|
Outsourcing storage to the cloud has become more widespread in recent years; however, cloud storage services are constantly exposed to a number of non-trivial adversarial threats. This work addresses security risks arising from the leakage of access patterns, which is the ability of an adversary to detect when the same item is accessed repeatedly on a storage server, which has been shown to substantially impact data privacy. This project develops CloudORAM, the first provably-secure fully concurrent and asynchronous oblivious storage system that relies on simple tree-based Oblivious RAM (ORAM) techniques, the state-of-the-art cryptographic solution for hiding access patterns.
CloudORAM's system architecture uses a trusted proxy node processing concurrent accesses, from potentially multiple clients, to an untrusted server to hide access patterns. CloudORAM also outperforms existing systems in terms of performance, storage requirements, and scalability, while being substantially simpler to describe and deploy due to the tree-based ORAM structure. This project develops better combinatorial techniques to reduce bandwidth consumption in ORAM-based storage solutions as well as proofs of concept for new oblivious storage systems without the need of a trusted proxy node, and presents the first comprehensive formal framework to formalize and prove security of oblivious storage systems.
|
TWC: Small: Oblivious Cloud Storage Systems, from Theory to Practice --- Simpler, More Efficient, More Robust