一种基于机密计算的联邦学习节点轻量级身份认证协议

doi:10.3969/j.issn.1671-1122.2022.07.005

摘要/Abstract

摘要：

联邦学习框架在保护用户隐私数据安全的同时,满足模型对海量训练数据的需求,被广泛应用于车联网、智慧医疗、金融等领域。然而,参与联邦学习框架的客户端身份复杂,客户端与中央服务器在开放的信道上传递模型参数,给联邦学习框架带来了安全隐患。因此,如何高效准确地识别各参与节点的身份合法性对联邦学习框架十分重要。文章首先结合联邦学习实际需求提出一种基于机密计算的联邦学习节点轻量级身份认证协议,实现了客户端在线注册及数字签名功能。然后在服务器端采用SGX机密计算环境对密钥等关键参数进行保护。最后,文章通过AVISPA仿真工具和非形式化证明方法证明了协议的安全性,并将该协议与近年提出的其他身份认证协议在计算开销、通信开销和存储开销方面进行对比分析,结果表明,该协议具有更好的实用性与先进性。

关键词: 联邦学习, 机密计算, 认证协议, 轻量级

Abstract:

Federated learning frameworks keep the balance between the security of user privacy data and the needs of models requiring massive data for training. Thus, it is widely used in various fields, such as the Internet of vehicles, smart medical and finance. However, considering the complex identity of the clients in federated learning systems and unreliable channels used to transmit model parameters between clients and the server, the systems meet great security challenges. In this case, it is important for the federated learning system to identify the legitimacy of the identity of each node efficiently and accurately. This paper proposed an identity authentication protocol based on the characteristics and needs of federated learning, which realized online registration on the client side and digital signature functions. Also, SGX confidential computing environment was applied in the central server to protect the security of master keys and other essential parameters. Finally, AVISPA simulation tool and informal security analysis were used to verify the security of our protocol, which was compared with other advanced authentication protocols in terms of computing, communication and storage performance. The results indicate that our protocol has better practicability and advancement.

Key words: federated learning, confidential computing, authentication protocol, lightweight

中图分类号:

TP309

刘忻, 李韵宜, 王淼. 一种基于机密计算的联邦学习节点轻量级身份认证协议[J]. 信息网络安全, 2022, 22(7): 37-45.

LIU Xin, LI Yunyi, WANG Miao. A Lightweight Authentication Protocol Based on Confidential Computing for Federated Learning Nodes[J]. Netinfo Security, 2022, 22(7): 37-45.

图/表 11

图1

表1

图2

图3

图4

图5

表2

表3

表4

表5

表6

参考文献 22

[1]	HE Wei. Overview of China’s Digital Economy Development[J]. Information and Communications Technology and Policy, 2021(2): 1-7.
	何伟. 我国数字经济发展综述[J]. 信息通信技术与政策, 2021(2):1-7.
[2]	LI Li, FAN Yuxi, TSE M, et al. A Review of Applications in Federated Learning[EB/OL]. (2020-12-07)[2022-03-04]. http://dx.doi.org/10.1016/j.cie.2020.106854.
[3]	LI Tian, SAHU A K, TALWALKAR A, et al. Federated Learning: Challenges, Methods, and Future Directions[J]. IEEE Signal Processing Magazine, 2020, 37(3): 50-60.
[4]	ZHU Jianming, ZHANG Qinnan, GAO Sheng, et al. Privacy Preserving and Trustworthy Federated Learning Model Based on Blockchain[J]. Chinese Journal of Computers, 2021, 44(12): 2464-2484.
	朱建明, 张沁楠, 高胜, 等. 基于区块链的隐私保护可信联邦学习模型[J]. 计算机学报, 2021, 44(12):2464-2484.
[5]	WANG Kunqing, LIU Jing, LI Chen, et al. A Survey on Threats to Federated Learning[J]. Journal of Information Security Research, 2022, 8(3): 223-234.
[6]	WU Jianhan, SI Shijing, WANG Jianzong, et al. Threats and Defenses of Federated Learning: A Survey[EB/OL]. (2022-02-17)[2022-03-04]. http://kns.cnki.net/kcms/detail/10.1321.G2.20220216.1702.010.html.
	吴建汉, 司世景, 王健宗, 等. 联邦学习攻击与防御综述[EB/OL]. (2022-02-17)[2022-03-04]. http://kns.cnki.net/kcms/detail/10.1321.G2.20220216.1702.010.html.
[7]	SYVERSON P, CERVESATO I. The Logic of Authentication Protocols[C]// Springer. International School on Foundations of Security Analysis and Design. Heidelberg: Springer, 2000: 63-137.
[8]	LARA E, AGUILAR L, SANCHEZ M A, et al. Lightweight Authentication Protocol for M2M Communications of Resource-Constrained Devices in Industrial Internet of Things[EB/OL]. (2020-03-27)[2022-03-04]. https://doi.org/10.3390/s20020501.
[9]	YU S, LEE J, PARK K, et al. IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment[J]. IEEE Access, 2020, 8: 167875-167886. doi: 10.1109/ACCESS.2020.3022778 URL
[10]	AGHILI S F, MALA H, KALIYAR P, et al. SecLAP: Secure and Lightweight RFID Authentication Protocol for Medical IoT[J]. Future Generation Computer Systems, 2019, 101: 621-634. doi: 10.1016/j.future.2019.07.004 URL
[11]	DEEP G, MOHANA R, NAYYAR A, et al. Authentication Protocol for Cloud Databases Using Blockchain Mechanism[EB/OL]. (2019-12-06)[2022-03-04]. https://doi.org/10.3390/s19204444.
[12]	REN Jie, LI Meihong, DU Ye, et al. Lightweight Identity-Based Authentication Key Agreement Protocol for Horizontal Federated Learning Environment[EB/OL]. (2021-07-30)[2022-03-04]. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=BJHK20210729006&DbName=CAPJ2021.
	任杰, 黎妹红, 杜晔, 等. 横向联邦学习环境基于身份轻量级认证密钥协商协议[EB/OL]. (2021-07-30)[2022-03-04]. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=BJHK20210729006&DbName=CAPJ2021.
[13]	ZHAO Pengcheng, HUANG Yuanhao, GAO Jianping, et al. Federated Learning-Based Collaborative Authentication Protocol for Shared Data in Social IoV[J]. IEEE Sensors Journal, 2022, 22(7): 7385-7398. doi: 10.1109/JSEN.2022.3153338 URL
[14]	DRUCKER N, GUERON S. Combining Homomorphic Encryption with Trusted Execution Environment: A Demonstration with Paillier Encryption and SGX[C]// ACM. 9th ACM CCS International Workshop on Managing Insider Security Threats(MIST). New York:ACM, 2017: 85-88.
[15]	SUN Haiyou, XIAO Sheng. DNA-X: Dynamic Network Authentication Using SGX[C]// ACM. 2nd International Conference on Cryptography, Security and Privacy(ICCSP). New York:ACM, 2018: 110-115.
[16]	YANG Qiang, LIU Yang, CHEN Tianjian, et al. Federated Machine Learning: Concept and Applications[J]. ACM Transactions on Intelligent Systems and Technology(TIST), 2019, 10(2): 1-19.
[17]	COSTAN V, DEVADAS S. Intel SGX Explained[EB/OL]. (2017-02-21)[2022-03-04]. https://eprint.iacr.org/2016/086.
[18]	VIGANO L. Automated Security Protocol Analysis with the AVISPA Tool[J]. Electronic Notes in Theoretical Computer Science, 2006, 155: 61-86. doi: 10.1016/j.entcs.2005.11.052 URL
[19]	KAUR K, GARG S, KADDOUM G, et al. A Lightweight and Privacy-Preserving Authentication Protocol for Mobile Edge Computing[C]// IEEE. 2019 IEEE Global Communications Conference(GLOBECOM). New York: IEEE, 2019: 1-6.
[20]	SOWJANYA K, DASGUPTA M, RAY S. An Elliptic Curve Cryptography Based Enhanced Anonymous Authentication Protocol for Wearable Health Monitoring Systems[J]. International Journal of Information Security, 2020, 19(1): 129-146. doi: 10.1007/s10207-019-00464-9 URL
[21]	TSOBDJOU L D, PIERRE S, QUINTERO A. A New Mutual Authentication and Key Agreement Protocol for Mobile Client-Server Environment[J]. IEEE Transactions on Network and Service Management, 2021, 18(2): 1275-1286. doi: 10.1109/TNSM.2021.3071087 URL
[22]	LIU Xin, YANG Haorui, GUO Zhenbin, et al. An Authentication Protocol Achieving Online Registration and Privilege Separation for Industrial Internet of Things[J]. Netinfo Security, 2021, 21(7): 1-9.
	刘忻, 杨浩睿, 郭振斌, 等. 一种实现在线注册与权限分离的工业物联网身份认证协议[J]. 信息网络安全, 2021, 21(7):1-9.

符号	定义
$I{{D}_{i}}$	客户端节点身份标识
$TS$	时间戳
$K,\beta $	椭圆曲线公钥、私钥
${{\alpha }_{i}},x,y$	随机数
$SK$	协商出的通信密钥
$h(\cdot ),\|\|,\oplus $	哈希函数、连接运算、异或运算

	文献[12]协议	文献[19]协议	文献[20]协议	本文协议
在线注册	N	N	Y	Y
追踪攻击	Y	Y	Y	Y
在线猜测攻击	Y	Y	Y	Y
重放攻击	Y	N	N	Y
中间人攻击	Y	Y	Y	Y

运算符号	运算定义	服务器端耗时/ms	客户端耗时/ms
${{T}_{M}}$	ECC标量点积	32.478	350.493
${{T}_{A}}$	点加运算	0.731	1.039
${{T}_{H}}$	哈希运算	0.173	0.053
${{T}_{s}}$	对称加/解密运算	0.114	0.147

协议	客户端开销	服务器端开销	总开销/ms
文献[12]协议	$3{{T}_{M}}+2{{T}_{A}}+5{{T}_{H}}$	$3{{T}_{M}}+2{{T}_{A}}+6{{T}_{H}}$	1153.75
文献[19]协议	$4{{T}_{M}}+4{{T}_{H}}$	$3{{T}_{M}}+4{{T}_{H}}$	1500.31
文献[20]协议	$3{{T}_{M}}+{{T}_{H}}+{{T}_{s}}$	$6{{T}_{M}}+3{{T}_{H}}+{{T}_{s}}$	1247.18
本文协议	$7{{T}_{H}}$	$6{{T}_{H}}$	$1.41$

协议	客户端通信/bit		服务器端通信/bit		总开销/bit
协议	发送	接收	发送	接收	总开销/bit
文献[12]协议	800	800	800	800	1600
文献[19]协议	2240	192	192	2240	2432
文献[20]协议	2240	1184	1184	2240	3424
本文协议	512	352	352	512	864