Abstract:
With the rapid development of Internet of things (IoT) and artificial intelligence (AI) technology, a large amount of data are collected by IoT devices. These data can be trained by using AI techniques such as machine learning or deep learning. A well-trained model is an important part of analyzing network environment and improving quality of service (QoS) in IoT. However, most data providers (IoT end users) are reluctant to share personal data directly with any third party for academic research or business analysis because personal data contains private or sensitive information. Therefore, it is an important research direction to study the security and privacy protection in the IoT. Federated learning (FL) allows different participants to keep their data locally and only upload the local training models to the parameter server for model aggregation, which protects the data privacy of each participant. However, FL still faces some security challenges. Concretely, there are two main attacks FL faces, i.e., inference attack and poisoning attack. In order to resist inference attacks and detect poisoning attacks simultaneously, we propose a source anonymous data shuffle scheme, Re-Shuffle. The proposed Re-Shuffle uses the oblivious transfer protocol to realize the anonymous upload of participant models in FL. It ensures that in the process of poisoning attack detection, the parameter server can obtain the local model of the participant, who is unknown. In addition, to be more suitable for the IoT environment, Re-Shuffle adopts a secret sharing mechanism, which ensures the rawness of gradient data and solves the problem of participants dropline in the traditional shuffle protocol. In this way, both the rawness and privacy of the local model are ensured, so that the poisoning attacks can be checked while the privacy is protected. Finally, we provide the security proof and evaluate the scheme’s detection effect. Besides, the computation overheads of Re-Shuffle under two kinds of poisoning attack detection schemes are evaluated. The results show that Re-Shuffle can provide privacy protection for the poisoning attacks detection scheme at an acceptable cost.