Publication Summary

A User Privacy Perspective for Contact Tracing Logs

We are couple months past while distancing into a new virtual world. The rapidly growing contact tracing methods focus on spatially and temporally co-located coordinates. It precisely detects the spot where multiple location coordinates (each representing a unique IP or biometrics) were in closer proximity at same time. Apparently, the privacy is not a primary goal for these contact tracing methods as of now, but pseudonym support can be easily integrated in case it is crucial for long-term tracking. Now, given an ideal contact tracing system, the question arises that who holds this contact tracing information? Should this be stored on a personal device of the user under tracking? Should it be stored on a trusted third-party storage provider, i.e., government, insurance, healthcare provider? Or should it be stored on an untrusted third-party storage provider in an encrypted format to enforce the confidentiality, e.g., rented storage? I think it is too early to favor one or the other, given that it is a long-standing so called “data owner problem” within the scope of IoT data flow models. However, one subtle answer lies in the policy cohort that was retroactively enforced over the same smart space that user was being traced on. These policies models can range across the board, i.e, trusted, untrusted and trust-but-verify assumption. One initial thought is to time-serialized the contact tracing information and then enforce the suitable owner policy across all three assumptions stated above.

IoT Expunge: Implementing Verifiable Retention of IoT Data, ACM CODASPY 2020

This paper presents a model to verify the potential state of the IoT data. The potential states of the IoT data are assumed to be accessible, inaccessible, and irrecoverable. Since the IoT data is meant to be distributed and circulated among various applications and service providers. It is important to pre-decide on the future state of the data and potential users of the data. Therefore, these pre-states are determined in terms of retroactive policies on the data. The storage provider is supposed to execute those policies in secure settings so that the data state-transition occurs as required. The data owners can also verify these state-transitions ‘or’ policy adherence through a time-bounded meta-data check at the service provider. This random check guarantees that the service provider is appropriately executing those policies and data state-transitions in a verifiable manner. Also, the time-boundedness guarantees that the service provider cannot enforce the state-transitions in real-time, just for the sake of a random audit. The data state-transition gradually prevents the access over current data. owever, the data does not immedately transit into a prohibited-access state. In fact, the user-defined policy enforces the data to undergo a waiting state; prior to, finally transitioning into an irrecoverable state.

IoT Notary: Sensor Data Attestation in Smart Environments, IEEE NCA 2019

This paper presents a logging scheme for the IoT data generated through sensors in a smart space. The information captured through these sensors is used to detect various parameters such as occupancy, thermodynamics, emergency etc. In most cases this information is useful for first responders, smart space tenants, facilitators. While in other cases it could also be useful for smart space tenants to locate and connect with the peers on a routine day. However, this ubiquitous sensing or continuous monitoring can also result into certain unprecedented privacy revelations. In which case tenants would like to have a choice to under surveillance, ‘or’, to refrain it. The sensor actuation as per tenant’s choice is rather straightforward; if there is a post-facto guarantee that the sensors adhere to the prescribed policy. This paper presents a logging method to preserve tamper-proof guarantees over the choices made by the tenants, and, the data generated by the sensors as a result of following those choices. The sensor data and the proofs (small-sized proofs) are stored together at the untrusted service provider.

Verifiable Round-Robin Scheme for Smart Homes, ACM CODASPY 2020

This paper presents a privacy solution for bleeding signals through wireless channel. A set of devices working in a smart home setting are supposed to provide ambience, comfort, assistance and surveillance. The standard model requires these devices to sense the environment, and, collect the data; which than must be forwarded over web, to a remote service provider through the local gateway hub. The primary issue is that even if these devices export the encrypted data towards the third-party service provider it can still allow an external observer to infer user activity inside the home. The user-activity for instance is the interaction with these devices that produces data. The channel-activity for instance is rise in wireless network traffic as a result of data generation through these devices. The proposed approach is based on pre-scheduling such that it decouples the device activity with respect to channel activity; that avoids any inferences as to when and which device is actively sensing and producing user-activity data. The proposed solution avoids any attacks that may reveal the coordinated schedule of the devces, and, the use activities.

Obscure: Information-Theoretic Oblivious and Verifiable Aggregation Queries, PVLDB 2019

Our solution is designed for a secure data management based on Shamir’s secret-sharing that does not require servers to collaborate to generate answers and can, hence, be implemented more efficiently. We present information-theoretic oblivious aggregation queries for conjunctive/disjunctive count, conjunctive/disjunctive sum, maximum, minimum, and top-k operations.

Trustworthy Sensing in Untrusted IoT Environments, IEEE PERCOM Work in Progress 2018

In this short paper, we highlight the misplaced trust of users in IoT systems that inadvertently capture the user-related data. Contemporary IoT systems must allow accountability in terms of data capturing and data sharing policies. Users must be able to tune the privacy preferences in terms of sensor actuation in the space of interest.

Trustworthy Privacy Policy Translation in Untrusted IoT Environments, IoTBDS 2018

Our solution is designed to incorporate trust and accountability in IoT data capturing systems. In particular, the user defined semantic policies must be translated correctly at the lower device/sensor level. The domain knowledge log attestation provides: spatial search à given the state of a few sensors in a region, the auditor can speculat the state of the sensors that belong to the same region, time-proof à auditor finds the latest update in terms of a time-proof so as to bound the level of staleness over the domain knowledge.