Federated learning enables the collaborative learning of a global model on diverse data, preserving data locality and eliminating the need to transfer user data to a central server. However, data privacy remains vulnerable, as attacks can target user training data by exploiting the updates sent by users during each learning iteration. Secure aggregation protocols are designed to mask/encrypt user updates and enable a central server to aggregate the masked information. MicroSecAgg (PoPETS 2024) proposes a single server secure aggregation protocol that aims to mitigate the high communication complexity of the existing approaches by enabling a one-time setup of the secret to be re-used in multiple training iterations. In this paper, we identify a security flaw in the MicroSecAgg that undermines its privacy guarantees. We detail the security flaw and our attack, demonstrating how an adversary can exploit predictable masking values to compromise user privacy. Our findings highlight the critical need for enhanced security measures in secure aggregation protocols, particularly the implementation of dynamic and unpredictable masking strategies. We propose potential countermeasures to mitigate these vulnerabilities and ensure robust privacy protection in the secure aggregation frameworks.

翻译：联邦学习支持在多样化数据上协同训练全局模型，既保持了数据的本地性，又无需将用户数据传输至中央服务器。然而，由于攻击者可能利用每轮学习迭代中用户发送的更新信息来窃取用户训练数据，数据隐私仍面临威胁。安全聚合协议旨在对用户更新进行掩码/加密处理，使中央服务器能够聚合掩码后的信息。MicroSecAgg（PoPETS 2024）提出了一种单服务器安全聚合协议，通过支持在多次训练迭代中重复使用一次性设置的密钥，以降低现有方案的高通信复杂度。本文揭示了MicroSecAgg中存在的一个安全缺陷，该缺陷会破坏其隐私保护承诺。我们详细阐述了该安全缺陷及相应攻击方法，论证了攻击者如何利用可预测的掩码值来破坏用户隐私。我们的研究结果凸显了在安全聚合协议中加强安全措施的迫切性，特别是需要实施动态且不可预测的掩码策略。我们提出了若干潜在的防御对策，以缓解这些安全漏洞，确保安全聚合框架具备稳健的隐私保护能力。