Location Leakage in Federated Signal Maps

TL;DR

This paper investigates how federated learning for cellular signal maps can leak user location information through gradient attacks and proposes privacy-preserving mechanisms to mitigate this risk while maintaining model utility.

Contribution

The paper reveals how deep leakage from gradients can infer user trajectories in federated signal map prediction and introduces privacy mechanisms tailored for FL settings.

Findings

DLG attacks infer coarse user trajectories from gradients

Proposed privacy mechanisms balance privacy and utility effectively

Algorithms tested on real-world datasets show promising results

Abstract

We consider the problem of predicting cellular network performance (signal maps) from measurements collected by several mobile devices. We formulate the problem within the online federated learning framework: (i) federated learning (FL) enables users to collaboratively train a model, while keeping their training data on their devices; (ii) measurements are collected as users move around over time and are used for local training in an online fashion. We consider an honest-but-curious server, who observes the updates from target users participating in FL and infers their location using a deep leakage from gradients (DLG) type of attack, originally developed to reconstruct training data of DNN image classifiers. We make the key observation that a DLG attack, applied to our setting, infers the average location of a batch of local data, and can thus be used to reconstruct the target users' trajectory at a coarse granularity. We build on this observation to protect location privacy, in our setting, by revisiting and designing mechanisms within the federated learning framework including: tuning the FL parameters for averaging, curating local batches so as to mislead the DLG attacker, and aggregating across multiple users with different trajectories. We evaluate the performance of our algorithms through both analysis and simulation based on real-world mobile datasets, and we show that they achieve a good privacy-utility tradeoff.