Dong Mao,Qiongqian Yang,Hongkai Wang,Zuge Chen,Chen Li,Yubo Song,Zhongyuan Qin

DOI: https://doi.org/10.3390/electronics13061028

IF: 2.9

2024-03-10

Electronics

Abstract:Federated learning (FL) is increasingly challenged by security and privacy concerns, particularly vulnerabilities exposed by malicious participants. There remains a gap in effectively countering threats such as model inversion and poisoning attacks in existing research. To address these challenges, this paper proposes the Effective Private-Protected Federated Learning Aggregation Algorithm (EPFed), a framework that utilizes a blockchain platform, homomorphic encryption, and secret sharing to fortify the data privacy and computational efficiency in a federated learning environment. EPFed works by establishing "trust groups" through the unique integration of a Chinese Remainder Theorem-based secret sharing scheme with Paillier homomorphic encryption, streamlining secure model parameter exchange and aggregation while minimizing the computational load. Our performance-driven aggregation strategy leverages local performance metrics to safeguard against malicious contributions, ensuring both the integrity and efficiency of the learning process. The evaluations demonstrate that EPFed achieves a remarkable accuracy rate of 92.5%, thereby confirming the advanced nature of the proposed solution in addressing the pressing challenges of FL.

engineering, electrical & electronic,computer science, information systems,physics, applied

Z. H. Qin,Shuiguang Deng,Xin Yan,Schahram Dustdar,Albert Y. Zomaya

DOI: https://doi.org/10.48550/arxiv.2205.10568

2022-01-01

Abstract:Federated learning (FL) is a promising technical support to the vision of ubiquitous artificial intelligence in the sixth generation (6G) wireless communication network. However, traditional FL heavily relies on a trusted centralized server. Besides, FL is vulnerable to poisoning attacks, and the global aggregation of model updates makes the private training data under the risk of being reconstructed. What's more, FL suffers from efficiency problem due to heavy communication cost. Although decentralized FL eliminates the problem of the central dependence of traditional FL, it makes other problems more serious. In this paper, we propose BlockDFL, an efficient fully peer-to-peer (P2P) framework for decentralized FL. It integrates gradient compression and our designed voting mechanism with blockchain to efficiently coordinate multiple peer participants without mutual trust to carry out decentralized FL, while preventing data from being reconstructed according to transmitted model updates. Extensive experiments conducted on two real-world datasets exhibit that BlockDFL obtains competitive accuracy compared to centralized FL and can defend against poisoning attacks while achieving efficiency and scalability. Especially when the proportion of malicious participants is as high as 40 percent, BlockDFL can still preserve the accuracy of FL, which outperforms existing fully decentralized FL frameworks.

Lifeng Liu,Yifan Hu,Jiawei Yu,Fengda Zhang,Gang Huang,Jun Xiao,Chao Wu

DOI: https://doi.org/10.1145/3387168.3387211

2019-01-01

Abstract:Currently, training neural networks often requires a large corpus of data from multiple parties. However, data owners are reluctant to share their sensitive data to third parties for modelling in many cases. Therefore, Federated Learning (FL) has arisen as an alternative to enable collaborative training of models without sharing raw data, by distributing modelling tasks to multiple data owners. Based on FL, we premodel sent a novel and decentralized approach to training encrypted models with privacy-preserved data on Blockchain. In our approach, Blockchain is adopted as the machine learning environment where different actors (i.e., the model provider, the data provider) collaborate on the training task. During the training process, an encryption algorithm is used to protect the privacy of data and the trained model. Our experiments demonstrate that our approach is practical in real-world applications.

Lei Tian,Feilong Lin,Jiahao Gan,Riheng Jia,Zhonglong Zheng,Minglu Li

DOI: https://doi.org/10.1109/jiot.2024.3479328

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the rise of Federated Learning (FL) in the realm of machine learning for data privacy protection, its unique distributed data processing characteristics have garnered widespread attention. However, the implementation of FL faces many challenges, as achieving a balance between data privacy, model security, and system efficiency is difficult, often requiring the sacrifice of efficiency for privacy and security. Moreover, this process typically assumes the existence of a trusted server for coordination. Addressing these challenges, this paper proposes a Privacy-preserved and Efficient Federated Learning framework with blockchain (PEFL). PEFL utilizes blockchain and differential privacy techniques to coordinate privacy protection among clients, and filters out anomalous model parameters through an aggregation-side detection algorithm to resist poisoning attacks. Under the assumption of an untrusted server, we design the Model-validated Fault-tolerant Federation (MFF) consensus mechanism based on a committee, balancing efficiency expectations to regulate the server and ensure the reliability of the training process. Through experiments on the MNIST and CIFAR10 datasets, and comparison with typical FL schemes, PEFL demonstrates better defense against various attack models. Besides, it achieves higher training efficiency while ensuring privacy security.

Xun Liu,Jiangming Li,Siyang Chen,Xiaofeng Jiang,Feng Yang,Jian Yang

DOI: https://doi.org/10.1145/3661725.3661726

2024-01-01

Abstract:Federated Learning (FL) is a learning architecture in which multiple clients use local data to train gradients and submit them to a server for global aggregation. However, achieving reliable federated learning in untrusted environments is challenging. Malicious users and servers can perform Byzantine attacks to manipulate the global model, and curious servers can also extract user privacy from update gradients. Privacy-preserving methods usually consume many communication and computing resources and are difficult to combine with robust aggregation mechanisms. In this paper, we propose an anomaly gradient detection approach based on cosine distance detection using Shamir secret sharing, which can detect anomalous gradients without exposing the real gradients. Furthermore, we use the blockchain to build a decentralized hierarchical FL framework, eliminating the risk of malicious servers and reducing communication overhead. The experimental results show that our approach can protect user privacy and the reliability of aggregation results simultaneously, and the layered framework can effectively reduce communication overhead.

Yuanyuan Gao,Lei Zhang,Lulu Wang,Kim-Kwang Raymond Choo,Rui Zhang

DOI: https://doi.org/10.1109/tsc.2023.3250705

2021-01-01

Abstract:Conventional federated learning (FL) approaches generally rely on a centralized server, and there has been a trend of designing asynchronous FL approaches for distributed applications partly to mitigate limitations associated with conventional (synchronous) FL approaches (e.g., single point of failure / attack). In this paper, we first introduce two new tools, namely: a quality-based aggregation method and an extended dynamic contribution broadcast encryption (DConBE). Building on these two new tools and local differential privacy, we then propose a privacy-preserving and reliable decentralized FL scheme, designed to support batch joining/leaving of clients while incurring minimal delay and achieving high model accuracy. In other words, our scheme seeks to ensure an optimal trade-off between model accuracy and data privacy, which is also demonstrated in our simulation results. For example, the results show that our aggregation method can effectively avoid low-quality updates in the sense that the scheme guarantees high model accuracy even in the presence of bad clients who may submit low-quality updates. In addition, our scheme incurs a lower loss and the extended DConBE only slightly affects the efficiency of our scheme. With the extended dynamic contribution broadcast encryption, our scheme can efficiently support batch joining/leaving of clients.

Yuping Yan,Mohammed B. M. Kamel,Marcell Zoltay,Marcell Gál,Roland Hollós,Yaochu Jin,Ligeti Péter,Ákos Tényi

DOI: https://doi.org/10.1007/s40747-023-01184-3

IF: 6.7

2023-01-01

Complex & Intelligent Systems

Abstract:Federated learning (FL) draws attention in academia and industry due to its privacy-preserving capability in training machine learning models. However, there are still some critical security attacks and vulnerabilities, including gradients leakage and interference attacks. Meanwhile, communication is another bottleneck in basic FL schemes since large-scale FL parameter transmission leads to inefficient communication, latency, and slower learning processes. To overcome these shortcomings, different communication efficiency strategies and privacy-preserving cryptographic techniques have been proposed. However, a single method can only partially resist privacy attacks. This paper presents a practical, privacy-preserving scheme combining cryptographic techniques and communication networking solutions. We implement Kafka for message distribution, the Diffie–Hellman scheme for secure server aggregation, and gradient differential privacy for interference attack prevention. The proposed approach maintains training efficiency while being able to addressing gradients leakage problems and interference attacks. Meanwhile, the implementation of Kafka and Zookeeper provides asynchronous communication and anonymous authenticated computation with role-based access controls. Finally, we prove the privacy-preserving properties of the proposed solution via security analysis and empirically demonstrate its efficiency and practicality.

Yipeng Dong,Lei Zhang,Lin Xu

DOI: https://doi.org/10.1007/978-981-97-0834-5_9

2024-01-01

Abstract:Federated learning enables collaborative training of the global model by participants with diverse data sources while preserving data privacy. However, the traditional federated learning architecture faces some challenges, including single-point of server failure and privacy disclosure. To address these challenges, this paper proposes a distributed federated learning scheme based on multi-key homomorphic encryption, which fundamentally solves the problems of server single-point failure and malicious behavior, while effectively protecting the data privacy of participants. The trusted execution environment (TEE) is used to detect the quality of the models and to prevent some malicious participants from executing malicious behavior. Furthermore, an incentive mechanism is designed to encourage participants to actively and honestly perform training tasks. Our scheme satisfies privacy, robustness, and fairness criteria, as demonstrated in our analysis.

Xinru Yan,Yinbin Miao,Xinghua Li,Kim-Kwang Raymond Choo,Xiangdong Meng,Robert H. H. Deng

DOI: https://doi.org/10.1109/jiot.2023.3262546

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:To solve the data island issue in the distributed Internet of Things (IoT) without privacy leakage, privacy-preserving federated learning (PPFL) has been extensively explored in both academic and industrial fields. However, existing PPFL solutions still suffer from a single point of failure and incur untrusted aggregation results caused by a malicious central server, and even cause a loss of model accuracy in an asynchronous setting. To solve these issues, we propose a privacy-preserving asynchronous federated learning scheme by using blockchain. Specifically, we use blockchain to address single points of failure and untrustworthy aggregation results, implement reliable model aggregation utilizing a practical byzantine fault-tolerant protocol in an asynchronous setting, and leverage differential privacy to improve system robustness. Formal security analysis and convergence analysis demonstrate that the proposed scheme is secure and robust, and extensive experiments demonstrate that our scheme can effectively ensure the accuracy of the system when compared with state-of-the-art schemes.

Tao Chen,Xiaofen Wang,Hong-Ning Dai

DOI: https://doi.org/10.1007/978-981-97-5101-3_9

2024-01-01

Abstract:Federated Learning (FL), as an emerging distributed machine learning framework, which shares model gradients instead of raw data, can properly coordinate the contradiction between data sharing and data security under the guidance of laws and regulations and overcome the problem of “Data Silo”. However, the state-of-art federated learning schemes are still facing security challenges, such as single point of failure (SPOF), gradient privacy leakage, and byzantine attacks. To address the above issues, this paper proposes a robustness and privacy-preserving decentralized federated learning system (R-PPDFL). Specifically, a decentralized privacy-preserving federated learning framework based on the blockchain is designed and an improved multi-client functional encryption is proposed, which resolves the issues of SPOF and privacy leakage. Then based on functional encryption and cosine similarity we present a dense model detection method, which can properly defend the byzantine attacks in FL. Ultimately, it evaluates the proposed scheme by providing a theoretical analysis and conducting preliminary experiments on real datasets.

Ruizhe Yang,Tonghui Zhao,F. Richard Yu,Meng Li,Dajun Zhang,Xuehui Zhao

DOI: https://doi.org/10.1109/jiot.2024.3379395

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Federated learning, leveraging distributed data from multiple nodes to train a common model, allows for the use of more data to improve the model while also protecting the privacy of original data. However, challenges still exist in ensuring privacy and security within the interactions. To address these issues, this paper proposes a federated learning approach that incorporates blockchain, homomorphic encryption, and reputation. Using homomorphic encryption, edge nodes possessing local data can complete the training of ciphertext models, with their contributions to the aggregation being evaluated by a reputation mechanism. Both models and reputations are documented and verified on the blockchain through consensus process, which then determines the rewards based on the incentive mechanism. This approach not only incentivizes participation in training, but also ensures the privacy of data and models through encryption. Additionally, it addresses security risks associated with both data and network attacks, ultimately leading to a highly accurate trained model. To enhance the efficiency of learning and the performance of the model, a joint adaptive aggregation and resource optimization algorithm is introduced. Finally, simulations and analyses demonstrate that the proposed scheme enhances learning accuracy while maintaining privacy and security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Meng Hao,Hongwei Li,Guowen Xu,Hanxiao Chen,Tianwei Zhang

DOI: https://doi.org/10.1145/3485832.3488014

2021-12-06

Abstract:Federated learning (FL) has demonstrated tremendous success in various mission-critical large-scale scenarios. However, such promising distributed learning paradigm is still vulnerable to privacy inference and byzantine attacks. The former aims to infer the privacy of target participants involved in training, while the latter focuses on destroying the integrity of the constructed model. To mitigate the above two issues, a few works recently explored unified solutions by utilizing generic secure computation techniques and common byzantine-robust aggregation rules, but there are two major limitations: 1) they suffer from impracticality due to efficiency bottlenecks, and 2) they are still vulnerable to various types of attacks because of model incomprehensiveness. To approach the above problems, in this paper, we present SecureFL, an efficient, private and byzantine-robust FL framework. SecureFL follows the state-of-the-art byzantine-robust FL method (FLTrust NDSS’21), which performs comprehensive byzantine defense by normalizing the updates’ magnitude and measuring directional similarity, adapting it to the privacy-preserving context. More importantly, we carefully customize a series of cryptographic components. First, we design a crypto-friendly validity checking protocol that functionally replaces the normalization operation in FLTrust, and further devise tailored cryptographic protocols on top of it. Benefiting from the above optimizations, the communication and computation costs are reduced by half without sacrificing the robustness and privacy protection. Second, we develop a novel preprocessing technique for costly matrix multiplication. With this technique, the directional similarity measurement can be evaluated securely with negligible computation overhead and zero communication cost. Extensive evaluations conducted on three real-world datasets and various neural network architectures demonstrate that SecureFL outperforms prior art up to two orders of magnitude in efficiency with state-of-the-art byzantine robustness.

Meng Shen,Jing Wang,Jie Zhang,Qinglin Zhao,Bohan Peng,Tong Wu,Liehuang Zhu,Ke Xu

DOI: https://doi.org/10.1109/tnse.2024.3360311

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Federated Learning (FL) is a machine learning approach that enables multiple users to share their local models for the aggregation of a global model, protecting data privacy by avoiding the sharing of raw data. However, frequent parameter sharing between users and the aggregator can incur high risk of membership privacy leakage. In this paper, we propose LiPFed, a computationally lightweight privacy preserving FL scheme using secure decentralized aggregation for edge networks. Under this scheme, we ensure privacy preservation on the aggregation side, and promote lightweight computation on the user side. By incorporating blockchain and additive secret sharing algorithm, we effectively protect the membership privacy of both local models and global models. Furthermore, the secure decentralized aggregation mechanism safeguards against potential compromises of the aggregator. Meanwhile, smart contract is introduced to identify malicious models uploaded by edge nodes and return trustworthy global models to users. Rigorous security analysis shows the effectiveness of this scheme in privacy preservation. Extensive experiments verify that LiPFed outperforms the state-of-the-art schemes in terms of training efficiency, model accuracy, and privacy preservation.

Huang Zeng,Anjia Yang,Jian Weng,Min-Rong Chen,Fengjun Xiao,Yi Liu,Ye Yao

2024-05-07

Abstract:Federated learning (FL) has attracted widespread attention because it supports the joint training of models by multiple participants without moving private dataset. However, there are still many security issues in FL that deserve discussion. In this paper, we consider three major issues: 1) how to ensure that the training process can be publicly audited by any third party; 2) how to avoid the influence of malicious participants on training; 3) how to ensure that private gradients and models are not leaked to third parties. Many solutions have been proposed to address these issues, while solving the above three problems simultaneously is seldom considered. In this paper, we propose a publicly auditable and privacy-preserving federated learning scheme that is resistant to malicious participants uploading gradients with wrong directions and enables anyone to audit and verify the correctness of the training process. In particular, we design a robust aggregation algorithm capable of detecting gradients with wrong directions from malicious participants. Then, we design a random vector generation algorithm and combine it with zero sharing and blockchain technologies to make the joint training process publicly auditable, meaning anyone can verify the correctness of the training. Finally, we conduct a series of experiments, and the experimental results show that the model generated by the protocol is comparable in accuracy to the original FL approach while keeping security advantages.

Cryptography and Security

Jianan Su,Ai Gu,Xiaowei Liu,Xiaohui Li,Siting Lv

DOI: https://doi.org/10.1109/WCNC57260.2024.10570990

2024-04-21

Abstract:With the emergence of distributed machine learning, federated learning has become a prevalent paradigm for multi-party collaborative training scenarios. To address security vulnerabilities such as imperfect encryption and incapability to with-stand attacks within existing federated learning architectures, a blockchain-based trustworthy federated learning architecture is proposed. The architecture utilizes a threshold variant of the Paillier encryption scheme to protect the local and global model updates. A flexible Multi-Krum selection scheme is also proposed for balancing the utility of the overall architecture while ensuring safe federated learning training processes. Based on theoretical analysis and experimental results, the proposed architecture demonstrates a high level of security and the feasibility of the scheme is supported.

Engineering,Computer Science

Qingdi Han,Siqi Lu,Wenhao Wang,Haipeng Qu,Jingsheng Li,Yang Gao

DOI: https://doi.org/10.1002/cpe.8084

2024-03-20

Concurrency and Computation Practice and Experience

Abstract:Summary Federated learning (FL) has emerged as a promising solution to address the challenges posed by data silos and the need for global data fusion. It offers a distributed machine learning framework with privacy‐preserving features, allowing model training without the need to collect user data. However, FL also presents significant security and privacy threats that hinder its widespread adoption. The requirements of privacy and security in FL are inherently conflicting. Privacy necessitates the concealment of individual client updates, while security requires the disclosure of client updates to detect anomalies. While most existing research focused on the privacy and security aspects of FL, very few studies have addressed the compatibility of these two demands. In this work, we aim to bridge this gap by proposing a comprehensive defense scheme that ensures privacy, security, and compatibility in FL. We categorize the existing literature into two key directions: privacy defense and security defense. Privacy defense includes methods based on additive masks, differential privacy, homomorphic encryption, and trusted execution environment, whereas security defense encompasses distance‐, performance‐, clustering‐, and similarity‐based anomaly detection techniques and statistical information‐based anomaly update bypassing techniques when the server is trusted and privacy‐compatible anomaly update detection techniques when the server is not trusted. In addition, this article presents decentralized FL solutions based on blockchain. For each direction, we discuss specific technical solutions, their advantages, and disadvantages. By evaluating various defense methods, we identify the most suitable approach to address the primary challenge of "achieving a secure and robust FL system against malicious adversaries while protecting users' privacy." We then propose a theoretical reference framework for end‐to‐end protection of privacy and security in FL for the key problem, which summarizes the attack surface of FL systems from the client to the server under the security model where the client and server are malicious. Leveraging the strengths and characteristics of existing schemes, our proposed framework integrates multiple techniques to strike a balance between privacy, usability, and efficiency. This framework serves as a valuable reference and provides insights for future work in the field. Finally, we also provide recommendations for future research directions in this field.

computer science, theory & methods, software engineering

XiaoHui Yang,TianChang Li

DOI: https://doi.org/10.1080/09540091.2024.2316018

2024-02-23

Connection Science

Abstract:Federated Learning (FL) has gained prominence as a machine learning framework incorporating privacy-preserving mechanisms. However, challenges such as poisoning attacks and free rider attacks underscore the need for advanced security measures. Therefore, this paper proposes a novel framework that integrates federated learning with blockchain technology to facilitate secure model aggregation and fair incentives in untrustworthy environments. The framework designs a reputation evaluation method using quality as an indicator, and a consensus method based on reputation feedback. The trustworthiness of nodes is dynamically assessed to achieve an efficient and trustworthy model aggregation process while avoiding reputation monopolisation. Furthermore, the paper defines a tailored contribution calculation process for nodes in different roles in an untrusted environment. A reward and punishment scheme based on the joint constraints of contribution and reputation is proposed to attract highly qualified workers to actively participate in federated learning tasks. Theoretical analysis and simulation experiments demonstrate the framework's ability to maintain efficient and secure aggregation under a certain degree of attack while achieving fair incentives for each role node with significantly reduced consensus consumption.

computer science, artificial intelligence, theory & methods

Yinbin Miao,Ziteng Liu,Hongwei Li,Kim-Kwang Raymond Choo,Robert H. Deng

DOI: https://doi.org/10.1109/tifs.2022.3196274

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning enables clients to train a machine learning model jointly without sharing their local data. However, due to the centrality of federated learning framework and the untrustworthiness of clients, traditional federated learning solutions are vulnerable to poisoning attacks from malicious clients and servers. In this paper, we aim to mitigate the impact of the central server and malicious clients by designing a Privacy-preserving Byzantine-robust Federated Learning (PBFL) scheme based on blockchain. Specifically, we use cosine similarity to judge the malicious gradients uploaded by malicious clients. Then, we adopt fully homomorphic encryption to provide secure aggregation. Finally, we use blockchain system to facilitate transparent processes and implementation of regulations. Our formal analysis proves that our scheme achieves convergence and provides privacy protection. Our extensive experiments on different datasets demonstrate that our scheme is robust and efficient. Even if the root dataset is small, our scheme can achieve the same efficiency as FedSGD.

Xiya Fu,Ling Xiong,Fagen Li,Xingchun Yang,Naixue Xiong

DOI: https://doi.org/10.1109/tce.2024.3439437

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:Federated learning, an emerging distributed learning paradigm, offers significant advantages and holds promise for addressing trust issues, breaking down data silos, and enabling active data sharing in the realm of consumer electronics. However, traditional federated learning faces critical security and privacy challenges in this domain, including single-point attacks, inference attacks, and poisoning attacks. To address these pressing security concerns, this paper proposes a decentralized federated learning framework focusing on security, reliability, and efficiency, tailored to meet the sustainability demands of consumer electronics. The proposed framework is founded upon masking and secret sharing techniques, establishing an emphatic privacy-preserving federated learning framework that ensures the security of gradient data and robustness against participant dropouts. Additionally, we actively motivate high-quality participants to collaborate by incorporating an incentive mechanism. Building upon the enhancement of existing federated learning approaches reliant on masking techniques, the method outlined in this paper significantly reduces communication overhead while preserving accuracy. Empirical research results comprehensively substantiate the superiority of this approach. Furthermore, compared to prevalent blockchain-based federated learning methods, our approach makes noteworthy strides in accuracy and efficiency.

Song Deng,Jie Zhang,Li Tao,Xindong Jiang,Feng Wang

DOI: https://doi.org/10.1016/j.compeleceng.2023.108986

IF: 4.152

2023-01-01

Computers & Electrical Engineering

Abstract:In the area of privacy protection, federated learning has received a lot of attention as an emerging distributed network training model that can effectively protect the privacy of users’ local data while completing the training task.However, existing federated learning (FL) models still face many security threats: (1) attackers can steal private data through gradients; (2) imposition of security measures reduces model accuracy; and (3) node crashes lead to failure of model training.To address these problems, this paper proposes a lightweight and secure blockchain federated learning (LSBlocFL) model with the following main ideas: (1) optimize the gradient encryption computation based on differential privacy (DP) and fully homomorphic encryption (FHE) scheme to ensure model accuracy while protecting privacy security; (2) build a decentralized FL training model by combining blockchain network to improve the security of model training environment; and (3) design user failure response mechanism. The model can guarantee accuracy under privacy protection, optimize encryption computation overhead, and enhance the decentralized secure network environment. Finally, experimental validation results on the CIFAR-10 dataset show that LSBlocFL has practically good performance.