Nisha Panwar

Nisha Panwar, Shantanu Sharma, Guoxi Wang et al.

Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced -- IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals' privacy or service integrity. To address such concerns, we propose IoT Notary, a framework to ensure trust in IoT systems and applications. IoT Notary provides secure log sealing on live sensor data to produce a verifiable `proof-of-integrity,' based on which a verifier can attest that captured sensor data adheres to the published data-capturing rules. IoT Notary is an integral part of TIPPERS, a smart space system that has been deployed at the University of California Irvine to provide various real-time location-based services on the campus. We present extensive experiments over realtime WiFi connectivity data to evaluate IoT Notary, and the results show that IoT Notary imposes nominal overheads. The secure logs only take 21% more storage, while users can verify their one day's data in less than two seconds even using a resource-limited device.

Yin Li, Dhrubajyoti Ghosh, Peeyush Gupta et al.

This paper proposes Prism, a secret sharing based approach to compute private set operations (i.e., intersection and union), as well as aggregates over outsourced databases belonging to multiple owners. Prism enables data owners to pre-load the data onto non-colluding servers and exploits the additive and multiplicative properties of secret-shares to compute the above-listed operations in (at most) two rounds of communication between the servers (storing the secret-shares) and the querier, resulting in a very efficient implementation. Also, Prism does not require communication among the servers and supports result verification techniques for each operation to detect malicious adversaries. Experimental results show that Prism scales both in terms of the number of data owners and database sizes, to which prior approaches do not scale.

Peeyush Gupta, Sharad Mehrotra, Nisha Panwar et al.

Contact tracing has emerged as one of the main mitigation strategies to prevent the spread of pandemics such as COVID-19. Recently, several efforts have been initiated to track individuals, their movements, and interactions using technologies, e.g., Bluetooth beacons, cellular data records, and smartphone applications. Such solutions are often intrusive, potentially violating individual privacy rights and are often subject to regulations (e.g., GDPR and CCPR) that mandate the need for opt-in policies to gather and use personal information. In this paper, we introduce Quest, a system that empowers organizations to observe individuals and spaces to implement policies for social distancing and contact tracing using WiFi connectivity data in a passive and privacy-preserving manner. The goal is to ensure the safety of employees and occupants at an organization, while protecting the privacy of all parties. Quest incorporates computationally- and information-theoretically-secure protocols that prevent adversaries from gaining knowledge of an individual's location history (based on WiFi data); it includes support for accurately identifying users who were in the vicinity of a confirmed patient, and then informing them via opt-in mechanisms. Quest supports a range of privacy-enabled applications to ensure adherence to social distancing, monitor the flow of people through spaces, identify potentially impacted regions, and raise exposure alerts. We describe the architecture, design choices, and implementation of the proposed security/privacy techniques in Quest. We, also, validate the practicality of Quest and evaluate it thoroughly via an actual campus-scale deployment at UC Irvine over a very large dataset of over 50M tuples.

Peeyush Gupta, Yin Li, Sharad Mehrotra et al.

Despite exciting progress on cryptography, secure and efficient query processing over outsourced data remains an open challenge. We develop a communication-efficient and information-theoretically secure system, entitled Obscure for aggregation queries with conjunctive or disjunctive predicates, using secret-sharing. Obscure is strongly secure (i.e., secure regardless of the computational-capabilities of an adversary) and prevents the network, as well as, the (adversarial) servers to learn the user's queries, results, or the database. In addition, Obscure provides additional security features, such as hiding access-patterns (i.e., hiding the identity of the tuple satisfying a query) and hiding query-patterns (i.e., hiding which two queries are identical). Also, Obscure does not require any communication between any two servers that store the secret-shared data before/during/after the query execution. Moreover, our techniques deal with the secret-shared data that is outsourced by a single or multiple database owners, as well as, allows a user, which may not be the database owner, to execute the query over secret-shared data. We further develop (non-mandatory) privacy-preserving result verification algorithms that detect malicious behaviors, and experimentally validate the efficiency of Obscure on large datasets, the size of which prior approaches of secret-sharing or multi-party computation systems have not scaled to.

Nisha Panwar, Shantanu Sharma, Guoxi Wang et al.

This paper focuses on the new privacy challenges that arise in smart homes. Specifically, the paper focuses on inferring the user's activities -- which may, in turn, lead to the user's privacy -- via inferences through device activities and network traffic analysis. We develop techniques that are based on a cryptographically secure token circulation in a ring network consisting of smart home devices to prevent inferences from device activities, via device workflow, i.e., inferences from a coordinated sequence of devices' actuation. The solution hides the device activity and corresponding channel activities, and thus, preserve the individual's activities. We also extend our solution to deal with a large number of devices and devices that produce large-sized data by implementing parallel rings. Our experiments also evaluate the performance in terms of communication overheads of the proposed approach and the obtained privacy.

Nisha Panwar, Shantanu Sharma, Peeyush Gupta et al.

The growing deployment of Internet of Things (IoT) systems aims to ease the daily life of end-users by providing several value-added services. However, IoT systems may capture and store sensitive, personal data about individuals in the cloud, thereby jeopardizing user-privacy. Emerging legislation, such as California's CalOPPA and GDPR in Europe, support strong privacy laws to protect an individual's data in the cloud. One such law relates to strict enforcement of data retention policies. This paper proposes a framework, entitled IoT Expunge that allows sensor data providers to store the data in cloud platforms that will ensure enforcement of retention policies. Additionally, the cloud provider produces verifiable proofs of its adherence to the retention policies. Experimental results on a real-world smart building testbed show that IoT Expunge imposes minimal overheads to the user to verify the data against data retention policies.

Nisha Panwar, Shantanu Sharma, Guoxi Wang et al.

Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced --- IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals' privacy or service integrity. To address such concerns, we propose IoT Notary, a framework to ensure trust in IoT systems and applications. IoT Notary provides secure log sealing on live sensor data to produce a verifiable `proof-of-integrity,' based on which a verifier can attest that captured sensor data adheres to the published data-capturing rules. IoT Notary is an integral part of TIPPERS, a smart space system that has been deployed at UCI to provide various real-time location-based services in the campus. IoT Notary imposes nominal overheads for verification, thereby users can verify their data of one day in less than two seconds.

Nisha Panwar, Shantanu Sharma, Sharad Mehrotra et al.

Smart homes are a special use-case of the Internet-of-Things (IoT) paradigm. Security and privacy are two prime concern in smart home networks. A threat-prone smart home can reveal lifestyle and behavior of the occupants, which may be a significant concern. This article shows security requirements and threats to a smart home and focuses on a privacy-preserving security model. We classify smart home services based on the spatial and temporal properties of the underlying device-to-device and owner-to-cloud interaction. We present ways to adapt existing security solutions such as distance-bounding protocols, ISO-KE, SIGMA, TLS, Schnorr, Okamoto Identification Scheme (IS), Pedersen commitment scheme for achieving security and privacy in a cloud-assisted home area network.

Nisha Panwar, Shantanu Sharma, Guoxi Wang et al.

Advances in sensing, networking, and actuation technologies have resulted in the IoT wave that is expected to revolutionize all aspects of modern society. This paper focuses on the new challenges of privacy that arise in IoT in the context of smart homes. Specifically, the paper focuses on preventing the user's privacy via inferences through channel and in-home device activities. We propose a method for securely scheduling the devices while decoupling the device and channels activities. The proposed solution avoids any attacks that may reveal the coordinated schedule of the devices, and hence, also, assures that inferences that may compromise individual's privacy are not leaked due to device and channel level activities. Our experiments also validate the proposed approach, and consequently, an adversary cannot infer device and channel activities by just observing the network traffic.

Shlomi Dolev, Nisha Panwar

Peripheral authentication is an important aspect in the vehicle networks to provide services to only authenticated peripherals and a security to internal vehicle modules such as anti-lock braking system, power-train control module, engine control unit, transmission control unit, and tire pressure monitoring. In this paper a three-way handshake scheme is proposed for a vehicle to a keyfob authentication. A keyfob is a key with a secure hardware that communicates and authenticates the vehicle over the wireless channel. Conventionally, a vehicle to keyfob authentication is realized through a challenge-response verification protocol. An authentic coupling between the vehicle identity and the keyfob avoids any illegal access to the vehicle. However, these authentication messages can be relayed by an active adversary, thereby, can amplify the actual distance between an authentic vehicle and a keyfob. Eventually, an adversary can possibly gain access to the vehicle by relaying wireless signals and without any effort to generate or decode the secret credentials. Hence, the vehicle to keyfob authentication scheme must contain an additional attribute verification such as physical movement of a keyfob holder. Our solution is a two-party and three-way handshake scheme with proactive and reactive commitment verification. The proposed solution also uses a time interval verification such that both vehicle and keyfob would yield a similar locomotion pattern of a dynamic keyfob within a similar observational time interval. Hence, the solution is different from the distance bounding protocols that require multiple iterations for the round-trip delay measurement. The proposed scheme is shown to be adaptable with the existing commitment scheme such as Schnorr identification scheme and Pedersen commitment scheme.

Shlomi Dolev, Lukasz Krzywiecki, Nisha Panwar et al.

In recent future, vehicles will establish a spontaneous connection over a wireless radio channel, coordinating actions and information. Vehicles will exchange warning messages over the wireless radio channel through Dedicated Short Range Communication (IEEE 1609) over the Wireless Access in Vehicular Environment (802.11p). Unfortunately, the wireless communication among vehicles is vulnerable to security threats that may lead to very serious safety hazards. Therefore, the warning messages being exchanged must incorporate an authentic factor such that recipient is willing to verify and accept the message in a timely manner

Shlomi Dolev, Łukasz Krzywiecki, Nisha Panwar et al.

Vehicular networks are used to coordinate actions among vehicles in traffic by the use of wireless transceivers (pairs of transmitters and receivers). Unfortunately, the wireless communication among vehicles is vulnerable to security threats that may lead to very serious safety hazards. In this work, we propose a viable solution for coping with Man-in-the-Middle attacks. Conventionally, Public Key Infrastructure (PKI) is utilized for a secure communication with the pre-certified public key. However, a secure vehicle-to-vehicle communication requires additional means of verification in order to avoid impersonation attacks. To the best of our knowledge, this is the first work that proposes to certify both the public key and out-of-band sense-able static attributes to enable mutual authentication of the communicating vehicles. Vehicle owners are bound to preprocess (periodically) a certificate for both a public key and a list of fixed unchangeable attributes of the vehicle. Furthermore, the proposed approach is shown to be adaptable with regards to the existing authentication protocols. We illustrate the security verification of the proposed protocol using a detailed proof in Spi calculus.