13 research outputs found
FedML-HE: An Efficient Homomorphic-Encryption-Based Privacy-Preserving Federated Learning System
Federated Learning trains machine learning models on distributed devices by
aggregating local model updates instead of local data. However, privacy
concerns arise as the aggregated local models on the server may reveal
sensitive personal information by inversion attacks. Privacy-preserving
methods, such as homomorphic encryption (HE), then become necessary for FL
training. Despite HE's privacy advantages, its applications suffer from
impractical overheads, especially for foundation models. In this paper, we
present FedML-HE, the first practical federated learning system with efficient
HE-based secure model aggregation. FedML-HE proposes to selectively encrypt
sensitive parameters, significantly reducing both computation and communication
overheads during training while providing customizable privacy preservation.
Our optimized system demonstrates considerable overhead reduction, particularly
for large foundation models (e.g., ~10x reduction for ResNet-50, and up to ~40x
reduction for BERT), demonstrating the potential for scalable HE-based FL
deployment
Kick Bad Guys Out! Zero-Knowledge-Proof-Based Anomaly Detection in Federated Learning
Federated learning (FL) systems are vulnerable to malicious clients that
submit poisoned local models to achieve their adversarial goals, such as
preventing the convergence of the global model or inducing the global model to
misclassify some data. Many existing defense mechanisms are impractical in
real-world FL systems, as they require prior knowledge of the number of
malicious clients or rely on re-weighting or modifying submissions. This is
because adversaries typically do not announce their intentions before
attacking, and re-weighting might change aggregation results even in the
absence of attacks. To address these challenges in real FL systems, this paper
introduces a cutting-edge anomaly detection approach with the following
features: i) Detecting the occurrence of attacks and performing defense
operations only when attacks happen; ii) Upon the occurrence of an attack,
further detecting the malicious client models and eliminating them without
harming the benign ones; iii) Ensuring honest execution of defense mechanisms
at the server by leveraging a zero-knowledge proof mechanism. We validate the
superior performance of the proposed approach with extensive experiments
FedMLSecurity: A Benchmark for Attacks and Defenses in Federated Learning and LLMs
This paper introduces FedMLSecurity, a benchmark that simulates adversarial
attacks and corresponding defense mechanisms in Federated Learning (FL). As an
integral module of the open-sourced library FedML that facilitates FL algorithm
development and performance comparison, FedMLSecurity enhances the security
assessment capacity of FedML. FedMLSecurity comprises two principal components:
FedMLAttacker, which simulates attacks injected into FL training, and
FedMLDefender, which emulates defensive strategies designed to mitigate the
impacts of the attacks. FedMLSecurity is open-sourced 1 and is customizable to
a wide range of machine learning models (e.g., Logistic Regression, ResNet,
GAN, etc.) and federated optimizers (e.g., FedAVG, FedOPT, FedNOVA, etc.).
Experimental evaluations in this paper also demonstrate the ease of application
of FedMLSecurity to Large Language Models (LLMs), further reinforcing its
versatility and practical utility in various scenarios
Secure Publish-Process-Subscribe System for Dispersed Computing
Publish-subscribe protocols enable real-time multi-point-to-multi-point communications for many dispersed computing systems like Internet of Things (IoT) applications. Recent interest has focused on adding processing to such publish-subscribe protocols to enable computation over real-time streams such that the protocols can provide functionalities such as sensor fusion, compression, and other statistical analysis on raw sensor data. However, unlike pure publish-subscribe protocols, which can be easily deployed with end-to-end transport layer encryption, it is challenging to ensure security in such publish-process-subscribe protocols when the processing is carried out on an untrusted third party. In this work, we present XYZ, a secure publish-process-subscribe system that can preserve the confidentiality of computations and support multi-publisher-multi-subscriber settings. Within XYZ, we design two distinct schemes: the first using Yao\u27s garbled circuits (the GC-Based Scheme) and the second using homomorphic encryption with proxy re-encryption (the Proxy-HE Scheme). We build implementations of the two schemes as an integrated publish-process-subscribe system. We evaluate our system on several functions and also demonstrate real-world applications. The evaluation shows that the GC-Based Scheme can finish most tasks two orders of magnitude times faster than the Proxy-HE Scheme while Proxy-HE can still securely complete tasks within an acceptable time for most functions but with a different security assumption and a simpler system structure
P3V: Privacy-Preserving Path Validation System for Multi-Authority Sliced Networks
In practical operational networks, it is essential to validate path integrity, especially when untrusted intermediate nodes are from numerous network infrastructures operated by several network authorities. Current solutions often reveal the entire path to all parties involved, which may potentially expose the network structures to malicious intermediate attackers. Additionally, there is no prior work done to provide a systematic approach combining the complete lifecycle of packet delivery, i.e., path slicing, path validation and path rerouting, leaving these highly-intertwined modules completely separated. In this work, we present a decentralized privacy-preserving path validation system 3 that integrates our novel path validation protocol with an efficient path slicing algorithm and a malice-resilient path rerouting mechanism. Specifically, leveraging Non-Interactive Zero-Knowledge proofs, our path validation protocol XOR-Hash-NIZK protects the packet delivery tasks against information leakage about multi-hop paths and potentially the underlying network infrastructures. We implemented and evaluated our system on a state-of-the-art 5G Dispersed Computing Testbed simulating a multi-authority network. Our results show that while preserving the privacy of paths and nodes and enhancing the security of network service, our system optimizes the performance trade-off between network service quality and security/privacy