Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G Systems
Federated Learning (FL) paradigm has been very popular in the implementation of 5G and beyond communication systems as it provides necessary security for the users in terms of data. However, the FL paradigm is still vulnerable to model inversion attacks, which allow malicious attackers to reconstruc...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Open Journal of the Communications Society |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10829858/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850183039003394048 |
|---|---|
| author | Sunder A. Khowaja Parus Khuwaja Kapal Dev Keshav Singh Xingwang Li Nikolaos Bartzoudis Ciprian R. Comsa |
| author_facet | Sunder A. Khowaja Parus Khuwaja Kapal Dev Keshav Singh Xingwang Li Nikolaos Bartzoudis Ciprian R. Comsa |
| author_sort | Sunder A. Khowaja |
| collection | DOAJ |
| description | Federated Learning (FL) paradigm has been very popular in the implementation of 5G and beyond communication systems as it provides necessary security for the users in terms of data. However, the FL paradigm is still vulnerable to model inversion attacks, which allow malicious attackers to reconstruct data by using the trained model gradients. Such attacks can be carried out using generative adversarial networks (GANs), generative models, or by backtracking the model gradients. A zero-trust mechanism involves securing access and interactions with model gradients under the principle of “never trust, always verify.” This proactive approach ensures that sensitive information, such as model gradients, is kept private, making it difficult for adversaries to infer the private details of the users. This paper proposes a zero-trust based Block Encryption LAyer (BELA) module that provides defense against the model inversion attacks in FL settings. The BELA module mimics the Batch normalization (BN) layer in the deep neural network architecture that considers the random sequence. The sequence and the parameters are private to each client, which helps in providing defense against the model inversion attacks. We also provide extensive theoretical analysis to show that the proposed module is integratable in a variety of deep neural network architectures. Our experimental analysis on four publicly available datasets and various network architectures show that the BELA module can increase the mean square error (MSE) up to 194% when a reconstruction attempt is performed by an adversary using existing state-of-the-art methods. |
| format | Article |
| id | doaj-art-ac794b0ef0ab4a3eada047aa4c2df6ca |
| institution | OA Journals |
| issn | 2644-125X |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Open Journal of the Communications Society |
| spelling | doaj-art-ac794b0ef0ab4a3eada047aa4c2df6ca2025-08-20T02:17:28ZengIEEEIEEE Open Journal of the Communications Society2644-125X2025-01-01680781910.1109/OJCOMS.2025.352676810829858Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G SystemsSunder A. Khowaja0https://orcid.org/0000-0003-1879-8754Parus Khuwaja1https://orcid.org/0000-0002-6499-1734Kapal Dev2https://orcid.org/0000-0003-1262-8594Keshav Singh3https://orcid.org/0000-0001-9028-4518Xingwang Li4https://orcid.org/0000-0002-0907-6517Nikolaos Bartzoudis5Ciprian R. Comsa6https://orcid.org/0000-0002-7348-5497School of Computing, Faculty of Engineering and Technology, Dublin City University, Dublin, IrelandUniversity of Sindh, Jamshoro, PakistanDepartment of Computer Science, Munster Technological University, Cork, IrelandInstitute of Communications Engineering (ICE), National Sun Yat-sen University, Kaohsiung, TaiwanSchool of Physics and Electronic Information Engineering, Henan Polytechnic University, Jiaozuo, ChinaCentre Tecnològic Telecomunicacions Catalunya (CTTC/CERCA), Castelldefels, SpainDepartment of Telecommunications and Information Technologies, Gheorghe Asachi Technical University of Iaşi, Iaşi, RomaniaFederated Learning (FL) paradigm has been very popular in the implementation of 5G and beyond communication systems as it provides necessary security for the users in terms of data. However, the FL paradigm is still vulnerable to model inversion attacks, which allow malicious attackers to reconstruct data by using the trained model gradients. Such attacks can be carried out using generative adversarial networks (GANs), generative models, or by backtracking the model gradients. A zero-trust mechanism involves securing access and interactions with model gradients under the principle of “never trust, always verify.” This proactive approach ensures that sensitive information, such as model gradients, is kept private, making it difficult for adversaries to infer the private details of the users. This paper proposes a zero-trust based Block Encryption LAyer (BELA) module that provides defense against the model inversion attacks in FL settings. The BELA module mimics the Batch normalization (BN) layer in the deep neural network architecture that considers the random sequence. The sequence and the parameters are private to each client, which helps in providing defense against the model inversion attacks. We also provide extensive theoretical analysis to show that the proposed module is integratable in a variety of deep neural network architectures. Our experimental analysis on four publicly available datasets and various network architectures show that the BELA module can increase the mean square error (MSE) up to 194% when a reconstruction attempt is performed by an adversary using existing state-of-the-art methods.https://ieeexplore.ieee.org/document/10829858/Zero-trustmodel inversion attacksblock encryption layerfederated learning5G/6G systems |
| spellingShingle | Sunder A. Khowaja Parus Khuwaja Kapal Dev Keshav Singh Xingwang Li Nikolaos Bartzoudis Ciprian R. Comsa Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G Systems IEEE Open Journal of the Communications Society Zero-trust model inversion attacks block encryption layer federated learning 5G/6G systems |
| title | Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G Systems |
| title_full | Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G Systems |
| title_fullStr | Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G Systems |
| title_full_unstemmed | Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G Systems |
| title_short | Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G Systems |
| title_sort | block encryption layer bela zero trust defense against model inversion attacks for federated learning in 5g 6g systems |
| topic | Zero-trust model inversion attacks block encryption layer federated learning 5G/6G systems |
| url | https://ieeexplore.ieee.org/document/10829858/ |
| work_keys_str_mv | AT sunderakhowaja blockencryptionlayerbelazerotrustdefenseagainstmodelinversionattacksforfederatedlearningin5g6gsystems AT paruskhuwaja blockencryptionlayerbelazerotrustdefenseagainstmodelinversionattacksforfederatedlearningin5g6gsystems AT kapaldev blockencryptionlayerbelazerotrustdefenseagainstmodelinversionattacksforfederatedlearningin5g6gsystems AT keshavsingh blockencryptionlayerbelazerotrustdefenseagainstmodelinversionattacksforfederatedlearningin5g6gsystems AT xingwangli blockencryptionlayerbelazerotrustdefenseagainstmodelinversionattacksforfederatedlearningin5g6gsystems AT nikolaosbartzoudis blockencryptionlayerbelazerotrustdefenseagainstmodelinversionattacksforfederatedlearningin5g6gsystems AT ciprianrcomsa blockencryptionlayerbelazerotrustdefenseagainstmodelinversionattacksforfederatedlearningin5g6gsystems |