Federated Learning With Security Authentication and Traceability of Poisoning by Embedded Message Authentication Code

Federated learning (FL) allows for collaborative training without centralizing data, but concerns regarding model privacy leakage, intellectual property theft and poisoning attacks have hindered its development. To mitigate such risks, this article proposes embedded message authentication code techn...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 22; no. 5; pp. 4927 - 4941
Main Authors Ke, Yan, Zhang, Minqing, Liu, Jia, Han, Yiliang, Liu, Wenchao
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.09.2025
IEEE Computer Society
Subjects
Analytical models
Authentication
Codes
Cryptography
Cybersecurity
Data models
Digital signatures
embedded message authentication code
Encryption
Federated learning
homomorphic encryption
Messages
poisoner tracing
Poisoning
Privacy
reversible data hiding in encrypted domain
Security
Servers
Theft
Training
Watermarking
Online AccessGet full text
ISSN1545-5971
1941-0018
DOI10.1109/TDSC.2025.3557199

Cover

More Information
Summary:Federated learning (FL) allows for collaborative training without centralizing data, but concerns regarding model privacy leakage, intellectual property theft and poisoning attacks have hindered its development. To mitigate such risks, this article proposes embedded message authentication code technology (EMAC) to integrate encryption, digital signatures, and watermark functions for model security. In EMAC, the authentication data is embedded into the model ciphertext using reversible data hiding after encryption. The marked ciphertext supports data extraction for subsequent authentication and lossless decryption for testing and training simultaneously. Based on EMAC, a novel FL with security authentication and traceability of poisoning (FL-SATP) is proposed, which integrates privacy protection, identity authentication and poisoning traceability into FL. The poisoner tracing is designed to detect and identify poisoners retrospectively based on the practical performance of trained or aggregated models, thus removing the malicious users' model and deterring poisoning behaviors. Theoretical analysis and experimental results demonstrate that FL-SATP could ensure the confidentiality of the model content, the availability of model function, and that when more than half of the users are benign, the proposed method can accurately and efficiently pinpoint all malicious poisoners in FL.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2025.3557199