Providing Differential Privacy for Federated Learning Over Wireless: A Cross-layer Framework

TL;DR

This paper introduces a cross-layer wireless framework for federated learning that enhances differential privacy using decentralized power control and cooperative jamming, improving privacy without sacrificing efficiency.

Contribution

It proposes a novel PHY layer design for OTA-FL that leverages Gaussian noise and cooperative jamming to improve differential privacy across various FL algorithms.

Findings

Outperforms state-of-the-art privacy methods on FEMNIST dataset.

Effective use of cooperative jammer enhances privacy without reducing transmission efficiency.

Convergence analysis shows trade-offs between privacy and accuracy in non-convex FL settings.

Abstract

Federated Learning (FL) is a distributed machine learning framework that inherently allows edge devices to maintain their local training data, thus providing some level of privacy. However, FL's model updates still pose a risk of privacy leakage, which must be mitigated. Over-the-air FL (OTA-FL) is an adapted FL design for wireless edge networks that leverages the natural superposition property of the wireless medium. We propose a wireless physical layer (PHY) design for OTA-FL which improves differential privacy (DP) through a decentralized, dynamic power control that utilizes both inherent Gaussian noise in the wireless channel and a cooperative jammer (CJ) for additional artificial noise generation when higher privacy levels are required. Although primarily implemented within the Upcycled-FL framework, where a resource-efficient method with first-order approximations is used at every even iteration to decrease the required information from clients, our power control strategy is applicable to any FL framework, including FedAvg and FedProx as shown in the paper. This adaptation showcases the flexibility and effectiveness of our design across different learning algorithms while maintaining a strong emphasis on privacy. Our design removes the need for client-side artificial noise injection for DP, utilizing a cooperative jammer to enhance privacy without affecting transmission efficiency for higher privacy demands. Privacy analysis is provided using the Moments Accountant method. We perform a convergence analysis for non-convex objectives to tackle heterogeneous data distributions, highlighting the inherent trade-offs between privacy and accuracy. Numerical results show that our approach with various FL algorithms outperforms the state-of-the-art under the same DP conditions on the non-i.i.d. FEMNIST dataset, and highlight the cooperative jammer's effectiveness in ensuring strict privacy.