一种保护数据隐私的匿名路由联邦学习框架

doi:10.3969/j.issn.1671-1122.2025.03.011

摘要/Abstract

摘要：

联邦学习作为一种分布式机器学习框架，能够在不共享训练数据的前提下，实现多方参与者协同训练全局模型，从而有效确保客户端数据隐私安全。然而，联邦学习仍面临模型参数泄露风险和通信过程中的身份隐私威胁。针对上述问题，文章提出一种保护数据隐私的匿名路由联邦学习框架（SecFL），旨在确保联邦学习模型中的参数安全与可信传输。SecFL设计了一种组配对洋葱路由协议，基于配对的密码学对数据进行分层加密，并引入“组”的概念，使组内所有节点能够解密相应层，从而在保证消息机密性和安全性的同时提升系统匿名性。实验结果表明，SecFL在匿名路由性能与安全防护效果方面均显著优于传统方案。相较于洋葱路由和广播匿名路由，SecFL在更短时间内使消息传递率达到100%，源节点和目的节点的匿名性分别提升了3.9%和1.9%。在50%节点遭受攻击的情况下，路径匿名性指标最多提升了24.8%。此外，SecFL框架在联邦学习中的收敛性能也较好。

关键词: 联邦学习, 洋葱路由, 匿名通信, 隐私保护

Abstract:

Federated learning is a distributed machine learning framework that enables multiple participants to collaboratively train a global model without sharing their training data, thereby effectively protecting client data privacy. However, federated learning still faces risks related to model parameter leakage and identity privacy during communication. To address these issues, an anonymous routing federated learning framework for data privacy protection (SecFL) was designed, aimed at ensuring the secure and trustworthy transmission of model parameters in federated learning. SecFL introduced a novel group-pairing the onion router protocol, which used pairing cryptography to encrypt data layer by layer and incorporated the concept of “groups”, allowing all nodes within a group to decrypt the corresponding layer. This not only ensured the confidentiality and security of messages, but also enhanced system anonymity. Experimental results show that compared to the classic onion router and broadcast anonymous routing anonymous routing systems, SecFL achieves a 100% message delivery rate in a shorter time. The anonymity of the source and destination nodes is improved by up to 3.9% and 1.9%, respectively. The path anonymity can be increased by up to 24.8% when half of the nodes are compromised. Additionally, the SecFL framework demonstrates excellent convergence performance in federated learning.

Key words: federated learning, the onion router, anonymous communication, privacy protection

中图分类号:

TP309

李佳东, 曾海涛, 彭莉, 汪晓丁. 一种保护数据隐私的匿名路由联邦学习框架[J]. 信息网络安全, 2025, 25(3): 494-503.

LI Jiadong, ZENG Haitao, PENG Li, WANG Xiaoding. An Anonymous Routing Federated Learning Framework for Data Privacy Protection[J]. Netinfo Security, 2025, 25(3): 494-503.

图/表 10

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

参考文献 28

[1]	MCMAHAN H B, MOORE E, RAMAGE D, et al. Communication-Efficient Learning of Deep Networks from Decentralized Data[EB/OL]. (2016-02-17)[2024-05-16]. https://arxiv.org/abs/1602.05629v4.
[2]	BONAWITZ K, EICHNER H, GRIESKAMP W, et al. Towards Federated Learning at Scale: System Design[J]. (2019-03-22)[2024-05-16]. https://doi.org/10.48550/arXiv.1902.01046.
[3]	LI Tian, SAHU A K, TALWALKAR A, et al. Federated Learning: Challenges, Methods, and Future Directions[J]. IEEE Signal Processing Magazine, 2020, 37(3): 50-60. doi: 10.1109/MSP.2020.2975749
[4]	WANG Teng, HUO Zheng, HUANG Yaxin, et al. Review on Privacy-Preserving Technologies in Federated Learning[J]. Journal of Computer Applications, 2023, 43(2): 437-449. doi: 10.11772/j.issn.1001-9081.2021122072
	王腾, 霍峥, 黄亚鑫, 等. 联邦学习中的隐私保护技术研究综述[J]. 计算机应用, 2023, 43(2): 437-449. doi: 10.11772/j.issn.1001-9081.2021122072
[5]	MELIS L, SONG Congzheng, DE C E, et al. Exploiting Unintended Feature Leakage in Collaborative Learning[C]// IEEE. 2019 IEEE Symposium on Security and Privacy (SP). New York: IEEE, 2019: 691-706.
[6]	LAI Chengzhe, ZHAO Yining, ZHENG Dong. A Privacy Preserving and Verifiable Federated Learning Scheme Based on Homomorphic Encryption[J]. Netinfo Security, 2024, 24(1): 93-105.
	赖成喆, 赵益宁, 郑东. 基于同态加密的隐私保护与可验证联邦学习方案[J]. 信息网络安全, 2024, 24(1): 93-105.
[7]	SINGH P, SINGH M K, SINGH R, et al. Federated Learning:Challenges, Methods, and Future Directions[M]. Heidelberg: Springer, 2022.
[8]	ZHU Ligeng, LIU Zhijian, HAN Song. Deep Leakage from Gradients[J]. Neural Information Processing Systems, 2019(1323): 14774-14784.
[9]	WAINAKH A, VENTOLA F, MÜßIG T, et al. User-Level Label Leakage from Gradients in Federated Learning[EB/OL]. (2021-05-19)[2024-05-16]. https://doi.org/10.48550/arXiv.2105.09369.
[10]	ZHANG Xinwei, CHEN Xiangyi, HONG Mingyi, et al. Understanding Clipping for Federated Learning: Convergence and Client-Level Differential Privacy[EB/OL]. (2021-06-25)[2024-05-16]. https://doi.org/10.48550/arXiv.2106.13673.
[11]	BONAWITZ K, IVANOV V, KREUTER B, et al. Practical Secure Aggregation for Privacy-Preserving Machine Learning[C]// ACM. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2017: 1175-1191.
[12]	SAV S, PYRGELIS A, TRONCOSO-PASTORIZA J R, et al. POSEIDON: Privacy-Preserving Federated Neural Network Learning[EB/OL]. (2021-01-08)[2024-05-16]. https://arxiv.org/abs/2009.00349v3.
[13]	DINGLEDINE R, MATHEWSON N, SYVERSON P F. Tor: The Second-Generation Onion Router[EB/OL]. (2004-08-09)[2024-05-16]. https://www.usenix.org/conference/13th-usenix-security-symposium/tor-second-generation-onion-router.
[14]	LAI R W F, CHEUNG H K F, CHOW S S M, et al. Another Look at Anonymous Communication[J]. IEEE Transactions on Dependable and Secure Computing, 2017, 16(5): 731-742.
[15]	VAKDE G, BIBIKAR R, LE Zhengyi, et al. EnPassant: Anonymous Routing for Disruption-Tolerant Networks with Applications in Assistive Environments[J]. Security and Communication Networks, 2011, 4(11): 1243-1256.
[16]	SHI Cong, LUO Xiapu, TRAYNOR P, et al. ARDEN: Anonymous Networking in Delay Tolerant Networks[J]. Ad Hoc Networks, 2012, 10(6): 918-930.
[17]	CAMENISCH J, HOHENBERGER S, KOHLWEISS M, et al. How to Win the Clonewars: Efficient Periodic N-Times Anonymous Authentication[C]// ACM. Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006: 201-210.
[18]	LI Yijing, TAO Xiaofeng, ZHANG Xuefei, et al. Privacy-Preserved Federated Learning for Autonomous Driving[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(7): 8423-8434. doi: 10.1109/TITS.2021.3081560
[19]	DOMINGO-FERRER J, BLANCO-JUSTICIA A, MANJÓN J, et al. Secure and Privacy-Preserving Federated Learning via Co-Utility[J]. IEEE Internet of Things Journal, 2022, 9(5): 3988-4000.
[20]	CATALANO D, FIORE D, GENNARO R. A Certificateless Approach to Onion Routing[J]. International Journal of Information Security, 2017, 16(3): 327-343.
[21]	GIRGIS A M, DATA D, DIGGAVI S, et al. Shuffled Model of Federated Learning: Privacy, Accuracy and Communication Trade-Offs[J]. IEEE Journal on Selected Areas in Information Theory, 2021, 2(1): 464-478.
[22]	LYU Lingjuan, YU Jiangshan, NANDAKUMAR K, et al. Towards Fair and Privacy-Preserving Federated Deep Models[J]. IEEE Transactions on Parallel and Distributed Systems, 2020, 31(11): 2524-2541.
[23]	CHEN Yijin, SU Ye, ZHANG Mingyue, et al. FedTor: An Anonymous Framework of Federated Learning in Internet of Things[J]. IEEE Internet of Things Journal, 2022, 9(19): 18620-18631.
[24]	KOTZANIKOLAOU P, CHATZISOFRONIOU G, BURMESTER M. Broadcast Anonymous Routing (BAR): Scalable Real-Time Anonymous Communication[J]. International Journal of Information Security, 2017, 16(3): 313-326.
[25]	HAN Guangjie, ZHOU Lina, WANG Hao, et al. A Source Location Protection Protocol Based on Dynamic Routing in WSNS for the Social Internet of Things[J]. Future Generation Computer Systems, 2018, 82: 689-697.
[26]	KIM S, HAN J, HA J, et al. SGX-Tor: A Secure and Practical Tor Anonymity Network with SGX Enclaves[J]. IEEE/ACM Transactions on Networking, 2018, 26(5): 2174-2187.
[27]	WOLINSKY D I, CORRIGAN-GIBBS H, FORD B, et al. Dissent in Numbers: Making Strong Anonymity Scale[C]// USENIX. The 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI’12). Berlin:USENIX, 2012: 179-182.
[28]	HASIRCIOGLU B, GUNDUZ D. Private Wireless Federated Learning with Anonymous Over-the-Air Computation[C]// IEEE. ICASSP 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). New York: IEEE, 2021: 5195-5199.

编辑推荐 0

Metrics

阅读次数

全文

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	5	0	0	7

来源	本网站	其他网站

次数	12	0
比例	100%	0%

摘要

最新录用	在线预览	正式出版

0	0	25

	来源	本网站

	次数	25
	比例	100%