Protecting Access Confidentiality with Data Distribution and Swapping

The protection of the confidentiality of outsourced data is an important problem. A critical aspect is the ability to efficiently access data that are stored in an encrypted format, without giving to the server managing access requests the ability to infer knowledge about the data content of the access executed by the clients. The approaches that have been proposed to solve this problem rely on a continuous rewriting and re-encryption of the accessed data, like the shuffle index that has recently been proposed. We here propose a different approach that uses three independent servers to manage the data structure. The use of three servers is motivated by the increased protection that derives from the use of independent servers compared to the use of a single server. The protection shows to increase in a significant way if a constraint is introduced that at every request an accessed node has to be moved to a different server. The use of three servers permits to keep the accessed data protected even when the servers collude. The protection is evaluated with a probabilistic model that estimates the loss of information that derives from the application of the technique.

[1]  Kyriakos Mouratidis,et al.  Enhancing access privacy of range retrievals over B+-trees , 2013, IEEE Transactions on Knowledge and Data Engineering.

[2]  Eli Upfal,et al.  The Melbourne Shuffle: Improving Oblivious Storage in the Cloud , 2014, ICALP.

[3]  Gerardo Pelosi,et al.  Distributed Shuffling for Preserving Access Confidentiality , 2013, ESORICS.

[4]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[5]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[6]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[7]  Jinsheng Zhang,et al.  A Light-Weight Solution to Preservation of Access Pattern Privacy in Un-trusted Clouds , 2011, ESORICS.

[8]  Gerardo Pelosi,et al.  Efficient and Private Access to Outsourced Data , 2011, 2011 31st International Conference on Distributed Computing Systems.

[9]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[10]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[11]  K. Selçuk Candan,et al.  Hiding Traversal of Tree Structured Data from Untrusted Data Stores , 2003, ISI.

[12]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[13]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[14]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[15]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[16]  Murat Kantarcioglu,et al.  Inference attack against encrypted range queries on outsourced databases , 2014, CODASPY '14.

[17]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[18]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[19]  Vincenzo Piuri,et al.  Supporting Security Requirements for Resource Management in Cloud Computing , 2012, 2012 IEEE 15th International Conference on Computational Science and Engineering.

[20]  Sushil Jajodia,et al.  Combining fragmentation and encryption to protect privacy in data storage , 2010, TSEC.

[21]  Gerardo Pelosi,et al.  Supporting concurrency and multiple indexes in private access to outsourced data , 2013, J. Comput. Secur..

[22]  J SivaSankar,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2015 .