![Page 1: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/1.jpg)
Hiding Pa)erns from the Database Owner -‐ Private Informa9on Retrieval (PIR)
-‐ Oblivious RAM (ORAM)
Erman Ayday with gra9tude to Jean Louis Raisaro and J.P
Hubaux
![Page 2: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/2.jpg)
Outline • Mo9va9on
• Private Informa9on Retrieval (PIR) – IT-‐PIR – cPIR – SPIR
• Oblivious RAM (ORAM) – Prac9cal ORAM – PathORAM (Stefanov et al. CCS13)
• PIR + ORAM (Huang and Goldberg WPES13)
2
![Page 3: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/3.jpg)
Cloud Storage
SkyDrive
Windows Azure Storage
Amazon S3, EBS Dropbox
EMC Atmos
Mozy
iCloud Google Storage
3 Slide by E. Stefanov
![Page 4: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/4.jpg)
Cloud Storage
SkyDrive
Windows Azure Storage
Amazon S3, EBS Dropbox
EMC Atmos
Mozy
iCloud Google Storage
Can we TRUST
the cloud?
4 Slide by E. Stefanov
![Page 5: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/5.jpg)
Data Privacy
• Data privacy is a growing concern. – Large a)ack surface (possibly hundreds of servers) – Infrastructure bugs – Malware – Disgruntled employees – Big brother
• So, many organiza9ons encrypt their data.
5
![Page 6: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/6.jpg)
But, encryp9on is not always enough.
Access pa/erns can leak sensi9ve informa9on.
6
![Page 7: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/7.jpg)
Untrusted Cloud Storage
Client
Buy IBM
Buy EMC
? Buy IBM (stock trader)
Example A)ack by Pinkas & Reinman
Access paJerns leak: 80% of search queries to encrypted database
[IQK12]
7 If a sequence of data access requests is always followed by a stock exchange opera9on, the server can gain sensi9ve informa9on even when the data is encrypted Slide by E. Stefanov
![Page 8: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/8.jpg)
Security for Outsourced Storage
• ConfidenYality – Encrypt
• Integrity – MAC / Sign – Merkle tree
• Reliability – Redundancy – Proofs of retrievability (PoR)
• Access privacy? – Private InformaYon Retrieval (PIR) – Oblivious RAM (ORAM)
8
![Page 9: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/9.jpg)
Privacy and Cloud Compu9ng • Cloud compu9ng infrastructures enable companies to cut IT
costs by outsourcing storage and computa9ons on-‐demand • YET, clients of cloud compu9ng services currently have no
means to control the privacy of their data (data availability is also an issue, not addressed in this course)
• The lack of trust has fostered the design of new sophis9cated technologies to ensure privacy against cloud service providers: – Private InformaYon Retrieval (PIR) – Oblivious RAM (ORAM)
• These techniques bring substanYal computaYonal and storage overhead
• Privacy vs. Efficiency
9
![Page 10: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/10.jpg)
Private Informa9on
Retrieval (PIR)
10 Credits: some slides by Casey Devet
![Page 11: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/11.jpg)
A Real-‐World Example
11
my
![Page 12: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/12.jpg)
Private Informa9on Retrieval (PIR)
• Goal: Protect privacy of user’s queries.
• The database does not learn the query terms or responses.
Untrusted Cloud Storage
Client Proposed by Chor et al. [CKGS95] Recently: [KO97, CG97, CKGS98, BS02, AG07, BS07, G07, OG11, DGH12, HHG13, HG13, MBC14, … ]
12
![Page 13: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/13.jpg)
But… How to do this?
Download the en9re
Database? 13
![Page 14: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/14.jpg)
Untrusted Cloud Storage
Client
Buy IBM
Buy EMC
Buy IBM (stock trader)
Trivial Solu9on
14
![Page 15: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/15.jpg)
IT-‐PIR vs. cPIR • InformaYon TheoreYc PIR (IT-‐PIR)
– Non-‐colluding L servers – Each server holds a copy of the database – Perfectly secure if some number of these servers are not colluding
• ComputaYonal PIR (cPIR) – Single database-‐server – Uses cryptographic techniques to encrypt the user’s query – The security of cPIR relies on the security of the underling encryp9on
– Privacy is ensured only against computaYonally-‐bounded aJackers
15
![Page 16: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/16.jpg)
IT-‐PIR: the Goal
16
Untrusted Cloud Storage
Client
Database D with blocks D1,…,Dr Goals: • Retrieve Dβ from the database without leaking β. • Do this without downloading the en9re database.
DDβ
![Page 17: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/17.jpg)
IT-‐PIR: Goldberg’s Scheme [Gol07]
17
• Database D can be represented as an r x s matrix • Dβ = eβ . D
All zeros except a one for the β coordinate
![Page 18: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/18.jpg)
Shamir Secret Sharing (reminder) [Sha79]
• (t+1,L) threshold scheme to share a secret S – Choose t random posi9ve integers a_1, …a_t – Let a_0=S – Build polynomial f(x)=a_0 + a_1x + a_2x^2 + … + a_tx^t
– Construct L points out of f(x) -‐> (i,f(i)) – Distribute a point (share) to each par9cipant – At least (t+1) shares are needed to learn S
18
![Page 19: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/19.jpg)
Shamir Secret Sharing (reminder) [Sha79]
19
(Simplified version, just to re-‐convey the intui9on) ConstrucYon: • Assume the presence of L par9es, we pick a random point (the secret) in a field and a polynomial of degree t such that the secret is the y-‐axis intercept of that polynomial and L ≥ t+1 • We then pick L random points on this polynomial and each party is provided with one • If we know at most t points we cannot reconstruct the secret. There is only 1 polynomial of order t going through the t+1 points
![Page 20: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/20.jpg)
IT-‐PIR: Goldberg’s Scheme (ctd.)
20
Can I get record β?
Genera9ng Shamir secret shares of eβ (v1 , …, vL) and send one to each server
v1
v2
vL Each server computes ri = vi . D The responses r1 , …, rk are Shamir secret shares for Dβ (k is the number of responses). We need k > t responses to reconstruct the secret
r1
r2
rk
![Page 21: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/21.jpg)
21
• Robustness problem: how many servers’ responses do we need to be able to recover a database block?
• Mul9-‐server PIR protocols tolerant of non-‐responsive or malicious/colluding server are called robust or ByzanYne robust
• An L-‐server system that can operate where only k of the servers respond, v of the servers respond incorrectly, and which can support up to t colluding server without revealing the client’s query is called “t-‐private v-‐byzan5ne robust k-‐out-‐of-‐L PIR” [DGH 2012]
IT-‐PIR: Robustness
![Page 22: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/22.jpg)
22
IT-‐PIR: Robustness
Ex. v = 1 and k = 5 :
![Page 23: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/23.jpg)
IT-‐PIR: Robustness
23 (v < k-‐t-‐1 is the theore9cal max value)
![Page 24: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/24.jpg)
Example
24
![Page 25: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/25.jpg)
Computa9onal PIR (cPIR) • User privacy is related to the (assumed) intractability of a
mathema9cal problem. • Principle: Achieve computa9onally complete privacy by
applying cryptographic computa9ons over the en9re public data
25
X=
Server Client q=“give me ith record” encrypted(q)
encrypted-result=f(X, encrypted(q)) Xi
Database
![Page 26: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/26.jpg)
cPIR: Theore9cal Background
26 Slide by S.Wang, D.Agrawal, and A. El Abbadi
![Page 27: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/27.jpg)
27
cPIR: The Basic Scheme [KO97]
0 1 0 1
1 1 0 1
0 1 0 1
0 1 1 1
e
g
Get M2,3
e=2, g=3, N=35, m=6
QR={1,4,9,11,16,29}
QNR = Z*35 / QR
4 16 17 11
QNR
z4 z3 z2 z1
17 13 17 27
• Public data size: n = 16
Slide by S.Wang, D.Agrawal, and A. El Abbadi
z3 = QNR è M2,3 = 1
z3 = QR è M2,3 = 0
4 16 17 11
Client Server
{zi}
• Organize data in an s x t (4 x 4) binary matrix M
M2,3
Note: result leaks informa9on about other rows to the client
![Page 28: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/28.jpg)
Some Numbers [OG11]
28
End User (B1) – 9/2 Mbps Commercial (B2) – 1.5 Gbps Ethernet LAN (B3) – 10 Gbps
cPIR [KO97] LPIR-‐A [AM08] MPIR-‐G [G07] MPIR-‐C [CGKS95]
Comparison of the response Ymes of different PIR schemes over 3 current network bandwidths
![Page 29: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/29.jpg)
Symmetric PIR (SPIR)
• PIR protects the privacy of the user’s query – The client can learn more than a single record
• Symmetric PIR (SPIR) protects the privacy of the database server [GIKM98, CDN09, CDN10, HOG11]: – The database client learns only one record per access request
– The privacy of both the client and the server is preserved that’s why it is called “symmetric”
– Symmetric PIR implies Oblivious transfer (OT) [DMO00]
29
![Page 30: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/30.jpg)
Oblivious RAM (ORAM)
30 Credits: some slides by Emil Stefanov
![Page 31: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/31.jpg)
Oblivious RAM (O-‐RAM)
• Goal: Conceal access paJerns to remote storage from the database owner.
• An observer cannot dis9nguish a sequence of read/write opera9ons from random opera9ons.
Untrusted Cloud Storage
Client Proposed by Goldreich and Ostrovsky. [GO96] Recently: [OS97, WS08, WSC08, PR10, GM10, GMOT11, BMP11, SCSL11, SSS12, GMOT12, KLO12, WS12, LPMRS13, SS13, MBC14 … ]
31
![Page 32: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/32.jpg)
ORAM in a Nutshell
Cloud Client
or ?
shuffling
lots of bandwidth
32
![Page 33: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/33.jpg)
Goldreich’s ORAM • Provides access pa)ern privacy to a single client
• Database is considered to be a set of N seman9cally-‐secure encrypted blocks
• Data is organized into several levels as a pyramid
• Goal: Server should be unable to dis9nguish between reads, writes, and inserts
• Con9nuously shuffling and re-‐encryp9ng data as they are accessed 33
![Page 34: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/34.jpg)
Exis9ng Approaches
34
![Page 35: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/35.jpg)
Exis9ng Approaches
• Inside a level – Some real blocks
• Useful data – Some dummy blocks
• Random data – Randomly permuted
• Only the client knows the permuta9on
Dummy Block
Real Block
Real Block
Dummy Block
Real Block
Dummy Block
Dummy Block
Real Block 35
![Page 36: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/36.jpg)
Exis9ng Approaches • Reading
– Read a block from each level – One real block. – Remaining are dummy blocks
Client Server
real dummy dummy dummy dummy
dummy
36
![Page 37: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/37.jpg)
Exis9ng Approaches
• Wri9ng – Shuffle consecu9vely filled levels.
– Write into next unfilled level.
– Clear the source levels
Server (before) Server (aber) Client
shuffle blocks
37
![Page 38: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/38.jpg)
Con9nuous Shuffling
… To write:
![Page 39: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/39.jpg)
The Problem with Exis9ng Approaches
39
![Page 40: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/40.jpg)
A prac9cal Approach [SSS12]
• Make shuffling cheaper. • Reduce the worst-‐case cost.
But, how?
40
![Page 41: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/41.jpg)
Answer: Par99on the Storage
41
![Page 42: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/42.jpg)
Challenge: Par99oning Breaks Security
O-‐RAM O-‐RAM O-‐RAM O-‐RAM O-‐RAM
Server Client
Par99ons
Read block from its randomly assigned
par99on
block
Assign and write block to a new
random par99on
Read block from its previously assigned random par99on.
Not privacy preserving!
There is linkability between reads and writes. 42
![Page 43: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/43.jpg)
Solu9on: Par99oning Framework
• Accessing a block: 1. Read from par99on (previously randomly assigned). 2. Read/modify block data. 3. Write to random cache slot (don’t write to server yet).
O-‐RAM O-‐RAM O-‐RAM O-‐RAM O-‐RAM
block block block block
block block
block
Server Client
Par99ons
Cache Slots
43
posiYon map
![Page 44: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/44.jpg)
Solu9on: Par99oning Framework
• Background evic9on: – Sequen9ally scan the cache slots. – Evict one block if possible. – Evict dummy block otherwise.
O-‐RAM O-‐RAM O-‐RAM O-‐RAM O-‐RAM
block block block block
block block
block
Server Client
Par99ons
Cache Slots
dummy
44
![Page 45: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/45.jpg)
Par99on O-‐RAM
45
![Page 46: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/46.jpg)
Path ORAM [SVSF13] CCS13
46
![Page 47: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/47.jpg)
Path ORAM
• Problem statement: – Client wishes to store data at a remote untrusted server while preserving its privacy
– Server is untrusted, and the client is trusted, including the client’s processor, memory, and disk
• No informa9on should be leaked about: – Which data is being accessed – When was it last accessed – Whether the same data is being accessed – Access pa)ern – Whether the access is read or write
47
![Page 48: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/48.jpg)
Goals
48
![Page 49: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/49.jpg)
Security Defini9on
• Privacy: – For any two data request sequences of the same length, their access pa)erns are computa9onally indis9nguishable by anyone but the client
• Correctness: – ORAM construc9on is correct in that it returns the requested data with high probability
49
![Page 50: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/50.jpg)
Path ORAM -‐ Overview
• Client stores a small amount of local data in a stash
• Server-‐side storage is treated as a binary tree where each node is a bucket that can hold up to a fixed number of blocks
• Each block is mapped to a uniformly random leaf bucket in the tree
• Unstashed blocks are always placed in some bucket along the path to the mapped leaf
50
![Page 51: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/51.jpg)
Path ORAM – Read/Write
• When a block is read from the server, the en9re path to the mapped leaf is read into the stash
• Requested block is remapped to another leaf, and then the path that was just read is wri)en back to the server
51
![Page 52: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/52.jpg)
Server
Client
array that maps: block id à random leaf (posiYon)
blocks stored in the nodes of the tree
nodes can contain mulYple blocks
some nodes are empty
stores blocks not currently in the tree
Main Invariant: A block is always on the path to its “posiYon”.
stash posiYon map
52
![Page 53: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/53.jpg)
Server
Client
Main Invariant: A block is always on the path to its “posiYon”. Example:
A block is mapped to posiYon 2.
0 1 2 3 4 5 6 7 posiYons:
that block must be on this path
stash posiYon map
53
![Page 54: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/54.jpg)
Server
Client
stash posiYon map
posiYons are uniformly independently randomly chosen
will have “collisions” at the leafs
will have “collisions” at internal nodes
this is why some nodes might contain mulYple blocks
54
![Page 55: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/55.jpg)
Server
Client
stash posiYon map
Accessing a block:
1. Lookup block’s posiYon
0 3 4 5 6 7 posiYons:
2. Read the enYre path
2
2
3. Client can now read/modify data
in block
4. Assign new random posiYon.
1
1
5. Write path back, pushing blocks as deep as possible.
Orange block ends up at deepest common ancestor
desired path evicYon
path
55
![Page 56: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/56.jpg)
Server
Client
stash posiYon map
2 3
3 has been mapped
to posiYon 3
desired path
was originally here
will end up
other blocks may move deeper too
all blocks get pushed as deep as possible
56
![Page 57: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/57.jpg)
Server
Client
stash posiYon map
If orange block was mapped to 5…
2
2
5
root is deepest common ancestor
5
very different desired path
All paths always intersect at the root.
If enough space in nodes: Can always place blocks in tree
57
![Page 58: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/58.jpg)
Security
58
![Page 59: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/59.jpg)
Server
Client
stash posiYon map Suppose client accesses blocks
1, 2, 3, 4. 5
0 1 2 3 4 5 6 7 posiYons:
1 6 4
Server observes: 5, 1, 6, 4
Client looks up in posiYon map.
5 1 6 4
equally likely
If client instead accesses: 46, 49, 53, 60
the two access paJerns are indisYnguishable
59
![Page 60: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/60.jpg)
Node Size • To preserve privacy:
– Must hide # blocks in node.
– Must use worst-‐case size. – Pad with dummy blocks.
• Problem: – Large worst case size – Much smaller average size – Lots of wasted space and bandwidth.
worst case
wasted space average case
60
![Page 61: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/61.jpg)
Node Size Our soluYon: • Use small node size. – Node size of 4 works well.
• Children overflow into lower levels.
overflow
overflow
overflow
Overflow preserves main (path) invariant. 61
![Page 62: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/62.jpg)
but, if node is full…
block should go here
…then, block gets place here.
And if this is full too…
…then block gets placed at root. What happens if
the root is full?
root’s overflow: remains in stash
stash 62
![Page 63: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/63.jpg)
Client’s Stash
63
Empirical esYmaYon of the required stash size to achieve failure probability less than 2-‐λ
![Page 64: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/64.jpg)
Client Storage
Results from empirical evalua9on for the Phantom processor by [MLS13]. 64
![Page 65: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/65.jpg)
Posi9on Map
Server
Client
• So far, the data is laid out as follows:
Use recursion to eliminate posiYon map!
stash posiYon map 65
![Page 66: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/66.jpg)
Recursion • Store the posi9on map in another ORAM. • Do this recursively.
Server
Client
…
…
O-‐RAM #1 O-‐RAM #2: Posi9on Map for O-‐RAM #1 O-‐RAM #3:
Posi9on Map for O-‐RAM #2
66
![Page 67: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/67.jpg)
Asympto9c Costs • AsymptoYc breakthrough for large enough blocks (e.g., 4 KB blocks).
InstanYaYon Client Storage Bandwidth
Without Recursion
With Recursion
Block size in bits
Tot # of blocks
![Page 68: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/68.jpg)
Stateless ORAM
• ORAM is o�en considered in a single-‐client model
• It is some9mes useful to have mul9ple clients accessing the same ORAM
• Goodrich et al. introduce the concept of stateless ORAM [1] – client state is small enough – any client accessing the ORAM can download it before each data access and upload it a�erwards
68 [1] M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Privacy-‐preserving group data access via stateless oblivious ram simula9on. In Proceedings of the Twenty-‐Third Annual ACM-‐SIAM Symposium on Discrete Algorithms, SODA ’12,
![Page 69: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/69.jpg)
PIR vs. ORAM
• ORAM allows read/write opera9ons on the database
• ORAM allows only the user with the crypto key to access the database
– If several users, it requires them to coordinate their acts
• Data in ORAM is stored in encrypted form
• ORAM requires the user to keep
some state informa9on • ORAM requires pre-‐processing
ini9aliza9on step. 69
• PIR does not allow write opera9ons on the database
• PIR scheme is single-‐rounded query-‐answer protocol (common communica9on pa)ern in context of databases)
• PIR allows mul9ple users to access the database
• Data in PIR is not necessarily encrypted.
![Page 70: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/70.jpg)
A Mixed Approach [HG13] Outsourced Private Informa9on Retrieval through combina9on of:
– Write-‐only ORAM – Goldberg IT-‐PIR
70
![Page 71: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/71.jpg)
The Construc9on
71
![Page 72: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/72.jpg)
Takeaways • Privacy protec9on against database owners is a growing
concern especially with the spread of cloud compu9ng
• Encryp9on is not always enough to protect data privacy since access pa)erns can reveal sensi9ve informa9on
• Sophis9cated techniques such as PIR and ORAM prevents the leakage of access pa)erns to the database owner
• However these techniques are computa9onally expensive and their usage must be evaluate carefully
• A lot of research is ongoing on this domain to make these techniques simpler and more efficient
72
![Page 73: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/73.jpg)
References [CKGS95] -‐ Chor, B., Kushilevitz, E., Goldreich, O., and Sudan, M. . Private informa9on retrieval. Journal of the ACM (JACM), 1998, 45(6), 965-‐981. [DGH12] -‐ Devet, C., Goldberg, I., and Heninger, N. . Op9mally Robust Private Informa9on Retrieval. In USENIX Security Symposium (pp. 269-‐283). (2012, August). [GO96] -‐ Goldreich, O., and Ostrovsky, R.. So�ware protec9on and simula9on on oblivious RAMs. Journal of the ACM (JACM), 43(3), 431-‐473. (1996). [Gol07] -‐ Goldberg, I.. Improving the robustness of private informa9on retrieval. In Security and Privacy, 2007. SP'07. IEEE Symposium on (pp. 131-‐148). IEEE. [GIKM98] -‐ Gertner, Y., Ishai, Y., Kushilevitz, E., & Malkin, T.. Protec9ng data privacy in private informa9on retrieval schemes. In Proceedings of the thirYeth annual ACM symposium on Theory of compuYng (pp. 151-‐160). ACM 1998. [HG13] -‐ Huang, Y., and Goldberg, I.. Outsourced private informa9on retrieval. In Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society (pp. 119-‐130). ACM 2013. 73
![Page 74: Hiding&Paerns&from&the&Database&Owner&& …erman/CS577/HidingFromDB.pdf · 2016-02-12 · Hiding&Paerns&from&the&Database&Owner&& 6&Private&Informaon&Retrieval&(PIR)&& 6&Oblivious&RAM(ORAM)](https://reader033.vdocuments.site/reader033/viewer/2022060415/5f134f053626e25f9055c246/html5/thumbnails/74.jpg)
References (ctd.)
[IKK12] -‐ Islam, M. S., Kuzu, M., and Kantarcioglu, M. (2012, February). Access Pa)ern disclosure on Searchable Encryp9on: Ramifica9on, A)ack and Mi9ga9on. In NDSS’12. [KO97] -‐ Kushilevitz, E., & Ostrovsky, R.. Replica9on is not needed: Single database, computa9onally-‐private informa9on retrieval. IEEE Computer Society, 1997. [MLS13] -‐ Maas, M., et al.. Phantom: Prac9cal oblivious computa9on in a secure processor. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communicaYons security (pp. 311-‐324). ACM. [SSS12] -‐ Stefanov, E., Shi, E., and Song, D. Towards prac9cal oblivious RAM. In Symposium on Network and Distributed System Security (NDSS), 2012 [SVSF13] -‐ Stefanov, E., Van Dijk, M., Shi, E., Fletcher, C., Ren, L., Yu, X., and Devadas, S.. Path oram: An extremely simple oblivious ram protocol. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communicaYons security (pp. 299-‐310). ACM (2013, November) 74