SAFELearn: Secure Aggregation for private FEderated Learning

Federated learning (FL) is an emerging distributed machine learning paradigm which addresses critical data privacy issues in machine learning by enabling clients, using an aggregation server (aggregator), to jointly train a global model without revealing their training data. Thereby, it improves not only privacy but is also efficient as it uses the computation power and data of potentially millions of clients for training in parallel. However, FL is vulnerable to so-called inference attacks by malicious aggregators which can infer information about clients’ data from their model updates. Secure aggregation restricts the central aggregator to only learn the summation or average of the updates of clients. Unfortunately, existing protocols for secure aggregation for FL suffer from high communication, computation, and many communication rounds.In this work, we present SAFELearn, a generic design for efficient private FL systems that protects against inference attacks that have to analyze individual clients’ model updates using secure aggregation. It is flexibly adaptable to the efficiency and security requirements of various FL applications and can be instantiated with MPC or FHE. In contrast to previous works, we only need 2 rounds of communication in each training iteration, do not use any expensive cryptographic primitives on clients, tolerate dropouts, and do not rely on a trusted third party. We implement and benchmark an instantiation of our generic design with secure two-party computation. Our implementation aggregates 500 models with more than 300K parameters in less than 0.5 seconds.

[1]  Samuel Marchal,et al.  DÏoT: A Federated Self-learning Anomaly Detection System for IoT , 2018, 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS).

[2]  Constance Beguier,et al.  SAFER: Sparse secure Aggregation for FEderated leaRning , 2020, ArXiv.

[3]  Wei Shi,et al.  Federated learning of predictive models from federated Electronic Health Records , 2018, Int. J. Medical Informatics.

[4]  Xiao Wang,et al.  Eavesdrop the Composition Proportion of Training Labels in Federated Learning , 2019, ArXiv.

[5]  Rui Zhang,et al.  A Hybrid Approach to Privacy-Preserving Federated Learning , 2018, Informatik Spektrum.

[6]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[7]  A. Salman Avestimehr,et al.  Turbo-Aggregate: Breaking the Quadratic Aggregation Barrier in Secure Federated Learning , 2020, IEEE Journal on Selected Areas in Information Theory.

[8]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[9]  Kannan Ramchandran,et al.  Byzantine-Robust Distributed Learning: Towards Optimal Statistical Rates , 2018, ICML.

[10]  Úlfar Erlingsson,et al.  The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks , 2018, USENIX Security Symposium.

[11]  Vitaly Shmatikov,et al.  Membership Inference Attacks Against Machine Learning Models , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[12]  Kan Yang,et al.  VerifyNet: Secure and Verifiable Federated Learning , 2020, IEEE Transactions on Information Forensics and Security.

[13]  Jean-Pierre Hubaux,et al.  Multiparty Homomorphic Encryption from Ring-Learning-with-Errors , 2021, Proc. Priv. Enhancing Technol..

[14]  Vitaly Shmatikov,et al.  How To Backdoor Federated Learning , 2018, AISTATS.

[15]  Hubert Eichner,et al.  Towards Federated Learning at Scale: System Design , 2019, SysML.

[16]  Michael Zohner,et al.  ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation , 2015, NDSS.

[17]  Alex Krizhevsky,et al.  Learning Multiple Layers of Features from Tiny Images , 2009 .

[18]  Amir Houmansadr,et al.  Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[19]  Markus Miettinen,et al.  Poisoning Attacks on Federated Learning-based IoT Intrusion Detection System , 2020, Proceedings 2020 Workshop on Decentralized IoT Systems and Security.

[20]  Ghassan O. Karame,et al.  BaFFLe: Backdoor Detection via Feedback-based Federated Learning , 2020, 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS).

[21]  Sarvar Patel,et al.  Practical Secure Aggregation for Privacy-Preserving Machine Learning , 2017, IACR Cryptol. ePrint Arch..

[22]  Jean-Pierre Hubaux,et al.  POSEIDON: Privacy-Preserving Federated Neural Network Learning , 2020, NDSS.

[23]  Siavash Bayat Sarmadi,et al.  Secure Two-Party Computation Using an Efficient Garbled Circuit by Reducing Data Transfer , 2017, ATIS.

[24]  Rachid Guerraoui,et al.  Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent , 2017, NIPS.

[25]  A. Meyer The Health Insurance Portability and Accountability Act. , 1997, Tennessee medicine : journal of the Tennessee Medical Association.

[26]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[27]  Peter Rindal,et al.  ABY3: A Mixed Protocol Framework for Machine Learning , 2018, IACR Cryptol. ePrint Arch..

[28]  Kenneth T. Co,et al.  Byzantine-Robust Federated Machine Learning through Adaptive Model Averaging , 2019, ArXiv.

[29]  Oleksandr Tkachenko,et al.  MOTION – A Framework for Mixed-Protocol Multi-Party Computation , 2022, IACR Cryptol. ePrint Arch..

[30]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[31]  SAFELearn: Secure Aggregation for private FEderated Learning (Full Version) , 2021 .

[32]  Thar Baker,et al.  VeriFL: Communication-Efficient and Fast Verifiable Aggregation for Federated Learning , 2021, IEEE Transactions on Information Forensics and Security.

[33]  Dakui Wang,et al.  EaSTFLy: Efficient and secure ternary federated learning , 2020, Comput. Secur..

[34]  S. Sagar Imambi,et al.  PyTorch , 2021, Programming with TensorFlow.

[35]  Walid Saad,et al.  Federated Learning for Ultra-Reliable Low-Latency V2V Communications , 2018, 2018 IEEE Global Communications Conference (GLOBECOM).

[36]  Tancrède Lepoint,et al.  Secure Single-Server Aggregation with (Poly)Logarithmic Overhead , 2020, IACR Cryptol. ePrint Arch..

[37]  Runhua Xu,et al.  HybridAlpha: An Efficient Approach for Privacy-Preserving Federated Learning , 2019, AISec@CCS.

[38]  Jy-yong Sohn,et al.  Communication-Computation Efficient Secure Aggregation for Federated Learning , 2020, ArXiv.

[39]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[40]  Ahmad-Reza Sadeghi,et al.  FLGUARD: Secure and Private Federated Learning , 2021, IACR Cryptol. ePrint Arch..

[41]  Vitaly Shmatikov,et al.  Exploiting Unintended Feature Leakage in Collaborative Learning , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[42]  Emiliano De Cristofaro,et al.  Knock Knock, Who's There? Membership Inference on Aggregate Location Data , 2017, NDSS.

[43]  Kannan Ramchandran,et al.  FastSecAgg: Scalable Secure Aggregation for Privacy-Preserving Federated Learning , 2020, ArXiv.

[44]  Blaise Agüera y Arcas,et al.  Communication-Efficient Learning of Deep Networks from Decentralized Data , 2016, AISTATS.

[45]  Yang Zhang,et al.  Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning , 2019, USENIX Security Symposium.

[46]  Yang Liu,et al.  BatchCrypt: Efficient Homomorphic Encryption for Cross-Silo Federated Learning , 2020, USENIX ATC.

[47]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[48]  Agustí Verde Parera,et al.  General data protection regulation , 2018 .

[49]  Marcel Keller,et al.  MP-SPDZ: A Versatile Framework for Multi-Party Computation , 2020, IACR Cryptol. ePrint Arch..

[50]  Vijay Sivaraman,et al.  Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics , 2019, IEEE Transactions on Mobile Computing.

[51]  Arpita Patra,et al.  ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation , 2020, IACR Cryptol. ePrint Arch..