We propose and implement a Privacy-preserving Federated Learning (𝑃𝑃𝐹 𝐿) framework for mobile systems to limit privacy leakages in federated learning. Leveraging the widespread presence of Trusted Execution Environments (TEEs) in high-end and mobile devices, we utilize TEEs on clients for local training, and on servers for secure aggregation, so that model/gradient updates are hidden from adversaries. Challenged by the limited memory size of current TEEs, we leverage greedy layer-wise training to train each model's layer inside the trusted area until its convergence. The performance evaluation of our implementation shows that 𝑃𝑃𝐹 𝐿 can significantly improve privacy while incurring small system overheads at the client-side. In particular, 𝑃𝑃𝐹 𝐿 can successfully defend the trained model against data reconstruction, property inference, and membership inference attacks. Furthermore, it can achieve comparable model utility with fewer communication rounds (0.54×) and a similar amount of network traffic (1.002×) compared to the standard federated learning of a complete model. This is achieved while only introducing up to ∼15% CPU time, ∼18% memory usage, and ∼21% energy consumption overhead in 𝑃𝑃𝐹 𝐿's client-side.
CCS CONCEPTS• Security and privacy → Privacy protections; Distributed systems security; • Computing methodologies → Distributed algorithms.