The Fallacy of Composition of Oblivious RAM and Searchable Encryption

Oblivious RAM (ORAM) is a tool proposed to hide access pattern leakage, and there has been a lot of progress in the efficiency of ORAM schemes; however, less attention has been paid to study the applicability of ORAM for cloud applications such as symmetric searchable encryption (SSE). Although, searchable encryption is one of the motivations for ORAM research, no in-depth study of the applicability of ORAM to searchable encryption exists as of June 2015. In this work, we initiate the formal study of using ORAM to reduce the access pattern leakage in searchable encryption. We propose four new leakage classes and develop a systematic methodology to study the applicability of ORAM to SSE. We develop a worst-case communication baseline for SSE. We show that completely eliminating leakage in SSE is impossible. We propose single keyword schemes for our leakage classes and show that either they perform worse than streaming the entire outsourced data (for a large fraction of queries) or they do not provide meaningful reduction in leakage. We present detailed evaluation using the Enron email corpus and the complete English Wikipedia corpus.

[1]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[2]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[3]  Dan Boneh,et al.  Remote Oblivious Storage: Making Oblivious RAM Practical , 2011 .

[4]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[5]  Kai-Min Chung,et al.  A Simple ORAM , 2013, IACR Cryptol. ePrint Arch..

[6]  Srinivas Devadas,et al.  RAW Path ORAM: A Low-Latency, Low-Area Hardware ORAM Controller with Integrity Verification , 2014, IACR Cryptol. ePrint Arch..

[7]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[8]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[9]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[10]  Elaine Shi,et al.  Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns , 2014, USENIX Security Symposium.

[11]  Michael T. Goodrich,et al.  Practical oblivious storage , 2012, CODASPY '12.

[12]  Melissa Chase,et al.  Structured Encryption and Controlled Disclosure , 2010, IACR Cryptol. ePrint Arch..

[13]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[14]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[15]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[16]  Carl A. Gunter,et al.  Dynamic Searchable Encryption via Blind Storage , 2014, 2014 IEEE Symposium on Security and Privacy.

[17]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[18]  Craig Gentry,et al.  Private Database Access with HE-over-ORAM Architecture , 2015, ACNS.

[19]  Hugo Krawczyk,et al.  Outsourced symmetric private information retrieval , 2013, IACR Cryptol. ePrint Arch..

[20]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[21]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[22]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[23]  Srinivas Devadas,et al.  Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM , 2015 .

[24]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[25]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[26]  Ivan Damgård,et al.  Perfectly Secure Oblivious RAM Without Random Oracles , 2011, IACR Cryptol. ePrint Arch..

[27]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[28]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[29]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[30]  Joshua Schiffman,et al.  Shroud: ensuring private access to large-scale data in the data center , 2013, FAST.

[31]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[32]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..