DeepAI AI Chat
Log In Sign Up

Is Federated Learning a Practical PET Yet?

by   Franziska Boenisch, et al.

Federated learning (FL) is a framework for users to jointly train a machine learning model. FL is promoted as a privacy-enhancing technology (PET) that provides data minimization: data never "leaves" personal devices and users share only model updates with a server (e.g., a company) coordinating the distributed training. We assess the realistic (i.e., worst-case) privacy guarantees that are provided to users who are unable to trust the server. To this end, we propose an attack against FL protected with distributed differential privacy (DDP) and secure aggregation (SA). The attack method is based on the introduction of Sybil devices that deviate from the protocol to expose individual users' data for reconstruction by the server. The underlying root cause for the vulnerability to our attack is the power imbalance. The server orchestrates the whole protocol and users are given little guarantees about the selection of other users participating in the protocol. Moving forward, we discuss requirements for an FL protocol to guarantee DDP without asking users to trust the server. We conclude that such systems are not yet practical.


page 6

page 9

page 10


Blockchain-based Secure Client Selection in Federated Learning

Despite the great potential of Federated Learning (FL) in large-scale di...

How Much Privacy Does Federated Learning with Secure Aggregation Guarantee?

Federated learning (FL) has attracted growing interest for enabling priv...

Measuring Lower Bounds of Local Differential Privacy via Adversary Instantiations in Federated Learning

Local differential privacy (LDP) gives a strong privacy guarantee to be ...

When the Curious Abandon Honesty: Federated Learning Is Not Private

In federated learning (FL), data does not leave personal devices when th...

Social-Aware Clustered Federated Learning with Customized Privacy Preservation

A key feature of federated learning (FL) is to preserve the data privacy...

Shielding Federated Learning Systems against Inference Attacks with ARM TrustZone

Federated Learning (FL) opens new perspectives for training machine lear...

LightSecAgg: Rethinking Secure Aggregation in Federated Learning

Secure model aggregation is a key component of federated learning (FL) t...