towards practical oblivious ram n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Towards Practical Oblivious RAM PowerPoint Presentation
Download Presentation
Towards Practical Oblivious RAM

Loading in 2 Seconds...

play fullscreen
1 / 28

Towards Practical Oblivious RAM - PowerPoint PPT Presentation


  • 489 Views
  • Uploaded on

Towards Practical Oblivious RAM. UC Berkeley. http://www.emilstefanov.net/Research/ObliviousRam /. Cloud Storage. Dropbox. Amazon S3, EBS. Windows Azure Storage. SkyDrive. EMC Atmos. Mozy. iCloud. Google Storage. Cloud Storage. Dropbox. Can we TRUST the cloud?. Amazon S3, EBS.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Towards Practical Oblivious RAM' - tessa


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
towards practical oblivious ram

Towards Practical Oblivious RAM

UC Berkeley

http://www.emilstefanov.net/Research/ObliviousRam/

cloud storage
Cloud Storage

Dropbox

Amazon S3, EBS

Windows Azure Storage

SkyDrive

EMC Atmos

Mozy

iCloud

Google Storage

cloud storage1
Cloud Storage

Dropbox

Can weTRUSTthe cloud?

Amazon S3, EBS

Windows Azure Storage

SkyDrive

EMC Atmos

Mozy

iCloud

Google Storage

data privacy
Data Privacy
  • Data privacy is a growing concern.
    • Large attack surface (possibly hundreds of servers)
    • Infrastructure bugs
    • Malware
    • Disgruntled employees
    • Big brother
  • So, many organizationsencrypt their data.
but encryption is not always enough
But, encryption is not always enough.

Access patternscan leak sensitive information.

example attack by pinkas reinman
Example Attackby Pinkas & Reinman

Untrusted Cloud Storage

Buy IBM

Buy EMC

Client

?

Buy IBM

(stock trader)

oblivious ram o ram
Oblivious RAM (O-RAM)
  • Goal: Conceal access patterns to remote storage.
  • An observer cannot distinguish a sequence of read/write operations from random.

Untrusted Cloud Storage

Client

na ve solution
Naïve Solution

Impractical

bandwidth overhead

Untrusted Cloud Storage

Buy IBM

Buy EMC

Client

Buy IBM

(stock trader)

contribution 1 performance
Contribution 1: Performance

63 times less bandwidth

than best existing solution for the same amount of client storage

< 0.1% of data stored on client

contribution 2 techniques
Contribution 2: Techniques
  • Partitioning Framework
    • Breaks down server storage into smaller, more manageable partitions.
  • Partition O-RAM
    • Optimized O-RAM construction for partitions.
  • Recursive Constructions
    • Reduce client-side storage via recursion.
  • Concurrent Constructions
    • Reduce worst-case cost via concurrency.
existing approaches
Existing Approaches
  • Based on Goldreich-Ostrovsky scheme.
  • +1 levels
    • Sizes:

[GO96, OS97, WS08, PR10, GM10, GMOT11, BMP11, GMOT12, KLO12… ]

existing approaches1
Existing Approaches
  • Inside a level
    • Some real blocks
      • Useful data
    • Some dummy blocks
      • Random data
    • Randomly permuted
      • Only the client knows the permutation
existing approaches2
Existing Approaches
  • Reading
    • Read a block from each level
    • One realblock.
    • Remaining are dummy blocks

dummy

real

dummy

dummy

dummy

dummy

Client

Server

existing approaches3
Existing Approaches

Server (after)

Client

Server (before)

  • Writing
    • Shuffle consecutively filled levels.
    • Write into next unfilled level.
    • Clear the source levels

shuffle

blocks

continuous shuffling
Continuous Shuffling
  • Cost per operation (amortized): or
    • Depending on shuffling algorithm

To write:

the problem with existing approaches
The Problem with Existing Approaches
  • Writing is expensive.
  • Sometimes need to shuffle blocks.
  • Cannot store them all locally.
  • Needs oblivious shuffling algorithm.
    • Very expensive!
  • Bad worst-case cost.

blocks

our approach
Our Approach
  • Make shuffling cheaper.
  • Reduce the worst-case cost.

But, how?

challenge partitioning breaks security
Challenge: Partitioning Breaks Security

O-RAM

O-RAM

O-RAM

O-RAM

O-RAM

Partitions

block

Server

Client

Read block from its randomly assigned partition

Assign and write block to a new random partition

Read block from its previously assigned random partition.

Not privacy preserving!There is linkability between reads and writes.

solution our partitioning framework
Solution: Our Partitioning Framework

O-RAM

O-RAM

O-RAM

O-RAM

O-RAM

  • Accessing a block:
    • Read from partition (previously randomly assigned).
    • Read/modify block data.
    • Write to random cache slot (don’t write to server yet).

Partitions

Server

Client

block

block

block

block

block

block

Cache Slots

block

solution our partitioning framework1
Solution: Our Partitioning Framework

O-RAM

O-RAM

O-RAM

O-RAM

O-RAM

  • Background eviction:
    • Sequentially scan the cache slots.
    • Evict one block if possible.
    • Evict dummy block otherwise.

Partitions

Server

Client

block

dummy

block

block

block

block

block

Cache Slots

block

our partition o ram
Our Partition O-RAM
  • Local shuffling
    • No expensive oblivious shuffling.
  • No cuckoo hashing.
    • 2X speedup
  • Matrix compression algorithm for uploading levels
    • 1.5X speedup
  • Constant latency:
    •  1 round trip
concurrent constructions reduce worst case cost
Concurrent Constructions:Reduce Worst Case Cost
  • Worst case cost: for the non-recursive construction.
  • Insert amortizer component.
recursive constructions reduce client storage
Recursive Constructions: Reduce Client Storage
  • Client storage: 
  • Bandwidth: 
source code available
Source Code Available

http://www.emilstefanov.net/Research/ObliviousRam/

  • Actual implementation.
    • Not a simulation.
  • worst-case cost.
  • Encryption.
  • Integrity verification.
  • Language: C#
related work
Related Work
  • Hierarchical based constructions and improvements.
    • GO96, OS97, WS08, PR10, GM10, GMOT11, CS10 , FWCKS11, CS11, BMP11, GMOT12, KLO12, …
  • De-amortization techniques to reduce worst-case cost.
    • OS97, GMOT11, BMP11 ,KLO12
conclusion
Conclusion
  • Oblivious RAM can be practical!
  • First practical construction:
    • 63 times faster than existing schemes.
    • worst-case cost.
  • Novel techniques.
  • Source code available.

Thank you!