1 of 8

GradSec : a TEE-based Scheme Against Federated Learning Inference Attacks

 

 

1University of Lyon, France

2LIRIS-CNRS, France

3University of Neuchâtel, Switzerland

2 of 8

Presentation & Background

2

Aghiles AIT MESSAOUD – ESI GradSec : a TEE-based Scheme Against Federated Learning Inference Attacks EuroSys’22

End-of-study project:

Privacy-preserving Federated Learning using TEE

March, 2021

September, 2021

Graduated from ESI

October, 2021

ResilientFL’21:

GradSec: a TEE-based Scheme agaisnt Federated Learning Inference Attacks

AIT MESSAOUD Aghiles,

Computer Science engineer graduated from Higher national School of Computer Science (ESI) of Algiers, Algeria,

Fields of interest: Data Science, Artificial Intelligence, Distributed systems (Blockchain),

PhD topic: TEE-based blockchains

EuroSys’22

April, 2022

Start of the PhD

3 of 8

Context

3

Customers are increasingly aware about their privacy

Learning models are increasingly fed with private data

Advent of Federated Learning (FL) to ensure privacy-preserving training

Aghiles AIT MESSAOUD – ESI GradSec : a TEE-based Scheme Against Federated Learning Inference Attacks EuroSys’22

EuroSys’22

4 of 8

Problem

4

« Malicious or compromised client»

FL model

Data/feature leakage

Problem 1: FL is vulnerable to many attacks

Problem 2: TEEs offer limited secure memory (spatial constraint) and high latency (temporal constraint)

Using TEEs

Privacy attacks

Aghiles AIT MESSAOUD – ESI GradSec : a TEE-based Scheme Against Federated Learning Inference Attacks EuroSys’22

EuroSys’22

5 of 8

Objective

5

5

Aghiles AIT MESSAOUD – ESI GradSec : a TEE-based Scheme Against Federated Learning Inference Attacks EuroSys’22

EuroSys’22

Design a TEE-based scheme to protect FL against client-side privacy attacks while dealing with TEEs limits

6 of 8

Objectives

6

Design a TEE-based scheme to protect FL against client-side privacy attacks while dealing with TEEs limits

Evaluate our approach in terms of security and overhead

6

Aghiles AIT MESSAOUD – ESI GradSec : a TEE-based Scheme Against Federated Learning Inference Attacks EuroSys’22

EuroSys’22

7 of 8

7

GradSec: Framework to secure DNN layers

TEE Enclave

 

 

 

 

 

DNN model

7

Aghiles AIT MESSAOUD – ESI GradSec : a TEE-based Scheme Against Federated Learning Inference Attacks EuroSys’22

EuroSys’22

Protecting early layers (convolutional layers) agianst DRIA

Protecting tail layers (dense layers) agianst MIA

DRIA : Data-Reconstruction Inference Attack

MIA : Membership Inference Attack

DPIA : Data-Property Inference Attack

Static GradSec

Dynamic GradSec

 

 

 

 

 

Using sliding window agianst DPIA

8 of 8

8

Thanks for your attention

Aghiles AIT MESSAOUD

Email: ga_aitmessaoud@esi.dz

Aghiles AIT MESSAOUD – ESI GradSec : a TEE-based Scheme Against Federated Learning Inference Attacks EuroSys’22