing on cloud-based technologies. New approaches such as microservice models, docker, kubernetes, containers, and virtual machines are being used by IT industries to develop and deploy applications. We make use of software containers to deploy federated learning models and then we identify security vulnerabilities and resource usage in federated learning model. Flask, docker, cAdvisor, prometheus, and grafana are integrated to monitor the resource usage of the federated learning model in terms of CPU utilization, memory utilization, network traffic usage, and disk usage. The generated federated learning model is deployed on docker, and security vulnerabilities and performance are analyzed using open-source tools. The result shows that the generated model is secure and performs efficiently.

computer science, information systems, theory & methods

Zhen Wang,Qin Wang,Guangsheng Yu,Shiping Chen

2024-07-10

Abstract:Recent years have witnessed a surge in deep learning research, marked by the introduction of expansive generative models like OpenAI's SORA and GPT, Meta AI's LLAMA series, and Google's FLAN, BART, and Gemini models. However, the rapid advancement of large models (LM) has intensified the demand for computing resources, particularly GPUs, which are crucial for their parallel processing capabilities. This demand is exacerbated by limited GPU availability due to supply chain delays and monopolistic acquisition by major tech firms. Distributed Machine Learning (DML) methods, such as Federated Learning (FL), mitigate these challenges by partitioning data and models across multiple servers, though implementing optimizations like tensor and pipeline parallelism remains complex. Blockchain technology emerges as a promising solution, ensuring data integrity, scalability, and trust in distributed computing environments, but still lacks guidance on building practical DML systems. In this paper, we propose a \textit{trustworthy distributed machine learning} (TDML) framework that leverages blockchain to coordinate remote trainers and validate workloads, achieving privacy, transparency, and efficient model training across public remote computing resources. Experimental validation demonstrates TDML's efficacy in overcoming performance limitations and malicious node detection, positioning it as a robust solution for scalable and secure distributed machine learning.

Cryptography and Security

M.A.P. Chamikara,P. Bertok,I. Khalil,D. Liu,S. Camtepe

DOI: https://doi.org/10.1016/j.comcom.2021.02.014

IF: 5.047

2021-04-01

Computer Communications

Abstract:<p>Edge computing and distributed machine learning have advanced to a level that can revolutionize a particular organization. Distributed devices such as the Internet of Things (IoT) often produce a large amount of data, eventually resulting in big data that can be vital in uncovering hidden patterns, and other insights in numerous fields such as healthcare, banking, and policing. Data related to areas such as healthcare and banking can contain potentially sensitive data that can become public if they are not appropriately sanitized. Federated learning (FedML) is a recently developed distributed machine learning (DML) approach that tries to preserve privacy by bringing the learning of an ML model to data owners'. However, literature shows different attack methods such as membership inference that exploit the vulnerabilities of ML models as well as the coordinating servers to retrieve private data. Hence, FedML needs additional measures to guarantee data privacy. Furthermore, big data often requires more resources than available in a standard computer. This paper addresses these issues by proposing a distributed perturbation algorithm named as DISTPAB, for privacy preservation of horizontally partitioned data. DISTPAB alleviates computational bottlenecks by distributing the task of privacy preservation utilizing the asymmetry of resources of a distributed environment, which can have resource-constrained devices as well as high-performance computers. Experiments show that DISTPAB provides high accuracy, high efficiency, high scalability, and high attack resistance. Further experiments on privacy-preserving FedML show that DISTPAB is an excellent solution to stop privacy leaks in DML while preserving high data utility.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Ehsan Hesamifard,Hassan Takabi,Mehdi Ghasemi,Rebecca N. Wright

DOI: https://doi.org/10.1515/popets-2018-0024

2018-04-28

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Machine learning algorithms based on deep Neural Networks (NN) have achieved remarkable results and are being extensively used in different domains. On the other hand, with increasing growth of cloud services, several Machine Learning as a Service (MLaaS) are offered where training and deploying machine learning models are performed on cloud providers’ infrastructure. However, machine learning algorithms require access to the raw data which is often privacy sensitive and can create potential security and privacy risks. To address this issue, we present CryptoDL, a framework that develops new techniques to provide solutions for applying deep neural network algorithms to encrypted data. In this paper, we provide the theoretical foundation for implementing deep neural network algorithms in encrypted domain and develop techniques to adopt neural networks within practical limitations of current homomorphic encryption schemes. We show that it is feasible and practical to train neural networks using encrypted data and to make encrypted predictions, and also return the predictions in an encrypted form. We demonstrate applicability of the proposed CryptoDL using a large number of datasets and evaluate its performance. The empirical results show that it provides accurate privacy-preserving training and classification.

Shusheng Guo,Cheng Chen,Qing Tong

DOI: https://doi.org/10.1049/blc2.12086

2024-09-28

IET Blockchain

Abstract:The article proposes and implements a secure sharing model for medical privacy data based on key Web3 technologies. It constructs keyword indexes for private data, stores the source data in the Inter Planetary File System, and uses query keywords to generate trapdoors, thereby enabling the retrieval of encrypted data. When data sharing is required, data users apply for joint secure computation from multiple parties to access and use the private data. The development of Web 3.0 technology may signify the dawn of a new digital era. Its concepts of co‐management, co‐construction, and sharing address the need for private data sharing among medical institutions. However, the sharing of private data has been challenging due to the lack of effective monitoring methods and authorization mechanisms. Additionally, controlling the scope of data sharing, providing incentives, and ensuring legal compliance have presented difficulties. To this end, a medical privacy data security sharing model based on key technologies of Web 3.0 has been proposed and implemented. It stores the source data in Inter Planetary File System by constructing an index of private data keywords, generates trapdoors using query keywords, and achieves retrieval of ciphertext data. Finally, data users apply to multiple parties for joint secure computing to obtain the use of private data. The experimental results indicate that when the size of the private data is less than 5 MB, with 3000 ciphertext indexes and three search keywords, both encryption and decryption times are around 50 ms, and the retrieval time is approximately 1.6 s. This performance is adequate for typical medical privacy sharing and computing scenarios.

C. Tamizshelvan,V. Vijayalakshmi

DOI: https://doi.org/10.1007/s11276-024-03658-9

IF: 2.701

2024-01-27

Wireless Networks

Abstract:To address the concerns about security and privacy in cloud-based data storage, this study proposes a unique approach to secure cloud-based data governance using hybrid machine learning architectures. With the increasing reliance on cloud resources and the need for improved security measures, this research aims to provide a solution that enhances data access governance while ensuring data privacy. To achieve this, the study introduces a Distributed Data Service (DDS) specifically designed for collecting and analyzing data in Internet of Things (IoT) contexts. The DDS enables various IoT middleware methods to exchange common data services from a loosely coupled provider. The functional specifications of the DDS are revised to facilitate effective data gathering, filtering, and storage in this environment. The proposed approach leverages distributed cloud architecture and hybrid machine learning techniques to establish cloud data access governance with enhanced security. A privacy-aware architecture is built upon distributed middleware services and supply chain quantum neural networks to ensure data privacy and protection. Additionally, multi-agent federated Bayes vector-based blockchain and partial homomorphic encryption techniques are employed to enhance network security. Throughout the experimental investigation, several performance metrics are considered. Scalability, latency, quality of service, data integrity, and time consumption are analyzed to assess the efficiency of the proposed approach. By addressing security and privacy concerns in cloud-based data storage through the utilization of hybrid machine learning architectures and distributed cloud infrastructure, this research provides a novel approach to cloud data access governance. Overall, the study offers a comprehensive solution to secure and privacy-aware data management in the cloud, paving the way for further advancements in this field.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hyunil Kim,Seung-Hyun Kim,Jung Yeon Hwang,Changho Seo

DOI: https://doi.org/10.1109/access.2019.2940052

IF: 3.9

2019-01-01

IEEE Access

Abstract:A blockchain as a trustworthy and secure decentralized and distributed network has been emerged for many applications such as in banking, finance, insurance, healthcare and business. Recently, many communities in blockchain networks want to deploy machine learning models to get meaningful knowledge from geographically distributed large-scale data owned by each participant. To run a learning model without data centralization, distributed machine learning (DML) for blockchain networks has been studied. While several works have been proposed, privacy and security have not been sufficiently addressed, and as we show later, there are vulnerabilities in the architecture and limitations in terms of efficiency. In this paper, we propose a privacy-preserving DML model for a permissioned blockchain to resolve the privacy, security, and performance issues in a systematic way. We develop a differentially private stochastic gradient descent method and an error-based aggregation rule as core primitives. Our model can treat any type of differentially private learning algorithm where non-deterministic functions should be defined. The proposed error-based aggregation rule is effective to prevent attacks by an adversarial node that tries to deteriorate the accuracy of DML models. Our experiment results show that our proposed model provides stronger resilience against adversarial attacks than other aggregation rules under a differentially private scenario. Finally, we show that our proposed model has high usability because it has low computational complexity and low transaction latency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Payman Mohassel,Yupeng Zhang

DOI: https://doi.org/10.1109/sp.2017.12

2017-05-01

Abstract:Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns. In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to nonlinear functions such as sigmoid and softmax that are superior to prior work. We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.

Sheng Shen,Tianqing Zhu,Di Wu,Wei Wang,Wanlei Zhou

DOI: https://doi.org/10.1002/cpe.6002

2020-09-23

Concurrency and Computation: Practice and Experience

Abstract:<p>Federated learning is an improved version of distributed machine learning that further offloads operations which would usually be performed by a central server. The server becomes more like an assistant coordinating clients to work together rather than micromanaging the workforce as in traditional DML. One of the greatest advantages of federated learning is the additional privacy and security guarantees it affords. Federated learning architecture relies on smart devices, such as smartphones and IoT sensors, that collect and process their own data, so sensitive information never has to leave the client device. Rather, clients train a submodel locally and send an encrypted update to the central server for aggregation into the global model. These strong privacy guarantees make federated learning an attractive choice in a world where data breaches and information theft are common and serious threats. This survey outlines the landscape and latest developments in data privacy and security for federated learning. We identify the different mechanisms used to provide privacy and security, such as differential privacy, secure multiparty computation and secure aggregation. We also survey the current attack models, identifying the areas of vulnerability and the strategies adversaries use to penetrate federated systems. The survey concludes with a discussion on the open challenges and potential directions of future work in this increasingly popular learning paradigm.</p>

English Else

Libo Zhang,Bing Duan,Jinlong Li,Zhan'gang Ma,Xixin Cao

DOI: https://doi.org/10.3390/app14083533

2024-01-01

Abstract:With the continuous enhancement of privacy protection globally, there is a problem for the traditional machine learning paradigm, which is that training data cannot be obtained from a single place. Federated learning is considered a viable technique for preserving privacy that can train deep models with decentralized data. Aiming at two-party vertical federated learning, and at common attack problems such as model inversion, gradient leakage, and data theft, we provide a formal definition of Intel SGX’s trusted computing base, remote attestation, integrity verification, and encrypted storage, and propose a general federated learning privacy enhancement algorithm in the scenario of a malicious adversary model, and we extend this method to support horizontal federated learning, secure outsourced computation, etc. Furthermore, the method is developed in a Fedlearner framework of open-sourced machine learning to achieve privacy protection of the training data and model without any modification to the existing neural network and algorithm running on the framework. The experimental results show that this scheme substantially improves on the existing schemes in terms of training efficiency, without losing model accuracy.

Ramesh Upreti,Pedro G. Lind,Ahmed Elmokashfi,Anis Yazidi

DOI: https://doi.org/10.1007/s10207-024-00813-3

2024-04-03

International Journal of Information Security

Abstract:Abstract Artificial intelligence-based algorithms are widely adopted in critical applications such as healthcare and autonomous vehicles. Mitigating the security and privacy issues of AI models, and enhancing their trustworthiness have become of paramount importance. We present a detailed investigation of existing security, privacy, and defense techniques and strategies to make machine learning more secure and trustworthy. We focus on the new paradigm of machine learning called federated learning, where one aims to develop machine learning models involving different partners (data sources) that do not need to share data and information with each other. In particular, we discuss how federated learning bridges security and privacy, how it guarantees privacy requirements of AI applications, and then highlight challenges that need to be addressed in the future. Finally, after having surveyed the high-level concepts of trustworthy AI and its different components and identifying present research trends addressing security, privacy, and trustworthiness separately, we discuss possible interconnections and dependencies between these three fields. All in all, we provide some insight to explain how AI researchers should focus on building a unified solution combining security, privacy, and trustworthy AI in the future.

computer science, information systems, theory & methods, software engineering

Nick Hynes,Raymond Cheng,Dawn Song

DOI: https://doi.org/10.48550/arXiv.1807.06689

IF: 5.414

2018-07-17

Machine Learning

Abstract:Machine learning models benefit from large and diverse datasets. Using such datasets, however, often requires trusting a centralized data aggregator. For sensitive applications like healthcare and finance this is undesirable as it could compromise patient privacy or divulge trade secrets. Recent advances in secure and privacy-preserving computation, including trusted hardware enclaves and differential privacy, offer a way for mutually distrusting parties to efficiently train a machine learning model without revealing the training data. In this work, we introduce Myelin, a deep learning framework which combines these privacy-preservation primitives, and use it to establish a baseline level of performance for fully private machine learning.

Junbo Wang,Amitangshu Pal,Qinglin Yang,Krishna Kant,Kaiming Zhu,Song Guo

DOI: https://doi.org/10.1109/tnnls.2022.3169347

IF: 14.255

2022-01-01

IEEE Transactions on Neural Networks and Learning Systems

Abstract:Distributed machine learning (ML) was originally introduced to solve a complex ML problem in a parallel way for more efficient usage of computation resources. In recent years, such learning has been extended to satisfy other objectives, namely, performing learning in situ on the training data at multiple locations and keeping the training datasets private while still allowing sharing of the model. However, these objectives have led to considerable research on the vulnerabilities of distributed learning both in terms of privacy concerns of the training data and the robustness of the learned overall model due to bad or maliciously crafted training data. This article provides a comprehensive survey of various privacy, security, and robustness issues in distributed ML.

computer science, artificial intelligence, theory & methods,engineering, electrical & electronic, hardware & architecture

Mario Chahoud,Azzam Mourad,Hadi Otrok,Jamal Bentahar,Mohsen Guizani

2024-05-01

Abstract:Containerization technology plays a crucial role in Federated Learning (FL) setups, expanding the pool of potential clients and ensuring the availability of specific subsets for each learning iteration. However, doubts arise about the trustworthiness of devices deployed as clients in FL scenarios, especially when container deployment processes are involved. Addressing these challenges is important, particularly in managing potentially malicious clients capable of disrupting the learning process or compromising the entire model. In our research, we are motivated to integrate a trust element into the client selection and model deployment processes within our system architecture. This is a feature lacking in the initial client selection and deployment mechanism of the On-Demand architecture. We introduce a trust mechanism, named "Trusted-On-Demand-FL", which establishes a relationship of trust between the server and the pool of eligible clients. Utilizing Docker in our deployment strategy enables us to monitor and validate participant actions effectively, ensuring strict adherence to agreed-upon protocols while strengthening defenses against unauthorized data access or tampering. Our simulations rely on a continuous user behavior dataset, deploying an optimization model powered by a genetic algorithm to efficiently select clients for participation. By assigning trust values to individual clients and dynamically adjusting these values, combined with penalizing malicious clients through decreased trust scores, our proposed framework identifies and isolates harmful clients. This approach not only reduces disruptions to regular rounds but also minimizes instances of round dismissal, Consequently enhancing both system stability and security.

Cryptography and Security,Artificial Intelligence