Data Privacy in Trigger-Action Systems
This work is significant for end-users of Trigger-Action Platforms like IFTTT and Zapier, as it offers a solution to protect their private data from large-scale security risks inherent in these systems, representing a strong specific gain in data privacy.
This paper addresses the security risk in Trigger-Action Platforms (TAPs) where compromise could expose sensitive user data. The authors propose eTAP, a privacy-enhancing platform that executes rules without accessing plaintext data or learning computation results, achieving this by using garbled circuits. eTAP supports common operations and can run 100% of IFTTT's top-500 rules and 93.4% of Zapier's public rules, with a modest performance impact of 70ms (55%) increased latency and 59% reduced throughput.
Trigger-action platforms (TAPs) allow users to connect independent web-based or IoT services to achieve useful automation. They provide a simple interface that helps end-users create trigger-compute-action rules that pass data between disparate Internet services. Unfortunately, TAPs introduce a large-scale security risk: if they are compromised, attackers will gain access to sensitive data for millions of users. To avoid this risk, we propose eTAP, a privacy-enhancing trigger-action platform that executes trigger-compute-action rules without accessing users' private data in plaintext or learning anything about the results of the computation. We use garbled circuits as a primitive, and leverage the unique structure of trigger-compute-action rules to make them practical. We formally state and prove the security guarantees of our protocols. We prototyped eTAP, which supports the most commonly used operations on popular commercial TAPs like IFTTT and Zapier. Specifically, it supports Boolean, arithmetic, and string operations on private trigger data and can run 100% of the top-500 rules of IFTTT users and 93.4% of all publicly-available rules on Zapier. Based on ten existing rules that exercise a wide variety of operations, we show that eTAP has a modest performance impact: on average rule execution latency increases by 70 ms (55%) and throughput reduces by 59%.