Accessibility of covariance information creates vulnerability in Federated Learning frameworks

Abstract: Federated Learning approaches are becoming increasingly relevant in various fields. These approaches promise to facilitate an integrative data analysis without sharing the data, which is highly beneficial for applications with sensitive data such as healthcare. Yet, the risk of data leakage caused by malicious attacks needs to be assessed carefully. In this study, we consider a new attack route and present an algorithm that depends on being able to compute sample means, sample covariances, and construct known … Show more

“…For information that must be stored on the server side, the client is limited to sending a single number at a time to the servers to prevent attacks. Sending known numbers to the servers raises the potential threat of data leakage if the client is able to concatenate multiple known single numbers into different linearly independent vectors Huth et al [2023]. In DataSHIELD, this would be possible by sending multiple numbers to the servers using ds.sendToServer and concatenating them using ds.cbind and/or ds.rbind .…”

“…Our package adheres to the data security standards of DataSHIELD and highest security standards following a recent assessments [Huth et al, 2023], ensuring that all function outputs are in compliance with the disclosure settings that can be configured in Opal [OBiBa, 2022]. This includes measures such as preventing subsetting of data frames if the subset does not contain the minimum number of rows and prohibiting aggregations with fewer objects than the specified threshold.…”

“…Additionally, when performing federated estimation of the influence functions, it is necessary to append columns to a matrix ( ds.AppendInfluence ). However, this process enables malicious clients to append arbitrary columns to a matrix and therefore the creation of known linearly independent matrices which can cause data leakage of all data points [Huth et al, 2023]. To mitigate this risk, we implement a strategy of row-wise shuffling of data frames and matrices after appending columns.…”

“…Our software incorporates the standard DataSHIELD security measures such as validity checks on the minimum non-zero counts of observational units for, e.g., mean calculations, and the maximum number of parameters in a regression. In order to prevent attacks as described in Huth et al [2023], we additionally include further security measures tailored to the needs of the CSDID method. The implementation of these measures guarantees that the computations are carried out in a secure and confidential manner, protecting sensitive data from unauthorized access or use.…”

“…This figure has been designed using resources from Flaticon.com number of parameters in a regression. Additionally, we have included further security measures tailored to CSDID to prevent attacks as described by Huth et al [2023]. These measures ensure that computations are secure and confidential, protecting sensitive data from unauthorized access or use.…”

Privacy-preserving impact evaluation using Difference-in-Differences

“…For information that must be stored on the server side, the client is limited to sending a single number at a time to the servers to prevent attacks. Sending known numbers to the servers raises the potential threat of data leakage if the client is able to concatenate multiple known single numbers into different linearly independent vectors Huth et al [2023]. In DataSHIELD, this would be possible by sending multiple numbers to the servers using ds.sendToServer and concatenating them using ds.cbind and/or ds.rbind .…”

“…Our package adheres to the data security standards of DataSHIELD and highest security standards following a recent assessments [Huth et al, 2023], ensuring that all function outputs are in compliance with the disclosure settings that can be configured in Opal [OBiBa, 2022]. This includes measures such as preventing subsetting of data frames if the subset does not contain the minimum number of rows and prohibiting aggregations with fewer objects than the specified threshold.…”

“…Additionally, when performing federated estimation of the influence functions, it is necessary to append columns to a matrix ( ds.AppendInfluence ). However, this process enables malicious clients to append arbitrary columns to a matrix and therefore the creation of known linearly independent matrices which can cause data leakage of all data points [Huth et al, 2023]. To mitigate this risk, we implement a strategy of row-wise shuffling of data frames and matrices after appending columns.…”

“…Our software incorporates the standard DataSHIELD security measures such as validity checks on the minimum non-zero counts of observational units for, e.g., mean calculations, and the maximum number of parameters in a regression. In order to prevent attacks as described in Huth et al [2023], we additionally include further security measures tailored to the needs of the CSDID method. The implementation of these measures guarantees that the computations are carried out in a secure and confidential manner, protecting sensitive data from unauthorized access or use.…”

“…This figure has been designed using resources from Flaticon.com number of parameters in a regression. Additionally, we have included further security measures tailored to CSDID to prevent attacks as described by Huth et al [2023]. These measures ensure that computations are secure and confidential, protecting sensitive data from unauthorized access or use.…”

Privacy-preserving impact evaluation using Difference-in-Differences