2FAKA-C/S: A Robust Two-Factor Authentication and Key Agreement Protocol for C/S Data Transmission in Federated Learning

As a hot technology trend, the federated learning (FL) cleverly combines data utilization and privacy protection by processing data locally on the client and only sharing model parameters with the server, embodying an efficient and secure collaborative learning model between clients and aggregated Servers. During the process of uploading parameters in FL models, there is susceptibility to unauthorized access threats, which can result in training data leakage. To ensure data security during transmission, the Authentication and Key Agreement (AKA) protocols are proposed to authenticate legitimate users and safeguard training data. However, existing AKA protocols for client–server (C/S) architecture show security deficiencies, such as lack of user anonymity and susceptibility to password guessing attacks. In this paper, we propose a robust 2FAKA-C/S protocol based on ECC and Hash-chain technology. Our security analysis shows that the proposed protocol ensures the session keys are semantically secure and can effectively resist various attacks. The performance analysis indicates that the proposed protocol achieves a total running time of 62.644 ms and requires only 800 bits of communication overhead, showing superior computational efficiency and lower communication costs compared to existing protocols. In conclusion, the proposed protocol securely protects the training parameters in a federated learning environment and provides a reliable guarantee for data transmission.