towards practical oblivious ram
DESCRIPTION
Towards Practical Oblivious RAM. UC Berkeley. http://www.emilstefanov.net/Research/ObliviousRam /. Cloud Storage. Dropbox. Amazon S3, EBS. Windows Azure Storage. SkyDrive. EMC Atmos. Mozy. iCloud. Google Storage. Cloud Storage. Dropbox. Can we TRUST the cloud?. Amazon S3, EBS. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/1.jpg)
Towards Practical Oblivious RAM
Emil Stefanov Elaine Shi Dawn [email protected] [email protected] [email protected]
http://www.emilstefanov.net/Research/ObliviousRam/
UC Berkeley
![Page 2: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/2.jpg)
Cloud Storage
SkyDrive
Windows Azure Storage
Amazon S3, EBSDropbox
EMC Atmos
Mozy
iCloud Google Storage
![Page 3: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/3.jpg)
Cloud Storage
SkyDrive
Windows Azure Storage
Amazon S3, EBSDropbox
EMC Atmos
Mozy
iCloud Google Storage
Can weTRUST
the cloud?
![Page 4: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/4.jpg)
Data Privacy
• Data privacy is a growing concern.– Large attack surface (possibly hundreds of servers)– Infrastructure bugs– Malware– Disgruntled employees– Big brother
• So, many organizationsencrypt their data.
![Page 5: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/5.jpg)
But, encryption is not always enough.
Access patternscan leak sensitive information.
![Page 6: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/6.jpg)
Untrusted Cloud Storage
Client
Buy IBM
Buy EMC
?Buy IBM(stock trader)
Example Attackby Pinkas & Reinman
![Page 7: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/7.jpg)
Oblivious RAM (O-RAM)
• Goal: Conceal access patterns to remote storage.
• An observer cannot distinguish a sequence of read/write operations from random.
Untrusted Cloud Storage
Client
![Page 8: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/8.jpg)
Untrusted Cloud Storage
Client
Buy IBM
Buy EMC
Buy IBM(stock trader)
Naïve Solution
Impractical bandwidth overhead
![Page 9: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/9.jpg)
Contribution 1: Performance
63 times less bandwidth than best existing solution for the same amount of client storage
# Blocks Block SizeBandwidth Overhead
Ours Best Known(Goodrich-Mitzenmacher)
– 256 KB – 16 MB 18 X – 24X 1165X – 1529X
< 0.1% of data stored on clientO-RAM Capacity Client Storage
1 TB – 256 TB 0.011 % – 0.078 %
![Page 10: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/10.jpg)
Contribution 2: Techniques
1. Partitioning Framework– Breaks down server storage into smaller, more
manageable partitions.2. Partition O-RAM– Optimized O-RAM construction for partitions.
3. Recursive Constructions– Reduce client-side storage via recursion.
4. Concurrent Constructions– Reduce worst-case cost via concurrency.
![Page 11: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/11.jpg)
Existing Approaches
• Based on Goldreich-Ostrovsky scheme.
• +1 levels– Sizes:
[GO96, OS97, WS08, PR10, GM10, GMOT11, BMP11, GMOT12, KLO12… ]
![Page 12: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/12.jpg)
Existing Approaches
• Inside a level–Some real blocks• Useful data
–Some dummy blocks• Random data
–Randomly permuted• Only the client knows
the permutation
Dummy BlockReal BlockReal BlockDummy BlockReal BlockDummy BlockDummy BlockReal Block
![Page 13: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/13.jpg)
Existing Approaches• Reading–Read a block from each level–One real block.–Remaining are dummy blocks
ClientServer
realdummydummydummydummy
dummy
![Page 14: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/14.jpg)
Existing Approaches
• Writing– Shuffle consecutively
filled levels.– Write into next
unfilled level.– Clear the source
levels
Server (before) Server (after)Client
shuffleblocks
![Page 15: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/15.jpg)
Continuous Shuffling
• Cost per operation (amortized): or – Depending on shuffling algorithm
…To write:
𝒕𝟎 𝒕𝟏 𝒕𝟐 𝒕𝟑 𝒕𝟒 𝒕𝟓
![Page 16: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/16.jpg)
The Problem with Existing Approaches
• Writing is expensive.• Sometimes need to
shuffle blocks.• Cannot store them all
locally.• Needs oblivious
shuffling algorithm.– Very expensive!
• Bad worst-case cost.
blocks
![Page 17: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/17.jpg)
Our Approach
• Make shuffling cheaper.• Reduce the worst-case cost.
But, how?
![Page 18: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/18.jpg)
Answer: Partition the Storage
![Page 19: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/19.jpg)
Challenge: Partitioning Breaks Security
O-RAM O-RAM O-RAM O-RAM O-RAM
ServerClient
Partitions
Read block from its randomly assigned
partition
block
Assign and write block to a new
random partition
Read block from its previously assigned random partition.
Not privacy preserving!There is linkability between reads and writes.
![Page 20: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/20.jpg)
Solution: Our Partitioning Framework
• Accessing a block:1. Read from partition (previously randomly assigned).2. Read/modify block data.3. Write to random cache slot (don’t write to server yet).
O-RAM O-RAM O-RAM O-RAM O-RAM
block blockblockblock
blockblock
block
ServerClient
Partitions
Cache Slots
![Page 21: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/21.jpg)
Solution: Our Partitioning Framework
• Background eviction:– Sequentially scan the cache slots.– Evict one block if possible.– Evict dummy block otherwise.
O-RAM O-RAM O-RAM O-RAM O-RAM
block blockblockblock
blockblock
block
ServerClient
Partitions
Cache Slots
dummy
![Page 22: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/22.jpg)
Our Partition O-RAM
• Local shuffling– No expensive oblivious shuffling.
• No cuckoo hashing.– 2X speedup
• Matrix compression algorithm for uploading levels– 1.5X speedup
• Constant latency:– 1 round trip
![Page 23: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/23.jpg)
Concurrent Constructions:Reduce Worst Case Cost
• Worst case cost:
for the non-recursive construction.
• Insert amortizer component.
![Page 24: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/24.jpg)
Recursive Constructions: Reduce Client Storage
• Client storage: • Bandwidth:
![Page 25: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/25.jpg)
Client Storage vs. Bandwidth
![Page 26: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/26.jpg)
Source Code Available
• Actual implementation.– Not a simulation.
• worst-case cost.• Encryption.• Integrity verification.• Language: C#
http://www.emilstefanov.net/Research/ObliviousRam/
![Page 27: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/27.jpg)
Related Work
• Hierarchical based constructions and improvements.– GO96, OS97, WS08, PR10, GM10, GMOT11, CS10 ,
FWCKS11, CS11, BMP11, GMOT12, KLO12, …• De-amortization techniques to reduce worst-
case cost.– OS97, GMOT11, BMP11 ,KLO12
![Page 28: Towards Practical Oblivious RAM](https://reader035.vdocuments.mx/reader035/viewer/2022062218/568164d4550346895dd70853/html5/thumbnails/28.jpg)
Conclusion
• Oblivious RAM can be practical!• First practical construction:– 63 times faster than existing schemes.– worst-case cost.
• Novel techniques.• Source code available.
Thank you!