Skip to main content
SpringerLink
Log in

XPORAM: A Practical Multi-client ORAM Against Malicious Adversaries

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14526))

Included in the following conference series:

  • 122 Accesses

Abstract

Oblivious RAM (ORAM) was proposed to solve the problem of memory disclosure, preventing the system from reverse engineering attacks. Naturally, researchers apply ORAM into the out-sourced storage scenarios widely to protect the users’ access patterns, including the sequence, the time, the correlation of the accesses, etc., which might compromise the users’ private information and be utilized by malicious adversaries to launch attacks. ORAM typically protect user information by transforming a single access to the target item into a sequence accesses to multiple items, periodically reshuffling the accessed data. However, these extra operations bring about extra storage, computation and communication cost. Especially when applied to the multi-client scenarios, the overhead will be usually multiplied considering both the security and the performance. Current multi-client ORAM schemes suffer from the large overhead because of complicated architecture or cryptographic primitive, such as fully-homomorphic encryption, private information retrieval. This paper presents \(\textsf{XPORAM}\), an efficient Oblivious RAM scheme appropriate for practical multi-client scenarios against malicious adversaries. Using the architecture of the non-colluding model, our scheme constructs multi-party secure communication while achieving obliviousness. Our security analysis guarantees the secure deployment of \(\textsf{XPORAM}\) and our experimental results demonstrate the O(1) communication overhead and \(O(\log N)\) computation overhead without requiring any trustworthy proxy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmad, A., Kim, K., Sarfaraz, M.I., Lee, B.: OBLIVIATE: a data oblivious filesystem for intel SGX. In: NDSS (2018)

    Google Scholar 

  2. Apon, D., Katz, J., Shi, E., Thiruvengadam, A.: Verifiable oblivious storage. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 131–148. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_8

    Chapter  Google Scholar 

  3. Asharov, G., Komargodski, I., Lin, W.K., Nayak, K., Peserico, E., Shi, E.: Optorama: optimal oblivious ram. J. ACM 70(1), 1–70 (2022)

    Article  MathSciNet  Google Scholar 

  4. Blass, E.-O., Mayberry, T., Noubir, G.: Multi-client oblivious RAM secure against malicious servers. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 686–707. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_34

    Chapter  Google Scholar 

  5. Cheng, W., Sang, D., Zeng, L., Wang, Y., Brinkmann, A.: TIANJI: securing a practical asynchronous multi-user ORAM. IEEE Trans. Depend. Secure Comput. 20, 5143–5155 (2023)

    Article  Google Scholar 

  6. Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: Proceedings of IEEE 36th Annual Foundations of Computer Science, Wisconsin, USA, pp. 41–50. IEEE (1995). https://doi.org/10.1109/SFCS.1995.492461

  7. Dauterman, E., Feng, E., Luo, E., Popa, R.A., Stoica, I.: \(\{\)DORY\(\}\): An encrypted search system with distributed trust. In: 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20), pp. 1101–1119 (2020)

    Google Scholar 

  8. Dautrich, J., Stefanov, E., Shi, E.: Burst ORAM: minimizing ORAM response times for bursty access patterns. In: 23rd USENIX Security Symposium (USENIX Security 14), Berkley, CA, pp. 749–764. USENIX Association (2014)

    Google Scholar 

  9. Devadas, S., van Dijk, M., Fletcher, C.W., Ren, L., Shi, E., Wichs, D.: Onion ORAM: a constant bandwidth blowup oblivious RAM. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 145–174. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_6

    Chapter  Google Scholar 

  10. Franz, M., et al.: Oblivious outsourced storage with delegation. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 127–140. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_11

    Chapter  Google Scholar 

  11. Gao, B., Chen, B., Jia, S., Xia, L.: EHIFS: an efficient history independent file system. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 573–585 (2019)

    Google Scholar 

  12. Goldreich, O.: Towards a theory of software protection and simulation by oblivious rams. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, New York, NY, USA, pp. 182–194. STOC ’87, Association for Computing Machinery (1987)

    Google Scholar 

  13. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM (JACM) 43(3), 431–473 (1996)

    Article  MathSciNet  Google Scholar 

  14. Hoang, T., Guajardo, J., Yavuz, A.A.: MACAO: a maliciously-secure and client-efficient active ORAM framework. In: 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23–26 (2020)

    Google Scholar 

  15. Huang, Y., et al.: ThinORAM: towards practical oblivious data access in fog computing environment. IEEE Trans. Serv. Comput. 13(4), 602–612 (2020)

    Article  Google Scholar 

  16. Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: NDSS, vol. 20, p. 12 (2012)

    Google Scholar 

  17. Klimt, B., Yang, Y.: The Enron corpus: a new dataset for email classification research. In: Boulicaut, J.-F., Esposito, F., Giannotti, F., Pedreschi, D. (eds.) ECML 2004. LNCS (LNAI), vol. 3201, pp. 217–226. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30115-8_22

    Chapter  Google Scholar 

  18. Larsen, K.G., Nielsen, J.B.: Yes, there is an oblivious RAM lower bound! In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 523–542. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_18

    Chapter  Google Scholar 

  19. Liu, C., Wang, X.S., Nayak, K., Huang, Y., Shi, E.: OBLIVM: a programming framework for secure computation. In: 2015 IEEE Symposium on Security and Privacy, pp. 359–376. IEEE (2015)

    Google Scholar 

  20. Liu, Z., Huang, Y., Li, J., Cheng, X., Shen, C.: DivORAM: towards a practical oblivious ram with variable block size. Inf. Sci. 447, 1–11 (2018)

    Article  Google Scholar 

  21. Liu, Z., Li, B., Huang, Y., Li, J., Xiang, Y., Pedrycz, W.: NewMCOS: towards a practical multi-cloud oblivious storage scheme. IEEE Trans. Knowl. Data Eng. 32(4), 714–727 (2019)

    Article  Google Scholar 

  22. Maas, M., et al.: Phantom: practical oblivious computation in a secure processor. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 311–324 (2013)

    Google Scholar 

  23. Maffei, M., Malavolta, G., Reinert, M., Schröder, D.: Privacy and access control for outsourced personal records. In: 2015 IEEE Symposium on Security and Privacy, pp. 341–358. IEEE (2015)

    Google Scholar 

  24. Maffei, M., Malavolta, G., Reinert, M., Schröder, D.: Maliciously secure multi-client ORAM. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 645–664. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_32

    Chapter  Google Scholar 

  25. Mayberry, T., Blass, E., Chan, A.H.: Efficient private file retrieval by combining ORAM and PIR. In: 21st Annual Network and Distributed System Security Symposium, NDSS. The Internet Society (2014)

    Google Scholar 

  26. Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 502–519. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_27

    Chapter  Google Scholar 

  27. Ren, L., et al.: Constants count: Practical improvements to oblivious RAM. In: 24th USENIX Security Symposium (USENIX Security 15), Washington, D.C., pp. 415–430. USENIX Association (2015)

    Google Scholar 

  28. Roche, D.S., Aviv, A., Choi, S.G.: A practical oblivious map data structure with secure deletion and history independence. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 178–197. IEEE (2016)

    Google Scholar 

  29. Sahin, C., Zakhary, V., El Abbadi, A., Lin, H., Tessaro, S.: Taostore: overcoming asynchronicity in oblivious data storage. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 198–217. IEEE (2016)

    Google Scholar 

  30. Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((logN)3) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_11

    Chapter  Google Scholar 

  31. Stefanov, E., et al.: Path ORAM: an extremely simple oblivious ram protocol. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. CCS 2013, New York, NY, USA, pp. 299–310. Association for Computing Machinery (2013)

    Google Scholar 

  32. Stefanov, E., Shi, E.: Multi-cloud oblivious storage. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. CCS 2013, New York, NY, USA, pp. 247–258. Association for Computing Machinery (2013)

    Google Scholar 

  33. Stefanov, E., Shi, E.: ObliviStore: high performance oblivious cloud storage. In: 2013 IEEE Symposium on Security and Privacy, pp. 253–267. IEEE (2013)

    Google Scholar 

  34. Stefanov, E., Shi, E., Song, D.X.: Towards practical oblivious RAM. In: 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA,, Reston, VA, USA 5–8 February, pp. 1–40. The Internet Society (2012)

    Google Scholar 

  35. Tople, S., Jia, Y., Saxena, P.: Pro-ORAM: practical read-only oblivious ram. In: RAID, pp. 197–211 (2019)

    Google Scholar 

  36. Vadapalli, A., Henry, R., Goldberg, I.: DuORAM: a bandwidth-efficient distributed ORAM for 2-and 3-party computation. In: 32nd USENIX Security Symposium (2023)

    Google Scholar 

  37. Wang, X.S., Huang, Y., Chan, T.H., Shelat, A., Shi, E.: ScORAM: oblivious ram for secure computation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. CCS 2014, pp. 191–202 (2014)

    Google Scholar 

  38. Wang, X.S., et al.: Oblivious data structures. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 215–226 (2014)

    Google Scholar 

  39. Wang, Y., Malluhi, Q.M.: Privacy preserving computation in cloud using reusable garbled oblivious rams. In: Susilo, W., Chen, X., Guo, F., Zhang, Y., Intan, R. (eds.) ISC 2022. LNCS, vol. 13640, pp. 3–19. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22390-7_1

    Chapter  Google Scholar 

  40. Williams, P., Sion, R., Tomescu, A.: PrivateFS: a parallel oblivious file system. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 977–988 (2012)

    Google Scholar 

  41. Xu, W., Zhang, J., Yuan, Y., Wang, X.: Symmetric searchable encryption with supporting search pattern and access pattern protection in multi-cloud. Concurr. Comput. Pract. Exp. 35(9), e7651 (2023)

    Article  Google Scholar 

  42. Zahur, S., et al.: Revisiting square-root ORAM: efficient random access in multi-party computation. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 218–234. IEEE (2016)

    Google Scholar 

Download references

Acknowledgments

This work was supported by National Key Research and Development Program of China (No.2021YFB3101100) and National Natural Science Foundation of China (No.62272457, No.62302238).

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Biao Gao, Shijie Jia & Peixin Ren

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Biao Gao, Shijie Jia & Peixin Ren

  3. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China

    Jiankuo Dong

Authors
  1. Biao Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shijie Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiankuo Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peixin Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shijie Jia .

Editor information

Editors and Affiliations

  1. Shandong University, Jinan, China

    Chunpeng Ge

  2. Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gao, B., Jia, S., Dong, J., Ren, P. (2024). XPORAM: A Practical Multi-client ORAM Against Malicious Adversaries. In: Ge, C., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2023. Lecture Notes in Computer Science, vol 14526. Springer, Singapore. https://doi.org/10.1007/978-981-97-0942-7_20

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-0942-7_20

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-0941-0

  • Online ISBN: 978-981-97-0942-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation