Paper 2016/073

MU-ORAM: Dealing with Stealthy Privacy Attacks in Multi-User Data Outsourcing Services

Jinsheng Zhang, Wensheng Zhang, and Daji Qiao


Outsourcing data to remote storage servers has become more and more popular, but the related security and privacy concerns have also been raised. To protect the pattern in which a user accesses the outsourced data, various oblivious RAM (ORAM) constructions have been designed. However, when existing ORAM designs are extended to support multi-user scenarios, they become vulnerable to stealthy privacy attacks targeted at revealing the data access patterns of innocent users, even if only one curious or compromised user colludes with the storage server. To study the feasibility and costs of overcoming the above limitation, this paper proposes a new ORAM construction called Multi-User ORAM (MU-ORAM), which is resilient to stealthy privacy attacks. The key ideas in the design are (i) introduce a chain of proxies to act as a common interface between users and the storage server, (ii) distribute the shares of the system secrets delicately to the proxies and users, and (iii) enable a user and/or the proxies to collaboratively query and shuffle data. Through extensive security analysis, we quantify the strength of MU-ORAM in protecting the data access patterns of innocent users from attacks, under the assumption that the server, users, and some but not all proxies can be curious but honest, compromised and colluding. Cost analysis has been conducted to quantify the extra overhead incurred by the MU-ORAM design.

Available format(s)
Publication info
Preprint. MINOR revision.
information hiding
Contact author(s)
alexzjs @ iastate edu
wzhang @ iastate edu
daji @ iastate edu
2016-01-27: received
Short URL
Creative Commons Attribution


      author = {Jinsheng Zhang and Wensheng Zhang and Daji Qiao},
      title = {MU-ORAM: Dealing with Stealthy Privacy Attacks in Multi-User Data Outsourcing Services},
      howpublished = {Cryptology ePrint Archive, Paper 2016/073},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.