Proposed as a solution to mitigate the privacy implications related to the adoption of deep learning, Federated Learning (FL) enables large numbers of participants to successfully train deep neural networks without having to reveal the actual private training data. To date, a substantial amount of research has investigated the security and privacy properties of FL, resulting in a plethora of innovative attack and defense strategies. This paper thoroughly investigates the communication capabilities of an FL scheme. In particular, we show that a party involved in the FL learning process can use FL as a covert communication medium to send an arbitrary message. We introduce FedComm, a novel multi-system covert-communication technique that enables robust sharing and transfer of targeted payloads within the FL framework. Our extensive theoretical and empirical evaluations show that FedComm provides a stealthy communication channel, with minimal disruptions to the training process. Our experiments show that FedComm successfully delivers 100% of a payload in the order of kilobits before the FL procedure converges. Our evaluation also shows that FedComm is independent of the application domain and the neural network architecture used by the underlying FL scheme.

翻译：联邦学习（FL）被提出作为缓解深度学习带来的隐私影响的一种解决方案，它使大量参与者能够在不透露真实私有训练数据的情况下成功训练深度神经网络。迄今为止，大量研究已深入探讨了FL的安全与隐私特性，从而催生了众多创新的攻击与防御策略。本文全面研究了FL方案的通信能力。具体而言，我们表明参与FL学习过程的一方可以将FL用作隐蔽通信媒介来发送任意消息。我们提出FedComm，一种新颖的多系统隐蔽通信技术，能够在FL框架内实现目标负载的稳健共享与传输。广泛的理论与实证评估表明，FedComm提供了一种隐秘的通信信道，且对训练过程的干扰极小。实验结果显示，在FL过程收敛前，FedComm能够成功传输千比特量级的全部负载。我们的评估还表明，FedComm独立于应用领域及底层FL方案所使用的神经网络架构。