Trinabh Gupta

Sandy Schoettler, Andrew Thompson, Rakshith Gopalakrishna et al.

Trigger-action platforms are a new type of system that connect IoT devices with web services. For example, the popular IFTTT platform can connect Fitbit with Google Calendar to add a bedtime reminder based on sleep history. However, these platforms present confidentiality and integrity risks as they run on public cloud infrastructure and compute over sensitive user data. This paper describes the design, implementation, and evaluation of Walnut, a low-trust trigger-action platform that mimics the functionality of IFTTT, while ensuring confidentiality of data and correctness of computation, at a low resource cost. The key enabler for Walnut is a new two-party secure computation protocol that (i) efficiently performs strings substitutions, which is a common computation in trigger-action platform workloads, and (ii) replicates computation over heterogeneous trusted-hardware machines from different vendors to ensure correctness of computation output as long as one of the machines is not compromised. An evaluation of Walnut demonstrates its plausible deployability and low overhead relative to a non-secure baseline--3.6x in CPU and 4.3x in network for all but a small percentage of programs.

Muqsit Nawaz, Aditya Gulati, Kunlong Liu et al.

This paper describes the design, implementation, and evaluation of Otak, a system that allows two non-colluding cloud providers to run machine learning (ML) inference without knowing the inputs to inference. Prior work for this problem mostly relies on advanced cryptography such as two-party secure computation (2PC) protocols that provide rigorous guarantees but suffer from high resource overhead. Otak improves efficiency via a new 2PC protocol that (i) tailors recent primitives such as function and homomorphic secret sharing to ML inference, and (ii) uses trusted hardware in a limited capacity to bootstrap the protocol. At the same time, Otak reduces trust assumptions on trusted hardware by running a small code inside the hardware, restricting its use to a preprocessing step, and distributing trust over heterogeneous trusted hardware platforms from different vendors. An implementation and evaluation of Otak demonstrates that its CPU and network overhead converted to a dollar amount is 5.4$-$385$\times$ lower than state-of-the-art 2PC-based works. Besides, Otak's trusted computing base (code inside trusted hardware) is only 1,300 lines of code, which is 14.6$-$29.2$\times$ lower than the code-size in prior trusted hardware-based works.

Trinabh Gupta, Henrique Fingler, Lorenzo Alvisi et al.

Emails today are often encrypted, but only between mail servers---the vast majority of emails are exposed in plaintext to the mail servers that handle them. While better than no encryption, this arrangement leaves open the possibility of attacks, privacy violations, and other disclosures. Publicly, email providers have stated that default end-to-end encryption would conflict with essential functions (spam filtering, etc.), because the latter requires analyzing email text. The goal of this paper is to demonstrate that there is no conflict. We do so by designing, implementing, and evaluating Pretzel. Starting from a cryptographic protocol that enables two parties to jointly perform a classification task without revealing their inputs to each other, Pretzel refines and adapts this protocol to the email context. Our experimental evaluation of a prototype demonstrates that email can be encrypted end-to-end \emph{and} providers can compute over it, at tolerable cost: clients must devote some storage and processing, and provider overhead is roughly 5 times versus the status quo.