Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling

Andreas Athanasiou; Kangsoo Jung; Catuscia Palamidessi

doi:10.1145/3658644.3691411

Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling

Andreas Athanasiou
, Kangsoo Jung
, Catuscia Palamidessi

INRIA

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients’ model updates, preventing the central server from inferring information about each client’s model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.

Original language	English
Title of host publication	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	5036-5038
Number of pages	3
ISBN (Electronic)	9798400706363
DOIs	https://doi.org/10.1145/3658644.3691411
Publication status	Published - 9 Dec 2024
Externally published	Yes
Event	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 - Salt Lake City, United States Duration: 14 Oct 2024 → 18 Oct 2024

Publication series

Name	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024
Country/Territory	United States
City	Salt Lake City
Period	14/10/24 → 18/10/24

Keywords

Federated Learning
Shuffling
Source Inference Attack
Unary Encoding

Access to Document

10.1145/3658644.3691411

Cite this

Athanasiou, A., Jung, K., & Palamidessi, C. (2024). Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (pp. 5036-5038). (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3658644.3691411

Athanasiou, Andreas ; Jung, Kangsoo ; Palamidessi, Catuscia. / Poster : Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. pp. 5036-5038 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

@inproceedings{a43fdb71b3774425912499f7073a68e9,

title = "Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling",

abstract = "Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients{\textquoteright} model updates, preventing the central server from inferring information about each client{\textquoteright}s model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.",

keywords = "Federated Learning, Shuffling, Source Inference Attack, Unary Encoding",

author = "Andreas Athanasiou and Kangsoo Jung and Catuscia Palamidessi",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 ; Conference date: 14-10-2024 Through 18-10-2024",

year = "2024",

month = dec,

day = "9",

doi = "10.1145/3658644.3691411",

language = "English",

series = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "5036--5038",

booktitle = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

}

Athanasiou, A, Jung, K & Palamidessi, C 2024, Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. in CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 5036-5038, 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, Salt Lake City, United States, 14/10/24. https://doi.org/10.1145/3658644.3691411

Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. / Athanasiou, Andreas; Jung, Kangsoo; Palamidessi, Catuscia.
CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. p. 5036-5038 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Poster

T2 - 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024

AU - Athanasiou, Andreas

AU - Jung, Kangsoo

AU - Palamidessi, Catuscia

PY - 2024/12/9

Y1 - 2024/12/9

N2 - Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients’ model updates, preventing the central server from inferring information about each client’s model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.

AB - Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients’ model updates, preventing the central server from inferring information about each client’s model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.

KW - Federated Learning

KW - Shuffling

KW - Source Inference Attack

KW - Unary Encoding

UR - https://www.scopus.com/pages/publications/85215509220

U2 - 10.1145/3658644.3691411

DO - 10.1145/3658644.3691411

M3 - Conference contribution

AN - SCOPUS:85215509220

T3 - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

SP - 5036

EP - 5038

BT - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 14 October 2024 through 18 October 2024

ER -

Athanasiou A, Jung K, Palamidessi C. Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2024. p. 5036-5038. (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3658644.3691411

Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this