RSAM: Byzantine-Robust and Secure Model Aggregation in Federated Learning for Internet of Vehicles Using Private Approximate Median

In Internet-of-Vehicles (IoVs), Federated Learning (FL) is increasingly used by smart vehicles to process various sensing data. FL is a collaborative learning approach that enables vehicles to train a shared machine learning (ML) model by exchanging their local models instead of their sensitive training data in a distributed manner. Secure aggregation, as a privacy primitive for FL, aims to further protect the local models. However, existing secure aggregation methods for FL in IoVs mostly suffer from poor security against Byzantine attacks, e.g., malicious vehicles submit fake local models, which are common in IoVs and greatly degrade the accuracy of the final shared model without being detected. In this article, we propose a new secure and efficient aggregation approach, RSAM, for resisting Byzantine attacks FL in IoVs. RSAM first securely calculates an approximate median of local models of the distributed vehicles via the divide-and-conquer strategy as the aggregation model in each training round, providing the strong Byzantine robustness that is similar to the real median (a proven robust rank-based statistic) does, where median means the coordinate-wise median. Furthermore, RSAM is a single-server secure aggregation protocol that protects the vehicles' local models and training data against inside conspiracy attacks based on zero-sharing. Finally, RSAM is efficient for vehicles in IoVs, since RSAM transforms the sorting operation over the encrypted data to a small number of comparison operations over plain texts and vector-addition operations over ciphertexts, and the main building block relies on fast symmetric-key primitives. The correctness, Byzantine resilience, and privacy protection of RSAM are analyzed, and extensive experiments demonstrate its effectiveness.