Unied RAW Path Oblivious RAM

Oblivious RAM (ORAM) is a cryptographic primitive that conceals memory access patterns to untrusted storage. Its applications include oblivious cloud storage, trusted processors, software protection, secure multi-party computation, and so on. This thesis improves the state-of-the-art Path ORAM in several aspects. On the theoretical side, we improve Path ORAM’s memory bandwidth overhead by a factor of O(log logN) when the block size is small. With this improvement, Path ORAM is asymptotically the most efficient ORAM construction with constant or polylogarithmic client storage under any block size. Our technique to achieve this improvement involves using pseudorandom functions to compress the position map, a central component in Path ORAM and other position-based ORAMs. With small block size, managing the position map has huge overhead and is Path ORAM’s performance bottleneck. Our technique reduces this overhead. On the practical side, we propose Unified ORAM with a position map lookaside buffer to utilize locality in real-world applications, while preserving access pattern privacy. We also propose a new variant of Path ORAM named RAW Path ORAM, which achieves a constant factor reduction in memory bandwidth and encryption overhead. It also features a much simpler proof for correctness compared with Path ORAM. Combining our techniques results in a roughly 2× improvement in ORAM bandwidth, and over 1.43× speedup on SPEC benchmarks. We also study how to efficiently verify the integrity of ORAM. Besides some customized optimizations for Path ORAM and RAW Path ORAM, we present a novel integrity verification scheme that works for any position-based ORAM and achieves an asymptotic reduction in hashing overhead over prior solutions. Thesis Supervisor: Srinivas Devadas Title: Professor of Electrical Engineering and Computer Science

[1]  Dan Boneh,et al.  Remote Oblivious Storage: Making Oblivious RAM Practical , 2011 .

[2]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[3]  Helger Lipmaa,et al.  Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption , 2000 .

[4]  Elaine Shi,et al.  A High-Performance Oblivious RAM Controller on the Convey HC-2ex Heterogeneous Computing Platform , 2013 .

[5]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[6]  Srinivas Devadas,et al.  Generalized external interaction with tamper-resistant hardware with bounded information leakage , 2013, CCSW.

[7]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[8]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[9]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[10]  Miklós Ajtai,et al.  Oblivious RAMs without cryptogrpahic assumptions , 2010, STOC '10.

[11]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[12]  Peter Williams,et al.  Single round access privacy on outsourced storage , 2012, CCS '12.

[13]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[14]  David Cash,et al.  Dynamic Proofs of Retrievability via Oblivious RAM , 2013, EUROCRYPT.

[15]  Jonathan Katz,et al.  Secure two-party computation in sublinear (amortized) time , 2012, CCS.

[16]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[17]  Bruce Jacob,et al.  DRAMSim2: A Cycle Accurate Memory System Simulator , 2011, IEEE Computer Architecture Letters.

[18]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[19]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[20]  Michael T. Goodrich,et al.  Oblivious RAM simulation with efficient worst-case access overhead , 2011, CCSW '11.

[21]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[22]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[23]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.

[24]  Rafail Ostrovsky,et al.  Distributed Oblivious RAM for Secure Two-Party Computation , 2013, TCC.

[25]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[26]  Elaine Shi,et al.  Memory Trace Oblivious Program Execution , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[27]  Srinivas Devadas,et al.  Enhancing Oblivious RAM Performance Using Dynamic Prefetching , 2014, IACR Cryptol. ePrint Arch..

[28]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[29]  Sean W. Smith,et al.  Private Information Storage with Logarithm-Space Secure Hardware , 2004, International Information Security Workshops.

[30]  Joshua Schiffman,et al.  Shroud: ensuring private access to large-scale data in the data center , 2013, FAST.

[31]  George Kurian,et al.  Graphite: A distributed parallel simulator for multicores , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[32]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[33]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[34]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[35]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[36]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[37]  Michael T. Goodrich,et al.  Practical oblivious storage , 2012, CODASPY '12.

[38]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[39]  Srinivas Devadas,et al.  Suppressing the Oblivious RAM timing channel while making information leakage and program efficiency trade-offs , 2014, 2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA).

[40]  Tao Zhang,et al.  HIDE: an infrastructure for efficiently protecting information leakage on the address bus , 2004, ASPLOS XI.

[41]  Ryan K. L. Ko,et al.  Cloud computing vulnerability incidents: a statistical overview , 2013 .

[42]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[43]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .

[44]  Srinivas Devadas,et al.  Virtual monotonic counters and count-limited objects using a TPM without a trusted OS , 2006, STC '06.

[45]  H. Chernoff A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the sum of Observations , 1952 .

[46]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[47]  G. Edward Suh,et al.  Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions , 2005, ISCA 2005.

[48]  Mark Horowitz,et al.  Specifying and verifying hardware for tamper-resistant software , 2003, 2003 Symposium on Security and Privacy, 2003..

[49]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[50]  Ivan Damgård,et al.  Perfectly Secure Oblivious RAM Without Random Oracles , 2011, IACR Cryptol. ePrint Arch..

[51]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[52]  Elaine Shi,et al.  Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns , 2014, USENIX Security Symposium.

[53]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[54]  Elaine Shi,et al.  Verifiable Oblivious Storage , 2014, Public Key Cryptography.

[55]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[56]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[57]  Srinivas Devadas,et al.  Integrity verification for path Oblivious-RAM , 2013, 2013 IEEE High Performance Extreme Computing Conference (HPEC).