research-article

A Multi-server ORAM Framework with Constant Client Bandwidth Blowup

Authors:
Thang Hoang

The Department of Computer Science and Engineering, University of South Florida, Tampa, Florida

The Department of Computer Science and Engineering, University of South Florida, Tampa, Florida

0000-0003-2229-3863
View Profile

,
Attila A. Yavuz

The Department of Computer Science and Engineering, University of South Florida, Tampa, Florida

The Department of Computer Science and Engineering, University of South Florida, Tampa, Florida
View Profile

,
Jorge Guajardo

Robert Bosch LLC, Research and Technology Center, Pittsburgh, PA

Robert Bosch LLC, Research and Technology Center, Pittsburgh, PA
View Profile

Authors Info & Claims

ACM Transactions on Privacy and Security Volume 23 Issue 1Article No.: 1pp 1–35https://doi.org/10.1145/3369108

Published:05 February 2020Publication History

ACM Transactions on Privacy and Security

Abstract

Oblivious Random Access Machine (ORAM) allows a client to hide the access pattern when accessing sensitive data on a remote server. It is known that there exists a logarithmic communication lower bound on any passive ORAM construction, where the server only acts as the storage service. This overhead, however, was shown costly for some applications. Several active ORAM schemes with server computation have been proposed to overcome this limitation. However, they mostly rely on costly homomorphic encryptions, whose performance is worse than passive ORAM. In this article, we propose S³ORAM, a new multi-server ORAM framework, which features O(1) client bandwidth blowup and low client storage without relying on costly cryptographic primitives. Our key idea is to harness Shamir Secret Sharing and a multi-party multiplication protocol on applicable binary tree-ORAM paradigms. This strategy allows the client to instruct the server(s) to perform secure and efficient computation on his/her behalf with a low intervention thereby, achieving a constant client bandwidth blowup and low server computational overhead. Our framework can also work atop a general k-ary tree ORAM structure (k ≥ 2). We fully implemented our framework, and strictly evaluated its performance on a commodity cloud platform (Amazon EC2). Our comprehensive experiments confirmed the efficiency of S³ORAM framework, where it is approximately 10× faster than the most efficient passive ORAM (i.e., Path-ORAM) for a moderate network bandwidth while being three orders of magnitude faster than active ORAM with O(1) bandwidth blowup (i.e., Onion-ORAM). We have open-sourced the implementation of our framework for public testing and adaptation.

References

Ittai Abraham, Christopher W. Fletcher, Kartik Nayak, Benny Pinkas, and Ling Ren. 2017. Asymptotically tight bounds for composing ORAM with PIR. In Proceedings of the IACR International Workshop on Public Key Cryptography. Springer, 91--120.Google ScholarCross Ref
Anastasov Anton. 2016. Implementing Onion ORAM: A Constant Bandwidth ORAM using AHE. Retrieved from https://github.com/aanastasov/onion-oram/blob/master/doc/report.pdf.Google Scholar
Daniel Apon, Jonathan Katz, Elaine Shi, and Aishwarya Thiruvengadam. 2014. Verifiable oblivious storage. In Proceedings of the International Workshop on Public Key Cryptography. Springer, 131--148.Google ScholarDigital Library
Amos Beimel and Yoav Stahl. 2002. Robust information-theoretic private information retrieval. In Proceedings of the International Conference on Security in Communication Networks. Springer, 326--341.Google Scholar
M. Ben-Or, S. Goldwasser, and A. Wigderson. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Janos Simon (Ed.). ACM, 1--10.Google Scholar
Vincent Bindschaedler, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, and Yan Huang. 2015. Practicing oblivious access on cloud storage: The gap, the fallacy, and the new way forward. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 837--849.Google ScholarDigital Library
T.-H. Hubert Chan, Jonathan Katz, Kartik Nayak, Antigoni Polychroniadou, and Elaine Shi. 2018. More is less: Perfectly secure oblivious algorithms in the multi-server setting. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security. Springer, 158--188.Google Scholar
Binyi Chen, Huijia Lin, and Stefano Tessaro. 2016. Oblivious parallel RAM: Improved efficiency and generic constructions. In Proceedings of the Theory of Cryptography Conference. Springer, 205--234.Google ScholarCross Ref
Benny Chor, Eyal Kushilevitz, Oded Goldreich, and Madhu Sudan. 1998. Private information retrieval. Journal of the ACM (JACM) 45, 6 (1998), 965--981.Google ScholarDigital Library
Ivan Damgård and Mads Jurik. 2001. A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In Proceedings of the International Workshop on Public Key Cryptography. Springer, 119--136.Google ScholarCross Ref
Jonathan Dautrich and Chinya Ravishankar. 2015. Combining ORAM with PIR to minimize bandwidth costs. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. ACM, 289--296.Google ScholarDigital Library
Srinivas Devadas, Marten van Dijk, Christopher W. Fletcher, Ling Ren, Elaine Shi, and Daniel Wichs. 2016. Onion ORAM: A constant bandwidth blowup oblivious RAM. In Proceedings of the Theory of Cryptography Conference. Springer, 145--174.Google ScholarCross Ref
Sky Faber, Stanislaw Jarecki, Sotirios Kentros, and Boyang Wei. 2015. Three-party ORAM for secure computation. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security. Springer, 360--385.Google ScholarDigital Library
Christopher Fletcher, Muhammad Naveed, Ling Ren, Elaine Shi, and Emil Stefanov. 2015. Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM. Technical Report. IACR Cryptology ePrint Archive, Report 2015, 1065.Google Scholar
Sanjam Garg, Payman Mohassel, and Charalampos Papamanthou. 2015. TWORAM: Round-optimal Oblivious RAM with Applications to Searchable Encryption. Technical Report. IACR Cryptology ePrint Archive, 2015: 1010.Google Scholar
Rosario Gennaro, Michael O. Rabin, and Tal Rabin. 1998. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In Proceedings of the 17th Annual ACM Symposium on Principles of Distributed Computing. ACM, 101--111.Google ScholarDigital Library
Craig Gentry, Kenny A. Goldman, Shai Halevi, Charanjit Julta, Mariana Raykova, and Daniel Wichs. 2013. Optimizing ORAM and using it efficiently for secure computation. In Proceedings of the International Symposium on Privacy Enhancing Technologies Symposium. Springer, 1--18.Google ScholarCross Ref
Ian Goldberg. 2007. Improving the robustness of private information retrieval. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07). IEEE, 131--148.Google ScholarDigital Library
Oded Goldreich. 1987. Towards a theory of software protection and simulation by oblivious RAMs. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing. ACM, 182--194.Google ScholarDigital Library
Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM (JACM) 43, 3 (1996), 431--473.Google ScholarDigital Library
S. Dov Gordon, Jonathan Katz, and Xiao Wang. 2018. Simple and efficient two-server ORAM. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 141--157.Google ScholarCross Ref
Thang Hoang, Ceyhun D. Ozkaptan, Attila A. Yavuz, Jorge Guajardo, and Tam Nguyen. 2017. S3ORAM: A computation-efficient and constant client bandwidth blowup ORAM with shamir secret sharing. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS’17). ACM, New York, NY, 491--505. DOI:https://doi.org/10.1145/3133956.3134090Google ScholarDigital Library
Thang Hoang, Attila Altay Yavuz, and Jorge Guajardo. 2016. Practical and secure dynamic searchable encryption via oblivious access on distributed data structure. In Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM, 302--313.Google ScholarDigital Library
Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS.Google Scholar
Steve Lu and Rafail Ostrovsky. 2013. Distributed oblivious RAM for secure two-party computation. In Theory of Cryptography. Springer, 377--396.Google Scholar
Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanovic, John Kubiatowicz, and Dawn Song. 2013. Phantom: Practical oblivious computation in a secure processor. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security. ACM, 311--324.Google ScholarDigital Library
Travis Mayberry, Erik-Oliver Blass, and Agnes Hui Chan. 2014. Efficient private file retrieval by combining ORAM and PIR. In NDSS. Citeseer.Google Scholar
Tarik Moataz, Erik-Oliver Blass, and Travis Mayberry. [n.d.]. CHf-ORAM: A constant communication ORAM without homomorphic encryption. ([n.d.]).Google Scholar
Tarik Moataz, Erik-Oliver Blass, and Travis Mayberry. 2015. Constant Communication ORAM without Encryption. Technical Report. IACR Cryptology ePrint Archive, Report 2015/1116.Google Scholar
Tarik Moataz, Travis Mayberry, and Erik-Oliver Blass. 2015. Constant communication ORAM with small blocksize. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 862--873.Google ScholarDigital Library
Muhammad Naveed. 2015. The fallacy of composition of oblivious RAM and searchable encryption. IACR Cryptology ePrint Archive 2015 (2015), 668.Google Scholar
Pascal Paillier. 1999. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 223--238.Google ScholarDigital Library
Benny Pinkas and Tzachy Reinman. 2010. Oblivious RAM revisited. In Advances in Cryptology--CRYPTO 2010. Springer, 502--519.Google ScholarCross Ref
Ling Ren, Christopher W. Fletcher, Albert Kwon, Emil Stefanov, Elaine Shi, Marten van Dijk, and Srinivas Devadas. 2014. Ring ORAM: Closing the gap between small and large client storage oblivious RAM. IACR Cryptology ePrint Archive 2014 (2014), 997.Google Scholar
Adi Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (1979), 612--613.Google ScholarDigital Library
Elaine Shi, T.-H. Hubert Chan, Emil Stefanov, and Mingfei Li. 2011. Oblivious RAM with O ((logN) 3) worst-case cost. In Advances in Cryptology--ASIACRYPT 2011. Springer, 197--214.Google ScholarDigital Library
Emil Stefanov, Charalampos Papamanthou, and Elaine Shi. 2014. Practical dynamic searchable encryption with small leakage. In NDSS, Vol. 71. 72--75.Google Scholar
Emil Stefanov and Elaine Shi. 2013. Multi-cloud oblivious storage. In Proceedings of the 2013 ACM SIGSAC Conference on Computer 8 Communications Security. ACM, 247--258.Google ScholarDigital Library
Emil Stefanov and Elaine Shi. 2013. Oblivistore: High performance oblivious cloud storage. In Proceedings of the IEEE Symposium on Security and Privacy (SP’13). IEEE, 253--267.Google ScholarDigital Library
Emil Stefanov, Elaine Shi, and Dawn Song. 2011. Towards practical oblivious RAM. arXiv preprint arXiv:1106.3652 (2011).Google Scholar
Emil Stefanov, Marten Van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: An extremely simple oblivious RAM protocol. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. ACM, 299--310.Google ScholarDigital Library
Jonathan Trostle and Andy Parrish. 2010. Efficient computationally private information retrieval from anonymity or trapdoor groups. In Proceedings of the International Conference on Information Security. Springer, 114--128.Google Scholar
Xiao Wang, Hubert Chan, and Elaine Shi. 2015. Circuit oram: On tightness of the goldreich-ostrovsky lower bound. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 850--861.Google ScholarDigital Library
Xiao Wang, Yan Huang, T.-H. Hubert Chan, Abhi Shelat, and Elaine Shi. 2014. SCORAM: Oblivious RAM for secure computation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 191--202.Google ScholarDigital Library
Xiao Shaun Wang, Kartik Nayak, Chang Liu, T. H. Chan, Elaine Shi, Emil Stefanov, and Yan Huang. 2014. Oblivious data structures. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 215--226.Google ScholarDigital Library
Andrew C. Yao. 1982. Protocols for secure computations. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, 1982. IEEE, 160--164.Google ScholarDigital Library

Index Terms

A Multi-server ORAM Framework with Constant Client Bandwidth Blowup
1. Security and privacy
  1. Security services
    1. Privacy-preserving protocols

Recommendations

S³ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Oblivious Random Access Machine (ORAM) enables a client to access her data without leaking her access patterns. Existing client-efficient ORAMs either achieve O(log N) client-server communication blowup without heavy computation, or O(1) blowup but with ...
Read More
Path ORAM: An Extremely Simple Oblivious RAM Protocol
Distributed Computing, Cryptography, Distributed Computing, Cryptography, Coding Theory, Automata Theory, Complexity Theory, Programming Languages, Algorithms, Invited Paper Foreword and Databases

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM ...
Read More
Path ORAM: an extremely simple oblivious RAM protocol
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Privacy and Security Volume 23, Issue 1
February 2020
209 pages
ISSN:2471-2566
EISSN:2471-2574
DOI:10.1145/3382042
Editor:
David Basin
ETH Zurich, Switzerland
Issue’s Table of Contents
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 5 February 2020
- Accepted: 1 October 2019
- Revised: 1 August 2019
- Received: 1 December 2018
Published in tops Volume 23, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
ORAM
privacy-enhancing technologies
secret sharing
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 2
  Total Citations
  View Citations
- 330
  Total Downloads
- Downloads (Last 12 months)60
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

A Multi-server ORAM Framework with Constant Client Bandwidth Blowup

ACM Transactions on Privacy and Security

Abstract

References

Cited By

Index Terms

Recommendations

S³ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing

Path ORAM: An Extremely Simple Oblivious RAM Protocol

Path ORAM: an extremely simple oblivious RAM protocol