Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Secure and Trustworthy Network Architecture for Federated Learning Healthcare Applications

Antonio Boiano, Marco Di Gennaro, Luca Barbieri, Michele Carminati, Monica Nicoli, Alessandro Redondi, Stefano Savazzi, Albert Sund Aillet, Diogo Reis Santos, Luigi Serio

TL;DR

The paper tackles privacy-preserving Federated Learning for healthcare by proposing TRUSTroke, a centralized FL architecture with a CERN-hosted Parameter Server and dockerized clinical clients for ischemic stroke prediction. It compares HTTP and MQTT, selects MQTT for its asynchronous, Pub/Sub characteristics and scalability, and outlines a TLS-enabled, broker-based control/data plane architecture. It details security measures, including Kerberos/SSH authentication, DMZ separation, and PoLP-guided practices, to enhance trustworthiness in a sensitive clinical setting. The work provides architectural guidelines and practical considerations for deploying trustworthy FL in healthcare, with future work focused on implementing the platform for stroke prediction and benchmarking against existing FL frameworks.

Abstract

Federated Learning (FL) has emerged as a promising approach for privacy-preserving machine learning, particularly in sensitive domains such as healthcare. In this context, the TRUSTroke project aims to leverage FL to assist clinicians in ischemic stroke prediction. This paper provides an overview of the TRUSTroke FL network infrastructure. The proposed architecture adopts a client-server model with a central Parameter Server (PS). We introduce a Docker-based design for the client nodes, offering a flexible solution for implementing FL processes in clinical settings. The impact of different communication protocols (HTTP or MQTT) on FL network operation is analyzed, with MQTT selected for its suitability in FL scenarios. A control plane to support the main operations required by FL processes is also proposed. The paper concludes with an analysis of security aspects of the FL architecture, addressing potential threats and proposing mitigation strategies to increase the trustworthiness level.

A Secure and Trustworthy Network Architecture for Federated Learning Healthcare Applications

TL;DR

The paper tackles privacy-preserving Federated Learning for healthcare by proposing TRUSTroke, a centralized FL architecture with a CERN-hosted Parameter Server and dockerized clinical clients for ischemic stroke prediction. It compares HTTP and MQTT, selects MQTT for its asynchronous, Pub/Sub characteristics and scalability, and outlines a TLS-enabled, broker-based control/data plane architecture. It details security measures, including Kerberos/SSH authentication, DMZ separation, and PoLP-guided practices, to enhance trustworthiness in a sensitive clinical setting. The work provides architectural guidelines and practical considerations for deploying trustworthy FL in healthcare, with future work focused on implementing the platform for stroke prediction and benchmarking against existing FL frameworks.

Abstract

Federated Learning (FL) has emerged as a promising approach for privacy-preserving machine learning, particularly in sensitive domains such as healthcare. In this context, the TRUSTroke project aims to leverage FL to assist clinicians in ischemic stroke prediction. This paper provides an overview of the TRUSTroke FL network infrastructure. The proposed architecture adopts a client-server model with a central Parameter Server (PS). We introduce a Docker-based design for the client nodes, offering a flexible solution for implementing FL processes in clinical settings. The impact of different communication protocols (HTTP or MQTT) on FL network operation is analyzed, with MQTT selected for its suitability in FL scenarios. A control plane to support the main operations required by FL processes is also proposed. The paper concludes with an analysis of security aspects of the FL architecture, addressing potential threats and proposing mitigation strategies to increase the trustworthiness level.
Paper Structure (13 sections, 2 figures, 2 tables)

This paper contains 13 sections, 2 figures, 2 tables.

Table of Contents

  1. Introduction
  2. TRUSTroke Network Architecture
  3. Parameter server
  4. Client nodes
  5. Communication protocols: HTTP or MQTT?
  6. TRUSTroke Control and Data plane
  7. Control plane
  8. Data plane
  9. Security considerations
  10. Parameter Server
  11. Communication infrastructure
  12. Clinical clients
  13. Conclusion

Figures (2)

  • Figure 1: Centralized (left) vs Distributed (right) FL architectures
  • Figure 2: TRUSTroke network architecture: the Parameter Server is hosted within the CERN data center and protected by the security mechanisms implemented thereby. Clinical clients run a Docker-based architecture which (i) decouples sensitive data processing from model parameters communication and (ii) provides portability for easy implementation on different client infrastructures.