A Practical Oblivious Map Data Structure with Secure Deletion and History Independence

Roche, Daniel S.; Aviv, Adam J.; Choi, Seung Geol

doi:10.1109/sp.2016.19

Cited by 47 publications

(38 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on their work, we construct a write-only ORAM that additionally supports variable-size data and hides the when the data items are modified. We point out also that variable-sized blocks in traditional read/write ORAMs were also considered recently by [21], but with higher overhead than what can be achieved in the write-only setting.…”

Section: Related Workmentioning

confidence: 88%

ObliviSync: Practical Oblivious File Backup and Synchronization

Aviv

Choi

Mayberry

et al. 2017

Proceedings 2017 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Abstract-Oblivious RAM (ORAM) protocols are powerful techniques that hide a client's data as well as access patterns from untrusted service providers. We present an oblivious cloud storage system, ObliviSync, that specifically targets one of the most widely-used personal cloud storage paradigms: synchronization and backup services, popular examples of which are Dropbox, iCloud Drive, and Google Drive. This setting provides a unique opportunity because the above privacy properties can be achieved with a simpler form of ORAM called write-only ORAM, which allows for dramatically increased efficiency compared to related work. Our solution is asymptotically optimal and practically efficient, with a small constant overhead of approximately 4x compared with non-private file storage, depending only on the total data size and parameters chosen according to the usage rate, and not on the number or size of individual files. Our construction also offers protection against timing-channel attacks, which has not been previously considered in ORAM protocols. We built and evaluated a full implementation of ObliviSync that supports multiple simultaneous read-only clients and a single concurrent read/write client whose edits automatically and seamlessly propagate to the readers. We show that our system functions under high work loads, with realistic file size distributions, and with small additional latency (as compared to a baseline encrypted file system) when paired with Dropbox as the synchronization service.

show abstract

Section: Related Workmentioning

confidence: 88%

ObliviSync: Practical Oblivious File Backup and Synchronization

Aviv

Choi

Mayberry

et al. 2017

Proceedings 2017 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…These leakages are modeled as search pattern (repetitive pattern in search queries), size pattern (the number of search results) [13] and access pattern (how the encrypted data or indexes are accessed). Generally, these leakages could be eliminated by using an oblivious RAM (ORAM) [10,18,19,27,28]. However, ORAM usually brings heavy computational overhead and bandwidth cost for each keyword search.…”

Section: The Need For Forward Privacymentioning

confidence: 99%

Searchable Symmetric Encryption with Forward Search Privacy

Huang

et al. 2021

IEEE Trans. Dependable and Secure Comput.

156

View full text Add to dashboard Cite

Searchable symmetric encryption (SSE) has been widely applied in the encrypted database for queries in practice. Although SSE is powerful and feature-rich, it is always plagued by information leaks. Some recent attacks point out that forward privacy which disallows leakage from update operations, now becomes a basic requirement for any newly designed SSE schemes. However, the subsequent search operations can still leak a significant amount of information. To further strengthen security, we extend the definition of forward privacy and propose the notion of "forward search privacy". Intuitively, it requires search operations over newly added documents do not leak any information about past queries. The enhanced security notion poses new challenges to the design of SSE. We address the challenges by developing the hidden pointer technique (HPT) and propose a new SSE scheme called Khons, which satisfies our security notion (with the original forward privacy notion) and is also efficient. We implemented Khons and our experiment results on large dataset (wikipedia) show that it is more efficient than existing SSE schemes with forward privacy.

show abstract

“…ORAM plays as an important tool to achieve secure cloud storage [31,39] and secure multi-party computation [22,30,42] and secure processors [24,29]. There also have been works to hide the access pattern of protocols accessing individual data structures, e.g., maps, priority queues, stacks, and queues and graph algorithms on the cloud server [35,44]. Locality in searchable encryption.…”

Section: Prior Workmentioning

confidence: 99%

“…Pointer-based oblivious data structures. To solve the problem of updating multiple ORAMs where data may be duplicated, we propose a new distributed position map construction leveraging pointer-based oblivious data structure techniques, initially introduced by Wang et al [44] and subsequently used by several ORAM solutions [15,35,36,44]. In particular, alongside each physical block we store the path tag of that block in all ORAMs, as shown in Figure 4.…”

Section: Insight 3: Distributed Position Mapmentioning

confidence: 99%

rORAM: Efficient Range ORAM with O(log2 N) Locality

Chakraborti¹,

Aviv²,

Choi³

et al. 2019

Proceedings 2019 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Oblivious RAM protocols (ORAMs) allow a client to access data from an untrusted storage device without revealing to that device any information about their access pattern. Typically this is accomplished through random shuffling of the data such that the storage device cannot determine where individual blocks are located, resulting in a highly randomized access pattern. Storage devices however, are typically optimized for sequential access. A large number of random disk seeks during standard ORAM operation induce a substantial overhead. In this paper, we introduce rORAM, an ORAM specifically suited for accessing ranges of sequentially logical blocks while minimizing the number of random physical disk seeks. rORAM obtains significantly better asymptotic efficiency than prior designs (Asharov et al., ePrint 2017, Demertzis et al., CRYPTO 2018) reducing both the number of seeks and communication complexity by a multiplicative factor of O(log N). An rORAM prototype is 30-50x times faster than Path ORAM for similar range-query workloads on local HDDs, 30x faster for local SSDs, and 10x faster for network block devices. rORAM's novel disk layout can also speed up standard ORAM constructions, e.g., resulting in a 2x faster Path ORAM variant. Importantly, experiments demonstrate suitability for real world applications-rORAM is up to 5x faster running a file server and up to 11x faster running a range-query intensive video server workloads compared to standard Path ORAM.

show abstract

A Practical Oblivious Map Data Structure with Secure Deletion and History Independence

Cited by 47 publications

References 30 publications

ObliviSync: Practical Oblivious File Backup and Synchronization

ObliviSync: Practical Oblivious File Backup and Synchronization

Searchable Symmetric Encryption with Forward Search Privacy

rORAM: Efficient Range ORAM with O(log2 N) Locality

Contact Info

Product

Resources

About