Securing Secure Aggregation: Mitigating Multi-Round Privacy Leakage in Federated Learning

So, Jinhyun; Ali, Ramy E.; Güler, Başak; Jiao, Jiantao; Avestimehr, Salman

doi:10.48550/arxiv.2106.03328

Cited by 9 publications

(26 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, FedBuff [90] and LightSecAgg [91] allow asynchronous aggregation of which the security can be enhanced by integrating existing PPAgg protocols. In a recent work [92], the authors point out that even with the aforementioned privacy-preserving aggregation protocols, the multiple-round FL training may lead to severe information leakages due to the dynamic user participation. As shown in Figure 3, user u 1 , u 2 , u 3 participate in round t, and user u 1 , u 2 participate in round t + 1.…”

Section: Masking-based Aggregationmentioning

confidence: 99%

Privacy-Preserving Aggregation in Federated Learning: A Survey

Liu¹,

Guo²,

Yang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Over the recent years, with the increasing adoption of Federated Learning (FL) algorithms and growing concerns over personal data privacy, Privacy-Preserving Federated Learning (PPFL) has attracted tremendous attention from both academia and industry. Practical PPFL typically allows multiple participants to individually train their machine learning models, which are then aggregated to construct a global model in a privacy-preserving manner. As such, Privacy-Preserving Aggregation (PPAgg) as the key protocol in PPFL has received substantial research interest. This survey aims to fill the gap between a large number of studies on PPFL, where PPAgg is adopted to provide a privacy guarantee, and the lack of a comprehensive survey on the PPAgg protocols applied in FL systems. In this survey, we review the PPAgg protocols proposed to address privacy and security issues in FL systems. The focus is placed on the construction of PPAgg protocols with an extensive analysis of the advantages and disadvantages of these selected PPAgg protocols and solutions. Additionally, we discuss the open-source FL frameworks that support PPAgg. Finally, we highlight important challenges and future research directions for applying PPAgg to FL systems and the combination of PPAgg with other technologies for further security improvement.

show abstract

Section: Masking-based Aggregationmentioning

confidence: 99%

Privacy-Preserving Aggregation in Federated Learning: A Survey

Liu¹,

Guo²,

Yang³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…There are protection schemes such as cryptography solutions [33], [34] and the use of trusted execution environments [35], [36] for secure aggregation. However, cryptography solutions have a significant performance overhead and they are not scalable to systems with many edge devices.…”

Section: Mitigation Possibilitiesmentioning

confidence: 99%

Attribute Inference Attack of Speech Emotion Recognition in Federated Learning Settings

Feng¹,

Hashemi²,

Hebbar³

et al. 2021

Preprint

View full text Add to dashboard Cite

Speech emotion recognition (SER) processes speech signals to detect and characterize expressed perceived emotions. Many SER application systems often acquire and transmit speech data collected at the client-side to remote cloud platforms for inference and decision making. However, speech data carry rich information not only about emotions conveyed in vocal expressions, but also other sensitive demographic traits such as gender, age and language background. Consequently, it is desirable for SER systems to have the ability to classify emotion constructs while preventing unintended/improper inferences of sensitive and demographic information. Federated learning (FL) is a distributed machine learning paradigm that coordinates clients to train a model collaboratively without sharing their local data. This training approach appears secure and can improve privacy for SER. However, recent works have demonstrated that FL approaches are still vulnerable to various privacy attacks like reconstruction attacks and membership inference attacks. Although most of these have focused on computer vision applications, such information leakages exist in the SER systems trained using the FL technique. To assess the information leakage of SER systems trained using FL, we propose an attribute inference attack framework that infers sensitive attribute information of the clients from shared gradients or model parameters, corresponding to the FedSGD and the FedAvg training algorithms, respectively. As a use case, we empirically evaluate our approach for predicting the client's gender information using three SER benchmark datasets: IEMOCAP, CREMA-D, and MSP-Improv. We show that the attribute inference attack is achievable for SER systems trained using FL. We further identify that most information leakage possibly comes from the first layer in the SER model.

show abstract

“…While the privacy of the users is protected in each single round, the server can reconstruct an individual model from the aggregated models over multiple rounds of aggregation. Specifically, as a result of the client sampling strategy and the users dropouts, the server may be able to recover an individual model by exploiting the history of the aggregate models [205], [206]. This problem was studied for the first time in [206] which Challenges and open problems in private information retrieval:…”

Section: Secure Model Aggregation In Federated Learningmentioning

confidence: 99%

“…Specifically, as a result of the client sampling strategy and the users dropouts, the server may be able to recover an individual model by exploiting the history of the aggregate models [205], [206]. This problem was studied for the first time in [206] which Challenges and open problems in private information retrieval:…”

Section: Secure Model Aggregation In Federated Learningmentioning

confidence: 99%

“…• Secure aggregation and multi-round secure aggregation: There are many open problems related to the multi-round secure aggregation problem introduced in [206]. While the secure aggregation protocols are believed to protect the privacy the of the individual users, it is not clear whether such protocols ensure privacy in the information-theoretic sense.…”

Section: Secure Model Aggregation In Federated Learningmentioning

confidence: 99%

See 1 more Smart Citation

Private Retrieval, Computing and Learning: Recent Progress and Future Challenges

Ulukuş¹,

Avestimehr²,

Gastpar³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Most of our lives are conducted in the cyberspace. The human notion of privacy translates into a cyber notion of privacy on many functions that take place in the cyberspace. This article focuses on three such functions: how to privately retrieve information from cyberspace (privacy in information retrieval), how to privately leverage large-scale distributed/parallel processing (privacy in distributed computing), and how to learn/train machine learning models from private data spread across multiple users (privacy in distributed (federated) learning). The article motivates each privacy setting, describes the problem formulation, summarizes breakthrough results in the history of each problem, and gives recent results and discusses some of the major ideas that emerged in each field. In addition, the crosscutting techniques and interconnections between the three topics are discussed along with a set of open problems and challenges. I. INTRODUCTIONPrivacy is an important part of human life. This article considers privacy in the context of three distinct but related engineering applications, namely, privacy in retrieving information, privacy in computing functions, and privacy in learning. In the first sub-topic of private information retrieval, a user wishes to download a content from publicly accessible databases in such a way that the databases do not learn which particular content the user has downloaded. Towards that goal, the user creates ambiguity by its actions during the download. This strategy prevents databases from guessing which content the user has downloaded. This in turn preserves the user's privacy because what is downloaded leaks information about interest and intent on the part of the user. In the second sub-topic of private computing, a user wishes to compute a function but

show abstract

Securing Secure Aggregation: Mitigating Multi-Round Privacy Leakage in Federated Learning

Cited by 9 publications

References 24 publications

Privacy-Preserving Aggregation in Federated Learning: A Survey

Privacy-Preserving Aggregation in Federated Learning: A Survey

Attribute Inference Attack of Speech Emotion Recognition in Federated Learning Settings

Private Retrieval, Computing and Learning: Recent Progress and Future Challenges

Contact Info

Product

Resources

About