Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns

We present Burst ORAM, the first oblivious cloud storage system to achieve both practical response times and low total bandwidth consumption for bursty workloads. For real-world workloads, Burst ORAM can attain response times that are nearly optimal and orders of magnitude lower than the best existing ORAM systems by reducing online bandwidth costs and aggressively rescheduling shuffling work to delay the bulk of the IO until idle periods. We evaluate our design on an enterprise file system trace with about 7,500 clients over a 15 day period, comparing to an insecure baseline encrypted block store without ORAM. We show that when baseline response times are low, Burst ORAM response times are comparably low. In a 32TB ORAM with 50ms network latency and sufficient bandwidth capacity to ensure 90% of requests have baseline response times under 53ms, 90% of Burst ORAM requests have response times under 63ms, while requiring only 30 times the total bandwidth consumption of the insecure baseline. Similarly, with sufficient bandwidth to ensure 99.9% of requests have baseline responses under 70ms, 99.9% of Burst ORAM requests have response times under 76ms.

[1]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[2]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[3]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[4]  Chinya V. Ravishankar,et al.  Compromising privacy in precise query protocols , 2013, EDBT '13.

[5]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[6]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[7]  Elaine Shi,et al.  Multi-cloud oblivious storage , 2013, CCS.

[8]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[9]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[10]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[11]  Travis Mayberry,et al.  Efficient Private File Retrieval by Combining ORAM and PIR , 2014, NDSS.

[12]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[13]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[14]  Ivan Damgård,et al.  Perfectly Secure Oblivious RAM Without Random Oracles , 2011, IACR Cryptol. ePrint Arch..

[15]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[16]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[17]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[18]  Joshua Schiffman,et al.  Shroud: ensuring private access to large-scale data in the data center , 2013, FAST.

[19]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[20]  Shankar Pasupathy,et al.  Measurement and Analysis of Large-Scale Network File System Workloads , 2008, USENIX Annual Technical Conference.

[21]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[22]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[23]  Dan Boneh,et al.  Remote Oblivious Storage: Making Oblivious RAM Practical , 2011 .

[24]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[25]  Yanpei Chen,et al.  Design implications for enterprise storage systems via multi-dimensional trace analysis , 2011, SOSP '11.

[26]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[27]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.