A Dynamic Tree-Based Data Structure for Access Privacy in the Cloud

We present a novel approach for guaranteeing access privacy to data stored at an external cloud provider. Our solution relies on the grouping of resources into buckets then organized with a binary search tree. The tree is built on an index computed in a non-invertible non-order preserving way, and supports efficient key-based retrieval. Our approach to provide access privacy builds on this data organization providing uniform observability to the server in access execution and dynamically changing not only the physical storage allocation, but also the logical structure itself. Our analysis and experimental evaluation show the effectiveness of our approach.

[1]  Robert E. Tarjan,et al.  Self-adjusting binary search trees , 1985, JACM.

[2]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[3]  Gerardo Pelosi,et al.  Three-Server Swapping for Access Confidentiality , 2018, IEEE Transactions on Cloud Computing.

[4]  Srinivas Devadas,et al.  Unified Oblivious-RAM: Improving Recursive ORAM with Locality and Pseudorandomness , 2014, IACR Cryptol. ePrint Arch..

[5]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[6]  Kenneth Baclawski,et al.  Quickly generating billion-record synthetic databases , 1994, SIGMOD '94.

[7]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[8]  Gerardo Pelosi,et al.  Supporting concurrency and multiple indexes in private access to outsourced data , 2013, J. Comput. Secur..

[9]  Sabrina De Capitani di Vimercati,et al.  Managing and accessing data in the cloud: Privacy risks and approaches , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[10]  Gerardo Pelosi,et al.  Access Control for the Shuffle Index , 2016, DBSec.

[11]  Yan Huang,et al.  Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward , 2015, CCS.

[12]  Chinya V. Ravishankar,et al.  Tunably-Oblivious Memory: Generalizing ORAM to Enable Privacy-Efficiency Tradeoffs , 2015, CODASPY.

[13]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[14]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[15]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[16]  Gerardo Pelosi,et al.  Shuffle Index , 2015, ACM Trans. Storage.

[17]  Elaine Shi,et al.  Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM , 2016, TCC.

[18]  K. Selçuk Candan,et al.  Hiding Traversal of Tree Structured Data from Untrusted Data Stores , 2003, ISI.

[19]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[20]  Vincenzo Piuri,et al.  Supporting Security Requirements for Resource Management in Cloud Computing , 2012, 2012 IEEE 15th International Conference on Computational Science and Engineering.