Metal: A Metadata-Hiding File-Sharing System

File-sharing systems like Dropbox offer insufficient privacy because a compromised server can see the file contents in the clear. Although encryption can hide such contents from the servers, metadata leakage remains significant. The goal of our work is to develop a file-sharing system that hides metadata— including user identities and file access patterns. Metal is the first file-sharing system that hides such metadata from malicious users and that has a latency of only a few seconds. The core of Metal consists of a new two-server multi-user oblivious RAM (ORAM) scheme, which is secure against malicious users, a metadata-hiding access control protocol, and a capability sharing protocol. Compared with the state-of-the-art malicious-user filesharing scheme PIR-MCORAM (Maffei et al.’17), which does not hide user identities, Metal hides the user identities and is 500× faster (in terms of amortized latency) or 10× faster (in terms of worst-case latency).

[1]  Carmela Troncoso,et al.  ClaimChain: Improving the Security and Privacy of In-band Key Distribution for Messaging , 2017, WPES@CCS.

[2]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[3]  R. Anderson The Eternity Service , 1996 .

[4]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[5]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[6]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[7]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[8]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[9]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[10]  Jon M. Kleinberg,et al.  Wherefore art thou R3579X? , 2011, Commun. ACM.

[11]  Guevara Noubir,et al.  Multi-client Oblivious RAM Secure Against Malicious Servers , 2017, ACNS.

[12]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[13]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[14]  Charu C. Aggarwal,et al.  On k-Anonymity and the Curse of Dimensionality , 2005, VLDB.

[15]  Srinath T. V. Setty,et al.  Unobservable Communication over Fully Untrusted Infrastructure , 2016, OSDI.

[16]  Chenkai Weng,et al.  Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) , 2020, IACR Cryptol. ePrint Arch..

[17]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[18]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[19]  Frank Wang,et al.  Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds , 2016, NSDI.

[20]  Craig Gentry,et al.  (Leveled) Fully Homomorphic Encryption without Bootstrapping , 2014, ACM Trans. Comput. Theory.

[21]  Rishabh Poddar,et al.  Oblix: An Efficient Oblivious Search Index , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[22]  Elaine Shi,et al.  Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM , 2016, TCC.

[23]  Michael Hamburg,et al.  Decaf: Eliminating Cofactors Through Point Compression , 2015, CRYPTO.

[24]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[25]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[26]  Elaine Shi,et al.  Circuit OPRAM: Unifying Statistically and Computationally Secure ORAMs and OPRAMs , 2017, TCC.

[27]  Srinivas Devadas,et al.  XRD: Scalable Messaging System with Cryptographic Privacy , 2020, NSDI.

[28]  David Evans,et al.  Obliv-C: A Language for Extensible Data-Oblivious Computation , 2015, IACR Cryptol. ePrint Arch..

[29]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[30]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[31]  Frederik Vercauteren,et al.  Fully homomorphic SIMD operations , 2012, Designs, Codes and Cryptography.

[32]  Jesper Buus Nielsen,et al.  Reactive Garbling: Foundation, Instantiation, Application , 2016, ASIACRYPT.

[33]  David Cash,et al.  Side-Channel Attacks on Shared Search Indexes , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[34]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[35]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[36]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[37]  Mihir Bellare,et al.  The EAX Mode of Operation , 2004, FSE.

[38]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[39]  Giulio Malavolta,et al.  Maliciously Secure Multi-Client ORAM , 2017, ACNS.

[40]  J. Markus,et al.  Millimix: Mixing in Small Batches , 1999 .

[41]  Jennifer Granick,et al.  We Kill People Based on Metadata , 2017 .

[42]  Radu Sion,et al.  ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM , 2018, NDSS.

[43]  Shafi Goldwasser,et al.  Machine Learning Classification over Encrypted Data , 2015, NDSS.

[44]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[45]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[46]  Wenke Lee,et al.  Mimesis Aegis: A Mimicry Privacy Shield-A System's Approach to Data Privacy on Public Cloud , 2014, USENIX Security Symposium.

[47]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[48]  Hagit Attiya,et al.  Sharing memory robustly in message-passing systems , 1990, PODC '90.

[49]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[50]  Srinath T. V. Setty,et al.  PIR with Compressed Queries and Amortized Query Processing , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[51]  Vitaly Shmatikov,et al.  Breaking Web Applications Built On Top of Encrypted Data , 2016, CCS.

[52]  Prateek Mittal,et al.  On Your Social Network De-anonymizablity: Quantification and Large Scale Evaluation with Seed Knowledge , 2015, NDSS.

[53]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[54]  Aviel D. Rubin,et al.  Publius: a robust, tamper-evident, censorship-resistant web publishing system , 2000 .

[55]  Cynthia Dwork,et al.  Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography , 2007, WWW '07.

[56]  Claus-Peter Schnorr E cient Identi cation and Signatures for Smart-Cards , 1990, CRYPTO 1990.

[57]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[58]  Jinsheng Zhang,et al.  MU-ORAM: Dealing with Stealthy Privacy Attacks in Multi-User Data Outsourcing Services , 2016, IACR Cryptol. ePrint Arch..

[59]  Jonathan Katz,et al.  Revisiting Square-Root ORAM: Efficient Random Access in Multi-party Computation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[60]  Frank Wang,et al.  Splinter: Practical Private Queries on Public Data , 2017, NSDI.

[61]  Amr El Abbadi,et al.  TaoStore: Overcoming Asynchronicity in Oblivious Data Storage , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[62]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[63]  Nickolai Zeldovich,et al.  Stadium: A Distributed Metadata-Private Messaging System , 2017, IACR Cryptol. ePrint Arch..

[64]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[65]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[66]  Elaine Shi,et al.  Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns , 2014, USENIX Security Symposium.

[67]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[68]  Yan Huang,et al.  Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward , 2015, CCS.

[69]  Christopher W. Fletcher,et al.  ZeroTrace : Oblivious Memory Primitives from Intel SGX , 2018, NDSS.

[70]  Giulio Malavolta,et al.  Privacy and Access Control for Outsourced Personal Records , 2015, 2015 IEEE Symposium on Security and Privacy.

[71]  Jonathan Katz,et al.  Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[72]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[73]  Elaine Shi,et al.  ShadowCrypt: Encrypted Web Applications for Everyone , 2014, CCS.

[74]  Amir Herzberg,et al.  Anonymous RAM , 2016, ESORICS.

[75]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[76]  Stefan Katzenbeisser,et al.  Using Oblivious RAM in Genomic Studies , 2017, DPM/CBT@ESORICS.

[77]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[78]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[79]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[80]  Srinivas Devadas,et al.  Atom: Horizontally Scaling Strong Anonymity , 2016, SOSP.

[81]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[82]  Elaine Shi,et al.  Constants Count: Practical Improvements to Oblivious RAM , 2015, USENIX Security Symposium.

[83]  Yong-Yeol Ahn,et al.  Community-Enhanced De-anonymization of Online Social Networks , 2014, CCS.

[84]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[85]  K. Paterson,et al.  Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[86]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[87]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[88]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[89]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[90]  Abhi Shelat,et al.  Scaling ORAM for Secure Computation , 2017, IACR Cryptol. ePrint Arch..

[91]  Marie-Sarah Lacharité,et al.  Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[92]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[93]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[94]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[95]  Adam J. Aviv,et al.  A Practical Oblivious Map Data Structure with Secure Deletion and History Independence , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[96]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[97]  Dan Boneh,et al.  Prio: Private, Robust, and Scalable Computation of Aggregate Statistics , 2017, NSDI.

[98]  Krishna P. Gummadi,et al.  Blind Justice: Fairness with Encrypted Sensitive Attributes , 2018, ICML.

[99]  Rafail Ostrovsky,et al.  Private Anonymous Data Access , 2018, IACR Cryptol. ePrint Arch..

[100]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[101]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[102]  Hari Balakrishnan,et al.  Building Web Applications on Top of Encrypted Data Using Mylar , 2014, NSDI.

[103]  Easwar Vivek Mangipudi Towards Automatically Penalizing Multimedia Breaches , 2019 .

[104]  Christopher Krügel,et al.  A Practical Attack to De-anonymize Social Network Users , 2010, 2010 IEEE Symposium on Security and Privacy.

[105]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[106]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[107]  Prateek Mittal,et al.  SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization , 2015, USENIX Security Symposium.

[108]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[109]  Marie-Sarah Lacharité,et al.  Pump up the Volume: Practical Database Reconstruction from Volume Leakage on Range Queries , 2018, CCS.