95 research outputs found
SqORAM: Read-Optimized Sequential Write-Only Oblivious RAM
Oblivious RAM protocols (ORAMs) allow a client to access data from an
untrusted storage device without revealing the access patterns. Typically, the
ORAM adversary can observe both read and write accesses. Write-only ORAMs
target a more practical, {\em multi-snapshot adversary} only monitoring client
writes -- typical for plausible deniability and censorship-resilient systems.
This allows write-only ORAMs to achieve significantly-better asymptotic
performance. However, these apparent gains do not materialize in real
deployments primarily due to the random data placement strategies used to break
correlations between logical and physical namespaces, a required property for
write access privacy. Random access performs poorly on both rotational disks
and SSDs (often increasing wear significantly, and interfering with
wear-leveling mechanisms). In this work, we introduce SqORAM, a new
locality-preserving write-only ORAM that preserves write access privacy without
requiring random data access. Data blocks close to each other in the logical
domain land in close proximity on the physical media. Importantly, SqORAM
maintains this data locality property over time, significantly increasing read
throughput. A full Linux kernel-level implementation of SqORAM is 100x faster
than non locality-preserving solutions for standard workloads and is 60-100%
faster than the state-of-the-art for typical file system workloads
Wink: Deniable Secure Messaging
End-to-end encrypted (E2EE) messaging is an essential first step towards
combating increasingly privacy-intrusive laws. Unfortunately, it is vulnerable
to compelled key disclosure -- law-mandated, coerced, or simply by device
compromise. This work introduces Wink, the first plausibly-deniable messaging
system protecting message confidentiality even when users are coerced to hand
over keys/passwords. Wink can surreptitiously inject hidden messages in the
standard random coins (e.g., salt, IVs) used by existing E2EE protocols. It
does so as part of legitimate secure cryptographic functionality deployed
inside widely-available trusted execution environments (TEEs) such as
TrustZone. This provides a powerful mechanism for hidden untraceable
communication using virtually unchanged unsuspecting existing E2EE messaging
apps, as well as strong plausible deniability. Wink has been demonstrated with
multiple existing E2EE applications (including Telegram and Signal) with
minimal (external) instrumentation, negligible overheads, and crucially without
changing on-wire message formats
- …