SqORAM: Read-Optimized Sequential Write-Only Oblivious RAM

Open access

Abstract

Oblivious RAMs (ORAMs) allow a client to access data from an untrusted storage device without revealing the access patterns. Typically, the ORAM adversary can observe both read and write accesses. Write-only ORAMs target a more practical, multi-snapshot adversary only monitoring client writes – typical for plausible deniability and censorship-resilient systems. This allows write-only ORAMs to achieve significantly-better asymptotic performance. However, these apparent gains do not materialize in real deployments primarily due to the random data placement strategies used to break correlations between logical and physical names-paces, a required property for write access privacy. Random access performs poorly on both rotational disks and SSDs (often increasing wear significantly, and interfering with wear-leveling mechanisms).

In this work, we introduce SqORAM, a new locality-preserving write-only ORAM that preserves write access privacy without requiring random data access. Data blocks close to each other in the logical domain land in close proximity on the physical media. Importantly, SqORAM maintains this data locality property over time, significantly increasing read throughput.

A full Linux kernel-level implementation of SqORAM is 100x faster than non locality-preserving solutions for standard workloads and is 60-100% faster than the state-of-the-art for typical file system workloads.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] G. Asharov T.-H. H. Chan K. Nayak R. Pass L. Ren and E. Shi “Locality-preserving oblivious ram” vol. 11477 pp. 214–243 2019.

  • [2] A. J. Aviv S. G. Choi T. Mayberry and D. S. Roche “Oblivisync: Practical oblivious file backup and synchronization” in 24th Annual Network and Distributed System Security Symposium NDSS 2017 San Diego California USA February 26 - March 1 2017 2017.

  • [3] E.-O. Blass T. Mayberry G. Noubir and K. Onarlioglu “Hive” “http://www.onarlioglu.com/hive”.

  • [4] E. Blass T. Mayberry G. Noubir and K. Onarlioglu “Toward robust hidden volumes using write-only oblivious RAM” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security Scottsdale AZ USA November 3-7 2014 2014 pp. 203–214.

  • [5] A. Chakraborti C. Chen and R. Sion “Datalair: Efficient block storage with plausible deniability against multi-snapshot adversaries” PoPETs vol. 2017 no. 3 p. 179 2017. [Online]. Available: https://doi.org/10.1515/popets-2017-0035

  • [6] A. Chakraborti A. J. Aviv S. G. Choi T. Mayberry D. S. Roche and R. Sion “roram: Efficient range ORAM with o(log2 N) locality” in 26th Annual Network and Distributed System Security Symposium NDSS 2019 San Diego California USA February 24-27 2019 2019. [Online]. Available: https://www.ndss-symposium.org/ndss-paper/roram-efficient-range-oram-with-olog2-n-locality/

  • [7] C. Chen A. Chakraborti and R. Sion “PD-DM: an efficient locality-preserving block device mapper with plausible deniability” PoPETs vol. 2019 no. 1 pp. 153–171 2019.

  • [8] A. Cozzette “Block device in user space (buse)” “https://github.com/acozzette”.

  • [9] I. Demertzis D. Papadopoulos and C. Papamanthou “Searchable encryption with optimal locality: Achieving sublogarithmic read efficiency” in Advances in Cryptology – CRYPTO 2018 2018 pp. 371–406.

  • [10] O. Goldreich and R. Ostrovsky “Software protection and simulation on oblivious rams” Journal of the ACM vol. 43 pp. 431–473 1996.

  • [11] M. T. Goodrich “Randomized shellsort: A simple data-oblivious sorting algorithm” J. ACM vol. 58 no. 6 pp. 27:1–27:26 Dec. 2011. [Online]. Available: http://doi.acm.org/10.1145/2049697.2049701

  • [12] M. T. Goodrich and M. Mitzenmacher “Privacy-preserving access of outsourced data via oblivious ram simulation” in Proceedings of the 38th International Conference on Automata Languages and Programming - Volume Part II ser. ICALP’11. Berlin Heidelberg: Springer-Verlag 2011 pp. 576–587. [Online]. Available: http://dl.acm.org/citation.cfm?id=2027223.2027282

  • [13] M. T. Goodrich M. Mitzenmacher O. Ohrimenko and R. Tamassia “Oblivious ram simulation with efficient worst-case access overhead” in Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop ser. CCSW ‘11. New York NY USA: ACM 2011 pp. 95–100. [Online]. Available: http://doi.acm.org/10.1145/2046660.2046680

  • [14] S. K. Haider and M. van Dijk “Flat ORAM: A simplified write-only oblivious RAM construction for secure processor architectures” CoRR vol. abs/1611.01571 2016.

  • [15] M. S. Islam M. Kuzu and M. Kantarcioglu “Access pattern disclosure on searchable encryption: Ramification attack and mitigation” in 19th Annual Network and Distributed System Security Symposium NDSS 2012 San Diego California USA February 5-8 2012 2012. [Online]. Available: https://www.ndss-symposium.org/ndss2012/access-pattern-disclosure-searchable-encryption-ramification-attack-and-mitigation

  • [16] W. Jannen J. Yuan Y. Zhan A. Akshintala J. Esmet Y. Jiao A. Mittal P. Pandey P. Reddy L. Walsh M. Bender M. Farach-Colton R. Johnson B. C. Kuszmaul and D. E. Porter “Betrfs: A right-optimized write-optimized file system” in Proceedings of the 13th USENIX Conference on File and Storage Technologies ser. FAST’15. Berkeley CA USA: USENIX Association 2015 pp. 301–315. [Online]. Available: http://dl.acm.org/citation.cfm?id=2750482.2750505

  • [17] E. Kushilevitz S. Lu and R. Ostrovsky “On the (in) security of hash-based oblivious ram and a new balancing scheme” in Proceedings of the twenty-third annual ACM-SIAM symposium on Discrete Algorithms. SIAM 2012 pp. 143–156.

  • [18] A. W. Leung S. Pasupathy G. Goodson and E. L. Miller “Measurement and analysis of large-scale network file system workloads” in USENIX 2008 Annual Technical Conference ser. ATC’08. Berkeley CA USA: USENIX Association 2008 pp. 213–226. [Online]. Available: http://dl.acm.org/citation.cfm?id=1404014.1404030

  • [19] L. Li and A. Datta “Write-only oblivious ram-based privacy-preserved access of outsourced data” Int. J. Inf. Secur. vol. 16 no. 1 pp. 23–42 Feb. 2017. [Online]. Available: https://doi.org/10.1007/s10207-016-0329-x

  • [20] T. Peters M. Gondree and Z. N. J. Peterson “DEFY: A deniable encrypted file system for log-structured storage” in 22nd Annual Network and Distributed System Security Symposium NDSS 2015 San Diego California USA February 8-11 2014 2015.

  • [21] B. Pinkas and T. Reinman “Oblivious ram revisited” in Proceedings of the 30th Annual Conference on Advances in Cryptology ser. CRYPTO’10. Berlin Heidelberg: Springer-Verlag 2010 pp. 502–519. [Online]. Available: http://dl.acm.org/citation.cfm?id=1881412.1881447

  • [22] L. Ren C. Fletcher A. Kwon E. Stefanov E. Shi M. van Dijk and S. Devadas “Constants count: Practical improvements to oblivious ram” in 24th USENIX Security Symposium (USENIX Security 15). Washington D.C.: USENIX Association Aug. 2015 pp. 415–430. [Online]. Available: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/ren-ling

  • [23] D. S. Roche A. J. Aviv S. G. Choi and T. Mayberry “Deterministic stash-free write-only oram” “https://github.com/dsroche/detworam”.

  • [24] D. S. Roche A. Aviv S. G. Choi and T. Mayberry “Deterministic stash-free write-only oram” in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security ser. CCS ‘17. New York NY USA: ACM 2017 pp. 507–521. [Online]. Available: http://doi.acm.org/10.1145/3133956.3134051

  • [25] D. Roselli J. R. Lorch and T. E. Anderson “A comparison of file system workloads” in Proceedings of the Annual Conference on USENIX Annual Technical Conference ser. ATEC ‘00. Berkeley CA USA: USENIX Association 2000 pp. 4–4. [Online]. Available: http://dl.acm.org/citation.cfm?id=1267724.1267728

  • [26] E. Shi T.-H. H. Chan E. Stefanov and M. Li “Oblivious ram with o((logn)3) worst-case cost” in ASIACRYPT 2011.

  • [27] E. Stefanov M. van Dijk E. Shi C. Fletcher L. Ren X. Yu and S. Devadas “Path oram: An extremely simple oblivious ram protocol” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security ser. CCS ‘13. New York NY USA: ACM 2013 pp. 299–310. [Online]. Available: http://doi.acm.org/10.1145/2508859.2516660

  • [28] X. Wang H. Chan and E. Shi “Circuit oram: On tightness of the goldreich-ostrovsky lower bound” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security ser. CCS ‘15. New York NY USA: ACM 2015 pp. 850–861. [Online]. Available: http://doi.acm.org/10.1145/2810103.2813634

  • [29] P. Williams and R. Sion “Usable PIR” in Proceedings of the Network and Distributed System Security Symposium NDSS 2008 San Diego California USA 10th February - 13th February 2008 2008. [Online]. Available: http://www.isoc.org/isoc/conferences/ndss/08/papers/09_usable_pir.pdf

  • [30] P. Williams R. Sion and B. Carbunar “Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage” in Proceedings of the 15th ACM Conference on Computer and Communications Security ser. CCS ‘08. New York NY USA: ACM 2008 pp. 139–148. [Online]. Available: http://doi.acm.org/10.1145/1455770.1455790

  • [31] P. Williams R. Sion and A. Tomescu “Privatefs: A parallel oblivious file system” in Proceedings of the 2012 ACM Conference on Computer and Communications Security ser. CCS ‘12. New York NY USA: ACM 2012 pp. 977–988. [Online]. Available: http://doi.acm.org/10.1145/2382196.2382299

Search
Journal information
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 20 20 11
PDF Downloads 23 23 16