Privacy-preserving Mechanism Research Articles

A Reliable Aggregation Method Based on Threshold Additive Secret Sharing in Federated Learning with Quality of Service (QoS) Support

Federated learning is a decentralized privacy-preserving mechanism that allows multiple clients to collaborate without exchanging their datasets. Instead, they jointly train a model by uploading their own gradients. However, recent research has shown that attackers can use clients’ gradients to reconstruct the original training data, compromising the security of federated learning. Thus, there has been an increasing number of studies aiming to protect gradients using different techniques. One common technique is secret sharing. However, it has been shown in previous research that when using secret sharing to protect gradient privacy, the original gradient cannot be reconstructed when one share is lost or a server is damaged, causing federated learning to be interrupted. In this paper, we propose an approach that involves using additive secret sharing for federated learning gradient aggregation, making it difficult for attackers to easily access clients’ original gradients. Additionally, our proposed method ensures that any server damage or loss of gradient shares are unlikely to impact the federated learning operation, within a certain probability. We also added a membership level system, allowing members of varying levels to ultimately obtain models with different accuracy levels.

Blind Quantum Machine Learning with Quantum Bipartite Correlator.

Distributed quantum computing is a promising computational paradigm for performing computations that are beyond the reach of individual quantum devices. Privacy in distributed quantum computing is critical for maintaining confidentiality and protecting the data in the presence of untrusted computing nodes. In this Letter, we introduce novel blind quantum machine learning protocols based on the quantum bipartite correlator algorithm. Our protocols have reduced communication overhead while preserving the privacy of data from untrusted parties. We introduce robust algorithm-specific privacy-preserving mechanisms with low computational overhead that do not require complex cryptographic techniques. We then validate the effectiveness of the proposed protocols through complexity and privacy analysis. Our findings pave the way for advancements in distributed quantum computing, opening up new possibilities for privacy-aware machine learning applications in the era of quantum technologies.

Survey of Recent Results in Privacy-Preserving Mechanisms for Multi-Agent Systems

Privacy-preserving communication in cooperative control is essential for effective operations of various systems where sensitive information needs to be protected. This includes systems such as smart grids, traffic management systems, autonomous vehicle networks, healthcare systems, financial networks, and social networks. Recent privacy-preserving cooperative control literature is categorized and discussed in this paper. Advantages and disadvantages of differential privacy and encryption-based privacy-preserving protocols are described. The objective of this work is to examine and analyze existing research and knowledge related to the preservation of privacy in the context of cooperative control. This paper aims to identify and present a range of approaches, techniques, and methodologies that have been proposed or employed to address privacy concerns in multi-agent systems. It seeks to explore the current challenges, limitations, and gaps in the existing literature. It also aims to consolidate the findings from various studies to provide an overview of privacy-preserving cooperative control in multi-agent systems. The goal is to assist in the development of novel privacy-preserving mechanisms for cooperative control.

Privacy-preserving reservation model for public facilities based on public Blockchain

Ensuring fairness in the utilization of government-funded public facilities, such as co-working spaces, sports fields, and meeting rooms, is imperative to accommodate all citizens. However, meeting these requirements poses a significant challenge due to the high costs associated with maintaining digital infrastructure, employee wages, and cybersecurity expenses. Fortunately, Blockchain smart contracts present an economical and secure solution for managing digital infrastructure. They offer a pay-per-transaction schema, immutable transaction records, and role-based data updates. Despite these advantages, public blockchains raise concerns about data privacy since records are publicly readable. To address this issue, this study proposes a privacy-preserving mechanism for public facilities' reservation systems. The approach involves encrypting the reservation table with fully-homomorphic encryption (FHE). By employing FHE with binary masking and polynomial evaluation, the reservation table can be updated without decrypting the data. Consequently, citizens can discreetly book facilities without revealing their identities and eliminating the risk of overlapping schedules. The proposed system allows anyone to verify reservations without disclosing requested data and table contents. Moreover, the system operates autonomously without the need for human administration, ensuring enhanced user privacy.

Distributed Privacy-Preserving Optimization With Accumulated Noise in ADMM.

Privacy preservation for distributed optimization in multiagent systems has been widely concerned in recent years. In this article, the accumulated noise privacy-preserving alternating direction method of multipliers (ANPPM) algorithm is proposed to preserve the private information of each agent. The masked states of each agent are sent to its neighbors with a designed noise-adding mechanism, and an accumulated term is introduced to confuse the gradients at each iteration. With ANPPM, all the agents can achieve privacy preservation for the information of real states and subgradients. Moreover, the states of all the agents can be guaranteed to converge to the optimal solution. The convergence rate of O(1/k) is consistent with standard ADMM, hence no adverse effect is induced by the privacy-preserving mechanism. Numerical results are provided to validate the effectiveness of the proposed ANPPM algorithm.

Secure-by-Design Real-Time Internet of Medical Things Architecture: e-Health Population Monitoring (RTPM)

The healthcare sector has undergone a profound transformation, owing to the influential role played by Internet of Medical Things (IoMT) technology. However, there are substantial concerns over these devices’ security and privacy-preserving mechanisms. The current literature on IoMT tends to focus on specific security features, rather than wholistic security concerning Confidentiality, Integrity, and Availability (CIA Triad), and the solutions are generally simulated and not tested in a real-world network. The proposed innovative solution is known as Secure-by-Design Real-Time IoMT Architecture for e-Health Population Monitoring (RTPM) and it can manage keys at both ends (IoMT device and IoMT server) to maintain high privacy standards and trust during the monitoring process and enable the IoMT devices to run safely and independently even if the server is compromised. However, the session keys are controlled by the trusted IoMT server to lighten the IoMT devices’ overheads, and the session keys are securely exchanged between the client system and the monitoring server. The proposed RTPM focuses on addressing the major security requirements for an IoMT system, i.e., the CIA Triad, and conducts device authentication, protects from Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, and prevents non-repudiation attacks in real time. A self-healing solution during the network failure of live e-health monitoring is also incorporated in RTPM. The robustness and stress of the system are tested with different data types and by capturing live network traffic. The system’s performance is analysed using different security algorithms with different key sizes of RSA (1024 to 8192 bits), AES (128 to 256 bits), and SHA (256 bits) to support a resource-constraint-powered system when integrating with resource-demanding secure parameters and features. In the future, other security features like intrusion detection and prevention and the user’s experience and trust level of such a system will be tested.

Differential Privacy-Preserving IoT Data Sharing Through Enhanced PSO

ABSTRACT With the proliferation of Internet of Things (IoT) devices and the generation of massive amounts of sensitive data, preserving privacy while enabling data sharing has become a critical concern. In this research, we propose a novel approach for achieving differential privacy in IoT data sharing through an improved Particle Swarm Optimization (PSO) algorithm. Our objective is to find the optimal configuration of privacy-preserving mechanisms that maximizes privacy while maintaining data utility. The research begins with a comprehensive overview of differential privacy in IoT data sharing, highlighting the limitations of existing optimization algorithms. We then present our proposed improvements to the traditional PSO algorithm, including the design of a suitable fitness function, the use of a dynamic inertia weight, exploration of different neighborhood topologies, and adaptive acceleration coefficients. We define a set of performance metrics, including privacy metrics (e.g. ε-differential privacy parameter) and utility measures (e.g. accuracy, utility loss), to assess the algorithm’s effectiveness. The results of our experiments demonstrate that the improved PSO algorithm achieves higher privacy guarantees while maintaining competitive levels of data utility compared to existing approaches. The proposed algorithm exhibits faster convergence, better exploration of the search space, and improved scalability. Our research contributes to the field of privacy-preserving IoT data sharing by providing an efficient and effective optimization algorithm that enables secure and privacy-aware data sharing while facilitating valuable insights and analysis.

A review of privacy-preserving research on federated graph neural networks

Graph neural networks are widely employed in diverse domains; however, they confront the peril of privacy infringement. To address this concern, federated learning emerges as a privacy-preserving approach that avoids sharing data for model training, effectively resolving the issue of privacy leakage in graph neural networks. The rapid advancement of federated neural networks has spurred the demand for more potent tools to enhance model performance owing to the concealed correlation information amongst federated learning participants. However, the structural attributes of federated graph neural networks render them vulnerable to inference attacks, reconstruction attacks, inversion attacks, and the like, potentially endangering privacy. This study delves into the intricacies of privacy-preserving within federated graph neural networks. Firstly, it introduces the architecture and variants of federated graph neural networks, analyzes the privacy risks encountered by these networks from four perspectives, and elucidates three primary attack methods. In accordance with the privacy-preserving mechanism of federated graph neural networks, it summarizes the privacy-preserving techniques and synthesizes the existing strategies from four perspectives: encryption methods, perturbation methods, anonymization, and hybrid methods. Furthermore, it summarily presents the prevailing framework for preserving privacy in neural networks. Ultimately, this paper examines the challenges and outlines future research directions pertaining to federated graph neural network technology.

Selective privacy-preserving framework for large language models fine-tuning

Fine-tuning pre-trained large language models (LLMs) helps various downstream tasks, but brings serious privacy leaks when relying on large amounts of data for training. Differentially private stochastic gradient descent (DPSGD) has been designed to introduce noise during model updates to prevent privacy leaks. Nevertheless, fine-tuning LLMs via DPSGD limits the model utility since heavy perturbations are introduced on large high-dimensional gradients. Besides, existing privacy-preserving mechanisms directly perturb all tokens of the input sentences, which are too pessimistic to achieve good model performance. Therefore, this paper researches a selective privacy-preserving framework for fine-tuning LLMs. We propose a first-of-its-kind privacy notion called selective sequence local differential privacy (S-SeqLDP), which provides guarantees of indistinguishability only for the secret part of the sequences. Furthermore, we design a novel framework called SLDP-FT that enables S-SeqLDP-compliant large language model fine-tuning by perturbing the forward-pass embeddings with selective noises. We innovatively investigate the privacy forward weight that determines the noise magnitude of achieving selective privacy protection. Extensive experiments on three tasks demonstrate that our SLDP-FT achieves better model accuracy than state-of-the-art techniques when providing the same level of privacy protection.

FedQV: Leveraging Quadratic Voting in Federated Learning

Federated Learning (FL) permits different parties to collaboratively train a global model without disclosing their respective local labels. A crucial step of FL, that of aggregating local models to produce the global one, shares many similarities with public decision-making, and elections in particular. In that context, a major weakness of FL, namely its vulnerability to poisoning attacks, can be interpreted as a consequence of the one person one vote (henceforth 1p1v) principle that underpins most contemporary aggregation rules. In this paper, we introduce FedQV, a novel aggregation algorithm built upon the quadratic voting, recently proposed as a better alternative to 1p1v-based elections. Our theoretical analysis establishes that FedQV is a truthful mechanism in which bidding according to one's true valuation is a dominant strategy that achieves a convergence rate matching that of state-of-the-art methods. Furthermore, our empirical analysis using multiple real-world datasets validates the superior performance of FedQV against poisoning attacks. It also shows that combining FedQV with unequal voting "budgets'' according to a reputation score increases its performance benefits even further. Finally, we show that FedQV can be easily combined with Byzantine-robust privacy-preserving mechanisms to enhance its robustness against both poisoning and privacy attacks. This extended abstract is an abridged version of [3].

FedGODE: Secure traffic flow prediction based on federated learning and graph ordinary differential equation networks

Traffic flow prediction (TFP) plays a key role in optimizing intelligent transportation systems and reducing congestion in smart cities. However, current centralized TFP systems suffer from several limitations: limited adaptability to localized traffic patterns, privacy concerns associated with sharing raw data, inability to provide real-time predictions, network inefficiency due to large data transmissions, and difficulties in handling heterogeneous traffic environments. FedGODE (Federated Graph Ordinary Differential Equations) model offers a comprehensive solution to these issues. By employing federated learning (FL), FedGODE enables Roadside-Units (local clients) to contribute to the model training process, addressing challenges of localized traffic patterns and ensuring a more accurate representation of diverse scenarios. FedGODE incorporates privacy-preserving mechanisms (local differential privacy, homomorphic encryption, and secure aggregation), mitigating privacy concerns. FedGODE facilitates real-time updates to the global model, ensuring adaptability to dynamic traffic conditions while reducing network inefficiencies by transmitting only model updates. FedGODE utilizes (average/median) aggregation methods to aggregate the client’s local updates. The performance of FedGODE was evaluated using six real-world traffic flow datasets and compared against nine baselines (ARIMA, VAR, FC-LSTM, STGCN, DCRNN, ASTGCN, Graph WaveNet, STG2seq, STGODE, and FedGRU). The results showed that FedGODE outperforms all baselines for short-and-long-term prediction. This approach makes FedGODE an effective solution for TFP scenarios, particularly in environments with heterogeneous traffic dynamics and privacy considerations.

FedQV: Leveraging Quadratic Voting in Federated Learning

Federated Learning (FL) permits different parties to collaboratively train a global model without disclosing their respective local labels. A crucial step of FL, that of aggregating local models to produce the global one, shares many similarities with public decision-making, and elections in particular. In that context, a major weakness of FL, namely its vulnerability to poisoning attacks, can be interpreted as a consequence of the one person one vote (henceforth 1p1v) principle that underpins most contemporary aggregation rules. In this paper, we introduce FedQV, a novel aggregation algorithm built upon the quadratic voting scheme, recently proposed as a better alternative to 1p1v-based elections. Our theoretical analysis establishes that FedQV is a truthful mechanism in which bidding according to one's true valuation is a dominant strategy that achieves a convergence rate matching that of state-of-the-art methods. Furthermore, our empirical analysis using multiple real-world datasets validates the superior performance of FedQV against poisoning attacks. It also shows that combining FedQV with unequal voting "budgets'' according to a reputation score increases its performance benefits even further. Finally, we show that FedQV can be easily combined with Byzantine-robust privacy-preserving mechanisms to enhance its robustness against both poisoning and privacy attacks.

Balancing privacy and performance in federated learning: A systematic literature review on methods and metrics

Federated learning (FL) as a novel paradigm in Artificial Intelligence (AI), ensures enhanced privacy by eliminating data centralization and brings learning directly to the edge of the user's device. Nevertheless, new privacy issues have been raised particularly during training and the exchange of parameters between servers and clients. While several privacy-preserving FL solutions have been developed to mitigate potential breaches in FL architectures, their integration poses its own set of challenges. Incorporating these privacy-preserving mechanisms into FL at the edge computing level can increase both communication and computational overheads, which may, in turn, compromise data utility and learning performance metrics. This paper provides a systematic literature review on essential methods and metrics to support the most appropriate trade-offs between FL privacy and other performance-related application requirements such as accuracy, loss, convergence time, utility, communication, and computation overhead. We aim to provide an extensive overview of recent privacy-preserving mechanisms in FL used across various applications, placing a particular focus on quantitative privacy assessment approaches in FL and the necessity of achieving a balance between privacy and the other requirements of real-world FL applications. This review collects, classifies, and discusses relevant papers in a structured manner, emphasizing challenges, open issues, and promising research directions.

Lightweight, Trust-Managing, and Privacy-Preserving Collaborative Intrusion Detection for Internet of Things

This research introduces a comprehensive collaborative intrusion detection system (CIDS) framework aimed at bolstering the security of Internet of Things (IoT) environments by synergistically integrating lightweight architecture, trust management, and privacy-preserving mechanisms. The proposed hierarchical architecture spans edge, fog, and cloud layers, ensuring efficient and scalable collaborative intrusion detection. Trustworthiness is established through the incorporation of distributed ledger technology (DLT), leveraging blockchain frameworks to enhance the reliability and transparency of communication among IoT devices. Furthermore, the research adopts federated learning (FL) techniques to address privacy concerns, allowing devices to collaboratively learn from decentralized data sources while preserving individual data privacy. Validation of the proposed approach is conducted using the CICIoT2023 dataset, demonstrating its effectiveness in enhancing the security posture of IoT ecosystems. This research contributes to the advancement of secure and resilient IoT infrastructures, addressing the imperative need for lightweight, trust-managing, and privacy-preserving solutions in the face of evolving cybersecurity challenges. According to our experiments, the proposed model achieved an average accuracy of 97.65%, precision of 97.65%, recall of 100%, and F1-score of 98.81% when detecting various attacks on IoT systems with heterogeneous devices and networks. The system is a lightweight system when compared with traditional intrusion detection that uses centralized learning in terms of network latency and memory consumption. The proposed system shows trust and can keep private data in an IoT environment.

DPGazeSynth: Enhancing eye-tracking virtual reality privacy with differentially private data synthesis

As spatial computing devices increasingly integrate eye-tracking technology to enhance virtual reality (VR) experiences, the imperative to protect sensitive eye-tracking data against privacy risks, such as user re-identification, has become more pressing. Existing privacy-preserving mechanisms face challenges in balancing the dual demands of privacy and utility in the context of VR applications. This paper presents DPGazeSynth, a novel framework designed to fortify privacy protections while ensuring the utility of eye-tracking data. DPGazeSynth addresses the unique requirements of gaze path synthesis, especially the differentiation between fixations and saccades. Our approach introduces a semi-synthetic method based on the Markov Chain model to accurately maintain data correlations for analytical tasks. We demonstrate that DPGazeSynth provides robust differential privacy guarantees, and our comprehensive experiments on two real-world datasets validate its effectiveness in safeguarding against re-identification attacks. The results showcase DPGazeSynth's better performance over existing solutions like Kalεido and establish its potential as a reliable foundation for future research aimed at reconciling privacy concerns with the demands of complex trajectory data analysis in eye-tracking applications.

Privacy-Preserving Data Sharing Platform

In today's data-driven healthcare landscape, the secure sharing of sensitive medical information is essential for improving patient care, facilitating medical research, and advancing healthcare outcomes. However, ensuring the integrity, confidentiality, and privacy of patient data poses significant challenges, particularly in the context of big data environments. This presents a comprehensive framework for privacy-preserving data sharing in healthcare, leveraging a combination of cryptographic techniques, encryption, and secure computation protocols. The framework encompasses various privacy-preserving mechanisms, including Differential Privacy with Data Perturbation, Secure Multi-Party Computation (SMPC), and Homomorphic Encryption, to protect sensitive healthcare data from unauthorized access and disclosure. By implementing state-of-the-art privacy-preserving techniques, the framework aims to enable secure data sharing among multiple parties while complying with regulatory requirements such as HIPAA and GDPR. Additionally, the paper discusses the project scope, which includes cryptography, encryption, decryption, integrity, confidentiality, privacy, policies, procedures, security, and secure data sharing infrastructure. The proposed framework provides a practical solution for healthcare organizations and research institutions to collaborate on data-driven initiatives while safeguarding patient privacy and maintaining trust. Evaluation of the framework's effectiveness and performance metrics is conducted to validate its feasibility and efficacy in real-world healthcare settings. Keywords: Privacy-preserving data sharing, Differential Privacy, Data Perturbation, Secure Multi-Party Computation (SMPC)

Dynamic Object Detection in Surveillance Videos using Temporal Convolutional Networks and Federated Learning in Edge Computing Environments

This research addresses the importance of advancing dynamic object detection in surveillance videos by introducing a novel framework that integrates Temporal Convolutional Networks (TCNs) and Federated Learning (FL) within edge computing environments. This research is motivated by the critical need for real-time threat response, enhanced security measures, and privacy preservation in dynamic surveillance scenarios. Leveraging TCNs, the system captures temporal dependencies, providing a comprehensive understanding of object movements. FL ensures decentralized model training, mitigating privacy concerns associated with centralized approaches. Current challenges in real-time processing, privacy preservation, and adaptability to dynamic environments are addressed through innovative solutions. Model optimization techniques optimize TCN efficiency, ensuring real-time processing. Advanced privacy-preserving mechanisms secure FL, addressing privacy concerns. Transfer learning and data augmentation enhance adaptability to dynamic scenarios. The proposed system not only addresses existing challenges but also contributes to the evolution of surveillance technology. Comprehensive metrics, including accuracy, sensitivity, specificity, and real-time processing metrics, provide a thorough evaluation of the system's performance. This research introduces an approach to dynamic object detection, combining TCN and FL in edge computing environments. Results show accuracy exceeding 97%, sensitivity and specificity at 97% and 98%, and F1 score reaching 96%.

Fostering Trustworthiness in Machine Learning Algorithms

Recent years have seen a surge in research that develops and applies machine learning algorithms to create intelligent learning systems. However, traditional machine learning algorithms have primarily focused on optimizing accuracy and efficiency, and they often fail to consider how to foster trustworthiness in their design. As a result, machine learning models usually face a trust crisis in real-world applications. Driven by these urgent concerns about trustworthiness, in this talk, I will introduce my research efforts towards the goal of making machine learning trustworthy. Specifically, I will delve into the following key research topics: security vulnerabilities and robustness, model explanations, and privacy-preserving mechanisms.

Privacy-preserving data integration and sharing in multi-party IoT environments: An entity embedding perspective

The increasing prevalence of IoT applications highlights the urgency for insightful data fusion and information acquisition, boosting data integration and sharing needs. However, challenges arise in multi-party data sharing due to inherent data heterogeneity and privacy concerns. To address these issues, this paper discusses the feasibility of using embedding vectors as the semantic representation, aiming to enhance interoperability across diverse data sources and lay the foundation for natural language-based data querying. At the specific method level, this paper proposes an improved entity tree embedding algorithm to reduce information loss and ameliorate the representation of entity semantics. Additionally, a privacy preservation mechanism based on the entity embedding approach is introduced to provide privacy protection for text-based data. Experimental results on address data demonstrate the mechanism’s efficacy in achieving privacy protection comparable to the widely adopted 2D Laplace plane noise method. Furthermore, incorporating the entity tree embedding into the privacy mechanism could yield more robust and reasonable results regarding location privacy and service quality, signifying the validity of the entity embedding results.

A Blockchain-based federated learning framework for secure aggregation and fair incentives

Federated Learning (FL) has gained prominence as a machine learning framework incorporating privacy-preserving mechanisms. However, challenges such as poisoning attacks and free rider attacks underscore the need for advanced security measures. Therefore, this paper proposes a novel framework that integrates federated learning with blockchain technology to facilitate secure model aggregation and fair incentives in untrustworthy environments. The framework designs a reputation evaluation method using quality as an indicator, and a consensus method based on reputation feedback. The trustworthiness of nodes is dynamically assessed to achieve an efficient and trustworthy model aggregation process while avoiding reputation monopolisation. Furthermore, the paper defines a tailored contribution calculation process for nodes in different roles in an untrusted environment. A reward and punishment scheme based on the joint constraints of contribution and reputation is proposed to attract highly qualified workers to actively participate in federated learning tasks. Theoretical analysis and simulation experiments demonstrate the framework's ability to maintain efficient and secure aggregation under a certain degree of attack while achieving fair incentives for each role node with significantly reduced consensus consumption.