Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

LATTEO: A Framework to Support Learning Asynchronously Tempered with Trusted Execution and Obfuscation

Abhinav Kumar, George Torres, Noah Guzinski, Gaurav Panwar, Reza Tourani, Satyajayant Misra, Marcin Spoczynski, Mona Vij, Nageen Himayat

TL;DR

LATTEO tackles privacy risks in asynchronous federated learning by integrating gradient obfuscation (GOOD), a secure edge aggregation mesh (TMSA), and vendor-agnostic data-centric attestation (DCA). The approach preserves model utility while substantially mitigating data reconstruction threats, and scales to many clients with reduced latency compared to RA-TLS. A formal UC security analysis underpins the framework, and comprehensive experiments across multiple datasets and architectures demonstrate favorable utility, privacy, scalability, and cost profiles. This work offers a practical, hardware-heterogeneous solution for privacy-preserving AsyncFL at the network edge with implicit attestation.

Abstract

The privacy vulnerabilities of the federated learning (FL) paradigm, primarily caused by gradient leakage, have prompted the development of various defensive measures. Nonetheless, these solutions have predominantly been crafted for and assessed in the context of synchronous FL systems, with minimal focus on asynchronous FL. This gap arises in part due to the unique challenges posed by the asynchronous setting, such as the lack of coordinated updates, increased variability in client participation, and the potential for more severe privacy risks. These concerns have stymied the adoption of asynchronous FL. In this work, we first demonstrate the privacy vulnerabilities of asynchronous FL through a novel data reconstruction attack that exploits gradient updates to recover sensitive client data. To address these vulnerabilities, we propose a privacy-preserving framework that combines a gradient obfuscation mechanism with Trusted Execution Environments (TEEs) for secure asynchronous FL aggregation at the network edge. To overcome the limitations of conventional enclave attestation, we introduce a novel data-centric attestation mechanism based on Multi-Authority Attribute-Based Encryption. This mechanism enables clients to implicitly verify TEE-based aggregation services, effectively handle on-demand client participation, and scale seamlessly with an increasing number of asynchronous connections. Our gradient obfuscation mechanism reduces the structural similarity index of data reconstruction by 85% and increases reconstruction error by 400%, while our framework improves attestation efficiency by lowering average latency by up to 1500% compared to RA-TLS, without additional overhead.

LATTEO: A Framework to Support Learning Asynchronously Tempered with Trusted Execution and Obfuscation

TL;DR

LATTEO tackles privacy risks in asynchronous federated learning by integrating gradient obfuscation (GOOD), a secure edge aggregation mesh (TMSA), and vendor-agnostic data-centric attestation (DCA). The approach preserves model utility while substantially mitigating data reconstruction threats, and scales to many clients with reduced latency compared to RA-TLS. A formal UC security analysis underpins the framework, and comprehensive experiments across multiple datasets and architectures demonstrate favorable utility, privacy, scalability, and cost profiles. This work offers a practical, hardware-heterogeneous solution for privacy-preserving AsyncFL at the network edge with implicit attestation.

Abstract

The privacy vulnerabilities of the federated learning (FL) paradigm, primarily caused by gradient leakage, have prompted the development of various defensive measures. Nonetheless, these solutions have predominantly been crafted for and assessed in the context of synchronous FL systems, with minimal focus on asynchronous FL. This gap arises in part due to the unique challenges posed by the asynchronous setting, such as the lack of coordinated updates, increased variability in client participation, and the potential for more severe privacy risks. These concerns have stymied the adoption of asynchronous FL. In this work, we first demonstrate the privacy vulnerabilities of asynchronous FL through a novel data reconstruction attack that exploits gradient updates to recover sensitive client data. To address these vulnerabilities, we propose a privacy-preserving framework that combines a gradient obfuscation mechanism with Trusted Execution Environments (TEEs) for secure asynchronous FL aggregation at the network edge. To overcome the limitations of conventional enclave attestation, we introduce a novel data-centric attestation mechanism based on Multi-Authority Attribute-Based Encryption. This mechanism enables clients to implicitly verify TEE-based aggregation services, effectively handle on-demand client participation, and scale seamlessly with an increasing number of asynchronous connections. Our gradient obfuscation mechanism reduces the structural similarity index of data reconstruction by 85% and increases reconstruction error by 400%, while our framework improves attestation efficiency by lowering average latency by up to 1500% compared to RA-TLS, without additional overhead.

Paper Structure

This paper contains 26 sections, 1 theorem, 3 equations, 17 figures, 1 table, 6 algorithms.

Table of Contents

  1. Introduction
  2. Privacy Risks in Asynchronous FL
  3. Threat Model and Security Assumptions
  4. Attack Design
  5. Design Overview
  6. TEE Mesh-based Secure Aggregation (TMSA)
  7. Data-centric Attestation (DCA)
  8. Gradient Obfuscation via Orthogonal Distribution (GOOD)
  9. Detailed Design and protocols
  10. Client-Side GOOD Training
  11. TEE Mesh-based Secure Aggregation
  12. Data-centric Attestation
  13. SECURITY ANALYSIS
  14. Design of Ideal Functionalities
  15. Experimental Results and Analysis
  16. ...and 11 more sections

Key Result

Theorem 5.1

Let $\mathcal{F}_{\mathsf{LATTEO}}$ be an ideal functionality for LATTEO. Let $\mathcal{A}$ be a probabilistic polynomial-time (PPT) adversary for LATTEO, and let $\mathcal{S}$ be an ideal-world PPT simulator for $\mathcal{F}_{\mathsf{LATTEO}}$. LATTEO UC-realizes $\mathcal{F}_{\mathsf{LATTEO}}$

Figures (17)

  • Figure 1: Asynchronous aggregation mechanism, although useful, leads to privacy vulnerability in asynchronous FL.
  • Figure 2: Client data reconstruction by an adversary with deep prior knowledge gradientObfuscation across two neural network architectures. These results demonstrate the leakage of sensitive data that takes place in AsyncFed.
  • Figure 3: The architectural overview of LATTEO framework, including its three main building blocks: Gradient Obfuscation via Orthogonal Distribution, TEE Mesh-based Secure Aggregation, and Data-centric Attestation.
  • Figure 4: The sequence diagram of LATTEO outlines the communication flow between the Service Provider, Server, and Client. Detailed interactions and credential establishment processes are presented in Subsections \ref{['subsec05-01']} and \ref{['subsec05-02']} (Protocols 1–5).
  • Figure 5: Vanilla vs GOOD based asynchronous federated learning.
  • ...and 12 more figures

Theorems & Definitions (3)

  • Theorem 5.1
  • Definition 1.1
  • Definition 1.2