Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)

As many types of IoT devices worm their way into numerous settings and many aspects of our daily lives, awareness of their presence and functionality becomes a source of major concern. Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation. This prompts, respectively, privacy and security/safety issues. The dangers of hidden IoT devices have been recognized and prior research suggested some means of mitigation, mostly based on traffic analysis or using specialized hardware to uncover devices. While such approaches are partially effective, there is currently no comprehensive approach to IoT device transparency. Prompted in part by recent privacy regulations (GDPR and CCPA), this paper motivates and constructs a privacy-agile Root-of-Trust architecture for IoT devices, called PAISA: Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure announcements about IoT devices' presence and their capabilities. PAISA has two components: one on the IoT device that guarantees periodic announcements of its presence even if all device software is compromised, and the other that runs on the user device, which captures and processes announcements. Notably, PAISA requires no hardware modifications; it uses a popular off-the-shelf Trusted Execution Environment (TEE) -- ARM TrustZone. This work also comprises a fully functional (open-sourced) prototype implementation of PAISA, which includes: an IoT device that makes announcements via IEEE 802.11 WiFi beacons and an Android smartphone-based app that captures and processes announcements. Both security and performance of PAISA design and prototype are discussed.Comment: 17 pages, 11 figures. To appear at ACM CCS 202

Scalable Private Signaling

Private messaging systems that use a bulletin board, like privacy-preserving blockchains, have been a popular topic during the last couple of years. In these systems, typically a private message is posted on the board for a recipient and the privacy requirement is that no one can determine the sender and the recipient of the message. Until recently, the efficiency of these recipients was not considered, and the party had to perform a naive scan of the board to retrieve their messages. More recently, works like Fuzzy Message Detection (FMD), Private Signaling (PS), and Oblivious Message Retrieval (OMR) have studied the problem of protecting recipient privacy by outsourcing the message retrieval process to an untrusted server. However, FMD only provides limited privacy guarantees, and PS and OMR greatly lack scalability. In this work, we present a new construction for private signaling which is both asymptotically superior and concretely orders of magnitude faster than all prior works while providing full privacy. Our constructions make use of a trusted execution environment (TEE) and an Oblivious RAM to improve the computation complexity of the server. We also improve the privacy guarantees by keeping the recipient hidden even during the retrieval of signals from the server. Our proof-of-concept open-source implementation shows that for a server serving a hundred thousand recipients and ten million messages, it only takes $< 6$ milliseconds to process a sent message, and $< 200$ milliseconds to process a retrieval (of 100 signals) request from a recipient

Standard Model Time-Lock Puzzles: Defining Security and Constructing via Composition

The introduction of time-lock puzzles initiated the study of publicly “sending information into the future.” For time-lock puzzles, the underlying security-enabling mechanism is the computational complexity of the operations needed to solve the puzzle, which must be tunable to reveal the solution after a predetermined time, and not before that time. Time-lock puzzles are typically constructed via a commitment to a secret, paired with a reveal algorithm that sequentially iterates a basic function over such commitment. One then shows that short-cutting the iterative process violates cryptographic hardness of an underlying problem. To date, and for more than twenty-five years, research on time-lock puzzles relied heavily on iteratively applying well-structured algebraic functions. However, despite the tradition of cryptography to reason about primitives in a realistic model with standard hardness assumptions (often after initial idealized assumptions), most analysis of time-lock puzzles to date still relies on cryptography modeled (in an ideal manner) as a random oracle function or a generic group function. Moreover, Mahmoody et al. showed that time-lock puzzles with superpolynomial gap cannot be constructed from random-oracles; yet still, current treatments generally use an algebraic trapdoor to efficiently construct a puzzle with a large time gap, and then apply the inconsistent (with respect to Mahmoody et al.) random-oracle idealizations to analyze the solving process. Finally, little attention has been paid to the nuances of composing multi-party computation with timed puzzles that are solved as part of the protocol. In this work, we initiate a study of time-lock puzzles in a model built upon a realistic (and falsifiable) computational framework. We present a new formal definition of residual complexity to characterize a realistic, gradual time-release for time-lock puzzles. We also present a general definition of timed multi-party computation (MPC) and both sequential and concurrent composition theorems for MPC in our model

Arc Requires PSD95 for Assembly into Postsynaptic Complexes Involved with Neural Dysfunction and Intelligence

Arc is an activity-regulated neuronal protein, but little is known about its interactions, assembly into multiprotein complexes, and role in human disease and cognition. We applied an integrated proteomic and genetic strategy by targeting a tandem affinity purification (TAP) tag and Venus fluorescent protein into the endogenous Arc gene in mice. This allowed biochemical and proteomic characterization of native complexes in wild-type and knockout mice. We identified many Arc-interacting proteins, of which PSD95 was the most abundant. PSD95 was essential for Arc assembly into 1.5-MDa complexes and activity-dependent recruitment to excitatory synapses. Integrating human genetic data with proteomic data showed that Arc-PSD95 complexes are enriched in schizophrenia, intellectual disability, autism, and epilepsy mutations and normal variants in intelligence. We propose that Arc-PSD95 postsynaptic complexes potentially affect human cognitive function

Cellular and molecular mechanisms of immunomodulation in the brain through environmental enrichment

Recent studies on environmental enrichment (EE) have shown cytokines, cellular immune components [e.g., T lymphocytes, natural killer (NK) cells], and glial cells in causal relationship to EE in bringing out changes to neurobiology and behavior. The purpose of this review is to evaluate these neuroimmune mechanisms associated with neurobiological and behavioral changes in response to different EE methods. We systematically reviewed common research databases. After applying all inclusion and exclusion criteria, 328 articles remained for this review. Physical exercise (PE), a form of EE, elicits anti-inflammatory and neuromodulatory effects through interaction with several immune pathways including interleukin (IL)-6 secretion from muscle fibers, reduced expression of Toll-like receptors on monocytes and macrophages, reduced secretion of adipokines, modulation of hippocampal T cells, priming of microglia, and upregulation of mitogen-activated protein kinase phosphatase-1 in central nervous system. In contrast, immunomodulatory roles of other enrichment methods are not studied extensively. Nonetheless, studies showing reduction in the expression of IL-1β and tumor necrosis factor-α in response to enrichment with novel objects and accessories suggest anti-inflammatory effects of novel environment. Likewise, social enrichment, though considered a necessity for healthy behavior, results in immunosuppression in socially defeated animals. This has been attributed to reduction in T lymphocytes, NK cells and IL-10 in subordinate animals. EE through sensory stimuli has been investigated to a lesser extent and the effect on immune factors has not been evaluated yet. Discovery of this multidimensional relationship between immune system, brain functioning, and EE has paved a way toward formulating environ-immuno therapies for treating psychiatric illnesses with minimal use of pharmacotherapy. While the immunomodulatory role of PE has been evaluated extensively, more research is required to investigate neuroimmune changes associated with other enrichment methods.Gaurav Singhal, Emily J. Jaehne, Frances Corrigan and Bernhard T. Baun

Root-of-Trust Architectures for Low-end Embedded Systems

Internet-of-Things (IoT), “smart”, and Cyber-Physical Systems (CPS) devices have become increasingly popular and commonplace over the past two decades. Some of them perform safety-critical tasks and collect sensitive information, e.g., smoke detectors, temperature sensors, heart rate monitors, and fitness trackers. However, due to their stringent cost, size, and energy constraints, they are equipped with few (or no) security features. This makes them vulnerable to attacks. Some prior work proposed security architectures (such as remote attestation, proof of execution, and secure reset/erasure) to detect and mitigate malware on them. However, these approaches either partially mitigate the problem and/or require new hardware that is unrealistic for low-end devices. This dissertation presents four hybrid (hardware/software co-design) root-of-trust (RoT) architectures that mitigate various attacks with small hardware modifications: TinyCFA, DIALED, VERSA, and CASU. TinyCFA and DIALED are passive RoTs that detect runtime (control-flow and data-only) attacks by proposing new control-flow and data-flow attestation architectures respectively. Whereas, VERSA and CASU are active RoTs that prevent sensor data privacy leakage and code-injection attacks based on hardware-enforced access control mechanisms. We implement and evaluate these architectures on low-end microcontrollers (e.g., TI MSP430) and show that they are suitable for resource-constrained IoT. We also formally verify the hardware implementation of VERSA and CASU, thus showing that they meet all stated security requirements