Fault tolerant and malicious secure federated learning

Federated learning (FL) is one of the promising collaborative machine learning methods finding many usage application scenarios in different domains such as healthcare ([19]) and/or telecommunication (5G, 5G beyond and 6G [25]). It also enhances privacy by allowing users to contribute to the global model training without sharing their training data. However, the local model updates exposed by users can

still leak sensitive information. To prevent such leakage, secure aggregation protocols are utilized to hide the individual local model updates from the aggregator. Enhancing privacy in this way creates an open door for security attacks because the server is no longer able to analyze received updates for detection of poisoning type of attacks. Although there are considerable number of studies that address the privacy and security aspects individually, solutions against the combination of these attacks have started to appear recently in a few studies. When we add some additional requirements such as aggregation unforgeability and robustness against user drop-outs, the number of solutions becomes very limited. Most of the proposals addressing all these aspects at the same time require two or more non-colluding aggregators, which may not be a

realistic assumption in most of the use cases. To address this gap, we introduce new secure aggregation protocols involving one aggregator only. Each proposed protocol addresses a subset of the requirements where as the final one, FULLSA3, is secure against malicious clients and robust against user drop-outs. As a side contribution, we design a new batch oblivious range verification protocol.