42 research outputs found
ObliviSync: Practical Oblivious File Backup and Synchronization
Oblivious RAM (ORAM) protocols are powerful techniques that hide a client's
data as well as access patterns from untrusted service providers. We present an
oblivious cloud storage system, ObliviSync, that specifically targets one of
the most widely-used personal cloud storage paradigms: synchronization and
backup services, popular examples of which are Dropbox, iCloud Drive, and
Google Drive. This setting provides a unique opportunity because the above
privacy properties can be achieved with a simpler form of ORAM called
write-only ORAM, which allows for dramatically increased efficiency compared to
related work. Our solution is asymptotically optimal and practically efficient,
with a small constant overhead of approximately 4x compared with non-private
file storage, depending only on the total data size and parameters chosen
according to the usage rate, and not on the number or size of individual files.
Our construction also offers protection against timing-channel attacks, which
has not been previously considered in ORAM protocols. We built and evaluated a
full implementation of ObliviSync that supports multiple simultaneous read-only
clients and a single concurrent read/write client whose edits automatically and
seamlessly propagate to the readers. We show that our system functions under
high work loads, with realistic file size distributions, and with small
additional latency (as compared to a baseline encrypted file system) when
paired with Dropbox as the synchronization service.Comment: 15 pages. Accepted to NDSS 201
Multi-Client Oblivious RAM secure against Malicious Servers
This paper tackles the open problem whether an Oblivious RAM can be
shared among multiple clients in the presence of a fully malicious server.
Current ORAM constructions rely on clients knowing the ORAM state to
not reveal information about their access patter. With multiple
clients, a straightforward approach requires clients exchanging
updated state to maintain security. However, clients on the internet
usually cannot directly communicate with each other due to NAT and
firewall settings. Storing state on the server is the only option,
but a malicious server can arbitrarily tamper with that information.
We first extend the classical
square-root ORAM by Goldreich and the hierarchical one by Goldreich
and Ostrovsky to add muti-client security. We accomplish this by
separating the critical portions of the access, which depend
on the state of the ORAM, from the non-critical parts (cache access)
that can be executed securely in any state. Our second
contribution is a secure multi-client variant of Path ORAM. To
enable secure meta-data update during evictions in Path ORAM, we
employ our first result, small multi-client secure classical ORAMs,
as a building block. Depending on the block size, the communication
complexity of our multi-client secure construction reaches a low
communication complexity per client, similar to
state-of-the-art single-client ORAMs
Practical Forward-Secure Range and Sort Queries with Update-Oblivious Linked Lists
We revisit the problem of privacy-preserving range search and sort
queries on encrypted data in the face of an untrusted data store.
Our new protocol RASP has several advantages over existing work.
First, RASP strengthens privacy by ensuring {forward security}:
after a query for range , any new record added to the data
store is indistinguishable from random, even if the new record falls
within range . We are able to accomplish this
using only traditional hash and block cipher operations, abstaining
from expensive asymmetric cryptography and bilinear pairings.
Consequently, RASP is highly practical, even for large database
sizes. Additionally, we require only cloud {storage} and not a
computational cloud like related works, which can reduce monetary
costs significantly. At the heart of RASP, we develop a new
{update-oblivious} bucket-based data structure. We allow for
data to be added to buckets without leaking into which bucket it has
been added. As long as a bucket is not explicitly queried, the data
store does not learn anything about bucket contents. Furthermore, no
information is leaked about data additions following a
query. Besides formally proving RASP\u27s privacy, we also present a
practical evaluation of RASP on Amazon Dynamo, demonstrating its
efficiency and real world applicability
Iterative Oblivious Pseudo-Random Functions and Applications
We consider the problem of a client querying an encrypted binary tree structure, outsourced to an untrusted server. While the server must not learn the contents of the binary tree, we also want to prevent the client from maliciously crafting a query that traverses the tree out-of-order. That is, the client should not be able to retrieve nodes outside one contiguous path from the root to a leaf. Finally, the server should not learn which path the client accesses, but is guaranteed that the access corresponds to one valid path in the tree. This is an extension of protocols such as structured encryption, where it is only guaranteed that the tree\u27s encrypted data remains hidden from the server.
To this end, we initiate the study of Iterative Oblivious Pseudorandom Functions (iOPRFs), new primitives providing two-sided, fully malicious security for these types of applications. We present a first, efficient iOPRF construction secure against both malicious clients and servers in the standard model, based on the DDH assumption. We demonstrate that iOPRFs are useful to implement different interesting applications, including an RFID authentication protocol and a protocol for private evaluation of outsourced decision trees. Finally, we implement and evaluate our full iOPRF construction and show that it is efficient in practice
CHf-ORAM: A Constant Communication ORAM without Homomorphic Encryption
Recent techniques reduce ORAM communication complexity down to constant in the number of blocks N. However, they induce expensive homomorphic encryption on both the server and the client. In this paper, we present an alternative approach CHf-ORAM. This ORAM features constant communication complexity without homomorphic encryption, in exchange for expanding the traditional ORAM setting from single-server to multiple non-colluding servers. We show that adding as few as 4 servers allows for substantially reduced client and server computation compared to existing single-server alternatives. Our approach uses techniques from information-theoretically secure Private Information Retrieval to replace homomorphic encryption with simple XOR operations. Besides O(1) communication complexity, our construction also features O(1) client memory and a block size of only Omega(log^3 N). This leads to an ORAM which is extremely lightweight and suitable for deployment even on memory and compute constrained devices. Finally, CHf-ORAM features a circuit size which is constant in the blocksize making it especially attractive for secure RAM computations
Constant Communication ORAM with Small Blocksize
There have been several attempts recently at using homomorphic encryption to increase the efficiency of Oblivious RAM protocols. One of the most successful has been Onion ORAM, which achieves O(1) communication overhead with polylogarithmic server computation. However, it has two drawbacks. It requires a large block size of B = Omega(log^6 N) with large constants. Moreover, while it only needs polylogarithmic computation complexity, that computation consists mostly of expensive homomorphic multiplications. In this work, we address these problems and reduce the required block size to
Omega(log^4 N). We remove most of the homomorphic multiplications while maintaining O(1) communication complexity. Our idea is to replace their homomorphic eviction routine with a new, much cheaper permute-and-merge eviction which eliminates homomorphic multiplications and maintains the same level of security. In turn, this removes the need for layered encryption that Onion ORAM relies on and reduces both the minimum block size and server computation
Scantegrity Responds to Rice Study on Usability of the Scantegrity II Voting System
This note is a response to, and critique of, recent work by Acemyan, Kortum, Bryne, and Wallach regarding the usability of end-to-end verifiable voting systems, and in particular, to their analysis of the usability of the Scantegrity II voting system. Their work is given in a JETS paper [Ace14] and was presented at EVT/WOTE 2014; it was also described in an associated press release [Rut14]. We find that their study lacked an appropriate control voting system with which to compare effectiveness, and thus their conclusions regarding Scantegrity II are unsupported by the evidence they present. Furthermore, their conclusions are contradicted by the successful deployment experiences of Scantegrity II at Takoma Park
Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy
On November 3, 2009, voters in Takoma Park, Maryland,
cast ballots for the mayor and city council members
using the Scantegrity II voting system—the first time
any end-to-end (E2E) voting system with ballot privacy
has been used in a binding governmental election. This
case study describes the various efforts that went into
the election—including the improved design and implementation
of the voting system, streamlined procedures,
agreements with the city, and assessments of the experiences
of voters and poll workers.
The election, with 1728 voters from six wards, involved
paper ballots with invisible-ink confirmation
codes, instant-runoff voting with write-ins, early and
absentee (mail-in) voting, dual-language ballots, provisional
ballots, privacy sleeves, any-which-way scanning
with parallel conventional desktop scanners, end-to-end
verifiability based on optional web-based voter verification
of votes cast, a full hand recount, thresholded authorities,
three independent outside auditors, fully-disclosed
software, and exit surveys for voters and pollworkers.
Despite some glitches, the use of Scantegrity II was
a success, demonstrating that E2E cryptographic voting
systems can be effectively used and accepted by the general public.United States. Dept. of Defense (IASP grant H98230-08-1-0334)United States. Dept. of Defense (IASP grant H98230-09-1-0404)National Science Foundation (U.S.) (Grant no. CNS 0831149
Payload Hardware and Experimental Protocol for Testing the Effect of Space Microgravity on the Resistance to Gentamicin of Stationary-Phase Uropathogenic Escherichia Coli and Its Sigma (sup S)-Deficient Mutant
Human immune response is compromised and bacteria can become more antibiotic resistant in space microgravity (MG). We report that under low-shear modeled microgravity (LSMMG) stationary-phase uropathogenic Escherichia coli (UPEC) become more resistant to gentamicin (Gm). UPEC causes urinary tract infections (UTIs), reported to afflict astronauts; Gm is a standard treatment, so these findings could impact astronaut health. Because LSMMG has been shown to differ from MG, we report here preparations to examine UPEC's Gm sensitivity during spaceflight using the E. coli Anti-Microbial Satellite (EcAMSat) on a free flying nanosatellite in low Earth orbit. Within EcAMSats payload, a 48-microwell fluidic card contains and supports study of bacterial cultures at constant temperature; optical absorbance changes in cell suspensions are made at three wavelengths for each microwell and a fluid-delivery system provides growth medium and predefined Gm concentrations. Performance characterization is reported for spaceflight prototypes of this payload system. Using conventional microtiter plates, we show that Alamar Blue (AB) absorbance changes due to cellular metabolism accurately reflect E. coli viability changes: measuring AB absorbance onboard EcAMSat will enable telemetry of spaceflight data to Earth. Laboratory results using payload prototypes are consistent with wellplate and flask findings of differential sensitivity of UPEC and its delta rpoS strain to Gm. Space MG studies using EcAMSat should clarify inconsistencies from previous space experiments on bacterial antibiotic sensitivity. Further, if sigma (sup s) plays the same role in space MG as in LSMMG and Earth gravity, EcAMSat results would facilitate utilizing our previously developed terrestrial UTI countermeasures in astronauts