Log In Sign Up

Data Privacy in Trigger-Action IoT Systems

by   Yunang Chen, et al.

Trigger-action platforms (TAPs) allow users to connect independent IoT or web-based services to achieve useful automation. TAPs provide a simple interface that helps users to program trigger-compute-action rules that pass data between disparate services through the TAPs. Unfortunately, TAPs introduce a large-scale security risk: if they are compromised, attackers will gain access to all sensitive data for millions of users. Towards that end, we propose eTAP, a privacy-enhancing trigger-action platform that executes trigger-compute-action rules without accessing users' private data in plaintext or learning anything about the results of the computation. We use garbled circuits as a primitive, and leverage the unique structure of trigger-compute-action rules to make them practical. We formally state and prove the security guarantees of our protocols. We prototyped eTAP, which supports the most commonly used operations on popular commercial TAPs like IFTTT and Zapier. Specifically, we support boolean, arithmetic, and string operations on private trigger data and can run 100 Zapier. We run ten existing user-created rules that exercise a variety of operations on trigger data. Performance tests show that the overhead is modest: on average rule execution latency increases by 70 ms (55 reduces by 59


page 1

page 2

page 3

page 4


Walnut: A low-trust trigger-action platform

Trigger-action platforms are a new type of system that connect IoT devic...

SAFECHAIN: Securing Trigger-Action Programming from Attack Chains (Extended Technical Report)

The proliferation of Internet of Things (IoT) is reshaping our lifestyle...

TAP: Transparent and Privacy-Preserving Data Services

Users today expect more security from services that handle their data. I...

TAPInspector: Safety and Liveness Verification of Concurrent Trigger-Action IoT Systems

Trigger-action programming (TAP) is a popular end-user programming frame...

Modeling and Performance Comparison of Privacy Approaches for Location Based Services

In pervasive computing environment, Location Based Services (LBSs) are g...

Secure and Privacy-Aware Data Dissemination for Cloud-Based Applications

In this paper we propose a data dissemination platform that supports dat...

A brief history on Homomorphic learning: A privacy-focused approach to machine learning

Cryptography and data science research grew exponential with the interne...