Jonathan Dautrich
ABSTRACT
We consider the challenge of providing privacy-preserving access to data outsourced to an untrusted cloud provider. Even if data blocks are encrypted, access patterns may leak valuable information. Oblivious RAM (ORAM) protocols guarantee full access pattern privacy, but even the most efficient ORAMs to date require roughly L log2 N block transfers to satisfy an L-block query, for block store capacity N.
We propose a generalized form of ORAM called Tunably-Oblivious Memory (lambda-TOM) that allows a query's public access pattern to assume any of lambda possible lengths. Increasing lambda yields improved efficiency at the cost of weaker privacy guarantees. 1-TOM protocols are as secure as ORAM.
We also propose a novel, special-purpose TOM protocol called Staggered-Bin TOM (SBT), which efficiently handles large queries that are not cache-friendly. We also propose a read-only SBT variant called Multi-SBT that can satisfy such queries with only O(L + log N) block transfers in the best case, and only O(L log N) transfers in the worst case, while leaking only O(log log log N) bits of information per query. Our experiments show that for N = 2^24 blocks, Multi-SBT achieves practical bandwidth costs as low as 6X those of an unprotected protocol for large queries, while leaking at most 3 bits of information per query.
- D. Boneh, D. Mazieres, and R. A. Popa. Remote oblivious storage: Making oblivious RAM practical. Manuscript, http://dspace.mit.edu/bitstream/ handle/1721.1/62006/MIT-CSAIL-TR-2011-018.pdf, 2011.Google Scholar
- J. A. Cain, P. Sanders, and N. Wormald. The random graph threshold for k-orientiability and a fast algorithm for optimal multiple-choice allocation. In Proc. SODA, pages 469--476. Society for Industrial and Applied Mathematics, 2007. Google ScholarDigital Library
- J. Dautrich. Achieving Practical Access Pattern Privacy in Data Outsourcing. PhD thesis, University of California, Riverside, 2014.Google Scholar
- J. Dautrich and C. Ravishankar. Compromising privacy in precise query protocols. In Proc. EDBT, 2013. Google ScholarDigital Library
- J. Dautrich and C. Ravishankar. Combining oram with pir to minimize bandwidth costs. In CODASPY, 2015. Google ScholarDigital Library
- J. Dautrich, E. Stefanov, and E. Shi. Burst ORAM: Minimizing ORAM response times for bursty access patterns. In USENIX Security, 2014. Google ScholarDigital Library
- S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, G. Pelosi, and P. Samarati. Efficient and private access to outsourced data. In Proc. ICDCS, 2011. Google ScholarDigital Library
- C. Gentry, K. Goldman, S. Halevi, C. Julta, M. Raykova, and D. Wichs. Optimizing ORAM and using it efficiently for secure computation. In PETS, 2013.Google Scholar
- O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious RAMs. Journal of the ACM (JACM), 43(3):431--473, 1996. Google ScholarDigital Library
- M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Privacy-preserving group data access via stateless oblivious RAM simulation. In Proc. SODA, pages 157--167. SIAM, 2012. Google ScholarDigital Library
- M. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS, 2012.Google Scholar
- N. L. Johnson and S. Kotz. Urn models and their application: an approach to modern discrete probability theory. Wiley New York, 1977.Google Scholar
- E. Kushilevitz, S. Lu, and R. Ostrovsky. On the (in)security of hash-based oblivious RAM and a new balancing scheme. In Proc. SODA, pages 143--156. SIAM, 2012. Google ScholarDigital Library
- J. R. Lorch, B. Parno, J. W. Mickens, M. Raykova, and J. Schiffman. Shroud: Ensuring private access to large-scale data in the data center. FAST, pages199--213, 2013. Google ScholarDigital Library
- M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, and D. Song. PHANTOM: Practical oblivious computation in a secure processor. In ACM CCS, 2013. Google ScholarDigital Library
- T. Mayberry, E.-O. Blass, and A. H. Chan. Efficient private file retrieval by combining ORAM and PIR. In NDSS, 2014.Google ScholarCross Ref
- M. Mitzenmacher. Some open questions related to cuckoo hashing. In Algorithms-ESA 2009, pages 1--10. Springer, 2009.Google ScholarCross Ref
- Y. Nakano, C. Cid, S. Kiyomoto, and Y. Miyake. Memory access pattern protection for resource-constrained devices. In Smart Card Research and Advanced Applications, pages 188--202. Springer, 2013. Google ScholarDigital Library
- M. Raab and A. Steger. Balls into bins -- a simple and tight analysis. In Randomization and Approximation Techniques in Computer Science, pages 159--170. Springer, 1998. Google ScholarDigital Library
- R. Sion. On the computational practicality of private information retrieval. In Proc. NDSS, 2007.Google Scholar
- E. Stefanov and E. Shi. Multi-Cloud Oblivious Storage. In CCS, 2013. Google ScholarDigital Library
- E. Stefanov and E. Shi. ObliviStore: High performance oblivious cloud storage. In IEEE Symposium on Security and Privacy, 2013. Google ScholarDigital Library
- E. Stefanov, E. Shi, and D. Song. Towards practical oblivious RAM. NDSS, 2012.Google Scholar
- E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path ORAM: An extremely simple oblivious RAM protocol. In ACM CCS, 2013. Google ScholarDigital Library
- P. Williams, R. Sion, and A. Tomescu. PrivateFS: A parallel oblivious file system. In CCS, 2012. Google ScholarDigital Library
- X. Yu, C. W. Fletcher, L. Ren, M. v. Dijk, and S. Devadas. Generalized external interaction with tamper-resistant hardware with bounded information leakage. In Proc. ACM CCSW, pages 23--34. ACM, 2013. Google ScholarDigital Library
Index Terms
- Tunably-Oblivious Memory: Generalizing ORAM to Enable Privacy-Efficiency Tradeoffs
Recommendations
OptORAMa: Optimal Oblivious RAM
Oblivious RAM (ORAM), first introduced in the ground-breaking work of Goldreich and Ostrovsky (STOC ’87 and J. ACM ’96) is a technique for provably obfuscating programs’ access patterns, such that the access patterns leak no information about the programs’...
OptORAMa: Optimal Oblivious RAM
Advances in Cryptology – EUROCRYPT 2020AbstractOblivious RAM (ORAM), first introduced in the ground-breaking work of Goldreich and Ostrovsky (STOC ’87 and J. ACM ’96) is a technique for provably obfuscating programs’ access patterns, such that the access patterns leak no information about the ...
Write-only oblivious RAM-based privacy-preserved access of outsourced data
Data outsourcing is plagued with several security and privacy concerns. Oblivious RAM (ORAM) can be used to address one of the many concerns, specifically to protect the privacy of data access pattern from outsourced cloud storage. This is achieved by ...
Comments