1 / 18

CS7380: Privacy Aware Computing

CS7380: Privacy Aware Computing. Oblivious RAM. Motivation. Starting from software protection Prevent from software piracy A valid method is using hardware key to protect the validity of the software; hardware key cannot be duplicated

gretel
Download Presentation

CS7380: Privacy Aware Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS7380: Privacy Aware Computing Oblivious RAM

  2. Motivation • Starting from software protection • Prevent from software piracy • A valid method is using hardware key to protect the validity of the software; hardware key cannot be duplicated • Still the memory access between the HW and SW components can leak information • Attacker can deceive or skip the checking with the HW component

  3. Oblivious RAM definition • How to protect from observing memory access pattern? • Memory access is probabilistic • The probabilistic distribution is independent of the input

  4. First solution: the square-root algorithm • For each accesses, randomly permute the first m+ memory • For accessing a word, check the sheltered words first. If it is there, we • access one of the dummy words • 2. If it is not there, find the permuted location (i). • t steps of original RAM access can be simulated with t+sqrt(m) steps ORAM

  5. Key operation • Oblivious random permutation • Random mapping f: {1,2,..,n} -> {1,2,..,nlogn}, so that (i)=k if f(i) is the k-smallest in f(1)..f(n) • Using Batcher’s Sorting Network to sort permuted tags f(i) – the sequence of access if fixed, independent of input • binary search over the sorted tags f(i) to find (i)

  6. Cost analysis • Per access cost :

  7. The hierarchical algorithm • Each memory cell is modeled as (Vi, Xi) • Vi is the location, Xi is the value • Basic idea • Consider the shelter memory as a buffer; extend it to multiple levels of buffers • Use oblivious hash function

  8. Hierarchical scheme

  9. Setting • each level i has 4i buckets • Each bucket has log t items, where t is the total number of accesses by the current program • Total number of levels N = 1+ ceil(log4 t) • Each level has a randomly selected hash function

  10. Initially • Load program to the N level, which has 4t buckets • For each level • If (V, X) is already found, randomly pick a bucket to access • Otherwise, check the bucket h_i(V) • Put (V, X) to the 1st level (may cause overflowing to the lower levels). • If the first i levels are full, move all 1 to i levels to i+1 levels and empty the first i levels

  11. Reading • Check the bucket h_i(V) from each level i • Only one real match • Remaining are dummy entries dummy real dummy dummy dummy dummy Client Server

  12. Writing • Chose a new hash for level i+1, • Shuffle consecutively filled levels. • Write into next unfilled level. • Clear the source levels Server (after) Client Server (before) shuffle values

  13. Cost analysis • time cost: • Each level cost O(log t), total log t levels • Cost per access: O((log t)2) • Hashing cost: O(t(log t)3) • Storage cost (t log t)

  14. Improved schemes • Paper: oblivious ram revisited • Improvement • Storage O(n) • Time O((log n)2) • In context of cloud computing • Key idea • Using Cuckoo hashing • Mapping n items to 2(1+e)n bins and at most a signle item is mapped into a bin • Reduce storage to O(n) • Randomized shell sort

  15. Williams and Sion solution • Usable PIR. In NDSS, 2008. • Use O(sqrt(n)) secure client side memory and oblivious merge sort to improve the performance to O((log n)2) • Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage. In ACM CCS,2008 • Use Bloom Filter to further improve the performance to O(logn*loglog n)

  16. A number of methods Pinkas and Reinman

  17. Remaining challenges • Storage cost • Reshuffling • Client-server interactions

  18. Most recent development • http://www.emilstefanov.net/Research/ObliviousRam/ • Oblivious storage

More Related