Cryptology ePrint Archive: Report 2012/133

Toward Practical Private Access to Data Centers via Parallel ORAM

Jacob R. Lorch and Bryan Parno and James Mickens and Mariana Raykova and Joshua Schiffman

Abstract: Recent events have shown online service providers the perils of possessing private information about users. Encrypting data mitigates but does not eliminate this threat: the pattern of data accesses still reveals information. Thus, we present Shroud, a general storage system that hides data access patterns from the servers running it, protecting user privacy. Shroud functions as a virtual disk with a new privacy guarantee: the user can look up a block without revealing the block's address. Such a virtual disk can be used for many purposes, including map lookup, microblog search, and social networking.

Shroud aggressively targets hiding accesses among hundreds of terabytes of data. We achieve our goals by adapting oblivious RAM (ORAM) algorithms to enable large-scale parallelization. Specifically, we show, via new techniques such as oblivious aggregation, how to securely use many inexpensive secure coprocessors acting in parallel to improve request latency. Our evaluation combines large-scale emulation with an implementation on secure coprocessors and suggests that these adaptations bring private data access closer to practicality.

Category / Keywords: applications / Oblivious RAM, ORAM, Parallelism, Secure Hardware, Implementation

Publication Info: An abridged version appears in the Proceedings of the USENIX Conference on File and Storage Technologies (FAST), 2013

Date: received 9 Mar 2012, last revised 16 Jan 2013

Contact author: parno at microsoft com

Available formats: PDF | BibTeX Citation

Note: Updated with additional proofs and empirical results.

Version: 20130117:032459 (All versions of this report)

Discussion forum: Show discussion | Start new discussion