一种基于机密计算的联邦学习节点轻量级身份认证协议  被引量：1

作　　者：刘忻[1] 李韵宜 王淼 LIU Xin;LI Yunyi;WANG Miao(School of Information Science&Engineering,Lanzhou University,Lanzhou 730000,China)

机构地区：[1]兰州大学信息科学与工程学院,兰州730000

出　　处：《信息网络安全》2022年第7期37-45,共9页Netinfo Security

基　　金：国家自然科学基金重点项目[62132007];中央高校基本科研业务费专项资金[lzujbky-2020-6];甘肃省科技计划项目[20YF3FA024];兰州市科技计划项目[2019-4-47]。

摘　　要：联邦学习框架在保护用户隐私数据安全的同时,满足模型对海量训练数据的需求,被广泛应用于车联网、智慧医疗、金融等领域。然而,参与联邦学习框架的客户端身份复杂,客户端与中央服务器在开放的信道上传递模型参数,给联邦学习框架带来了安全隐患。因此,如何高效准确地识别各参与节点的身份合法性对联邦学习框架十分重要。文章首先结合联邦学习实际需求提出一种基于机密计算的联邦学习节点轻量级身份认证协议,实现了客户端在线注册及数字签名功能。然后在服务器端采用SGX机密计算环境对密钥等关键参数进行保护。最后,文章通过AVISPA仿真工具和非形式化证明方法证明了协议的安全性,并将该协议与近年提出的其他身份认证协议在计算开销、通信开销和存储开销方面进行对比分析,结果表明,该协议具有更好的实用性与先进性。Federated learning frameworks keep the balance between the security of user privacy data and the needs of models requiring massive data for training.Thus,it is widely used in various fields,such as the Internet of vehicles,smart medical and finance.However,considering the complex identity of the clients in federated learning systems and unreliable channels used to transmit model parameters between clients and the server,the systems meet great security challenges.In this case,it is important for the federated learning system to identify the legitimacy of the identity of each node efficiently and accurately.This paper proposed an identity authentication protocol based on the characteristics and needs of federated learning,which realized online registration on the client side and digital signature functions.Also,SGX confidential computing environment was applied in the central server to protect the security of master keys and other essential parameters.Finally,AVISPA simulation tool and informal security analysis were used to verify the security of our protocol,which was compared with other advanced authentication protocols in terms of computing,communication and storage performance.The results indicate that our protocol has better practicability and advancement.

关 键 词：联邦学习 机密计算 认证协议 轻量级 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]