Privacy Threats and Countermeasures in Federated Learning for Internet of Things: A Systematic Review
Adel ElZemity, Budi Arief
TL;DR
The paper addresses privacy risks in Federated Learning for IoT by conducting a PRISMA-guided systematic literature review of 49 studies (2017–April 2024), identifying seven privacy threats across FL phases—Inference, Poisoning, Eavesdropping, Sybil, Backdoor, Gradient Leakage, and Reconstruction—and evaluating defenses such as Encryption/Obfuscation, Differential Privacy, and Secure Multi-Party Computation. It demonstrates that Differential Privacy is a prominent defense, while IoT constraints necessitate lightweight, IoT-tailored solutions, and notes under-explored threats like replay, evasion, and model stealing that require new strategies. The FL objective in this context can be represented as $\min_w f(w)=\sum_{k=1}^{N} P_k F_k(w)$ with $P_k=n_k/ n$ capturing each device’s influence, highlighting the importance of addressing heterogeneity in IoT deployments. The study contributes a structured taxonomy of threats and defenses, identifies gaps, and outlines practical guidance for designing privacy-preserving FL systems suited to resource-constrained IoT environments, with emphasis on enabling reliable operation under variable network conditions and considering emerging technologies such as blockchain.
Abstract
Federated Learning (FL) in the Internet of Things (IoT) environments can enhance machine learning by utilising decentralised data, but at the same time, it might introduce significant privacy and security concerns due to the constrained nature of IoT devices. This represents a research challenge that we aim to address in this paper. We systematically analysed recent literature to identify privacy threats in FL within IoT environments, and evaluate the defensive measures that can be employed to mitigate these threats. Using a Systematic Literature Review (SLR) approach, we searched five publication databases (Scopus, IEEE Xplore, Wiley, ACM, and Science Direct), collating relevant papers published between 2017 and April 2024, a period which spans from the introduction of FL until now. Guided by the PRISMA protocol, we selected 49 papers to focus our systematic review on. We analysed these papers, paying special attention to the privacy threats and defensive measures -- specifically within the context of IoT -- using inclusion and exclusion criteria tailored to highlight recent advances and critical insights. We identified various privacy threats, including inference attacks, poisoning attacks, and eavesdropping, along with defensive measures such as Differential Privacy and Secure Multi-Party Computation. These defences were evaluated for their effectiveness in protecting privacy without compromising the functional integrity of FL in IoT settings. Our review underscores the necessity for robust and efficient privacy-preserving strategies tailored for IoT environments. Notably, there is a need for strategies against replay, evasion, and model stealing attacks. Exploring lightweight defensive measures and emerging technologies such as blockchain may help improve the privacy of FL in IoT, leading to the creation of FL models that can operate under variable network conditions.