DIST-FL: Enhancing Security for TEE-based Aggregation in Federated Learning
2026-06-03 • Cryptography and Security
Cryptography and Security
AI summaryⓘ
The authors study ways to make federated learning safer by using Trusted Execution Environments (TEEs), which are secure areas in computers. They show that even with TEEs, bad servers can still cheat by tricking how data is collected and processed. To fix this, they create DIST-FL, a system where multiple secure servers keep a safe and unchangeable record of data to stop cheating. Their tests show DIST-FL works well and is faster than similar methods. This helps keep federated learning both private and reliable.
Trusted Execution EnvironmentFederated LearningServer-side AdversariesState Rollback AttackI/O ManipulationAppend-only LedgerLinearizabilityDistributed SystemsWANThroughput
Authors
Guanlong Wu, Ju Yang, Zhen Huang, Jianyu Niu, Guoxing Chen, Jianzong Wang, Yinqian Zhang
Abstract
Trusted Execution Environments (TEEs)-aided federated learning protocols emerge as promising solutions to counter server-side adversaries and ensure the trustworthiness of the server. In this paper, we dissect existing protocols and demonstrate that server-side adversaries can still manipulate client selection and replay aggregation to compromise system robustness and privacy, by exploiting TEE limitations, i.e., state rollback and I/O manipulation. To this end, we present DIST-FL, a distributed system of servers guarded by multiple TEEs forming an append-only ledger for privacy-preserved, robust FL aggregation. Specifically, DIST-FL ensures operation linearizability to thwart state rollback attacks and incorporates inputs from reliable servers to mitigate I/O manipulation threats. We implement DIST-FL and conduct evaluations in WAN settings. Experimental results demonstrate that DIST-FL can effectively counter the proposed attacks and match the single-TEE's performance while offering a 6x throughput boost over its counterparts, leveraging TEE's computational advantages.