Paper 2015/224

GORAM -- Group ORAM for Privacy and Access Control in Outsourced Personal Records

Matteo Maffei, Giulio Malavolta, Manuel Reinert, and Dominique Schröder

Abstract

Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having access to outsourced files might be malicious and misbehave. These concerns are particularly serious in sensitive applications like personal health records and credit score systems. To tackle this problem, we present GORAM, a cryptographic system that protects the secrecy and integrity of outsourced data with respect to both an untrusted server and malicious clients, guarantees the anonymity and unlinkability of accesses to such data, and allows the data owner to share outsourced data with other clients, selectively granting them read and write permissions. GORAM is the first system to achieve such a wide range of security and privacy properties for outsourced storage. In the process of designing an efficient construction, we developed two new, generally applicable cryptographic schemes, namely, batched zero-knowledge proofs of shuffle and an accountability technique based on chameleon signatures, which we consider of independent interest. We implemented GORAM in Amazon Elastic Compute Cloud (EC2) and ran a performance evaluation demonstrating the scalability and efficiency of our construction.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Major revision. IEEE Symposium on Security and Privacy 2015
Contact author(s)
reinert @ cs uni-saarland de
History
2015-08-25: revised
2015-03-09: received
See all versions
Short URL
https://ia.cr/2015/224
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/224,
      author = {Matteo Maffei and Giulio Malavolta and Manuel Reinert and Dominique Schröder},
      title = {GORAM -- Group ORAM for Privacy and Access Control in Outsourced Personal Records},
      howpublished = {Cryptology ePrint Archive, Paper 2015/224},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/224}},
      url = {https://eprint.iacr.org/2015/224}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.