Computation and communication efficient approach for federated learning based urban sensing applications against inference attacks

Abstract

Federated learning based participatory sensing has gained much attention lately for the vital task of urban sensing due to privacy and security issues in conventional machine learning. However, inference attacks by the honest-but-curious application server or a malicious adversary can leak the personal attributes of the participants, such as their home and workplace locations, routines, and habits. Approaches proposed in the literature to prevent such information leakage, such as secure multi-party computation and homomorphic encryption, are infeasible for urban sensing applications owing to high communication and computation costs due to multiple rounds of communication between the user and the server. Moreover, for effective modeling of urban sensing phenomenon, the application model needs to be updated frequently — every few minutes or hours, resulting in periodic data-intensive updates by the participants, which severely strains the already limited resources of their mobile devices. This paper proposes a novel low-cost privacy-preserving framework for enhanced protection against the inference of participants’ personal and private attributes from the data leaked through inference attacks. We propose a novel approach of strategically leaking selected location traces by providing computation and communication-light direct (local) model updates, whereas the rest of the model updates (when the user is at sensitive locations) are provided using secure multi-party computation. We propose two new methods based on spatiotemporal entropy and Kullback–Leibler divergence for automatically deciding which model updates need to be sent through secure multi-party computation and which can be sent directly. The proposed approach significantly reduces the computation and communication overhead for participants compared to the fully secure multi-party computation protocols. It provides enhanced protection against the deduction of personal attributes from inferred location traces compared to the direct model updates by confusing the application server or malicious adversary while inferring personal attributes from location traces. Numerical experiments on the popular Geolife GPS trajectories dataset validate our proposed approach by reducing the computation and communication requirements by the participants significantly and, at the same time, enhancing privacy by decreasing the number of inferred sensitive and private locations of participants.