MACAO: A Maliciously-Secure and Client-Efficient Active ORAM Framework

Oblivious Random Access Machine (ORAM) allows a client to hide the access pattern and thus, offers a strong level of privacy for data outsourcing. An ideal ORAM scheme is expected to offer desirable properties such as low client bandwidth, low server computation overhead and the ability to compute over encrypted data. S3ORAM (CCS’17) is an efficient active ORAM scheme, which takes advantage of secret sharing to provide ideal properties for data outsourcing such as low client bandwidth, low server computation and low delay. Despite its merits, S3ORAM only offers security in the semi-honest setting. In practice, an ORAM protocol is likely to operate in the presence of malicious adversaries who might deviate from the protocol to compromise the client privacy. In this paper, we propose MACAO, a new multi-server ORAM framework, which offers integrity, access pattern obliviousness against active adversaries, and the ability to perform secure computation over the accessed data. MACAO harnesses authenticated secret sharing techniques and tree-ORAM paradigm to achieve low client communication, efficient server computation, and low storage overhead at the same time. We fully implemented MACAO and conducted extensive experiments in real cloud platforms (Amazon EC2) to validate the performance of MACAO compared with the state-of-the-art. Our results indicate that MACAO can achieve comparable performance to S3ORAM while offering security against malicious adversaries. MACAO is a suitable candidate for integration into distributed file systems with encrypted computation capabilities towards enabling an oblivious functional data outsourcing infrastructure.

[1]  Elaine Shi,et al.  Ring ORAM: Closing the Gap Between Small and Large Client Storage Oblivious RAM , 2014, IACR Cryptol. ePrint Arch..

[2]  Travis Mayberry,et al.  Efficient Private File Retrieval by Combining ORAM and PIR , 2014, NDSS.

[3]  Sanjam Garg,et al.  TWORAM: Round-Optimal Oblivious RAM with Applications to Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[4]  Eyal Kushilevitz,et al.  Sub-logarithmic Distributed Oblivious RAM with Small Block Size , 2019, IACR Cryptol. ePrint Arch..

[5]  Radu Sion,et al.  rORAM: Efficient Range ORAM with O(log2 N) Locality , 2019, NDSS.

[6]  Elaine Shi,et al.  Verifiable Oblivious Storage , 2014, Public Key Cryptography.

[7]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[8]  Kartik Nayak,et al.  Asymptotically Tight Bounds for Composing ORAM with PIR , 2017, Public Key Cryptography.

[9]  Giulio Malavolta,et al.  Privacy and Access Control for Outsourced Personal Records , 2015, 2015 IEEE Symposium on Security and Privacy.

[10]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[11]  Guevara Noubir,et al.  Toward Robust Hidden Volumes Using Write-Only Oblivious RAM , 2014, IACR Cryptol. ePrint Arch..

[12]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[13]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[14]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[15]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[16]  Chinya V. Ravishankar,et al.  Combining ORAM with PIR to Minimize Bandwidth Costs , 2015, CODASPY.

[17]  Kasper Green Larsen,et al.  Yes, There is an Oblivious RAM Lower Bound! , 2018, IACR Cryptol. ePrint Arch..

[18]  Adam J. Aviv,et al.  ObliviSync: Practical Oblivious File Backup and Synchronization , 2017, NDSS.

[19]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[20]  Elaine Shi,et al.  Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM , 2016, TCC.

[21]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[22]  Thomas Haynes,et al.  Network File System (NFS) Version 4 Protocol , 2003, RFC.

[23]  Marcel Keller,et al.  Overdrive: Making SPDZ Great Again , 2018, IACR Cryptol. ePrint Arch..

[24]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[25]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[26]  Adam J. Aviv,et al.  A Practical Oblivious Map Data Structure with Secure Deletion and History Independence , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[27]  Attila A. Yavuz,et al.  S3ORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing , 2017, IACR Cryptol. ePrint Arch..

[28]  I. Damgård,et al.  A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System , 2000 .

[29]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[30]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[31]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[32]  Abhi Shelat,et al.  Scaling ORAM for Secure Computation , 2017, IACR Cryptol. ePrint Arch..

[33]  Prateek Saxena,et al.  PRO-ORAM: Practical Read-Only Oblivious RAM , 2019, RAID.

[34]  Adam J. Aviv,et al.  Deterministic, Stash-Free Write-Only ORAM , 2017, CCS.

[35]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[36]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[37]  Giulio Malavolta,et al.  Maliciously Secure Multi-Client ORAM , 2017, ACNS.

[38]  Radu Sion,et al.  ConcurORAM: High-Throughput Stateless Parallel Multi-Client ORAM , 2018, NDSS.

[39]  Moni Naor,et al.  Is There an Oblivious RAM Lower Bound? , 2016, ITCS.

[40]  Eran Omri,et al.  Turbospeedz: Double Your Online SPDZ! Improving SPDZ using Function Dependent Preprocessing , 2019, IACR Cryptol. ePrint Arch..

[41]  Amr El Abbadi,et al.  TaoStore: Overcoming Asynchronicity in Oblivious Data Storage , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[42]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[43]  Tarik Moataz,et al.  Constant Communication ORAM with Small Blocksize , 2015, CCS.

[44]  Adam J. Aviv,et al.  Managing Cloud Storage Obliviously , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[45]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[46]  Kartik Nayak,et al.  More is Less: Perfectly Secure Oblivious Algorithms in the Multi-Server Setting , 2018, IACR Cryptol. ePrint Arch..

[47]  Joshua Schiffman,et al.  Shroud: ensuring private access to large-scale data in the data center , 2013, FAST.

[48]  Stanislaw Jarecki,et al.  Three-Party ORAM for Secure Computation , 2015, ASIACRYPT.

[49]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[50]  Elaine Shi,et al.  Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM , 2015, IACR Cryptol. ePrint Arch..

[51]  Marcel Keller,et al.  Efficient, Oblivious Data Structures for MPC , 2014, IACR Cryptol. ePrint Arch..

[52]  Michael Zohner,et al.  Ad-Hoc Secure Two-Party Computation on Mobile Devices using Hardware Tokens , 2014, USENIX Security Symposium.

[53]  Jonathan Katz,et al.  Simple and Efficient Two-Server ORAM , 2018, IACR Cryptol. ePrint Arch..

[54]  Yan Huang,et al.  Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward , 2015, CCS.

[55]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[56]  Guevara Noubir,et al.  Multi-client Oblivious RAM Secure Against Malicious Servers , 2017, ACNS.

[57]  Marcel Keller,et al.  Efficient Maliciously Secure Multiparty Computation for RAM , 2018, IACR Cryptol. ePrint Arch..

[58]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[59]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[60]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[61]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[62]  Stefano Tessaro,et al.  Oblivious Parallel RAM: Improved Efficiency and Generic Constructions , 2016, TCC.

[63]  Donald Beaver,et al.  Efficient Multiparty Protocols Using Circuit Randomization , 1991, CRYPTO.

[64]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[65]  Yuval Ishai,et al.  Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation , 2005, TCC.

[66]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[67]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.