Privacy-Preserving Wireless Federated Learning Exploiting Inherent Hardware Impairments

We consider a wireless federated learning system where multiple data holder edge devices collaborate to train a global model via sharing their parameter updates with an honest-but-curious parameter server. We demonstrate that the inherent hardware-induced distortion perturbing the model updates of the edge devices can be exploited as a privacy-preserving mechanism. In particular, we model the distortion as power-dependent additive Gaussian noise and present a power allocation strategy that provides privacy guarantees within the framework of differential privacy. We conduct numerical experiments to evaluate the performance of the proposed power allocation scheme under different levels of hardware impairments.

[1]  H. Vincent Poor,et al.  Federated Learning With Differential Privacy: Algorithms and Performance Analysis , 2019, IEEE Transactions on Information Forensics and Security.

[2]  Michael Moeller,et al.  Inverting Gradients - How easy is it to break privacy in federated learning? , 2020, NeurIPS.

[3]  Deniz Gündüz,et al.  Federated Learning Over Wireless Fading Channels , 2019, IEEE Transactions on Wireless Communications.

[4]  Masahiro Morikura,et al.  Differentially Private AirComp Federated Learning with Power Adaptation Harnessing Receiver Noise , 2020, GLOBECOM 2020 - 2020 IEEE Global Communications Conference.

[5]  Deniz Gündüz,et al.  Blind Federated Edge Learning , 2020, IEEE Transactions on Wireless Communications.

[6]  Pavlo Molchanov,et al.  See through Gradients: Image Batch Recovery via GradInversion , 2021, 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[7]  Andreas Peter Burg,et al.  MIMO transmission with residual transmit-RF impairments , 2010, 2010 International ITG Workshop on Smart Antennas (WSA).

[8]  Deniz Gündüz,et al.  Machine Learning at the Wireless Edge: Distributed Stochastic Gradient Descent Over-the-Air , 2019, 2019 IEEE International Symposium on Information Theory (ISIT).

[9]  Tolga M. Duman,et al.  Machine Learning at Wireless Edge with OFDM and Low Resolution ADC and DAC , 2020, ArXiv.

[10]  Zhi Ding,et al.  Federated Learning via Over-the-Air Computation , 2018, IEEE Transactions on Wireless Communications.

[11]  Tim Schenk,et al.  RF Imperfections in High-rate Wireless Systems: Impact and Digital Compensation , 2008 .

[12]  Vitaly Shmatikov,et al.  Exploiting Unintended Feature Leakage in Collaborative Learning , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[13]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[14]  Ying-Chang Liang,et al.  Federated Learning in Mobile Edge Networks: A Comprehensive Survey , 2020, IEEE Communications Surveys & Tutorials.

[15]  Kaibin Huang,et al.  Optimal Power Control for Over-the-Air Computation , 2019, 2019 IEEE Global Communications Conference (GLOBECOM).

[16]  Hamed Haddadi,et al.  Quantifying Information Leakage from Gradients , 2021, ArXiv.

[17]  Richard Nock,et al.  Advances and Open Problems in Federated Learning , 2021, Found. Trends Mach. Learn..

[18]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[19]  Ming Li,et al.  Wireless Federated Learning with Local Differential Privacy , 2020, 2020 IEEE International Symposium on Information Theory (ISIT).

[20]  Osvaldo Simeone,et al.  Privacy for Free: Wireless Federated Learning via Uncoded Transmission With Adaptive Power Control , 2020, IEEE Journal on Selected Areas in Communications.

[21]  Kaibin Huang,et al.  Broadband Analog Aggregation for Low-Latency Federated Edge Learning , 2018, IEEE Transactions on Wireless Communications.

[22]  Emil Björnson,et al.  Massive MIMO Systems With Non-Ideal Hardware: Energy Efficiency, Estimation, and Capacity Limits , 2013, IEEE Transactions on Information Theory.