a practical oblivious map data structure with secure
play

A Practical Oblivious Map Data Structure with Secure Deletion and - PowerPoint PPT Presentation

Aug 25, 2022 •25 likes •395 views

Intro vORAM HIRB Results A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S. Roche Adam J. Aviv Seung Geol Choi Computer Science Department United States Naval Academy Annapolis, Maryland, USA

  1. Intro vORAM HIRB Results A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S. Roche Adam J. Aviv Seung Geol Choi Computer Science Department United States Naval Academy Annapolis, Maryland, USA IEEE Security & Privacy 2016 San Jose, California Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 1 / 24

  2. Intro vORAM HIRB Results Goal: A remote key/value store with. . . Strong privacy Hidden keys, values, and access patterns (Obliviousness) Secure against powerful attackers (Secure Deletion and History Independence) Practical utility No computation on server Poly-logarithmic local storage, bandwidth, computation Low round complexity Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 2 / 24

  3. Intro vORAM HIRB Results Oblivious RAM Oblivious RAM (ORAM) hides access patterns as well as data. (Goldreich & Ostrovsky JACM’96, and many more since then!) Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 3 / 24

  4. Intro vORAM HIRB Results Oblivious RAM Oblivious RAM (ORAM) hides access patterns as well as data. (Goldreich & Ostrovsky JACM’96, and many more since then!) Cloud eavesdropper learns the number of operations and nothing else. Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 3 / 24

  5. Intro vORAM HIRB Results Problem 1 What if the size of data is not fixed? ORAM reveals the number of operations, and therefore data size. Insecure solution Send multiple blocks depending on the data size Inefficient solution Pad all data up to the maximum size Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 4 / 24

  6. Intro vORAM HIRB Results Problem 1 What if the size of data is not fixed? ORAM reveals the number of operations, and therefore data size. Insecure solution Send multiple blocks depending on the data size Inefficient solution Pad all data up to the maximum size Our approach: Oblivious RAM with variable blocks (vORAM) Hide large data in the overhead of Path ORAM, Large data blocks are stored across multiple ORAM “buckets”. Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 4 / 24

  7. Intro vORAM HIRB Results Oblivious Data Structures (ODS) Storing a data structure in ORAM (Wang et. al, CCS’14) Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 5 / 24

  8. Intro vORAM HIRB Results Oblivious Data Structures (ODS) Storing a data structure in ORAM (Wang et. al, CCS’14) Pieces of data structure (i.e., nodes) are stored in ORAM blocks. Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 5 / 24

  9. Intro vORAM HIRB Results Problem 2 What if your data structure has varying running time? The number of memory accesses in each operation are leaked by ORAM. Insecure solution Let the number of operations vary by access Inefficient solution Perform dummy operations up to the worst-case cost Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 6 / 24

  10. Intro vORAM HIRB Results Problem 2 What if your data structure has varying running time? The number of memory accesses in each operation are leaked by ORAM. Insecure solution Let the number of operations vary by access Inefficient solution Perform dummy operations up to the worst-case cost Our approach: History-Independent Randomized B Tree (HIRB) Use a fixed-height tree data structure, so that no padding is necessary. Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 6 / 24

  11. Intro vORAM HIRB Results “Catastrophic” Attacks An attacker may be able to coerce the private key . Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 7 / 24

  12. Intro vORAM HIRB Results “Catastrophic” Attacks An attacker may be able to coerce the private key . Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 7 / 24

  13. Intro vORAM HIRB Results Problem 3 What if your private key is compromised? Some leakage is inevitable ORAM reveals entire history, including prior deletions Most data structures also leak history information Inefficient solution Re-encrypt and transfer entire data set on every access Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 8 / 24

  14. Intro vORAM HIRB Results Problem 3 What if your private key is compromised? Some leakage is inevitable ORAM reveals entire history, including prior deletions Most data structures also leak history information Inefficient solution Re-encrypt and transfer entire data set on every access Our approach (vORAM+HIRB) HIRB data structure leaks no history nor prior deletions. vORAM leaks minimal history and no prior deletions. Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 8 / 24

  15. Intro vORAM HIRB Results Outline and Related Work 1 Problem Statement and Goals 2 vORAM: Oblivious RAM with variable-sized blocks Path ORAM (Stefanov et al., CCS’13) Secure deletion B-tree (Reardon et al., CCS’13) 3 HIRB: History Independent Randomized B-Tree Oblivious Data Structures (Wang et al., CCS’14) History-Independent Data Structures (Naor & Teague ’01, Hartline et al. ’02, Golovin ’08) 4 Experimental Results Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 9 / 24

  16. Intro vORAM HIRB Results Path ORAM with Variable-Sized Blocks: vORAM General idea : Large items are rare; distribute their bits along an ORAM path. Terminology : Each tree node is a bucket stored on the server. The user stores blocks of data. Each block may be broken up into chunks of bytes. Crucial restrictions : All chunks of the same block are on the same path Chunks of the same block are always in order Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 10 / 24

  17. Intro vORAM HIRB Results vORAM Example: Setup 3 1 1 4 1 1 1 3 1 4 1 7 1 1 1 1 3 1 4 1 1 1 0 1 2 3 4 5 6 7 Stored blocks : 1 1 1 1 Color represents data, Width = size, Number = position. Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 11 / 24

  18. Intro vORAM HIRB Results vORAM Example: Update 3 1 1 4 1 1 1 3 1 4 1 7 1 1 1 1 3 1 4 1 1 1 0 1 2 3 4 5 6 7 Stash: UPDATE( 1 ) : Evict, Re-assign, Writeback Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 12 / 24

  19. Intro vORAM HIRB Results vORAM Example: Update 3 1 1 4 1 1 1 3 1 4 1 7 1 1 1 1 3 1 4 1 1 1 0 1 2 3 4 5 6 7 Stash: 6 3 UPDATE( 1 ) : Evict, Re-assign, Writeback Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 12 / 24

  20. Intro vORAM HIRB Results vORAM Example: Update 6 3 4 1 1 1 3 1 4 1 7 1 1 1 1 3 1 4 1 1 1 0 1 2 3 4 5 6 7 Stash: UPDATE( 1 ) : Evict, Re-assign, Writeback Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 12 / 24

  21. Intro vORAM HIRB Results More details on vORAM Identifiers are chosen randomly, and the position (leaf node index) is a prefix of the identifier. The entire path is fetched and returned in parallel, resulting in 2 rounds per operation. Each node encrypted with a key stored in the parent node that is refreshed on each operation — implies secure deletion. No history beyond the most recent O ( n / log n ) operations is revealed, matching an asymptotic lower bound Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 13 / 24

  22. Intro vORAM HIRB Results How big should the buckets be? An crucial parameter is bucket size : number of bytes per bucket. As with Path ORAM, if this is too small, the root node (or stash) will “overflow”. Theorem The vORAM stash will overflow with only negligible probability if: Block sizes are bounded by a geometric distribution Bucket size is 20 times the expected block size Note : In practice, the constant can be only 6, not 20. Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 14 / 24

  23. Intro vORAM HIRB Results Oblivious Data Structures Recall the identifiers in vORAM: 4 6 These identifiers are random; where do we store them? Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 15 / 24

  24. Intro vORAM HIRB Results Oblivious Data Structures Recall the identifiers in vORAM: 4 6 These identifiers are random; where do we store them? Standard solution: Store a position map in recursively smaller ORAMs ODS (Wang et al. ’14): If you’re storing a data structure, store each node’s identifier in its parent node! To store a key/value map, use an AVL tree. Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 15 / 24

  25. Intro vORAM HIRB Results Example: AVL Tree Leakage We want to store a key/value data structure within the vORAM. But most data structures leak history information! Were you browsing reddit or youtube? ieee ieee usna arxiv stackoverflow arxiv usna stackoverflow Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 16 / 24

  26. Intro vORAM HIRB Results Example: AVL Tree Leakage We want to store a key/value data structure within the vORAM. But most data structures leak history information! Were you browsing reddit or youtube? ieee ieee usna arxiv stackoverflow arxiv usna youtube reddit stackoverflow Roche, Aviv, & Choi (USNA) vORAM & HIRB May 23, 2016 16 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H. Hubert Chan, Jonathan Katz, Ka Kartik Nay ayak, Antigoni Polychroniadou, Elaine Shi Defini De ning ng an n Obl Oblivious us RAM Example request

812 views • 33 slides
Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning

Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning

Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning alternatiivid) Sven Laur swen@math.ut.ee Helsinki University of Technology Basic motivation Secure storage problem Client Alice does not have skills for

428 views • 16 slides
ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford

ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford

ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford University Stanford University Private Data in the Cloud Compromised cloud can: Read data Read queries Alter data Hardware Enclaves A trusted

438 views • 31 slides
Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim) Generic OT 1 / 20 Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim)

852 views • 45 slides
Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng Zhou University of Connecticut Joint work with Juan Garay (AT&T) and Daniel Wichs (NYU) CRYPTO 2009 Outline Background New Approach

789 views • 36 slides
A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu,

A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu,

A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu, Michael Hicks Secure Storage S[42] secret Cloud You s = S[42] Storage S[s] secret Implementation = encrypt the data Read/write indices

787 views • 59 slides
Oblivious DNS: Practical Privacy for DNS Queries Paul Schmitt (Princeton) Anne Edmundson

Oblivious DNS: Practical Privacy for DNS Queries Paul Schmitt (Princeton) Anne Edmundson

Oblivious DNS: Practical Privacy for DNS Queries Paul Schmitt (Princeton) Anne Edmundson (Princeton) Allison Mankin (Salesforce) Nick Feamster (Princeton) Conventional DNS 2 Root Server www.foo.com? 3 1 TLD Server Client Recursive DNS

509 views • 24 slides
FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious Algorithms Succinct Data Structures RAM MODEL Almost everything you do in Haskell assumes this model Good for ADTs, but not a realistic

673 views • 49 slides
Cache Oblivious Sorting Gerth Stlting Brodal University of Aarhus Algorithms and Data

Cache Oblivious Sorting Gerth Stlting Brodal University of Aarhus Algorithms and Data

Cache Oblivious Sorting Gerth Stlting Brodal University of Aarhus Algorithms and Data Structures, Bertinoro, Forl` , Italy, June 22-28, 2003 1 Foundation 2 Outline of Talk Cache oblivious model Sorting problem Binary and

553 views • 33 slides
Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability Testing by J. Dumas, J. Redish R.I.T S. Ludi/R. Kuehl p. 1 R I T Software Engineering Summarize and Analyze Test Data Qualitative data -

598 views • 31 slides
Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability Testing by J. Dumas, J. Redish Results from Usability Tests Quantitative data: Performance data - times, error rates, etc. Subjective

392 views • 26 slides
Part 2, course 2: Cache Oblivious Algorithms CR10: Data Aware Algorithms October 2, 2019 Agenda

Part 2, course 2: Cache Oblivious Algorithms CR10: Data Aware Algorithms October 2, 2019 Agenda

Part 2, course 2: Cache Oblivious Algorithms CR10: Data Aware Algorithms October 2, 2019 Agenda Previous course (Sep. 25): Ideal Cache Model and External Memory Algorithms Today: Cache Oblivious Algorithms and Data Structures Next week

554 views • 36 slides
A Practical Succinct Data Structure for Tree-Like Graphs Johannes Fischer TU Dortmund, Germany

A Practical Succinct Data Structure for Tree-Like Graphs Johannes Fischer TU Dortmund, Germany

A Practical Succinct Data Structure for Tree-Like Graphs Johannes Fischer TU Dortmund, Germany joint work with Daniel Peters (PTB Berlin) leading adj(x,y) neighbours(x) deg(x) terms [bits] n 2 lg arbitrary O(1) O(1) O(#in) or

587 views • 57 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
Cache-Oblivious and Cache-Aware Algorithms , July 2004 Data Structures , February-March 2002

Cache-Oblivious and Cache-Aware Algorithms , July 2004 Data Structures , February-March 2002

Algorithm Engineering , September 2013 Data Structures , February-March 2010 Data Structures , February-March 2006 Cache-Oblivious Data Structures and Algorithms for Undirected BFS and SSSP Rolf Fagerberg University of Southern Denmark - Odense

683 views • 14 slides
Column vs. Row Stores for Data Manipulation in Hardware Oblivious CPU/GPU Database Systems Iya

Column vs. Row Stores for Data Manipulation in Hardware Oblivious CPU/GPU Database Systems Iya

Arbeitsgruppe Datenbanken und Software Engineering Otto-von-Guericke Universitt Magdeburg Column vs. Row Stores for Data Manipulation in Hardware Oblivious CPU/GPU Database Systems Iya Arefyeva , David Broneske, Marcus Pinnecke, Mudit

671 views • 28 slides
Proposition HHH and a New Integrated Service Model in Permanent Supportive Housing 2017

Proposition HHH and a New Integrated Service Model in Permanent Supportive Housing 2017

Measure H, Proposition HHH and a New Integrated Service Model in Permanent Supportive Housing 2017 Integrated Care Conference October 26, 2017 John Connolly Los Angeles County Department of Public Health Maria Funk - Los Angeles County

750 views • 40 slides
Security and Privacy Jens Mller, Fabian Ising, Christian Mainka, Vladislav Mladenov, Sebastian

Security and Privacy Jens Mller, Fabian Ising, Christian Mainka, Vladislav Mladenov, Sebastian

Office Document Security and Privacy Jens Mller, Fabian Ising, Christian Mainka, Vladislav Mladenov, Sebastian Schinzel, Jrg Schwenk Overview 1. OOXML/ODF Basics 2. Denial of Service 3. Invasion of Privacy 4. Information Disclosure

631 views • 39 slides
Contours and Regions Pablo Arbelez UC Berkeley I. HISTORICAL MOTIVATION Some Computer Vision

Contours and Regions Pablo Arbelez UC Berkeley I. HISTORICAL MOTIVATION Some Computer Vision

Contours and Regions Pablo Arbelez UC Berkeley I. HISTORICAL MOTIVATION Some Computer Vision Prehistory Hubel and Wiesel (1981 Nobel Price winners): MEASUREMENT system INPUT Selective response: Physiological evidence for the

1.31k views • 103 slides
Structured Forests for ConBnuity Fast Edge Detection Symmetry Piotr Dollr and Larry

Structured Forests for ConBnuity Fast Edge Detection Symmetry Piotr Dollr and Larry

4/27/16 what defines an edge? Brightness Color Texture Parallelism Structured Forests for ConBnuity Fast Edge Detection Symmetry Piotr Dollr and Larry Zitnick 1. A 1. Accur urac acy y 2. Speed 2. Speed I. data driven edge

295 views • 7 slides
3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge

3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge

3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge Management Paper by W. F. Cody BIKM J. T. Kreulen V. Krishna eClassifier W. S. Spangler Integrated BIKM Tools Presentation by Dylan Chi

492 views • 7 slides
Resources Overview Amanda Green, ODS Director Tim Strauch, President & CEO Support Services

Resources Overview Amanda Green, ODS Director Tim Strauch, President & CEO Support Services

OneOC Nonprofit Resources Overview Amanda Green, ODS Director Tim Strauch, President & CEO Support Services Nonprofit Resources & Support Volunteer Services & Support Back Office Support Services for Nonprofits Nonprofit Support

412 views • 7 slides
ASL Comparison of AIRS Dust Retrievals with Introduction A-Train other A-Train Instruments

ASL Comparison of AIRS Dust Retrievals with Introduction A-Train other A-Train Instruments

ASL Comparison of AIRS Dust Retrievals with Introduction A-Train other A-Train Instruments Dust/Cirrus detection using AIRS February 2007 Dust Storm Sergio DeSouza-Machado, L. L. Strow, 02/24/2007 02/21-24/2007 B. Imbiriba, S. E.

511 views • 27 slides
Longitudinal Data Analysis with Mixed Models A Graphical Overview Georges Monette, Ph.D., P.Stat.

Longitudinal Data Analysis with Mixed Models A Graphical Overview Georges Monette, Ph.D., P.Stat.

Longitudinal Data Analysis with Mixed Models A Graphical Overview Georges Monette, Ph.D., P.Stat. georges@yorku.ca www.math.yorku.ca/~georges Workshop on Longitudinal Data Analysis for Business and Biostatistics May 10, 2007 1

1.64k views • 116 slides

More recommend