Data access pattern protection in cloud storage

Cloud-based storage service has been popular nowadays. Due to the convenience and unprecedent cost-effectiveness, more and more individuals and organizations have utilized cloud storage servers to host their data. However, because of security and privacy concerns, not all data can be outsourced without reservation. The concerns are rooted from the users\u27 loss of data control from their hands to the cloud servers\u27 premise and the infeasibility for them to fully trust the cloud servers. The cloud servers can be compromised by hackers, and they themselves may not be fully trustable. As found by Islam et. al.~\cite{Islam12}, data encryption alone is not sufficient. The server is still able to infer private information from the user\u27s {\em access pattern}. Furthermore, it is possible for an attacker to use the access pattern information to construct the data query and infer the plaintext of the data. Therefore, Oblivious RAMs (ORAM) have been proposed to allow a user to access the exported data while preserving user\u27s data access pattern. In recent years, interests in ORAM research have increased, and many ORAM constructions have been proposed to improve the performance in terms of the communication cost between the user and the server, the storage costs at the server and the user, and the computational costs at the server and the user. However, the practicality of the existing ORAM constructions is still questionable: Firstly, in spite of the improvement in performance, the existing ORAM constructions still require either large bandwidth consumption or storage capacity. %in practice. Secondly, these ORAM constructions all assume a single user mode, which has limited the application to more general, multiple user scenarios. In this dissertation, we aim to address the above limitations by proposing four new ORAM constructions: S-ORAM, which adopts piece-wise shuffling and segment-based query techniques to improve the performance of data shuffling and query through factoring block size into design; KT-ORAM, which organizes the server storage as a $k$-ary tree with each node acting as a fully-functional PIR storage, and adopts a novel delayed eviction technique to optimize the eviction process; GP-ORAM, a general partition-based ORAM that can adapt the number of partitions to the available user-side storage and can outsource the index table to the server to reduce local storage consumption; and MU-ORAM, which can deal with stealthy privacy attack in the application scenarios where multiple users share a data set outsourced to a remote storage server and meanwhile want to protect each individual\u27s data access pattern from being revealed to one another. We have rigorously quantified and proved the security strengths of these constructions and demonstrated their performance efficiency through detailed analysis

S-ORAM: A Segmentation-based Oblivious RAM

As outsourcing data to remote storage servers gets popular, protecting user’s pattern in accessing these data has become a big concern. ORAM constructions are promising solutions to this issue, but their application in practice has been impeded by the high communication and storage overheads incurred. Towards addressing this challenge, this paper proposes a segmentation-based ORAM (S-ORAM). It adopts two segment-based techniques, namely, piece-wise shuffling and segment-based query, to improve the performance of shuffling and query by factoring block size into design. Extensive security analysis shows that S-ORAM is a provably highly secure solution with a negligible failure probability of O(NlogN).In terms of communication and storage overheads, S-ORAM out-performs the Balanced ORAM (B-ORAM) and the Path ORAM (P-ORAM), which are the state-of-the-art hash and index based ORAMs respectively, in both practical and theoretical evaluations. Particularly under practical settings, the communication overhead of S-ORAM is 12 to 23 times less than B-ORAM when they have the same constant-size user-side storage, and S-ORAM consumes 80% less server-side storage and around 60% to 72% less bandwidth than P-ORAM when they have the similar logarithmic-size user-side storage

A Multi-user Oblivious RAM for Outsourced Data

Outsourcing data to remote storage servers has become more and more popular, but the related security and privacy concerns have also been raised. To protect the pattern in which a user accesses the outsourced data, various oblivious RAM (ORAM) systems have been proposed. However, existing ORAM designs assume a single user or a group of mutually-trusted users to access a remote storage, which makes them inapplicable to many practical scenarios where multiple users share data but may not trust each other. Even if the data-sharing users do trust each other, such systems are vulnerable to the compromise of even a single user. To study the feasibility and costs for overcoming the limitation of existing ORAMs in multi-user scenarios, this paper proposes a new type of ORAM system called Multi-user ORAM (M-ORAM). The key idea is to introduce a new component, i.e., a chain of anonymizers, to act as a common proxy between users and the storage server. M-ORAM can protect the data access pattern of each individual user from others as long as not all anonymizers are compromised. Extensive security and overhead analysis has been conducted to quantify the strength of the scheme in protecting an individual user’s access pattern and the costs incurred to provide the protection

Primary isolated intracranial Rosai–Dorfman disease: Report of a rare case and review of the literature

Background Intracranial involvement is an uncommon manifestation of Rosai–Dorfman disease (RDD) and had been rarely reported. In this study, we explore clinical characteristics, imageology manifestations and pathological features of primary intracranial RDD so as to improve the understanding for this disease. Methods One case (16-years-old boy) with primary intracranial RDD was analyzed and studied retrospectively by MRI features, histopathological observation and immunohistochemical staining, and the related literatures were reviewed. Results The case was single lesion and involved the dura of the left middle cranial fossa base, which was iso-hypo signal intensity on T1WI and hypointense on T2WI and FLAIR image. The lesion was a homogeneous contrast enhancement mass with dural tail sign and had peritumoral brain edema. Pathological analysis showed the lesion consisted of variable numbers of mature lymphocytes, plasma cells and neutrophils. The characteristic histiocytes were emperipolesis and positively expressed for S-100 and CD-68 and negatively expressed for CD-1a by immunohistochemical analysis. Based on clinical presentations and histological findings after surgical excision, a final diagnosis of primary intracranial RDD was made. Conclusion Primary intracranial RDD, especially located in the cranial base, is exceptionally rare, which hard to be distinguished with meningoma by imageology and clinical manifestations, but could be diagnosed by pathological and immunohistochemical examinations. Surgery is of the most importance treatment and prognosis is optimistic for this disease

A component-splitting implicit time integration for multicomponent reacting flows simulations

A component-splitting method is proposed to improve convergence characteristics for implicit time integration of compressible multicomponent reactive flows. The characteristic decomposition of flux jacobian of multicomponent Navier-Stokes equations yields a large sparse eigensystem, presenting challenges of slow convergence and high computational costs for implicit methods. To addresses this issue, the component-splitting method segregates the implicit operator into two parts: one for the flow equations (density/momentum/energy) and the other for the component equations. Each part's implicit operator employs flux-vector splitting based on their respective spectral radii to achieve accelerated convergence. This approach improves the computational efficiency of implicit iteration, mitigating the quadratic increase in time cost with the number of species. Two consistence corrections are developed to reduce the introduced component-splitting error and ensure the numerical consistency of mass fraction. Importantly, the impact of component-splitting method on accuracy is minimal as the residual approaches convergence. The accuracy, efficiency, and robustness of component-splitting method are thoroughly investigated and compared with the coupled implicit scheme through several numerical cases involving thermo-chemical nonequilibrium hypersonic flows. The results demonstrate that the component-splitting method decreases the required number of iteration steps for convergence of residual and wall heat flux, decreases the computation time per iteration step, and diminishes the residual to lower magnitude. The acceleration efficiency is enhanced with increases in CFL number and number of species

An Accountability Scheme for Oblivious RAMs

In outsourced data services, revealing users’ data access pattern may lead to the exposure of a wide range of sensitive information even if data is encrypted. Oblivious RAM has been a well-studied provable solution to access pattern preservation. However, it is not resilient to attacks towards data integrity from the users or the server. In this paper, we study the problem of protecting access pattern privacy and data integrity together in outsourced data services, and propose a scheme that introduces accountability support into a hash-based ORAM design. The proposed scheme can detect misconduct committed by malicious users or server, and identify the attacker, while not interfering with the access pattern preservation mechanisms inherent from the underlying ORAM. This is accomplished at the cost of slightly increased computational, storage, and communication overheads compared with the original ORAM

Privacy-Preserving Accountable Cloud Storage

In cloud storage services, a wide range of sensitive information may be leaked to the host server via the exposure of access pattern albeit data is encrypted. Many security-provable schemes have been proposed to preserve the access pattern privacy; however, they may be vulnerable to attacks towards data integrity or availability from malicious users. This is due to the fact that, preserving access pattern privacy requires data to be frequently re-encrypted and re-positioned at the storage server, which can easily conceal the traces that are needed for account- ability support to detect misbehaviors and identify attackers. To address this issue, this paper proposes a scheme that integrates accountability support into hash-based ORAMs. Security analysis shows that the proposed scheme can detect misconduct committed by malicious users and identify the attackers, while preserving the access pattern privacy. Overhead analysis shows that the proposed accountability support incurs only slightly increased storage, communication, and computational overheads

Experimental Research and Theoretical Analysis on Throttling Characteristics of Electronic Expansion Valve in Series with Capillary Tube

The mass flow rate of R-32 and volumetric flow rate of dry air in an electronic expansion valves(EEV) , in two different capillary tubes(CT) and in one expansion valve in series with two different capillary tubes were tested, and the theoretical volumetric flow rate of dry air in one EEV in series with different CTs were predicted through a theoretical throttling model built in this paper. The results showed that the mass flow rate of R-32 or volumetric flow rate of dry air of the serial throttling component was lower than but close to that of the EEV in low openings and that of the CT in full opening, respectively, under the same operating conditions. The flow rate ratio of the serial throttling component to the EEV decreased fast with opening increasing, and the flow rate ratio of the refrigerant was obviously lower than that of the dry air. The refrigerant mass flow rate of EEV in series with CT up flow was higher than that of the same EEV in series with the same CT down flow

Design and Implementation of Blockchain-Based Anti-counterfeiting and Traceability System for Sesame Oil

Sesame oil is one of the indispensable cooking oils in daily diets, and its quality and safety has aroused wide concern. However, the issue of sesame oil adulteration has become increasingly serious, making it urgent to guarantee the quality and safety of sesame oil. Therefore, it is important to establish an anti-counterfeiting and traceability system. In this study, a blockchain-based anti-counterfeiting and traceability system for sesame oil was designed. A ‘blockchain caching’ double storage design was proposed, which could store and cache information off-chain while synchronously storing the encrypted hash value of traceability information on-chain. In addition, a querying scheme that could connect smart contracts directly to the state database was designed to solve the problems of high data storage pressure and low querying efficiency on the blockchain network. It was verified that consumers could quickly and conveniently check the authenticity of sesame oil by scanning the QR code of a mini program, which could effectively solve the problems of data security and the authenticity of traceability information between different links in the sesame oil traceability chain, and it was successfully applied to real samples with good results

A Conditioned Behavioral Paradigm for Assessing Onset and Lasting Tinnitus in Rats

Numerous behavioral paradigms have been developed to assess tinnitus-like behavior in animals. Nevertheless, they are often limited by prolonged training requirements, as well as an inability to simultaneously assess onset and lasting tinnitus behavior, tinnitus pitch or duration, or tinnitus presence without grouping data from multiple animals or testing sessions. To enhance behavioral testing of tinnitus, we developed a conditioned licking suppression paradigm to determine the pitch(s) of both onset and lasting tinnitus-like behavior within individual animals. Rats learned to lick water during broadband or narrowband noises, and to suppress licking to avoid footshocks during silence. After noise exposure, rats significantly increased licking during silent trials, suggesting onset tinnitus-like behavior. Lasting tinnitus-behavior, however, was exhibited in about half of noise-exposed rats through 7 weeks post-exposure tested. Licking activity during narrowband sound trials remained unchanged following noise exposure, while ABR hearing thresholds fully recovered and were comparable between tinnitus(+) and tinnitus(-) rats. To assess another tinnitus inducer, rats were injected with sodium salicylate. They demonstrated high pitch tinnitus-like behavior, but later recovered by 5 days post-injection. Further control studies showed that 1): sham noise-exposed rats tested with footshock did not exhibit tinnitus-like behavior, and 2): noise-exposed or sham rats tested without footshocks showed no fundamental changes in behavior compared to those tested with shocks. Together, these results demonstrate that this paradigm can efficiently test the development of noise- and salicylate-induced tinnitus behavior. The ability to assess tinnitus individually, over time, and without averaging data enables us to realistically address tinnitus in a clinically relevant way. Thus, we believe that this optimized behavioral paradigm will facilitate investigations into the mechanisms of tinnitus and development of effective treatments