Federated Learning (FL) enables multiple parties to train machine learning models collaboratively without sharing the raw training data. The FL framework is suitable for model training in many applications where data is sensitive or legally restricted, such as cancer prediction in smart healthcare, autonomous driving in smart transportation, risk prediction in smart finance, and energy consumption prediction in smart life. However, when deploying FL services in real-world applications, many challenges will arise: 1) the federated nature of FL enables malicious clients to inject error model updates easily to influence the trained model via model poisoning attacks (robustness); 2) the effectiveness of an FL service can benefit from the selection of reliable clients, but it is challenging to evaluate client contributions and reliability without accessing the local data (reliability); and 3) recent studies have demonstrated that both local model updates and the final model will leak privacy due to the inference attack (privacy).

This project aims to enhance the trustworthiness of FL services in terms of robustness, privacy, and reliability by pursuing the following research goals:

Goal A. Design a generic and robust model aggregation algorithm to defend against model poisoning attacks. This algorithm has the following advantages: 1) it does not have specific assumptions on the benign or malicious data distribution or access to a benign root dataset; 2) it considers potential contributions from all the benign clients and reduces the impacts of poisoned model updates from malicious clients; and 3) it is efficient in large-scale FL systems. Moreover, we will further improve it to resist adaptive attacks.

Goal B. Design client contribution evaluation mechanisms for reliable client selection and incentives. A new client contribution evaluation mechanism will be developed to enable the broker to evaluate the client's contributions without the training data.

Goal C. Design privacy-preserving algorithms to resist inference attacks. A privacy-preserving and robust model aggregation algorithm will be developed to achieve a privacy-preserving truth estimation between the aggregator and the broker by leveraging the additive homomorphism of the Cheon-Kim-Kim-Song (CKKS) and attribute-based encryption. The privacy of PriFedTruth will further be enhanced by applying secure two-party computation protocols, focusing on striking a trade-off between privacy and efficiency.