Optimizing Path ORAM for Cloud Storage Applications
نویسندگان
چکیده
We live in a world where our personal data are both valuable and vulnerable to misappropriation through exploitation of security vulnerabilities in online services. For instance, Dropbox, a popular cloud storage tool, has certain security flaws that can be exploited to compromise a users data, one of which being that a user’s access pattern is unprotected. We have thus created an implementation of Path Oblivious RAM (Path ORAM) for Dropbox users to obfuscate path access information to patch this vulnerability. This implementation differs significantly from the standard usage of Path ORAM, in that we introduce several innovations, including a dynamically growing and shrinking tree architecture, multi-block fetching, block packing and the possibility for multi-client use. Our optimizations together produce about a 77% throughput increase and a 60% reduction in necessary tree size; these numbers vary with file size distribution.
منابع مشابه
Ring ORAM: Closing the Gap Between Small and Large Client Storage Oblivious RAM
We present Ring ORAM, a simple and low-latency ORAM construction that can be parameterized for either small or large client storage. Simply by tuning parameters, Ring ORAM matches or exceeds the performance of the best-known small and large client storage schemes and can achieve a constant factor online bandwidth overhead over insecure systems. We evaluate Ring ORAM in theory and in practice. O...
متن کاملObliviStore: High Performance Oblivious Distributed Cloud Data Store
It is well established that access patterns to encrypted data can leak a considerable amount of sensitive information [13]. Oblivious RAM (or ORAM for short) [5–11, 14, 18–20, 26, 28], originally proposed by Goldreich and Ostrovsky [8], is a cryptographic construction that allows a client to access encrypted data residing on an untrusted storage server, while completely hiding the access patter...
متن کاملPath ORAM: An Extremely Simple Oblivious RAM Protocol Citation
We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM has a O(logN) bandwidth cost for blocks of size B = Ω(logN) bits. For such block sizes, Path ORAM is asymptotically better than the best known OR...
متن کاملConstants Count: Practical Improvements to Oblivious RAM
Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. This paper proposes Ring ORAM, the most bandwidth-efficient ORAM scheme for the small client storage setting in both theory and practice. Ring ORAM is the first tree-based ORAM whose bandwidth is independent of the ORAM bucket size, a property that unlocks multiple performance impro...
متن کاملPharos: Privacy Hazards of Replicating ORAM Stores
Although outsourcing data to cloud storage has become popular, the increasing concerns about data security and privacy in the cloud blocks broader cloud adoption. Recent efforts have developed oblivious storage systems to hide both the data content and the data access patterns from an untrusted cloud provider. These systems have shown great progress in improving the efficiency of oblivious acce...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1501.01721 شماره
صفحات -
تاریخ انتشار 2015