Secure Aggregation Is Not Private Against Membership Inference Attacks
Paper i proceeding, 2024

Secure aggregation (SecAgg) is a commonly-used privacy-enhancing mechanism in federated learning, affording the server access only to the aggregate of model updates while safeguarding the confidentiality of individual updates. Despite widespread claims regarding SecAgg’s privacy-preserving capabilities, a formal analysis of its privacy is lacking, making such presumptions unjustified. In this paper, we delve into the privacy implications of SecAgg by treating it as a local differential privacy (LDP) mechanism for each local update. We design a simple attack wherein an adversarial server seeks to discern which update vector a client submitted, out of two possible ones, in a single training round of federated learning under SecAgg. By conducting privacy auditing, we assess the success probability of this attack and quantify the LDP guarantees provided by SecAgg. Our numerical results unveil that, contrary to prevailing claims, SecAgg offers weak privacy against membership inference attacks even in a single training round. Indeed, it is difficult to hide a local update by adding other independent local updates when the updates are of high dimension. Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection, in federated learning.

Secure aggregation

Differential privacy

Membership inference

Federated learning

Författare

Khac-Hoang Ngo

Chalmers, Elektroteknik, Kommunikation, Antenner och Optiska Nätverk

Johan Östman

Chalmers, Elektroteknik, Kommunikation, Antenner och Optiska Nätverk

AI Sweden

Giuseppe Durisi

Chalmers, Elektroteknik, Kommunikation, Antenner och Optiska Nätverk

Alexandre Graell I Amat

Chalmers, Elektroteknik, Kommunikation, Antenner och Optiska Nätverk

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 14946 LNAI 180-198
9783031703645 (ISBN)

European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, ECML PKDD 2024
Vilnius, Lithuania,

Pålitlig och säker kodad kantberäkning

Vetenskapsrådet (VR) (2020-03687), 2021-01-01 -- 2024-12-31.

Low-latency and private edge computing in random-access networks

Europeiska kommissionen (EU) (EC/H2020/101022113), 2021-10-01 -- 2023-09-30.

Ämneskategorier

Telekommunikation

Kommunikationssystem

Datavetenskap (datalogi)

DOI

10.1007/978-3-031-70365-2_11

Mer information

Senast uppdaterat

2024-09-20