Remote Oblivious Storage: Making Oblivious RAM Practical

Remote storage of data has become an increasingly attractive and advantageous option, especially due to cloud systems. While encryption protects the data, it does not hide the access pattern to the data. A natural solution is to access remote storage using an Oblivious RAM (ORAM) which provably hides all access patterns. While ORAM is asymptotically efficient, the best existing scheme (Pinkas and Reinman, Crypto'10) still has considerable overhead for a practical implementation: for M stored items, it stores 4 times and sometimes 6 times more items remotely, requires O(log2 M) round trips to storage server per request, and periodically blocks all data requests to shuffle all storage (which is a lengthy process). In this paper, we first define a related notion to ORAM, oblivious storage (OS), which captures more accurately and naturally the security setting of remote storage. Then, we propose a new ORAM/OS construction that solves the practicality issues just outlined: it has a storage constant of ~ 1, achieves O(1) round trips to the storage server per request, and allows requests to happen concurrently with shuffle without jeopardizing security. Our construction consists of a new organization of server memory into a flat main part and a hierarchical shelter, a client-side index for rapidly locating identifiers at the server, a new shelter serving requests concurrent with the shuffle, and a data structure for locating items efficiently in a partially shuffled storage

Efficient Cloud-based Secret Shuffling via Homomorphic Encryption

When working with joint collections of confidential data from multiple sources, e.g., in cloud-based multi-party computation scenarios, the ownership relation between data providers and their inputs itself is confidential information. Protecting data providers' privacy desires a function for secretly shuffling the data collection. We present the first efficient secure multi-party computation protocol for secret shuffling in scenarios with a central server. Based on a novel approach to random index distribution, our solution enables the randomization of the order of a sequence of encrypted data such that no observer can map between elements of the original sequence and the shuffled sequence with probability better than guessing. It allows for shuffling data encrypted under an additively homomorphic cryptosystem with constant round complexity and linear computational complexity. Being a general-purpose protocol, it is of relevance for a variety of practical use cases

Supporting Concurrency and Multiple Indexes in Private Access to Outsourced Data

Data outsourcing has recently emerged as a successful solution allowing individuals and organizations to delegate data and service management to external third parties. A major challenge in the data outsourcing scenario is how to guarantee proper privacy protection against the external server. Recent promising approaches rely on the organization of data in indexing structures that use encryption and the dynamic allocation of encrypted data to physical blocks for destroying the otherwise static relationship between data and the blocks in which they are stored. However, dynamic data allocation implies the need to re-write blocks at every read access, thus requesting exclusive locks that can affect concurrency. Also, these solutions only support search conditions on the values of the attribute used for building the indexing structure. In this paper, we present an approach that overcomes such limitations by extending the recently proposed shuffle index structure with support for concurrency and multiple indexes. Support for concurrency relies on the use of several differential versions of the data index that are periodically reconciled and applied to the main data structure. Support for multiple indexes relies on the definition of secondary shuffle indexes that are then combined with the primary index in a single data structure whose content and allocation is unintelligible to the server. We show how using such differential versions and combined index structure guarantees privacy, provides support for concurrent accesses and multiple search conditions, and considerably increases the performance of the system and the applicability of the proposed solution

Hang With Your Buddies to Resist Intersection Attacks

Some anonymity schemes might in principle protect users from pervasive network surveillance - but only if all messages are independent and unlinkable. Users in practice often need pseudonymity - sending messages intentionally linkable to each other but not to the sender - but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure

Privacy-preserving smart nudging system: resistant to traffic analysis and data breach

A solution like Green Transportation Choices with IoT and Smart Nudging (SN) is aiming to resolve urban challenges (e.g., increased traffic, congestion, air pollution, and noise pollution) by influencing people towards environment-friendly decisions in their daily life. The essential aspect of this system is to construct personalized suggestion and positive reinforcement for people to achieve environmentally preferable outcomes. However, the process of tailoring a nudge for a specific person requires a significant amount of personal data (e.g., user's location data, health data, activity and more) analysis. People are willingly giving up their private data for the greater good of society and making SN system a target for adversaries to get people's data and misuse them. Yet, preserving user privacy is subtly discussed and often overlooked in the SN system. Meanwhile, the European union's General data protection regulation (GDPR) tightens European Unions's (EU) already stricter privacy policy. Thus, preserving user privacy is inevitable for a system like SN. Privacy-preserving smart nudging (PPSN) is a new middleware that gives privacy guarantee for both the users and the SN system and additionally offers GDPR compliance. In the PPSN system, users have the full autonomy of their data, and users data is well protected and inaccessible without the participation of the data owner. In addition to that, PPSN system gives protection against adversaries that control all the server but one, observe network traffics and control malicious users. PPSN system's primary insight is to encrypt as much as observable variables if not all and hide the remainder by adding noise. A prototype implementation of the PPSN system achieves a throughput of 105 messages per second with 24 seconds end-to-end latency for 125k users on a quadcore machine and scales linearly with the number of users

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a special-purpose identity and credential management infrastructure, i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts towards that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant questions remain unanswered towards deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions, based on which and two large-scale mobility trace datasets, we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very low delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent Transportation System