Block Encryption LAyer (BELA): Zero-Trust Defense Against Model Inversion Attacks for Federated Learning in 5G/6G Systems

Federated Learning (FL) paradigm has been very popular in the implementation of 5G and beyond communication systems as it provides necessary security for the users in terms of data. However, the FL paradigm is still vulnerable to model inversion attacks, which allow malicious attackers to reconstruct data by using the trained model gradients. Such attacks can be carried out using generative adversarial networks (GANs), generative models, or by backtracking the model gradients. A zero-trust mechanism involves securing access and interactions with model gradients under the principle of “never trust, always verify.” This proactive approach ensures that sensitive information, such as model gradients, is kept private, making it difficult for adversaries to infer the private details of the users. This paper proposes a zero-trust based Block Encryption LAyer (BELA) module that provides defense against the model inversion attacks in FL settings. The BELA module mimics the Batch normalization (BN) layer in the deep neural network architecture that considers the random sequence. The sequence and the parameters are private to each client, which helps in providing defense against the model inversion attacks. We also provide extensive theoretical analysis to show that the proposed module is integratable in a variety of deep neural network architectures. Our experimental analysis on four publicly available datasets and various network architectures show that the BELA module can increase the mean square error (MSE) up to 194% when a reconstruction attempt is performed by an adversary using existing state-of-the-art methods.