skip to main content
research-article

Practical Oblivious Outsourced Storage

Published:01 September 2011Publication History
Skip Abstract Section

Abstract

In this article we introduce a technique, guaranteeing access pattern privacy against a computationally bounded adversary, in outsourced data storage, with communication and computation overheads orders of magnitude better than existing approaches. In the presence of a small amount of temporary storage (enough to store O(√n log n) items and IDs, where n is the number of items in the database), we can achieve access pattern privacy with computational complexity of less than O(log2 n) per query (as compared to, for instance, O(log4 n) for existing approaches).

We achieve these novel results by applying new insights based on probabilistic analyses of data shuffling algorithms to Oblivious RAM, allowing us to significantly improve its asymptotic complexity. This results in a protocol crossing the boundary between theory and practice and becoming generally applicable for access pattern privacy. We show that on off-the-shelf hardware, large data sets can be queried obliviously orders of magnitude faster than in existing work.

References

  1. Ajtai, M., Komlos, J., and Szemeredi, E. 1983. An O(n log n) sorting network. In Proceedings of the 25th ACM Symposium on Theory of Computing. 1--9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Asonov, D. 2004. Querying Databases Privately: A New Approach to Private Information Retrieval. Springer Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Chor, B., Goldreich, O., Kushilevitz, E., and Sudan, M. 1995. Private information retrieval. In Proceedings of the IEEE Symposium on Foundations of Computer Science. 41--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Cormen, T. H., Leiserson, C. E., Rivest, R. L., and Stein, C. 2001. Introduction to Algorithms 2nd Ed. MIT Press and McGraw-Hill. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Feller, W. 1967. An Introduction to Probability Theory and its Applications. Vol. 1. Wiley.Google ScholarGoogle Scholar
  6. Gartner, Inc. 1999. Server Storage and RAID Worldwide. Tech. rep., Gartner Group/Dataquest. www.gartner.com.Google ScholarGoogle Scholar
  7. Gasarch, W. 2004. A survey on private information retrieval. Bull. EATCS 82, 72--107.Google ScholarGoogle Scholar
  8. Gasarch, W. 2010. A WebPage on private information retrieval. http://www.cs.umd.edu/~gasarch/pir/pir.html.Google ScholarGoogle Scholar
  9. Goldberg, I. 2007. Improving the robustness of private information retrieval. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Goldreich, O. 2001. Foundations of Cryptography. Cambridge University Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Goldreich, O. and Ostrovsky, R. 1996. Software protection and simulation on Oblivious RAMs. J. ACM 43, 3, 431--473. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Hagerup, T. and Rüb, C. 1990. A guided tour of Chernoff bounds. Inform. Process. Lett. 33, 6, 305--308. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Hild, M. and Mitchell, J. 2004. Free Email: Google, MSN Hotmail and Yahoo! (A). SSRN eLibrary.Google ScholarGoogle Scholar
  14. IBM Corp. 2008. IBM 4764 Model 001 specification sheet. http://www-03.ibm.com/security/cryptocards/pdfs/4764-001_PCIX_Data_Sheet.pdf.Google ScholarGoogle Scholar
  15. Iliev, A. and Smith, S. 2004. Private information storage with logarithmic-space secure hardware. In Proceedings of the 3rd Working Conference on Privacy and Anonymity in Networked and Distributed Systems (i-NetSec’04). 201--216.Google ScholarGoogle Scholar
  16. Lipmaa, H. 2006. AES ciphers: Speed. http://research.cyber.ee/~lipmaa/research/aes/rijndael.html.Google ScholarGoogle Scholar
  17. Sassaman, L., Cohen, B., and Mathewson, N. 2005. The Pynchon gate: A secure method of pseudonymous mail retrieval. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES). 1--9. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Scribner, C. 2007. Comment and casenote: Subpoena to Google Inc. in ACLU v. Gonzales: “Big Brother” is watching your internet searches through government subpoenas. U. Cincinnati Law Rev. 75, 1273.Google ScholarGoogle Scholar
  19. Sion, R. and Carbunar, B. 2007. On the practicality of private information retrieval. In Proceedings of the Network and Distributed Systems Security Symposium.Google ScholarGoogle Scholar
  20. Wang, S., Ding, X., Deng, R. H., and Bao, F. 2006. Private information retrieval using trusted hardware. In Proceedings of the European Symposium on Research in Computer Security (ESORICS). 49--64. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Williams, P., Sion, R., and Carbunar, B. 2008. Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In Proceedings of the ACM Conference on Computer and Communications Security. 139--148. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Yang, Y., Ding, X., Deng, R. H., and Bao, F. 2008. An efficient PIR construction using trusted hardware. In Proceedings of the 11th International Conference on Information Security. Lecture Notes in Computer Science, vol. 5222. Springer, 64--79. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Practical Oblivious Outsourced Storage

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Information and System Security
      ACM Transactions on Information and System Security  Volume 14, Issue 2
      September 2011
      199 pages
      ISSN:1094-9224
      EISSN:1557-7406
      DOI:10.1145/2019599
      Issue’s Table of Contents

      Copyright © 2011 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 1 September 2011
      • Accepted: 1 May 2011
      • Revised: 1 February 2011
      • Received: 1 August 2009
      Published in tissec Volume 14, Issue 2

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
      • Research
      • Refereed

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!