SAFELearn: Secure Aggregation for private FEderated Learning

Hossein Fereidooni; Samuel Marchal; Markus Miettinen; Azalia Mirhoseini; Helen Mollering; Thien Duc Nguyen; Phillip Rieger; Ahmad Reza Sadeghi; Thomas Schneider; Hossein Yalame; Shaza Zeitouni

doi:10.1109/SPW53761.2021.00017

SAFELearn: Secure Aggregation for private FEderated Learning

Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Helen Mollering, Thien Duc Nguyen, Phillip Rieger, Ahmad Reza Sadeghi, Thomas Schneider, Hossein Yalame, Shaza Zeitouni

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

24 Citations (Scopus)

188 Downloads (Pure)

Abstract

Federated learning (FL) is an emerging distributed machine learning paradigm which addresses critical data privacy issues in machine learning by enabling clients, using an aggregation server (aggregator), to jointly train a global model without revealing their training data thereby, it improves not only privacy but is also efficient as it uses the computation power and data of potentially millions of clients for training in parallel. However, FL is vulnerable to so-called inference attacks by malicious aggregators which can infer information about clients' data from their model updates. Secure aggregation restricts the central aggregator to only learn the summation or average of the updates of clients. Unfortunately, existing protocols for secure aggregation for FL suffer from high communication, computation, and many communication rounds.In this work, we present SAFELearn, a generic design for efficient private FL systems that protects against inference attacks that have to analyze individual clients' model updates using secure aggregation. It is flexibly adaptable to the efficiency and security requirements of various FL applications and can be instantiated with MPC or FHE. In contrast to previous works, we only need 2 rounds of communication in each training iteration, do not use any expensive cryptographic primitives on clients, tolerate dropouts, and do not rely on a trusted third party. We implement and benchmark an instantiation of our generic design with secure two-party computation. Our implementation aggregates 500 models with more than 300K parameters in less than 0.5 seconds.

Original language	English
Title of host publication	Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
Publisher	IEEE
Pages	56-62
Number of pages	7
ISBN (Electronic)	9781728189345
DOIs	https://doi.org/10.1109/SPW53761.2021.00017
Publication status	Published - May 2021
MoE publication type	A4 Article in a conference publication
Event	IEEE Symposium on Security and Privacy - Virtual, Online, San Francisco, United States Duration: 24 May 2021 → 27 May 2021 Conference number: 42

Conference

Conference	IEEE Symposium on Security and Privacy
Abbreviated title	SP
Country/Territory	United States
City	San Francisco
Period	24/05/2021 → 27/05/2021

Keywords

Data Privacy
Federated Learning
Inference Attacks
Secure Computation

Access to Document

10.1109/SPW53761.2021.00017

SCI_Marchal_SAFELearn_Secure Aggregation for private FEderated LearningAccepted author manuscript, 331 KB

OpenUrl availability

Full text

Cite this

Fereidooni, H., Marchal, S., Miettinen, M., Mirhoseini, A., Mollering, H., Nguyen, T. D., Rieger, P., Sadeghi, A. R., Schneider, T., Yalame, H., & Zeitouni, S. (2021). SAFELearn: Secure Aggregation for private FEderated Learning. In Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021 (pp. 56-62). [9474309] IEEE. https://doi.org/10.1109/SPW53761.2021.00017

@inproceedings{355c79100dae4f4c80de08f15988ffed,

title = "SAFELearn: Secure Aggregation for private FEderated Learning",

abstract = "Federated learning (FL) is an emerging distributed machine learning paradigm which addresses critical data privacy issues in machine learning by enabling clients, using an aggregation server (aggregator), to jointly train a global model without revealing their training data thereby, it improves not only privacy but is also efficient as it uses the computation power and data of potentially millions of clients for training in parallel. However, FL is vulnerable to so-called inference attacks by malicious aggregators which can infer information about clients' data from their model updates. Secure aggregation restricts the central aggregator to only learn the summation or average of the updates of clients. Unfortunately, existing protocols for secure aggregation for FL suffer from high communication, computation, and many communication rounds.In this work, we present SAFELearn, a generic design for efficient private FL systems that protects against inference attacks that have to analyze individual clients' model updates using secure aggregation. It is flexibly adaptable to the efficiency and security requirements of various FL applications and can be instantiated with MPC or FHE. In contrast to previous works, we only need 2 rounds of communication in each training iteration, do not use any expensive cryptographic primitives on clients, tolerate dropouts, and do not rely on a trusted third party. We implement and benchmark an instantiation of our generic design with secure two-party computation. Our implementation aggregates 500 models with more than 300K parameters in less than 0.5 seconds. ",

keywords = "Data Privacy, Federated Learning, Inference Attacks, Secure Computation",

author = "Hossein Fereidooni and Samuel Marchal and Markus Miettinen and Azalia Mirhoseini and Helen Mollering and Nguyen, {Thien Duc} and Phillip Rieger and Sadeghi, {Ahmad Reza} and Thomas Schneider and Hossein Yalame and Shaza Zeitouni",

note = "| openaire: EC/H2020/786641/EU//SHERPA Funding Information: Acknowledgements. This project received funding from the European Research Council (ERC) under the European Union{\textquoteright}s Horizon 2020 research and innovation program (grant agreement No. 850990 PSOTI), was co-funded by the DFG — SFB 1119 CROSSING/236615297 and GRK 2050 Privacy & Trust/251805230, and by the BMBF and HMWK within ATHENE. It was partially funded by the European Commission through the SHERPA Horizon 2020 project under grant agreement No. 786641. It was partially funded by the Private AI Collaborative Research Institute (PrivateAI) established by Intel, Avast, and Borsetta. Publisher Copyright: {\textcopyright} 2021 IEEE.; IEEE Symposium on Security and Privacy, SP ; Conference date: 24-05-2021 Through 27-05-2021",

year = "2021",

month = may,

doi = "10.1109/SPW53761.2021.00017",

language = "English",

pages = "56--62",

booktitle = "Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021",

publisher = "IEEE",

address = "United States",

}

Fereidooni, H, Marchal, S, Miettinen, M, Mirhoseini, A, Mollering, H, Nguyen, TD, Rieger, P, Sadeghi, AR, Schneider, T, Yalame, H & Zeitouni, S 2021, SAFELearn: Secure Aggregation for private FEderated Learning. in Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021., 9474309, IEEE, pp. 56-62, IEEE Symposium on Security and Privacy, San Francisco, California, United States, 24/05/2021. https://doi.org/10.1109/SPW53761.2021.00017

TY - GEN

T1 - SAFELearn: Secure Aggregation for private FEderated Learning

AU - Fereidooni, Hossein

AU - Marchal, Samuel

AU - Miettinen, Markus

AU - Mirhoseini, Azalia

AU - Mollering, Helen

AU - Nguyen, Thien Duc

AU - Rieger, Phillip

AU - Sadeghi, Ahmad Reza

AU - Schneider, Thomas

AU - Yalame, Hossein

AU - Zeitouni, Shaza

N1 - Conference code: 42

PY - 2021/5

Y1 - 2021/5

N2 - Federated learning (FL) is an emerging distributed machine learning paradigm which addresses critical data privacy issues in machine learning by enabling clients, using an aggregation server (aggregator), to jointly train a global model without revealing their training data thereby, it improves not only privacy but is also efficient as it uses the computation power and data of potentially millions of clients for training in parallel. However, FL is vulnerable to so-called inference attacks by malicious aggregators which can infer information about clients' data from their model updates. Secure aggregation restricts the central aggregator to only learn the summation or average of the updates of clients. Unfortunately, existing protocols for secure aggregation for FL suffer from high communication, computation, and many communication rounds.In this work, we present SAFELearn, a generic design for efficient private FL systems that protects against inference attacks that have to analyze individual clients' model updates using secure aggregation. It is flexibly adaptable to the efficiency and security requirements of various FL applications and can be instantiated with MPC or FHE. In contrast to previous works, we only need 2 rounds of communication in each training iteration, do not use any expensive cryptographic primitives on clients, tolerate dropouts, and do not rely on a trusted third party. We implement and benchmark an instantiation of our generic design with secure two-party computation. Our implementation aggregates 500 models with more than 300K parameters in less than 0.5 seconds.

AB - Federated learning (FL) is an emerging distributed machine learning paradigm which addresses critical data privacy issues in machine learning by enabling clients, using an aggregation server (aggregator), to jointly train a global model without revealing their training data thereby, it improves not only privacy but is also efficient as it uses the computation power and data of potentially millions of clients for training in parallel. However, FL is vulnerable to so-called inference attacks by malicious aggregators which can infer information about clients' data from their model updates. Secure aggregation restricts the central aggregator to only learn the summation or average of the updates of clients. Unfortunately, existing protocols for secure aggregation for FL suffer from high communication, computation, and many communication rounds.In this work, we present SAFELearn, a generic design for efficient private FL systems that protects against inference attacks that have to analyze individual clients' model updates using secure aggregation. It is flexibly adaptable to the efficiency and security requirements of various FL applications and can be instantiated with MPC or FHE. In contrast to previous works, we only need 2 rounds of communication in each training iteration, do not use any expensive cryptographic primitives on clients, tolerate dropouts, and do not rely on a trusted third party. We implement and benchmark an instantiation of our generic design with secure two-party computation. Our implementation aggregates 500 models with more than 300K parameters in less than 0.5 seconds.

KW - Data Privacy

KW - Federated Learning

KW - Inference Attacks

KW - Secure Computation

UR - http://www.scopus.com/inward/record.url?scp=85112841136&partnerID=8YFLogxK

U2 - 10.1109/SPW53761.2021.00017

DO - 10.1109/SPW53761.2021.00017

M3 - Conference contribution

AN - SCOPUS:85112841136

SP - 56

EP - 62

BT - Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021

PB - IEEE

T2 - IEEE Symposium on Security and Privacy

Y2 - 24 May 2021 through 27 May 2021

ER -

SAFELearn: Secure Aggregation for private FEderated Learning

Abstract

Conference

Keywords

Access to Document

OpenUrl availability

Other files and links

Fingerprint

Cite this