Oblivious Network RAM and Leveraging Parallelism to Achieve Obliviousness

Oblivious RAM ORAM is a cryptographic primitive that allows a trusted CPU to securely access untrusted memory, such that the access patterns reveal nothing about sensitive data. ORAM is known to have broad applications in secure processor design and secure multi-party computation for big data. Unfortunately, due to a logarithmic lower bound by Goldreich and Ostrovsky Journal of the ACM, '96, ORAM is bound to incur a moderate cost in practice. In particular, with the latest developments in ORAM constructions, we are quickly approaching this limit, and the room for performance improvement is small. In this paper, we consider new models of computation in which the cost of obliviousness can be fundamentally reduced in comparison with the standard ORAM model. We propose the Oblivious Network RAM model of computation, where a CPU communicates with multiple memory banks, such that the adversary observes only which bank the CPU is communicating with, but not the address offset within each memory bank. In other words, obliviousness within each bank comes for free--either because the architecture prevents a malicious party from observing the address accessed within a bank, or because another solution is used to obfuscate memory accesses within each bank--and hence we only need to obfuscate communication patterns between the CPU and the memory banks. We present new constructions for obliviously simulating general or parallel programs in the Network RAM model. We describe applications of our new model in secure processor design and in distributed storage applications with a network adversary.

[1]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[2]  Michael T. Goodrich,et al.  Cache-Oblivious Dictionaries and Multimaps with Negligible Failure Probability , 2012, MedAlg.

[3]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[4]  Srinivas Devadas,et al.  A Low-Latency, Low-Area Hardware Oblivious RAM Controller , 2015, 2015 IEEE 23rd Annual International Symposium on Field-Programmable Custom Computing Machines.

[5]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[6]  吉岡 克成,et al.  Network and Distributed System Security Symposium 2011参加報告(サービス管理,運用管理技術,セキュリティ管理,及び一般) , 2011 .

[7]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[8]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[9]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[10]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[11]  Torben Hagerup,et al.  Fast and reliable parallel hashing , 1991, SPAA '91.

[12]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[13]  Dan Boneh,et al.  Remote Oblivious Storage: Making Oblivious RAM Practical , 2011 .

[14]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[15]  Michael T. Goodrich,et al.  Fully De-Amortized Cuckoo Hashing for Cache-Oblivious Dictionaries and Multimaps , 2011, ArXiv.

[16]  Rafail Ostrovsky,et al.  Garbled RAM Revisited , 2014, EUROCRYPT.

[17]  Torben Hagerup,et al.  Fast Parallel Space Allocation, Estimation and Integer Sorting , 1995, Inf. Comput..

[18]  Aravind Srinivasan,et al.  Chernoff-Hoeffding bounds for applications with limited independence , 1995, SODA '93.

[19]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[20]  Torben Hagerup,et al.  The Log-Star Revolution , 1992, STACS.

[21]  Srinivas Devadas,et al.  Suppressing the Oblivious RAM timing channel while making information leakage and program efficiency trade-offs , 2014, 2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA).

[22]  Craig Gentry,et al.  Outsourcing Private RAM Computation , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[23]  Rafail Ostrovsky,et al.  Private Information Storage , 1996, IACR Cryptol. ePrint Arch..

[24]  Srinivas Devadas,et al.  RAW Path ORAM: A Low-Latency, Low-Area Hardware ORAM Controller with Integrity Verification , 2014, IACR Cryptol. ePrint Arch..

[25]  Elaine Shi,et al.  A High-Performance Oblivious RAM Controller on the Convey HC-2ex Heterogeneous Computing Platform , 2013 .

[26]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[27]  Moni Naor,et al.  De-amortized Cuckoo Hashing: Provable Worst-Case Performance and Experimental Results , 2009, ICALP.

[28]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[29]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[30]  Radu Sion,et al.  TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality , 2011, IEEE Transactions on Knowledge and Data Engineering.

[31]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[32]  Craig Gentry,et al.  Garbled RAM Revisited, Part I , 2014, IACR Cryptol. ePrint Arch..

[33]  Michael Mitzenmacher,et al.  More Robust Hashing: Cuckoo Hashing with a Stash , 2008, ESA.

[34]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[35]  Elaine Shi,et al.  Automating Efficient RAM-Model Secure Computation , 2014, 2014 IEEE Symposium on Security and Privacy.

[36]  Kurt Mehlhorn,et al.  Randomized and deterministic simulations of PRAMs by parallel machines with restricted granularity of parallel memories , 1984, Acta Informatica.

[37]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[38]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[39]  Uzi Vishkin,et al.  Using simple abstraction to reinvent computing for parallelism , 2011, Commun. ACM.

[40]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[41]  Michael T. Goodrich,et al.  Practical oblivious storage , 2012, CODASPY '12.

[42]  Kai-Min Chung,et al.  Statistically-secure ORAM with Õ(log2 n) Overhead , 2014, ASIACRYPT.

[43]  Kai-Min Chung,et al.  Oblivious Parallel RAM , 2014, IACR Cryptol. ePrint Arch..

[44]  Rafail Ostrovsky,et al.  How to Garble RAM Programs , 2013, EUROCRYPT.

[45]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[46]  Ron Rothblum,et al.  Fast Pseudorandomness for Independence and Load Balancing - (Extended Abstract) , 2014, ICALP.

[47]  Srinivas Devadas,et al.  PrORAM: Dynamic prefetcher for Oblivious RAM , 2015, 2015 ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA).

[48]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[49]  Uzi Vishkin,et al.  Towards a theory of nearly constant time parallel algorithms , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[50]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[51]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[52]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[53]  Noga Alon,et al.  Almost k-wise independence versus k-wise independence , 2003, Information Processing Letters.

[54]  Uzi Vishkin Can parallel algorithms enhance serial implementation , 1991, SIGA.

[55]  Peter Williams,et al.  Usable PIR , 2008, NDSS.

[56]  Rafail Ostrovsky,et al.  Garbled RAM Revisited, Part II , 2014, IACR Cryptol. ePrint Arch..