Walnut: A low-trust trigger-action platform

TL;DR

Walnut is a low-trust trigger-action platform that ensures data confidentiality and computation correctness using secure computation protocols and trusted hardware, with minimal resource overhead compared to non-secure systems.

Contribution

The paper introduces Walnut, a novel trigger-action platform that combines secure computation and trusted hardware to protect user data and ensure correctness at low resource costs.

Findings

Walnut achieves 3.6x CPU overhead and 4.3x network overhead relative to non-secure baseline.

It effectively performs string substitutions, a common task in trigger-action workloads.

The system demonstrates plausible deployability with low resource overhead.

Abstract

Trigger-action platforms are a new type of system that connect IoT devices with web services. For example, the popular IFTTT platform can connect Fitbit with Google Calendar to add a bedtime reminder based on sleep history. However, these platforms present confidentiality and integrity risks as they run on public cloud infrastructure and compute over sensitive user data. This paper describes the design, implementation, and evaluation of Walnut, a low-trust trigger-action platform that mimics the functionality of IFTTT, while ensuring confidentiality of data and correctness of computation, at a low resource cost. The key enabler for Walnut is a new two-party secure computation protocol that (i) efficiently performs strings substitutions, which is a common computation in trigger-action platform workloads, and (ii) replicates computation over heterogeneous trusted-hardware machines from different vendors to ensure correctness of computation output as long as one of the machines is not compromised. An evaluation of Walnut demonstrates its plausible deployability and low overhead relative to a non-secure baseline--3.6x in CPU and 4.3x in network for all but a small percentage of programs.