[Colloquium] REMINDER: Tejas Kannan Dissertation Defense Oct-24-2023

Devin Davis devind at uchicago.edu
Mon Oct 23 09:16:58 CDT 2023 

This is an announcement of Tejas Kannan's Dissertation Defense.
===============================================
Candidate: Tejas Kannan

Date: 10/24/2023

Time: 3:00pm

Location:  JCL 298

Remote Location: https://uchicago.zoom.us/j/93562106941?pwd=dmc4djAvN2xGWDZmVmltSmRsVVBDdz09

Title: Privacy, Error, and Energy Tradeoffs in Embedded Systems and Internet-of-Things Devices

Abstract: Battery-powered embedded devices operate under energy constraints, and devices seek methods to manage their energy consumption. Adaptive algorithms are an emerging method to perform this management. Adaptive systems meet device constraints by optimizing the tradeoff between system quality (e.g., error) and energy. This thesis argues that this two-dimensional tradeoff space is insufficient, and systems must explicitly consider data privacy as a third dimension.

Adaptive systems exhibit data-dependent behavior by leveraging previously collected measurements to determine when to conserve resources. We highlight this design through a novel adaptive system that performs recurrent neural network (RNN) inference under dynamic energy budgets. This system, called Budget RNNs, uses a new hierarchical architecture that allows for energy conservation through data-dependent input sampling. Across various energy constraints, Budget RNNs achieve a mean accuracy of 1.5 points higher than prior RNNs.

The data-dependent behavior of adaptive systems such as Budget RNNs creates a problem when viewing these systems from a new perspective: privacy. As adaptive systems tie their behavior to the collected measurements, an attacker observing the system's behavior through a side-channel can learn about the captured values. We demonstrate this problem by presenting two new side-channel attacks and defenses. The first attack uses the communication volume of embedded devices employing adaptive sampling to learn about the captured data. The second attack exploits the exit decisions of adaptive, multi-exit neural networks to expose the model's results. In both settings, we develop defenses that eliminate information leakage and incur negligible overhead while achieving higher system quality (e.g., error) than non-adaptive algorithms. These properties make our security measures suitable under the resource constraints of low-power devices.

These privacy issues extend beyond embedded systems and into the broader class of Internet-of-Things devices. We demonstrate this phenomenon by developing a new attack against Smart Televisions (TVs). Users enter information into modern Smart TVs through on-screen virtual keyboards. Popular Smart TV platforms, such as Apple's tvOS and Samsung's Tizen, make sounds as users type. We find that an attacker can use this audio as a side-channel to extract sensitive keystrokes (e.g., credit card details and common passwords) from Smart TVs. Samsung has acknowledged this vulnerability, and this work highlights how modern Internet-connected devices must better protect sensitive data.

Advisors: Hank Hoffmann

Committee Members: Hank Hoffmann, Nick Feamster, Sanjay Krishnan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.uchicago.edu/pipermail/colloquium/attachments/20231023/1d729a34/attachment-0001.html>

More information about the Colloquium mailing list