330 research outputs found
Statistically-secure ORAM with Overhead
We demonstrate a simple, statistically secure, ORAM with computational
overhead ; previous ORAM protocols achieve only
computational security (under computational assumptions) or require
overheard. An additional benefit of our ORAM is its
conceptual simplicity, which makes it easy to implement in both software and
(commercially available) hardware.
Our construction is based on recent ORAM constructions due to Shi, Chan,
Stefanov, and Li (Asiacrypt 2011) and Stefanov and Shi (ArXiv 2012), but with
some crucial modifications in the algorithm that simplifies the ORAM and enable
our analysis. A central component in our analysis is reducing the analysis of
our algorithm to a "supermarket" problem; of independent interest (and of
importance to our analysis,) we provide an upper bound on the rate of "upset"
customers in the "supermarket" problem
Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM
Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. Recently, ORAM has been architected into secure processors. A big challenge for hardware ORAM schemes is how to efficiently manage the Position Map (PosMap), a central component in modern ORAM algorithms. Implemented naively, the PosMap causes ORAM to be fundamentally unscalable in terms of on-chip area. On the other hand, a technique called Recursive ORAM fixes the area problem yet significantly increases ORAM's performance overhead.
To address this challenge, we propose three new mechanisms. We propose a new ORAM structure called the PosMap Lookaside Buffer (PLB) and PosMap compression techniques to reduce the performance overhead from Recursive ORAM empirically (the latter also improves the construction asymptotically). Through simulation, we show that these techniques reduce the memory bandwidth overhead needed to support recursion by 95%, reduce overall ORAM bandwidth by 37% and improve overall SPEC benchmark performance by 1.27x. We then show how our PosMap compression techniques further facilitate an extremely efficient integrity verification scheme for ORAM which we call PosMap MAC (PMMAC). For a practical parameterization, PMMAC reduces the amount of hashing needed for integrity checking by >= 68x relative to prior schemes and introduces only 7% performance overhead.
We prototype our mechanisms in hardware and report area and clock frequency for a complete ORAM design post-synthesis and post-layout using an ASIC flow in a 32~nm commercial process. With 2 DRAM channels, the design post-layout runs at 1~GHz and has a total area of .47~mm2. Depending on PLB-specific parameters, the PLB accounts for 10% to 26% area. PMMAC costs 12% of total design area. Our work is the first to prototype Recursive ORAM or ORAM with any integrity scheme in hardware.Qatar Computing Research Institute (QCRI-CSAIL Parternship)National Science Foundation (U.S.)American Society for Engineering Education. National Defense Science and Engineering Graduate Fellowshi
Data-Oblivious Graph Algorithms in Outsourced External Memory
Motivated by privacy preservation for outsourced data, data-oblivious
external memory is a computational framework where a client performs
computations on data stored at a semi-trusted server in a way that does not
reveal her data to the server. This approach facilitates collaboration and
reliability over traditional frameworks, and it provides privacy protection,
even though the server has full access to the data and he can monitor how it is
accessed by the client. The challenge is that even if data is encrypted, the
server can learn information based on the client data access pattern; hence,
access patterns must also be obfuscated. We investigate privacy-preserving
algorithms for outsourced external memory that are based on the use of
data-oblivious algorithms, that is, algorithms where each possible sequence of
data accesses is independent of the data values. We give new efficient
data-oblivious algorithms in the outsourced external memory model for a number
of fundamental graph problems. Our results include new data-oblivious
external-memory methods for constructing minimum spanning trees, performing
various traversals on rooted trees, answering least common ancestor queries on
trees, computing biconnected components, and forming open ear decompositions.
None of our algorithms make use of constant-time random oracles.Comment: 20 page
TimeClave: Oblivious In-enclave Time series Processing System
Cloud platforms are widely adopted by many systems, such as time series
processing systems, to store and process massive amounts of sensitive time
series data. Unfortunately, several incidents have shown that cloud platforms
are vulnerable to internal and external attacks that lead to critical data
breaches. Adopting cryptographic protocols such as homomorphic encryption and
secure multi-party computation adds high computational and network overhead to
query operations.
We present TimeClave, a fully oblivious in-enclave time series processing
system: TimeClave leverages Intel SGX to support aggregate statistics on time
series with minimal memory consumption inside the enclave. To hide the access
pattern inside the enclave, we introduce a non-blocking read-optimised ORAM
named RoORAM. TimeClave integrates RoORAM to obliviously and securely handle
client queries with high performance. With an aggregation time interval of
, summarised data blocks and 8 aggregate functions, TimeClave run
point query in and a range query of 50 intervals in . Compared
to the ORAM baseline, TimeClave achieves lower query latency by up to
and up to throughput, with up to 22K queries per second.Comment: The short version of this paper has been accepted as a Full Paper in
the International Conference on Information and Communications Security
(ICICS) 202
Path ORAM: An Extremely Simple Oblivious RAM Protocol
We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM requires log^2 N / log X bandwidth overhead for block size B = X log N. For block sizes bigger than Omega(log^2 N), Path ORAM is asymptotically better than the best known ORAM scheme with small client storage. Due to its practicality, Path ORAM has been adopted in the design of secure processors since its proposal.National Science Foundation (U.S.). Graduate Research Fellowship Program (Grant DGE-0946797)National Science Foundation (U.S.). Graduate Research Fellowship Program (Grant DGE-1122374)American Society for Engineering Education. National Defense Science and Engineering Graduate FellowshipNational Science Foundation (U.S.) (Grant CNS-1314857)United States. Defense Advanced Research Projects Agency (Clean-slate design of Resilient, Adaptive, Secure Hosts Grant N66001-10-2-4089
- …