A Lightweight Authentication Protocol Based on Confidential Computing for Federated Learning Nodes

doi:10.3969/j.issn.1671-1122.2022.07.005

Abstract

Abstract:

Federated learning frameworks keep the balance between the security of user privacy data and the needs of models requiring massive data for training. Thus, it is widely used in various fields, such as the Internet of vehicles, smart medical and finance. However, considering the complex identity of the clients in federated learning systems and unreliable channels used to transmit model parameters between clients and the server, the systems meet great security challenges. In this case, it is important for the federated learning system to identify the legitimacy of the identity of each node efficiently and accurately. This paper proposed an identity authentication protocol based on the characteristics and needs of federated learning, which realized online registration on the client side and digital signature functions. Also, SGX confidential computing environment was applied in the central server to protect the security of master keys and other essential parameters. Finally, AVISPA simulation tool and informal security analysis were used to verify the security of our protocol, which was compared with other advanced authentication protocols in terms of computing, communication and storage performance. The results indicate that our protocol has better practicability and advancement.

Key words: federated learning, confidential computing, authentication protocol, lightweight

CLC Number:

TP309

LIU Xin, LI Yunyi, WANG Miao. A Lightweight Authentication Protocol Based on Confidential Computing for Federated Learning Nodes[J]. Netinfo Security, 2022, 22(7): 37-45.

Figures/Tables 11

References 22

[1]	HE Wei. Overview of China’s Digital Economy Development[J]. Information and Communications Technology and Policy, 2021(2): 1-7.
	何伟. 我国数字经济发展综述[J]. 信息通信技术与政策, 2021(2):1-7.
[2]	LI Li, FAN Yuxi, TSE M, et al. A Review of Applications in Federated Learning[EB/OL]. (2020-12-07)[2022-03-04]. http://dx.doi.org/10.1016/j.cie.2020.106854.
[3]	LI Tian, SAHU A K, TALWALKAR A, et al. Federated Learning: Challenges, Methods, and Future Directions[J]. IEEE Signal Processing Magazine, 2020, 37(3): 50-60.
[4]	ZHU Jianming, ZHANG Qinnan, GAO Sheng, et al. Privacy Preserving and Trustworthy Federated Learning Model Based on Blockchain[J]. Chinese Journal of Computers, 2021, 44(12): 2464-2484.
	朱建明, 张沁楠, 高胜, 等. 基于区块链的隐私保护可信联邦学习模型[J]. 计算机学报, 2021, 44(12):2464-2484.
[5]	WANG Kunqing, LIU Jing, LI Chen, et al. A Survey on Threats to Federated Learning[J]. Journal of Information Security Research, 2022, 8(3): 223-234.
[6]	WU Jianhan, SI Shijing, WANG Jianzong, et al. Threats and Defenses of Federated Learning: A Survey[EB/OL]. (2022-02-17)[2022-03-04]. http://kns.cnki.net/kcms/detail/10.1321.G2.20220216.1702.010.html.
	吴建汉, 司世景, 王健宗, 等. 联邦学习攻击与防御综述[EB/OL]. (2022-02-17)[2022-03-04]. http://kns.cnki.net/kcms/detail/10.1321.G2.20220216.1702.010.html.
[7]	SYVERSON P, CERVESATO I. The Logic of Authentication Protocols[C]// Springer. International School on Foundations of Security Analysis and Design. Heidelberg: Springer, 2000: 63-137.
[8]	LARA E, AGUILAR L, SANCHEZ M A, et al. Lightweight Authentication Protocol for M2M Communications of Resource-Constrained Devices in Industrial Internet of Things[EB/OL]. (2020-03-27)[2022-03-04]. https://doi.org/10.3390/s20020501.
[9]	YU S, LEE J, PARK K, et al. IoV-SMAP: Secure and Efficient Message Authentication Protocol for IoV in Smart City Environment[J]. IEEE Access, 2020, 8: 167875-167886. doi: 10.1109/ACCESS.2020.3022778 URL
[10]	AGHILI S F, MALA H, KALIYAR P, et al. SecLAP: Secure and Lightweight RFID Authentication Protocol for Medical IoT[J]. Future Generation Computer Systems, 2019, 101: 621-634. doi: 10.1016/j.future.2019.07.004 URL
[11]	DEEP G, MOHANA R, NAYYAR A, et al. Authentication Protocol for Cloud Databases Using Blockchain Mechanism[EB/OL]. (2019-12-06)[2022-03-04]. https://doi.org/10.3390/s19204444.
[12]	REN Jie, LI Meihong, DU Ye, et al. Lightweight Identity-Based Authentication Key Agreement Protocol for Horizontal Federated Learning Environment[EB/OL]. (2021-07-30)[2022-03-04]. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=BJHK20210729006&DbName=CAPJ2021.
	任杰, 黎妹红, 杜晔, 等. 横向联邦学习环境基于身份轻量级认证密钥协商协议[EB/OL]. (2021-07-30)[2022-03-04]. https://kns.cnki.net/kcms/detail/detail.aspx?FileName=BJHK20210729006&DbName=CAPJ2021.
[13]	ZHAO Pengcheng, HUANG Yuanhao, GAO Jianping, et al. Federated Learning-Based Collaborative Authentication Protocol for Shared Data in Social IoV[J]. IEEE Sensors Journal, 2022, 22(7): 7385-7398. doi: 10.1109/JSEN.2022.3153338 URL
[14]	DRUCKER N, GUERON S. Combining Homomorphic Encryption with Trusted Execution Environment: A Demonstration with Paillier Encryption and SGX[C]// ACM. 9th ACM CCS International Workshop on Managing Insider Security Threats(MIST). New York:ACM, 2017: 85-88.
[15]	SUN Haiyou, XIAO Sheng. DNA-X: Dynamic Network Authentication Using SGX[C]// ACM. 2nd International Conference on Cryptography, Security and Privacy(ICCSP). New York:ACM, 2018: 110-115.
[16]	YANG Qiang, LIU Yang, CHEN Tianjian, et al. Federated Machine Learning: Concept and Applications[J]. ACM Transactions on Intelligent Systems and Technology(TIST), 2019, 10(2): 1-19.
[17]	COSTAN V, DEVADAS S. Intel SGX Explained[EB/OL]. (2017-02-21)[2022-03-04]. https://eprint.iacr.org/2016/086.
[18]	VIGANO L. Automated Security Protocol Analysis with the AVISPA Tool[J]. Electronic Notes in Theoretical Computer Science, 2006, 155: 61-86. doi: 10.1016/j.entcs.2005.11.052 URL
[19]	KAUR K, GARG S, KADDOUM G, et al. A Lightweight and Privacy-Preserving Authentication Protocol for Mobile Edge Computing[C]// IEEE. 2019 IEEE Global Communications Conference(GLOBECOM). New York: IEEE, 2019: 1-6.
[20]	SOWJANYA K, DASGUPTA M, RAY S. An Elliptic Curve Cryptography Based Enhanced Anonymous Authentication Protocol for Wearable Health Monitoring Systems[J]. International Journal of Information Security, 2020, 19(1): 129-146. doi: 10.1007/s10207-019-00464-9 URL
[21]	TSOBDJOU L D, PIERRE S, QUINTERO A. A New Mutual Authentication and Key Agreement Protocol for Mobile Client-Server Environment[J]. IEEE Transactions on Network and Service Management, 2021, 18(2): 1275-1286. doi: 10.1109/TNSM.2021.3071087 URL
[22]	LIU Xin, YANG Haorui, GUO Zhenbin, et al. An Authentication Protocol Achieving Online Registration and Privilege Separation for Industrial Internet of Things[J]. Netinfo Security, 2021, 21(7): 1-9.
	刘忻, 杨浩睿, 郭振斌, 等. 一种实现在线注册与权限分离的工业物联网身份认证协议[J]. 信息网络安全, 2021, 21(7):1-9.

符号	定义
$I{{D}_{i}}$	客户端节点身份标识
$TS$	时间戳
$K,\beta $	椭圆曲线公钥、私钥
${{\alpha }_{i}},x,y$	随机数
$SK$	协商出的通信密钥
$h(\cdot ),\|\|,\oplus $	哈希函数、连接运算、异或运算

	文献[12]协议	文献[19]协议	文献[20]协议	本文协议
在线注册	N	N	Y	Y
追踪攻击	Y	Y	Y	Y
在线猜测攻击	Y	Y	Y	Y
重放攻击	Y	N	N	Y
中间人攻击	Y	Y	Y	Y

运算符号	运算定义	服务器端耗时/ms	客户端耗时/ms
${{T}_{M}}$	ECC标量点积	32.478	350.493
${{T}_{A}}$	点加运算	0.731	1.039
${{T}_{H}}$	哈希运算	0.173	0.053
${{T}_{s}}$	对称加/解密运算	0.114	0.147

协议	客户端开销	服务器端开销	总开销/ms
文献[12]协议	$3{{T}_{M}}+2{{T}_{A}}+5{{T}_{H}}$	$3{{T}_{M}}+2{{T}_{A}}+6{{T}_{H}}$	1153.75
文献[19]协议	$4{{T}_{M}}+4{{T}_{H}}$	$3{{T}_{M}}+4{{T}_{H}}$	1500.31
文献[20]协议	$3{{T}_{M}}+{{T}_{H}}+{{T}_{s}}$	$6{{T}_{M}}+3{{T}_{H}}+{{T}_{s}}$	1247.18
本文协议	$7{{T}_{H}}$	$6{{T}_{H}}$	$1.41$

协议	客户端通信/bit		服务器端通信/bit		总开销/bit
协议	发送	接收	发送	接收	总开销/bit
文献[12]协议	800	800	800	800	1600
文献[19]协议	2240	192	192	2240	2432
文献[20]协议	2240	1184	1184	2240	3424
本文协议	512	352	352	512	864