| In the current era of big data and artificial intelligence(AI),data has become one of the key driving forces of the innovation and development of AI applications.However,with the increasingly stringent data security regulations regarding data sharing,a serious "data silo" problem has emerged.In the traditional field of AI technology,data needs to be centrally stored on central server for processing and analysis,which is difficult to achieve and poses significant security risks and privacy threats.To address the challenges posed by data privacy and the data silo problems,Federated Learning(FL)has emerged as a distributed machine learning method.FL does not require multiple parties to share data resources.Instead,participants conduct model training on their local data and periodically upload model updates to get a global model.This approach allows for the creation of an optimized model across multiple datasets without the need for data transmission,reducing security risks and protecting user privacy.Moreover,FL leverages the effective information from local data sources to enhance model prediction performance and generalization capabilities.Many researches indicate that while FL provides a new avenue for addressing data privacy issues,it also faces a series of privacy and security challenges,including privacy leakage,data and model security and so on.This dissertation aims to explore and address the model security and privacy preservation issues existing in FL,and propose effective security mechanisms and privacy protection technologies to promote the widespread application of FL.Specifically,this dissertation focuses on three security vulnerabilities in FL: privacy leakage,poisoning attacks,and the right to be forgotten.Firstly,to address the privacy leakage issue of sharing model parameters in FL,this dissertation investigates secure model aggregation methods to ensure the user’s privacy during the model training process.Secondly,in response to the poisoning attacks in FL,a robust defense mechanism against poisoning attacks is designed to safeguard the accuracy and reliability of the global model.Finally,to address the issue of the right to be forgotten in FL,an efficient and usable federated unlearning algorithm is designed to achieve data controllability and forgetfulness in FL while maintaining user privacy.Based on this,the specific works conducted in the paper are as follows:1)To address the security threats of privacy leakage of the shared model gradients and the semi-trusted aggregation server potentially fabricating aggregation results in FL,a novel efficient and verifiable privacy-preserving FL scheme based on oblivious secure aggregation is proposed.This scheme designs a verifiable secure aggregation protocol based on the technique of oblivious encryption for aggregators,ensuring both privacy preservation of communication in FL and the verifiability of aggregation results.Considering the frequent disconnections of users in FL,a dynamic group management mechanism is devised to handle user dropout issues in real-time.In response to the need for users’ dynamically join or exit the system,this scheme employs semi-trusted user collects the partial key information.It eliminates the need for key negotiation between users and avoids key redistribution.Besides,security analysis and proof of the proposed protocol demonstrate its ability to achieve security objectives including the obliviousness of aggregation server and collector,unforgeability and verifiability of the aggregation results.Performance evaluations conducted on real datasets indicate that the proposed scheme exhibits high model accuracy and low computational and communication overheads.2)To address the issue of poisoning attacks in FL,this dissertation designs a privacy-preserving FL scheme with strong robustness against poisoning attacks.Considering the strong concealment characteristics of encrypted model poisoning attacks in privacy-preserving FL,this scheme proposes a gradient filtering method based on the secure k-nearest neighbor gradient query algorithm to identify and remove maliciously poisoned models.To address the limitation of complete reliance on client-side local model updates in traditional FL,a server-side trust guidance mechanism is designed to guide the training direction of the global model by generating guiding gradients from the server.It enhances the training accuracy of federated models.To mitigate the computational complexity of secure aggregation of encrypted models,a data aggregation method combining matrix cryptography and secret sharing techniques is proposed to achieve efficient secure aggregation of encrypted models.Furthermore,security analysis and proof of the proposed secure aggregation protocol demonstrate its ability to achieve the security objectives of protecting user privacy.Experimental evaluations conducted on multiple real datasets involving various types of poisoning attacks show that the proposed scheme effectively defends the poisoning attacks and achieves model robustness.3)To address the issues of low efficiency in model retraining and potential privacy leakage in federated unlearning,this dissertation designs an efficient functional encryption-based privacy-preserving federated unlearning scheme.Considering the low efficiency and significant resource consumption of retraining models after data deletion to achieve unlearning objectives,this scheme proposes an approximate federated unlearning algorithm based on the projected gradient ascent algorithm to efficiently forget pre-trained models.To address the potential privacy leakage from the differences between the global models before and after unlearning,a secure aggregation protocol based on inner product functional encryption is designed to achieve privacy protection during the unlearning training process.Security analysis and proof of the proposed scheme demonstrate that the designed protocols can achieve the security and privacy of federated unlearning.Performance evaluations are conducted on training unlearned models on multiple datasets with the test of backdoor attacks.The results show that the proposed scheme can effectively eliminate the memory of forgetting data in the global model,with low resource consumption and high model training efficiency.This dissertation investigates three important security issues in the FL scenario:Model privacy preservation,poisoning attacks,and federated unlearning.It integrates machine learning techniques,optimization algorithms,and cryptography-related technologies to realize the model security and privacy protection for FL system.This research provides theoretical and technical support for FL applications,and promotes the continued development and application of FL in various fields. |
