FLSSM: A Federated Learning Storage Security Model with Homomorphic Encryption

TL;DR

Federated learning with homomorphic encryption poses challenges in aggregation efficiency, attack tracing, and fair contribution assessment. FLSSM addresses these by integrating a Hierarchical Aggregation Mechanism (HAM) for parallel CKKS-based aggregation, a Model Access Control Mechanism (MACM) using Shamir's Secret Sharing with attribute-based encryption for auditing, and an Incentive Mechanism based on Trusted Time Intervals (IMTTI) that uses trusted timestamps to reward participants fairly. The approach is validated on CIFAR-10 and Fashion-MNIST, showing reduced aggregation latency, effective attack tracing, and robust, tamper-resistant contribution incentives under encryption. Collectively, FLSSM enables secure, efficient, and fair encrypted federated learning with practical implications for privacy-preserving collaborative training.

Abstract

Federated learning based on homomorphic encryption has received widespread attention due to its high security and enhanced protection of user data privacy. However, the characteristics of encrypted computation lead to three challenging problems: ``computation-efficiency", ``attack-tracing" and ``contribution-assessment". The first refers to the efficiency of encrypted computation during model aggregation, the second refers to tracing malicious attacks in an encrypted state, and the third refers to the fairness of contribution assessment for local models after encryption. This paper proposes a federated learning storage security model with homomorphic encryption (FLSSM) to protect federated learning model privacy and address the three issues mentioned above. First, we utilize different nodes to aggregate local models in parallel, thereby improving encrypted models' aggregation efficiency. Second, we introduce trusted supervise nodes to examine local models when the global model is attacked, enabling the tracing of malicious attacks under homomorphic encryption. Finally, we fairly reward local training nodes with encrypted local models based on trusted training time. Experiments on multiple real-world datasets show that our model significantly outperforms baseline models in terms of both efficiency and security metrics.

Figures (6)

• Figure 1: Motivation for this work. Local training nodes update their local models, encrypt them using homomorphic encryption, and send them to the server. The server performs homomorphic computation, which draws three critical problems in global model aggregation: computation-efficiency, attack-tracing, and contribution-assessment. Computation-efficiency implies that homomorphic computation requires substantial computational resources. Attack-tracing refers to the covert nature and difficulty in tracing attacks initiated by local models in an encrypted state. Contribution-assessment refers to the challenge of calculating the contributions made by encrypted local models and providing fair rewards.
• Figure 2: Overview of FLSSM. Federated learning can be broadly divided into two parts: model training and model aggregation. Our research focuses on the second part, where we introduce edge aggregation nodes, supervise nodes, and trusted timestamp servers to improve model aggregation efficiency, enhance security, and provide reliable evidence for incentive mechanisms.
• Figure 3: Accuracy of HAM and CKKS algorithms for CIFAR10 and Fashion-MNIST classification tasks. Figures \ref{['GACCIFAR10Ln10']}-\ref{['GACCIFAR10Ln50']} present the global model accuracy on CIFAR10 dataset for local training node ($Ln$) counts in {10, 20, 50} and Edge Aggregation Nodes ($En$) counts in {3, 5, 10}. Figures \ref{['ATCIFAR10Ln10']}-\ref{['ATCIFAR10Ln50']} show the global model aggregation time on CIFAR10 dataset with the same parameter settings. Similarly, Figures \ref{['GACFASHIONMNISTLn10']}-\ref{['GACFASHIONMNISTLn50']} illustrate global model accuracy on the Fashion-MNIST dataset, and Figures \ref{['ATFASHIONMNISTLn10']}-\ref{['ATFASHIONMNISTLn50']} present the global model aggregation time on Fashion-MNIST dataset under the same parameter configurations.
• Figure 4: Global Model Accuracy of HAM algorithm under Malicious Attack for CIFAR10 and Fashion-MNIST classification tasks. "M" in the legend represents the malicious nodes ratio in local training nodes, and "S" represents whether the Supervise Node setting to inspection or not. "S=1": inspection; "S=0": not inspection.
• Figure 5: Modified Timestamp Verification. (a): Original trusted timestamp. (b): Modified trusted timestamp, altered to 3 seconds earlier than the actual time. To gain higher rewards, a malicious node attempts to tamper with the local training completion time to reduce the training time interval, thereby increasing its reward. In (b), the differences from (a) caused by the tampering of the trusted timestamp are highlighted in red.