1. Introduction
Artificial intelligence (AI) is a rapidly advancing technology that is becoming increasingly integrated into various industries and aspects of daily life, resulting in significant changes and advancements in lifestyles and professional activities. This reality is obvious and observable and requires no proof. Despite the long duration of AI research, dating back to the 1950s when Alan Turing famously asked, “Can computers think?!” [
1], there is no single definition for this field. For example, a simple definition of AI is provided by the authors of [
2], where they describe it as programs that are no less competent than a human in any given setting. In contrast, the authors of [
3] describe it as a set of tools and methods that uses principles and mechanisms from various fields such as computation, mathematics, logic, and biology to address the challenges associated with realizing, modeling, and mimicking human intelligence and cognitive processes. Since then, AI has been a broad field of research, leading to various derivatives such as machine learning (ML), deep learning (DL), federated learning (FL), and others. Machine learning, for example, allows computers to “learn” from training information and incrementally improve their understanding without the need for explicit programming or with the least amount of supervision.
ML algorithms strive to identify patterns in data and derive knowledge from them to formulate independent predictions. ML algorithms and models acquire knowledge through encounters with the real world. In traditional contexts, a computer program is developed by engineers and provided with a set of instructions that facilitates the transformation of incoming data into the desired outcome. In contrast, ML is designed to learn on its own with minimal or no human intervention, gradually expanding its knowledge. The impressive performance of ML, combined with its enormous potential in classification and regression problems and its ability to use both supervised and unsupervised learning methods, have made it attractive to researchers [
4,
5]. Subsequent research has shown that ML has a wide range of applications in areas such as E-commerce and product recommendation; image, speech, and pattern recognition; user behavior analysis and context-aware smartphone applications [
4,
5]; health services [
6,
7,
8]; traffic prediction and transportation [
4,
9]; the Internet of Things (IoT) and smart cities [
9]; cybersecurity [
10]; natural language processing and sentiment analysis [
11]; sustainable agriculture [
12]; industrial applications [
13]; and many others.
1.1. Challenges in Machine Learning Domain
The precise results obtained in classification or regression gradually promote the integration of these methods into aspects of daily life. The practicality of using AI tools, especially ML, has been underpinned by their exceptional efficiency and the potential of their application in various domains. Nevertheless, ML continues to struggle with a number of challenges that are described in detail in the existing scientific literature. However, these challenges cannot be categorized uniformly, but are classified according to different viewpoints. This section presents the prevailing challenges and places them in a proposed framework that classifies them based on factors related to data, models, implementation, and other general dimensions.
General challenges [
14,
15]:
- –
User data privacy and confidentiality;
- –
User technology adoption and engagement;
- –
Ethical constraints.
Model-related challenges [
14,
15]:
- –
Accuracy and performance;
- –
Model evaluation;
- –
Variance and bias;
- –
Explainability.
Data-related challenges [
16,
17]:
- –
Data availability and accessibility [
18];
- –
- –
- –
Data heterogeneity;
- –
Noise and signal artifacts;
- –
Missing data;
- –
Classes imbalance;
- –
Data volume course of dimensionality;
- –
Bonferroni principle [
20];
- –
Feature representation and selection.
Implementation-related challenges [
18,
21]:
- –
Real-time processing;
- –
Model selection;
- –
Execution time and complexity.
The challenges within ML and related fields are the subject of extensive study, with researchers seeking to address these challenges collectively rather than focusing on any one. It is difficult to definitively state that any one of the above challenges is the most significant or has the most detrimental impact on the machine learning field. Nonetheless, the machine learning workflow primarily includes phases such as data collection and preprocessing, feature engineering, model training, model evaluation, and model deployment. The structure of this workflow highlights the central role of data in machine learning, as it is the first step in the process; without its completion, the subsequent phases cannot proceed. Moreover, the performance of ML models is directly linked to the availability of data. While achieving highly accurate intelligent models depends on the technical architecture of the models themselves, the quality and availability of the data, preprocessing, and several other factors, it is generally accepted that data availability contributes to increased and improved accuracy [
16,
17].
1.2. ML Privacy Issue and FL Solution
In the real world, due to several factors, the process of data collection is a major challenge, if not the biggest challenge, in developing machine learning models, and privacy and confidentiality are of paramount importance. This concern goes beyond individual privacy to include the societal, governmental, and organizational dimensions, all of which reinforce efforts to protect privacy and security of data.
1.2.1. The Privacy Issue Explained
These efforts have led to the introduction of numerous regulations and laws around the world, such as the European Union’s General Data Protection Regulation (GDPR) [
22], China’s Cyber Security Law of the People’s Republic of China [
23], the General Principles of the Civil Law of the People’s Republic of China [
24], Singapore’s Personal Data Protection Act (PDPA) [
25], and countless others.
While these regulations undeniably help protect private information, they also introduce some complexities into the landscape of ML. Collecting data for model training becomes much more difficult, which in turn hinders advances in model performance accuracy and personalized model results. Consequently, privacy and confidentiality issues not only present an isolated challenge, but also set in motion a number of additional hurdles for ML. These include challenges related to data availability, model performance, personalization, and ultimately building trust and acceptance. The critical importance of privacy in information sharing has led to extensive research resulting in several proposed privacy algorithms such as differential privacy [
26], anonymity k-order [
27], and homomorphic encryption [
28]. However, these methods do not provide optimal solutions, as demonstrated by observed machine learning attacks, e.g., model inversion [
29] and membership inference attacks [
30], where raw data are extracted by accessing the model.
1.2.2. Federated Learning as a Solution
To address privacy issues without restricting data collection, Google recently introduced a novel concept in machine learning called federated machine learning or federated learning (FL) [
31]. The basic premise of federated learning is that it does not require the sharing of user data between different devices. This concept can be defined as collaborative, distributed, and decentralized machine learning with privacy preservation. In federated learning, an intelligent model is trained without the need to transfer data from edge devices to a central server. Instead, models are sent to these devices, where they are trained on local data. Then, these refined models are sent back to a central server for aggregation, which assembles the global model without having visibility into the specific embedded data. The technical infrastructure of federated learning is shown in
Figure 1 below.
The concept of federated learning provides an effective solution to user privacy concerns. It not only addresses these concerns, but also unlocks the potential to collect more data for training machine learning models, which help improve accuracy and efficiency. In addition, federated learning facilitates training models with data from disparate and unrelated sources, referred to as “data islands”. In addition, federated learning enables the management of disparate data spread across different data spaces, each characterized by its unique attributes. This approach also facilitates what is known as “learning transfer”, which allows models to share knowledge without transmitting users’ private data. However, it is important to note that FL is still in its infancy and faces a number of challenges. This necessitates targeted research efforts to improve its capabilities.
1.3. Goals and Achievements
The primary goal of this paper is to address the limitations of existing federated learning (FL) frameworks in safeguarding FL algorithms against inference attacks while enhancing computational efficiency and reducing communication overhead. One of the key challenges in federated learning is managing the trade-off between communication traffic across the network and the computational costs for the server or client. Effective solutions need to balance these performance parameters to optimize both communication efficiency and computational resource usage. To achieve this, two novel frameworks are introduced: PolyFLAM and PolyFLAP, both of which incorporate polymorphic encryption to strengthen security in federated learning environments against inference attacks. These frameworks offer distinct advantages, with PolyFLAM focused on reducing computational costs by exchanging entire models, while PolyFLAP is aimed at reducing communication overhead by transmitting only model parameters.Therefore, the key achievements of this work are as follows:
- 1.
Development of PolyFLAM and PolyFLAP frameworks: Two flexible frameworks are presented, providing users with options to prioritize either communication efficiency or computational efficiency based on specific needs.
- 2.
Integration of polymorphic encryption: Both frameworks incorporate polymorphic encryption, ensuring robust security even in cases of key compromise, thereby mitigating the risk of privacy breaches, including inference attacks.
- 3.
Evaluation of multiple machine learning models: The effectiveness of the proposed frameworks is demonstrated by evaluating them across various machine learning models, such as support vector machines, logistic regression, Gaussian naïve Bayes, stochastic gradient descent, and multi-layer perceptron.
- 4.
Empirical validation of security and efficiency: Experimental results show that both PolyFLAM and PolyFLAP effectively withstand inference attacks, while offering significant improvements in either computational or communication efficiency compared to traditional FL methods.
These contributions provide practical solutions for enhancing both the privacy and performance of federated learning systems, addressing key concerns for real-world applications.
1.4. Organization of the Article
In response to the need to enhance FL algorithms against inference attacks, this article presents two innovative frameworks for federated learning, both of which involve the use of polymorphic encryption [
32] to strengthen the security of FL.
Section 2 addresses the problem, specifically the existing privacy inadequacies in FL. It also explains the motivation for developing these frameworks. A key aspect is the introduction of polymorphic encryption, a new addition in federated learning.
Section 3 presents the proposed frameworks in detail, explaining the mechanisms incorporated in them and providing comprehensive explanations of their inner processes.
Section 4 discusses and evaluates the proposed frameworks from different perspectives. In this context, tests are performed under real conditions to prove their efficiency. Finally,
Section 5 addresses the challenges that hinder the development of the proposed frameworks, while providing perspectives for their future development.
3. PolyFLAM and PolyFLAP: FL Frameworks Secured with Polymorphic Encryption
The compelling need to enhance security protocols within federated learning frameworks to guard against inference attacks, coupled with the potential of polymorphic encryption to address these needs, motivated the development of PolyFLAM and PolyFLAP. One of the critical challenges in federated learning is balancing the trade-off between communication traffic across the network and computational costs on the server or client. These frameworks integrate the core principles of polymorphic encryption to bolster security and privacy in federated learning environments, ensuring robust protection against attacks. This section provides a detailed explanation of both the conceptual foundations and the design of the proposed frameworks.
3.1. Main Concept
A typical federated learning system consists of a central server and multiple clients. The server sends a global model to the clients, which train their own model using their local data. After training, the clients send their updated models back to the server, which combines them into a single improved global model. The process is repeated until the global model reaches a point of stability. In the cases of PolyFLAM and PolyFLAP the exchanged messages are subjected to a special type of encryption, called polymorphic encryption, using the algorithm AES-256 [
56]. In this way, the security and protection of the exchanged data are ensured. The uniqueness of the proposed frameworks stems from the use of different encryption keys for each message exchanged between the server and the clients. This approach generates polymorphism, which adds an additional layer of security. Moreover, even for a single client, different keys are used for each message exchanged with the server. The main sources of this polymorphism are the Table of Encryption Keys (ToKs) and the initial encryption key, which are described in the following section.
3.1.1. Table of Encryption Keys (ToKs)
In both proposed frameworks, when a client makes a connection request, the server responds by providing a Table of Encryption Keys (ToKs). Each key in this table is assigned a unique ID for indexing. These keys play a critical role in encrypting the messages that are later exchanged. In this process, each message is assigned an index corresponding to the key used for encryption on the sender’s side and decryption on the receiver’s side. The AES-256 keys consist of 32 characters (bytes) and are extremely resistant to cracking attempts, which ensures a high level of security. In the context of PolyFLAM and PolyFLAP, even the case of a key being cracked or leaked does not pose a significant threat. This is because the implemented mechanism ensures that the compromised key, if present, is not reused in the federated learning process, neither with the same client nor with other clients. This concept is explained in more detail in the following sections. In practice, a malicious client that successfully cracks a key would gain minimal benefit from it, since that key is unlikely to have any further use.
It is important to emphasize that each client receives its own set of ToKs when connecting to the server. Even the same client receives a new set of ToKs each time it connects. Moreover, the transmission of ToKs to the client after the connection is established requires an additional encryption mechanism to protect against malicious entities. This precaution is critical because the effectiveness of the entire security scheme would be compromised if the ToKs were cracked or leaked. To counteract this, the initial encryption key, called the “initial_key”, used to encrypt the ToKs is also generated polymorphically, a concept that is explained in more detail in the following section.
3.1.2. Initial Encryption Key
The initial encryption key, referred to as the “initial_key”, plays an important role in encrypting the Table of Encryption Keys (ToKs) that is subsequently used to encrypt messages. Given the sensitive nature of ToKs data, it is imperative that separate initial_keys generated for each client. To achieve this, both PolyFLAM and PolyFLAP have well-defined procedures to generate the initial_key prior to its use in ToKs encryption. It is important to note that each connection session, even for the same client, uses a unique key, since random characters are used to generate the initial_key creation. It is worth noting that these keys are not transmitted over the network. Instead, they are generated independently on both the server and the client, using a unified mechanism. This approach significantly increases the level of security. The procedure for generating the initial_key remains identical on both the server and client sides and includes the following steps (the process described below on the side of an entity, where the entity can be the server or a client):
- 1.
Once the connection is established, the client generates a 32-character string called the “random_secret”.
- 2.
This string is then combined with the client’s connection data (socket data), which include the IP address and address details. This merging process results in a new 32-character string that conforms to the following structure:
- (a)
The first eight characters result from the inversion of the last eight characters of random_secret;
- (b)
The next four characters are extracted from the last four characters of the socket data;
- (c)
The next eight characters are made of the middle eight characters of the random_secret;
- (d)
The next four characters correspond to the first four characters of the socket data;
- (e)
Finally, the last eight characters are obtained by reversing the first eight characters of the random_secret.
By concatenating the above substrings, a 32-character string is formed. This string is used as input to the SHA-256 algorithm [
57], which produces a hashing result. The initial_key is then derived from the first 32 characters of this hashing result. The inclusion of the hashing process increases security by reducing vulnerability to potential cracking attempts. Since both the client and the server know the socket data, they can independently repeat the steps to create an identical key when they receive the same random_secret. However, since this random_secret is randomly generated on the client side, reproducing an identical string on the server side is impossible. Consequently, it is necessary to share this secret with the server. To ensure secure transmission, the “shuffled_secret” is constructed according to the following steps and then forwarded to the server so that it can use it to regenerate the random_secret:
- 1.
The first eight characters are opposite to the third eight characters of the random_secret;
- 2.
The second eight characters are the first eight characters of the random_secret;
- 3.
The third eight characters are the inverse of the last eight characters of the random_secret;
- 4.
The last four characters are the second eight characters of the random_secret.
By following these steps, the shuffled_secret becomes virtually useless to malicious entities unless they know the process required to restore the original sequence. This is not possible unless these entities can access the underlying code. Once the server receives the shuffled_secret, it reverses the steps of the shuffle to restore the original sequence, thus building the random_secret as it was on the client’s side. Then, the server mimics the client’s actions and repeats the same sequence of steps to generate the initial_key. Now that both the server and the client have the identical initial_key, the encryption of the Table of Encryption Keys (ToKs) can be performed. Then, these encrypted ToKs are sent to the clients, who decrypt them and use them to secure the exchanged messages.
It is important to note that even if a client connects through the same IP address in different sessions at different times, the initial_key would not be consistent. This is because randomness was included in the key creation process, in addition to complex shuffling, mixing, and hashing. The visual representation of the initial_key creation process can be seen in
Figure 2.
3.2. Supported ML Models
PolyFLAM and PolyFLAP are innovative frameworks for federated learning that expand the horizons of model training. These frameworks provide a diverse set of five different machine learning models that give users the flexibility to effectively tackle a variety of data analysis problems. The models offered are the following:
Support vector machines (SVMs) [
59]: a powerful classification algorithm that determines the optimal hyperplane to divide data into different classes;
Logistic Regression [
60]: a widely used binary classification algorithm that estimates the probability that a given input belongs to a particular class;
Gaussian naïve Bayes [
61]: this algorithm relies on the naïve Bayes theorem and the Gaussian distribution to classify data points based on their feature values;
Stochastic gradient descent (SGD classifier) [
62]: an iterative optimization algorithm used for training linear classifiers, often applied to large datasets;
Neural network (multi-layer perceptron) [
63]: a versatile deep learning architecture that simulates the interconnected structure of the human brain and is capable of processing complex patterns and relationships in data.
These models are suitable for a variety of machine learning tasks and provide users with the flexibility to choose the model that best fits their specific needs.
3.3. A Maneuver in the Trade-Off Space
PolyFLAM and PolyFLAP differ fundamentally in the nature of the data exchanged between clients and servers, offering two distinct strategies to balance computational and communication efficiency in federated learning (FL). PolyFLAM follows a model-centric approach by transmitting the entire model between server and clients. This design minimizes computational demands on the client side, as the models received can be directly trained or aggregated without further reconstruction. The reduced computational burden makes PolyFLAM particularly suited for scenarios where devices have limited processing power or when the aggregation of models at the server is preferred without additional overhead.
In contrast, PolyFLAP takes a parameter-centric approach, optimizing communication by transmitting only model parameters. This approach reduces the size of the messages exchanged, significantly lowering communication overhead. However, this reduction in communication cost comes with an increased computational demand, as clients and the server are required to rebuild the model from the transmitted parameters. The need for additional computational steps in PolyFLAP introduces a trade-off between communication efficiency and processing complexity. As a result, PolyFLAP is most advantageous in environments where devices have substantial computational capabilities but where network communication is limited or costly.
Moreover, PolyFLAM and PolyFLAP frameworks navigate the trade-off between communication traffic and computational costs by offering distinct approaches tailored to different needs. PolyFLAM reduces computational costs by exchanging entire models rather than individual parameters, thus simplifying the aggregation process at the expense of increased communication traffic due to the larger size of models. Conversely, PolyFLAP minimizes communication overhead by transmitting only model parameters, which are smaller in size but require additional computational resources to reconstruct the models. By maneuvering between these frameworks, users can select the approach that best aligns with their specific operational constraints and priorities, whether they need to optimize for lower communication costs or reduced computational demands, effectively balancing these performance parameters based on their application requirements.
The decision between using PolyFLAM or PolyFLAP ultimately depends on the specific constraints of the operational environment. If the network infrastructure is robust and capable of handling larger data transfers, but devices have limited computational resources, PolyFLAM may be the preferable choice due to its reduction in computation at the peripherals. Conversely, in environments where the network connection is constrained, but devices have powerful computational capabilities, PolyFLAP becomes a more suitable option, as the communication cost is minimized at the expense of increased local computation.
Thus, the introduction of both PolyFLAM and PolyFLAP is intended to provide users with flexible options, allowing them to choose the framework that best aligns with their infrastructure and operational needs. This design aims to investigate the trade-off space in polymorphic encryption-secured FL, offering solutions tailored to the user’s specific conditions. The distinction between these frameworks is not a matter of superiority but rather a reflection of different design priorities: PolyFLAM focuses on computational efficiency, while PolyFLAP emphasizes communication efficiency. Therefore, the choice between the two frameworks should be guided by the characteristics of the network and computational resources available.
3.4. Parameters Generated in PolyFLAP
As previously explained, PolyFLAP exchanges parameters between server and the clients. With the fact that PolyFLAP offers five different machine learning models, each generates a different set of parameters during the local training process, which is explained in the
Table 2 below.
These parameters, which collectively represent the core attributes of their respective models, are shared between clients and servers to jointly refine the global model during the federated learning process. The parameters exchanged between clients and servers contain the essence of the model’s complexity. On the server side, these received parameters are skillfully integrated and aggregated, enabling iterative refinement of the global model. This collaborative process ensures that the collective knowledge of the various clients contributes to the creation of a better informed and trained global model.
3.5. Frameworks Design
With this in mind, the PolyFLAM and PolyFLAP workflow is described in the following steps, which are also shown in
Figure 3 below. Recall that both frameworks have the same workflow, except for the type of messages exchanged between server and clients, which are models in the case of PolyFLAM and parameters in the case of PolyFLAP.
- 1.
The server starts the FL process on its side;
- 2.
The client connects to the server;
- 3.
The client generates the random_secret and initial_key and sends the first to the server in a “Connect” message;
- 4.
The server receives the message and creates the table of random encryption keys (ToKs);
- 5.
server regenerates the initial_key based on the received random_secret in the “Connect” message;
- 6.
The server encrypts the ToKs using the first 32 characters of the hashed initial_key and sends them to the client;
- 7.
The client receives the encrypted ToKs and decrypts them using initial key (after this step, the client selects an unused key from the ToKs to encrypt its message, and encapsulates the sent message with the ID of the used key);
- 8.
The client replies to server with an encrypted “Ready” message;
- 9.
The server receives the message and responds with an initial “Model/Parameters” message;
- 10.
The client receives the first "Model/Parameters" message and trains the model on the local data;
- 11.
The client replies to the server with its encrypted model (in case of PolyFLAM) or encrypted model parameters (in case of PolyFLAP);
- 12.
The server checks if all clients have sent their models/parameters; and
- (a)
If so, it starts the aggregation process, updates the global model/parameters, and sends them back to the clients;
- (b)
If not, it sends an encrypted “Hibernate” message to the clients to wait until the above condition is met.
- 13.
The clients receive the updated gradients and re-train their models based on them;
- 14.
Steps 11, 12, and 13 repeat until the model converges or until the server decides to stop.
4. Experimental Evaluation and Discussion
By using polymorphic encryption, this study provides two FL frameworks with increased resistance to inference attacks, strengthening the secrecy of messages exchanged within a federated learning cycle. This section focuses on an in-depth evaluation of the proposed innovative frameworks: PolyFLAM and PolyFLAP. It is worth noting that while the proposed frameworks undoubtedly create a secure environment for FL efforts, it is better to consider including authentication services in future revisions. This proactive step ensures that the FL system has a robust defense mechanism against potentially malicious entities. Although beyond the scope of this study, the scope of authentication services includes, but is not limited to the traditional foundation of password-based authentication, the additional security layer of two-factor authentication (2FA), the robust security of public key infrastructure (PKI), simplified access through single sign-on (SSO), the innovative area of biometric authentication, and a variety of other options [
64].
4.1. Security Analysis
The messages are encrypted in the proposed framework using the AES -256 algorithm, which is widely considered to be one of the most unassailable cryptographic systems known today. The cryptographic key of this algorithm has a length of 32 characters and is nearly impenetrable, as there are an incredible 10
77 possible variants for each individual key. According to [
56], trying to crack such a key with the computing power of a supercomputer would take billions of years. However, attacks using quantum computers, as described in “Quantum Attacks” [
65], are already on the horizon and may break through the protective framework of AES, even if rapid key cracking is still a long way off.
To counter this emerging threat, each message exchanged within the domains of PolyFLAM and PolyFLAP is encrypted with a unique key taken from the Table of Keys (ToKs). At the same time, the basic initial_key, which is polymorphically generated by the process described earlier, strengthens the security of the ToKs by encryption. It is important to emphasize that the key management, which includes both the ToKs and the initial_key, uses a unique instantiation for each client and each subsequent connection session.
This cautious approach also applies to situations where clients reconnect or different clients use the same connection at different times. Thanks to the randomness already explained, the probability of a key being reused is extremely low and approaches zero, so there is no risk of any of the keys used being leaked or cracked. In summary, the security of PolyFLAM and PolyFLAP is paramount: “Although AES-256 keys are very difficult to crack, the risk caused by a compromised or leaked key is almost zero, since this key is almost never used again during the FL cycle."
4.2. Frameworks Complexity
A complexity analysis of PolyFLAM and PolyFLAM framework is a critical examination of the efficiency and computational requirements of these solutions. By evaluating the time complexity of essential processes such as communication, encryption, and aggregation, a comprehensive understanding emerges that provides insights into the scalability and performance characteristics of the proposed federated learning frameworks. To obtain a better overview of the complexity analysis of PolyFLAM and PolyFLAP, it is important to be aware of the different functions and processes involved in these frameworks.
Figure 4 shows the different threads and functions involved in the execution of both frameworks, which are similar in both frameworks, except for the differences in the messages exchanged between server and clients, where models are exchanged in PolyFLAM and parameters are exchanged in PolyFLAP.
In this context, it is crucial to clarify that the functions executed at both the server and clients can be summarized as below:
In the server, the functions executed are as follows:
Run server thread and start the FL cycle (function S1);
Run listen thread and await clients connection (function S2);
Run the communication thread and exchange messages with clients (function S3);
Generate Table of Keys (function S4);
Receive and accept client’s connection (function S5);
Generate initial_key based on clients shuffled secret (function S6);
Encrypt Table of Keys (function S7);
Send encrypted Table of Keys to client (function S8);
Receive client’s ready message (function S9);
Decrypt ready message (function S10);
Encrypt model/parameters (function S11);
Send encrypted model/parameters to client (function S12);
Receive trained model/parameters from clients (function S13);
Check if model/parameters are received from all clients,
- –
if yes, aggregate all models/parameters (function S14),
- –
if no, encrypt and send hibernate message to clients and await receiving all models/parameters (function S15);
Encrypt aggregated models/parameters (function S16);
Send encrypted aggregated models/parameters to clients (function S17);
Repeat all steps from S13 to S17 until the global model converge.
In the client, the functions executed are as follows:
Run client thread and create socket (function C1);
Connect to server (function C2);
Generate initial encryption key (function C3);
Run exchange messages thread (function C4);
Encrypt “Connect” message (function C5);
Send encrypted “Connect” message (function C6);
Receive encrypted “Table of Keys” from server (function C7);
Decrypt “Table of Keys” (function C8);
Encrypt “Ready” message (function C9);
Send encrypted “Ready” message (function C10);
Receive encrypted “Model/Parameters” from server (function C11);
Decrypt “Models/Parameters” from server (function C12);
Train model using the local data (function C13);
Encrypt “Model/Parameters” from local training (function C14);
Send encrypted “Model/Parameters” to server (function C15);
Receive and decrypt the new message (function C16) and if the message is
- –
“Hibernate”, await until receiving another “Model/Parameter” message (function C17),
- –
“Model/Parameter”, then repeat steps C13 to C17 as per the number of training rounds.
Time Complexity
In the field of federated learning, PolyFLAM and PolyFLAP follow defined steps with complexities defined by the following parameters:
N (number of participating clients);
IK (generation of initial key);
ToKs (Table of Keys size);
E (encryption/decryption factors);
R (number of training iterations rounds);
A (aggregation complexity);
MP (model/parameters complexity);
T (training on local data).
To describe the time complexity of the framework on the server side, the O() parameter is used to form the necessary formulas. This parameter, commonly known as Big-O notation, is a mathematical notation used to describe the upper bound of the growth rate of the time complexity of an algorithm as the amount of input data increases. For example, O(1) represents a simple operation such as the initiation of the FL cycle, which occurs once on the server. Other messages have a different complexity, as described below:
Messages of fixed sizes such as connect, ready, and done are impacted by the number of participating clients: O(N);
Messages depending on the number of rounds and participating clients which are the following:
- –
hibernate message that are sent to all participating clients except for the last to send its parameters: R * O(N-1);
- –
models or parameters messages exchanged between server and clients are sent to all clients during all training rounds: R * O(N).
Following the steps performed on the server side and using the notations described above, the complexity function on the server side can be described as follows:
The time complexity analysis of the federated learning cycle executed on the client side involves a comprehensive evaluation of various operations, each of which is affected by different time complexities. Notable operations with constant time complexity, denoted as
O(1), include client thread initiation. However, unlike the server, the operations are not multiplied by the number of clients, but by the number of training rounds. Consequently, the complexity on the client side can be represented as follows:
The complexity profile shows that the efficiency of the federated learning cycle scales linearly with the number of clients and communication rounds. The linear nature of the complexity indicates that as the amount of inputs (number of clients, rounds of communication) increases, the time required for the process also increases proportionally. This is generally preferable to a quadratic or higher complexity, which would lead to a much higher time requirement as the amount of inputs increases.
4.3. Communication Overhead
Running the PolyFLAM and PolyFLAP frameworks introduces an inherent communication overhead as part of the orchestration between the server and the clients. This additional overhead results primarily from the additional messages that are exchanged, serving as the management keys for collaboration. These messages include important components such as the Table of Keys (ToKs), as well as other messages that signal readiness, hibernation, connection establishment, and disconnection. Particularly, a notable fraction of the overall overhead arises from the encrypted Table of Keys, since the other messages are of fixed and small sizes. Considering that the size of the Table of Keys (ToKs) messages is multiplied by 32 bytes due to the use of a 256-bit key (AES), and taking into account the number of clients participating in the federated learning process, the total communication overhead can be represented approximately as follows, where K is the number of encryption keys and C is the number of participating clients:
This equation summarizes the major factors contributing to the communication overhead caused by PolyFLAM and PolyFLAP encryption mechanisms and message exchanges.
4.4. Model Accuracy and Convergence
It is important to emphasize that the PolyFLAM and PolyFLAP frameworks were developed with the goal of strengthening the security and integrity of the federated learning environment, not improving learning quality. Although improving machine learning models is important, these frameworks were developed with the goal of providing effective protection against potential vulnerabilities and privacy breaches in FL’s decentralized collaborative learning scenarios. The frameworks protect sensitive data and confidential model information from potential attacks by relying on polymorphic encryption strategies that guarantee that an encryption key is never used twice within the FL cycle, even for the same client. This technique demonstrates a proactive strategy for establishing trust in FL contexts and ensures that the collaborative process takes place within a fortified, robust, and trust-driven framework.
4.5. Space and Storage Utilization
The PolyFLAM and PolyFLAP frameworks introduce an overhead in the exploration of spatial complexity that must be considered. Central to this overhead is the inclusion of the Table of Keys (ToKs), a cryptographic cornerstone. While the basic memory components of PolyFLAM and PolyFLAP are consistent with the foundation of federated learning frameworks, ToKs have a noticeable impact. ToKs require additional storage, but also play an important role in securing messages exchanged between servers and clients.
4.6. Evaluation Using Real-World Data
Real-world test datasets are used to evaluate the PolyFLAM and PolyFLAP frameworks. These frameworks, strengthened by cryptographic capabilities and precise orchestration, serve as the vanguard of federated learning in a world where theoretical ideas converge with practical implementations. The upcoming research aims to move beyond the conceptual level and into a realm where actual data are used to validate the usability and efficiency of the proposed frameworks.
4.6.1. Testing Environment
To evaluate the effectiveness of the proposed framework, a simulated federated learning network was built, delineated by its hardware and software components:
Hardware configuration: the simulated network configuration included a server equipped with an Intel Core i7 processor and 16 GB of memory. This server, running Microsoft Windows 10 Home, managed the orchestration of the network. At the same time, the client role was performed by different computers, each with different hardware specifications to simulate the heterogeneity of the real world.
Software framework: PolyFLAM and PolyFLAP were developed using Python (ver. 3.9) as the basic programming language.
During data partitioning, the records described in the next section were divided among the different customers during each FL cycle. If a dataset contains 1000 records and four clients participate in the training cycle, a fair partitioning would mean that each client performs local training on 250 different datasets. This careful division of data ensures equality and a consistent basis for comparative evaluation throughout the implementation of the system.
4.6.2. Datasets Used
A wide range of datasets specifically selected for binary classification tasks were carefully used to thoroughly evaluate the effectiveness and robustness of the frameworks. The three datasets include a simulated dataset generated using the SKLearn dataset library [
66]. Using this generated dataset, which includes 9000 records and 20 data properties, the core capabilities of the frameworks are thoroughly tested. In addition, the SHAREEDB Cardiovascular Diseases prediction dataset [
67] proves to be a critical component of the evaluation as it goes deeper into the real-world complexity domain. This dataset highlights the ability of the framework to adapt to real-world medical data, as it contains 139 records and 26 variables that capture the details of cardiovascular health. The surgical binary classification dataset [
68] expands on its contributions with 14,636 records and 24 features that complement the analysis. This diverse dataset highlights the framework’s ability to handle the complexity of a more complex, real-world scenario. Together, these carefully selected datasets provide the framework for a thorough evaluation and allow for better examination of framework performance across multiple dimensions of complexity and scale.
4.6.3. Security Analysis: Proof of Polymorphism
A rigorous evaluation process was employed to assess the resilience of the framework, with a particular focus on its ability to withstand inference attacks. The encryption keys used for communications were continuously monitored and verified to ensure their effectiveness. A key aspect of this evaluation involved prohibiting the reuse of encryption keys, which allowed for a thorough assessment of the framework’s robustness against key reuse attacks. This was demonstrated through experiments involving two clients and the initial dataset, where the original key and five additional types of keys (ToKs)used for message encryption were meticulously recorded and analyzed.
Table 3 summarizes the results of this cryptographic investigation, highlighting the findings from this extensive analysis. The results demonstrate the feasibility of polymorphic encryption in maintaining cryptographic strength and protecting against inference attacks. The prohibition of key reuse and the use of polymorphic keys significantly enhance the framework’s ability to secure complex data transmissions, ensuring that even if an encryption key is compromised, it cannot be exploited to undermine the system’s security.
4.6.4. Communication Cost
As part of the study and evaluation of PolyFLAM and PolyFLAP, communication costs were tracked and recorded. The communication stream includes different message types, both on the server and on the client, as shown in the list below:
Server will be sending the below messages to each client,
- –
“Encrypted ToKs” (S1);
- –
“Model/Parameters” (S2);
- –
“Hibernate” (S3);
- –
“Disconnect” (S4).
Client will be sending the below messages to the server,
- –
“Connect” (C1);
- –
“Ready” (C2);
- –
“Model/Parameters” (C3);
- –
“Disconnected” (C4).
The subtleties of the message size are closely related to parameters such as the number of training rounds (R) and the number of participating clients (C). Consequently, the quantification of communication costs can be succinctly formulated as follows:
It is worth noting that messages S3, S4, C1, and C2 have a fixed size due to their characteristic properties. The variability of S1 depends on the dimensions of the number of keys in the ToKs, with each factor contributing 32 bytes. It is important to emphasize that most of the communication volume comes from S2 and C3, which encapsulate a complicated model/parameter size. The recorded communication costs when running PolyFLAM and PolyFLAP are shown in
Table 4 and
Table 5 below. The communication costs are tracked between the server and a randomly selected client in a randomly selected training round for the messages sent and received in the three databases selected for testing.
Table 4 shows the size of each message sent by the server and the client, as described below. On the other hand,
Table 5 shows the total messages exchanged between the server and client, and also the reduction in communication cost between PolyFLAM and PolyFLAP, one by one:
4.6.5. Learning Quality
The two frameworks PolyFLAM and PolyFLAP comprise a versatile ensemble of five different models tailored for machine learning training: support vector machine (SVM), logistic regression (LR), Gaussian naïve Bayes (Gaussian NB), stochastic gradient descent (SGD), and multi-Layer perceptron (MLP). To comprehensively evaluate the effectiveness and robustness of these methods, a series of experiments were conducted on the three different datasets described previously. The results were tracked and plotted as shown in
Table 6. The acronyms used in the table can be described as follows:
The PolyFLAM and PolyFLAP frameworks were developed primarily not with the sole goal of improving learning quality, but rather with the goal of strengthening federated learning against potential attacks, especially inference attacks. Nonetheless, it is critical to recognize that learning quality retains its importance as a key metric, particularly in the context of machine learning models intended for predictive applications. In particular, accuracy plays a prominent role as it is a critical criterion for the utility and effectiveness of a model. The results presented above justify an analysis from different points of view.
Moreover, there is a clear trend where datasets with a larger number of records consistently show higher accuracy across the five different models in both PolyFLAM and PolyFLAP. This result is consistent with expectations, as a larger volume of records in a dataset leads to additional data availability for local training at the client node. This subsequently leads to an improvement in the local training quality and also in the global model quality. In particular, the results observed with the simulated dataset are remarkable, showing accuracies that exceed the threshold of 90% across various quality parameters. In contrast, the surgical deepnet dataset achieves comparatively lower accuracy, at 76% during the optimal iteration. In turn, the SHAREEDB dataset exhibits the least pronounced performance, as its highest accuracy across models does not exceed 62%. This clearly shows the influence of dataset size on model performance and learning quality. This observed phenomenon can be discussed from two strategic perspectives:
Potential to improve learning quality: the observed results encourage improving PolyFLAM and PolyFLAP so that they perform well when dealing with relatively small datasets;
Encouragement of client contributions: since the two proposed frameworks preserve user privacy, they can be considered as a solution to attract more participants to a FL training cycle, thus providing an opportunity to increase data availability and improve model performance.
In summary, the results highlight the potential of these frameworks to go beyond their primary focus on security and also contribute to improving the quality of learning. Moreover, the scalability and privacy-friendly characteristics of these frameworks suggest that they can provide even more robust results as the participating entities expand. Although PolyFLAM and PolyFLAP introduce novel frameworks by incorporating polymorphic encryption into federated learning, making direct comparisons with classical machine learning models applied to these datasets, such as [
69,
70,
71], is challenging due to their unique concepts; however, it is still possible to assess their advantages relative to existing methods.Specifically, these frameworks surpass previous implementations in terms of robustness against inference attacks—a security aspect not adequately addressed by earlier approaches. PolyFLAM and PolyFLAP offer superior protection by ensuring that even if an encryption key is compromised, it poses no threat to the system because each key is used only once, even by the same user. This level of security represents a significant advancement over prior FL methods.
4.7. Comparison to the State of the Art
In this section, a thorough comparison will be presented between the novel federated machine learning frameworks (FL) presented in this study and the existing state-of-the-art approaches. This comparison highlights the particular focus on data security and privacy achieved by incorporating polymorphic and homomorphic encryption techniques. This comparison is presented in
Table 7 below:
5. Challenges and Future Perspectives
As the federal learning environment evolves, a number of obstacles and interesting options for future development emerge. This chapter addresses the many challenges associated with the development, deployment, and evaluation of the proposed federated learning frameworks PolyFLAM and PolyFLAP. These issues range from heterogeneity to the requirement for effective communication methods. In addition, the chapter highlights the future prospects that will face the proposed frameworks and, by extension, the entire field of FL. Federated learning will change machine learning paradigms and data-driven innovation by addressing current problems and highlighting future opportunities.
5.1. Challenges
In the context of PolyFLAM and PolyFLAP, a number of challenges arise that are closely related to the implementation and refinement of these federated learning frameworks.
5.1.1. Heterogeneity
Heterogeneity poses a particular challenge for the proposed framework, especially due to the fact that it only supports "horizontal FL data" This notion covers scenarios where different clients process data with identical characteristics. Although the framework covers this particular data type well, it is important to recognize that alternative approaches were not considered or tested in our study. This highlights the need for further research to include the broader landscape of data heterogeneity.
5.1.2. Complexity and Computation Cost
The issue of complexity and processing cost is critical, especially given the costly nature of encryption techniques. Since these algorithms are intended to ensure the integrity of the transmitted data, they necessarily require significant computing resources. While ensuring the security of the data, the rigorous computations required for encryption increase the complexity of the framework. As a result, striking a balance between robust security measures and efficient data processing becomes a critical problem that requires new ways to reduce computational costs while maintaining the integrity of the system.
5.1.3. Scalability
The issue of scalability is a major problem due to the increased processing requirements of encryption. As the framework deals with an increasing number of clients, especially on the server side, the additional computational overhead can limit the scalability of the system. The influx of clients places additional demands on the server’s processing capacity, which can lead to bottlenecks and performance degradation. To achieve smooth scalability, it is critical to explore effective optimization approaches that reduce computational load while maintaining system responsiveness and supporting an increasing number of clients.
5.1.4. Learning Quality
One critical issue that emerges is the quality of learning in the proposed frameworks. While the main goal of PolyFLAM and PolyFLAP in this context is to improve security and robustness against inference attacks, the inherent trade-off between security and learning quality should not be neglected. Emphasizing security techniques such as encryption and privacy may divert attention from improving model learning quality. Striking a delicate balance between strong security and optimal learning outcomes is an ongoing problem that requires careful evaluation of the impact of security measures on the efficiency of the learning process and the future performance of the overall model.
5.1.5. Resources Limitations
Resource constraints pose a significant challenge, especially in the federated learning paradigm where clients typically operate with limited computational resources, which may be the case if the clients are smartphones or smart wearables instead of powerful computers. This challenge becomes even more significant when considering the implementation of the proposed framework. The demands imposed by encryption and other security measures could overwhelm the already limited resources of the clients. This scenario raises concerns about the feasibility and practicality of deploying the framework in real-world scenarios, given the potential burden on client devices. To overcome this challenge, strategies must be developed to optimize the use of available resources and ensure that the system remains operational while addressing the constraints of client environments.
5.2. Future Perspectives
In moving to future perspectives, it is important to acknowledge that the challenges discussed above are by no means new territory in academic discourse. Various researchers have addressed these obstacles and offer innovative solutions to be explored. With careful consideration, a promising path emerges in which the proposed PolyFLAM and PolyFLAP frameworks converge with established techniques. This convergence has the potential not only to overcome existing challenges, but also to usher in an era of increased efficiency and versatility for federated learning systems.
5.2.1. Handling Heterogeneity
Addressing the challenge of heterogeneity arising from different devices and data requires innovative approaches. A number of strategies can be explored to effectively manage this variability. One option is to use resource allocation techniques [
72], which intelligently allocate computing resources based on the capabilities of individual devices. This approach optimizes the use of resources and enables a more balanced and efficient federated learning process. In addition, the integration of meta-learning methods [
73] represents a promising avenue. Meta-learning allows models to learn and adapt quickly to new data distributions, and thus has the potential to improve the adaptability of the system to the heterogeneity of client devices and data sources. The synergistic fusion of these approaches with the proposed frameworks could lead to a more agile and effective framework for federated learning, capable of addressing the difficulties posed by heterogeneity.
5.2.2. Computation Cost and Time Reduction
The challenge of computational costs can be mitigated through the strategic use of various techniques. One notable approach is the use of parallel programming methods. By breaking down complex computations into smaller tasks that can be executed simultaneously, parallel programming makes more efficient use of the processing power of modern devices. This leads to an acceleration of model training and a reduction in computation time, effectively reducing the burden on computing resources. Incorporating parallel programming techniques into the proposed PolyFLAM and PolyFLAP frameworks has the potential to significantly reduce computational costs while improving system scalability and responsiveness.
5.2.3. Enhancing Scalability
The prospect of improving scalability is linked to effectively solving the problems of heterogeneity and computational cost. As these challenges are addressed through approaches such as resource allocation and parallel programming, a symbiotic relationship emerges. By addressing device and data heterogeneity, the system is enabled to serve a variety of clients. At the same time, reducing computational costs through techniques such as parallel programming ensures that the system remains responsive as the number of participants grows. This convergence of solutions paves the way for a more scalable federated learning system capable of accommodating significant numbers of clients while maintaining performance and efficiency. The interplay of these strategies has the potential to create a robust and adaptable ecosystem that meets real-world needs. In addition, the concept of third-party vendors can be incorporated into the framework to move some tasks outside the server, such as key generation or encryption, and keep network management and aggregation under the control of the central server.
5.2.4. Boosting Learning Quality
The quality of learning results can be improved by using different techniques for data preprocessing on the client side. As data are prepared prior to training, strategic preprocessing steps can be incorporated to improve the quality of the input data. Techniques such as feature scaling, outlier removal, and data augmentation can be applied to improve the quality and relevance of the data. By ensuring that the data fed into the training process are well prepared and free of noise or irregularities, the overall learning quality can be greatly enhanced. The integration of these preprocessing techniques into the proposed PolyFLAM and PolyFLAP frameworks may have the potential to fine tune the learning process in addition to their improved safety function, leading to improved model convergence and overall performance.
5.2.5. Integrating Blockchain for Enhanced Security
Integrating PolyFLAM and PolyFLAP with blockchain technology offers significant enhancements in security, transparency, and efficiency for federated learning systems. Blockchain’s decentralized and immutable ledger can bolster security by ensuring the integrity of model updates and encryption key exchanges, while smart contracts can automate and enforce security protocols, reducing human error. Additionally, tokenization can create incentive mechanisms to encourage participation, and decentralized data management aligns with federated learning’s goals, improving data privacy and efficiency. Blockchain also provides a transparent record of model provenance, enhancing auditing and reusability, and strengthens resistance to Sybil attacks by verifying participant identities. Overall, this integration promises a more secure, scalable, and robust federated learning framework.
6. Conclusions
The PolyFLAM and PolyFLAP frameworks use polymorphic encryption to enhance the security of message exchanges between servers and clients in a federated learning context. The security guarantees arise from the diversity of encryption keys, with each server–client message encrypted with a different key. Therefore, in the event of key compromise, there is minimal risk as key reuse within the FL cycle is virtually eliminated. However, there is a trade-off between the communication traffic across the network and the computational costs on the server or client. PolyFLAM and PolyFLAP aim to maneuver between these performance parameters, balancing security with efficiency. While they prioritize security, they incur additional computational and communication costs due to the computationally intensive encryption operations. To address these challenges, they can synergize with established methods to parallelize computation, increase learning efficiency, account for heterogeneity, and improve scalability, thereby enhancing their overall usability and feasibility.