Search for: All records

Internet of Things (IoT) devices are becoming increasingly commonplace in both public and semi-private settings. Currently, most such devices lack mechanisms that allow for their discovery by casual (nearby) users who are not owners or operators. However, these users are potentially being sensed, and/or actuated upon, by these devices, without their knowledge or consent. This triggers privacy, security, and safety issues. To address this problem, some recent work explored device transparency in the IoT ecosystem. The intuitive approach is for each device to periodically and securely broadcast (announce) its presence and capabilities to all nearby users. While effective, when no new users are present, this 𝑃𝑢𝑠ℎ-based approach generates a substantial amount of unnecessary network traffic and needlessly interferes with normal device operation. In this work, we construct DB-PAISA which addresses these issues via a 𝑃𝑢𝑙𝑙-based method, whereby devices reveal their presence and capabilities only upon explicit user request. Each device guarantees a secure timely response (even if fully compromised by malware) based on a small active Root-of-Trust (RoT). DB-PAISA requires no hardware modifications and is suitable for a range of current IoT devices. To demonstrate its feasibility and practicality, we built a fully functional and publicly available prototype. It is implemented atop a commodity MCU (NXP LCP55S69) and operates in tandem with a smartphone-based app. Using this prototype, we evaluate energy consumption and other performance factors. 

Guaranteeing runtime integrity of embedded system software is an open problem. Trade-offs between security and other priorities (e.g., cost or performance) are inherent, and resolving them is both challenging and important. The proliferation of runtime attacks that introduce malicious code (e.g., by injection) into embedded devices has prompted a range of mitigation techniques. One popular approach is Remote Attestation (RA), whereby a trusted entity (verifier) checks the current software state of an untrusted remote device (prover). RA yields a timely authenticated snapshot of prover state that verifier uses to decide whether an attack occurred. Current RA schemes require verifier to explicitly initiate RA, based on some unclear criteria. Thus, in case of prover's compromise, verifier only learns about it late, upon the next RA instance. While sufficient for compromise detection, some applications would benefit from a more proactive, prevention-based approach. To this end, we construct CASU: Compromise Avoidance via Secure Updates. CASU is an inexpensive hardware/software co-design enforcing: (i) runtime software immutability, thus precluding any illegal software modification, and (ii) authenticated updates as the sole means of modifying software. In CASU, a successful RA instance serves as a proof of successful update, and continuous subsequent software integrity is implicit, due to the runtime immutability guarantee. This obviates the need for RA in between software updates and leads to unobtrusive integrity assurance with guarantees akin to those of prior RA techniques, with better overall performance. 

Understanding and predicting the relationship between leaf temperature ( T leaf ) and air temperature ( T air ) is essential for projecting responses to a warming climate, as studies suggest that many forests are near thermal thresholds for carbon uptake. Based on leaf measurements, the limited leaf homeothermy hypothesis argues that daytime T leaf is maintained near photosynthetic temperature optima and below damaging temperature thresholds. Specifically, leaves should cool below T air at higher temperatures (i.e., > ∼25–30°C) leading to slopes <1 in T leaf / T air relationships and substantial carbon uptake when leaves are cooler than air. This hypothesis implies that climate warming will be mitigated by a compensatory leaf cooling response. A key uncertainty is understanding whether such thermoregulatory behavior occurs in natural forest canopies. We present an unprecedented set of growing season canopy-level leaf temperature ( T can ) data measured with thermal imaging at multiple well-instrumented forest sites in North and Central America. Our data do not support the limited homeothermy hypothesis: canopy leaves are warmer than air during most of the day and only cool below air in mid to late afternoon, leading to T can / T air slopes >1 and hysteretic behavior. We find that the majority of ecosystem photosynthesis occurs when canopy leaves are warmer than air. Using energy balance and physiological modeling, we show that key leaf traits influence leaf-air coupling and ultimately the T can / T air relationship. Canopy structure also plays an important role in T can dynamics. Future climate warming is likely to lead to even greater T can , with attendant impacts on forest carbon cycling and mortality risk.