Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling

TL;DR

This paper proposes a privacy-preserving method for federated learning that combines unary encoding and shuffling to prevent source inference attacks while maintaining model accuracy.

Contribution

It introduces a novel defense mechanism using unary encoding and shuffling, enhancing privacy in federated learning without sacrificing model performance.

Findings

Reduces the success rate of source inference attacks

Maintains the accuracy of the joint model

Employs quantization to mitigate communication costs

Abstract

Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. n this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients' model updates, preventing the central server from inferring information about each client's model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.