Privacy-Preserving for Federated Learning with TII PetalGuard on AWS

By: Dr. Victor Sucasas – Senior Director Cryptography, Technology Innovation Institute
By: Dr. Abdelrahaman Aly – Lead Cryptographer, Technology Innovation Institute
By: Dr. Ajith Suresh – Lead MPC Researcher, Technology Innovation Institute
By: Dr. Mustapha Tawbi – Senior Partner Solutions Architect GenAI/ML, AWS
By: Dr. Kathrin Monika Buhmann – Senior Partner Development Manager, AWS

In the era of artificial intelligence (AI), data is the fuel behind innovation. AI models are only as powerful as the data they are trained on. The most sensitive data requires the highest level of privacy protection, particularly in sectors like healthcare, finance, and defense. These industries need to balance AI innovation with data security requirements. Organizations in these fields prioritize maintaining trust and protecting sensitive information while implementing AI solutions, leading to methodical and measured adoption approaches.

Federated Learning (FL) allows multiple parties to train a shared AI model without centralizing their raw data. Each participant processes updates locally, sharing only model updates with a central server, hence reducing the risk of leaks and improving compliance with privacy regulations. However, research (Nasr et al., 2019, Melis et al., 2019) has demonstrated that conventional Federated Learning has limitations in its privacy guarantees. Multiple studies refer to successful data extraction attacks on FL systems, where adversaries were able to reconstruct individual training samples from shared model updates.

The Technology Innovation Institute (TII) has addressed this problem by taking the FL paradigm further with the solution “PetalGuard” — a federated learning framework built with confidential computing at its core.

Traditional approaches rely on a single server to aggregate model updates. In contrast, PetalGuard uses secure Multi-Party Computation (MPC). This is the same cryptographic technique used in secure cryptocurrency transactions. With MPC, PetalGuard secures aggregate updates across multiple independent servers. In addition to distributing trust across multiple servers and eliminating a single point of failure, this design mitigates the risk of privacy attacks that arise from a compromised aggregator.

In this post, we’ll show how PetalGuard is used for secure, privacy-preserving federated learning on AWS.

How PetalGuard enables private AI adoption

PetalGuard empowers industries to harness the power of AI without compromising data privacy. Sectors with strict regulatory standards such as HIPAA for healthcare, Bank Secrecy Act for finance, and defense can leverage AI while maintaining data protection requirements.

At the core of PetalGuard is Multi-Party Computation (MPC), which replaces the traditional centralized server with a distributed, cryptographic aggregation process as shown in the Figure 1. This design eliminates key vulnerabilities found in conventional federated learning architecture.

Figure 1: PetalGuard Architecture

PetalGuard addresses key concerns in data privacy for Federated Learning. At its core, PetalGuard eliminates the single point of trust by secret-sharing model updates and distributing them across multiple, independent servers. The distributed architecture is designed to allow that model updates remain private, as no individual server has complete access to them. The system employs multiple aggregators, creating redundancy that maintains security even if some servers experience downtime or failures. This design provides protection against unauthorized access to individual contributions, whether by other participants, aggregation servers, or external parties.

By addressing the privacy and security limitations of traditional federated learning, PetalGuard lays the foundation for safe, scalable, and compliant AI deployment, especially for sensitive and regulated industries.

AWS Integration and Benefit

PetalGuard integrates with key Amazon Web Services (AWS). As part of the shared responsibility model, AWS ensures the security of the underlying infrastructure and services. PetalGuard helps customers with data privacy on their side of the shared responsibility model. These services include Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Container Registry (Amazon ECR), and Amazon Elastic Kubernetes Service (Amazon EKS). With GPU-enabled Amazon EC2 instances, PetalGuard takes advantage of the AWS Global Infrastructure to run federated training on-demand and scale down to zero when training is completed. Communication between clients and server instances (aggregators) utilize the AWS backbone network. Information sent between AWS Global Infrastructure Regions and Availability Zones is encrypted at the link layer and makes use of high-speed and low latency bandwidth on dedicated metro fiber. Together, this allows customers to have confidence in the security, consistency, performance, cost and reliability of their federated learning workloads. AWS Global Infrastructure allows the solution to scale from hundreds to thousands of servers.

Getting Started with PetalGuard on AWS

The PetalGuard solution is available on the AWS Marketplace. PetalGuard is delivered as a Docker container, designed to fulfill a specific role in your PetalGuard EC2 instance:

• Client: Used for local training during our distributed federated learning. If you are configuring a training instance, this is the role to use.
• Aggregator: Used to securely aggregate encrypted model updates using MPC. If you are configuring your aggregator instance, this is the appropriate role.

The container uses a YAML-based configuration file, where you define key parameters such as:

• The machine learning model to be trained.
• Addresses of the aggregation servers.
• Settings for MPC-based secret sharing.
• Federated learning rounds and other operational parameters.

Once you have the containers configured, start the containers. No additional orchestration is required; the system will automatically initiate the federated learning workflow.

Client and aggregator EC2 containers can be deployed ad hoc. PetalGuard offers publicly available, globally distributed aggregators that client instances can access, thus eliminating the need for broader deployment beyond the client instances. This deployment model allows organizations to launch privacy-preserving AI initiatives using the scalability and reliability of AWS infrastructure.

Conclusion

As AI adoption accelerates, privacy and security are no longer optional—they are essential. PetalGuard exemplifies responsible innovation by prioritizing privacy and removing unnecessary trust dependencies in federated learning, keeping privacy at the forefront. By enabling secure, scalable, and efficient AI training, PetalGuard sets a new benchmark for safer and more responsible AI development. If your organization handles sensitive data, PetalGuard shifts the question from “whether” you can use AI to “how” you can use it securely. Get started with PetalGuard on AWS Marketplace today for your Federated Learning workloads.

The collaboration between AWS and TII’s PetalGuard represents an advancement in secure collaborative AI development. Future developments will include enhanced integration with AWS services, additional industry-specific solutions, expanded compliance frameworks and advanced security features. Check out the PetalGuard website to learn more.

.

Technology Innovation Institute – AWS Partner Spotlight

Technology Innovation Institute (TII), a leading Abu Dhabi-based research center, partners with AWS to advance AI innovation through their Falcon language models and cryptography solutions, demonstrating the UAE’s growing influence in global artificial intelligence development.

Contact TII | Partner Overview – Case Study | AWS Marketplace