EAGER: Protecting Data Access Pattern Privacy in Hybrid Cloud Storage Systems

EAGER：保护混合云存储系统中的数据访问模式隐私

• 批准号: 1844591
• 负责人: Wensheng Zhang
• 金额: $ 24.98万
• 依托单位: Iowa State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1844591&HistoricalAwards=false
• 关键词: EAGER; Protecting; Data; Access; Pattern

Cloud-based storage services are gaining increasing popularity for their attractive pay-as-you-go model and high availability, reliability and economic efficiency. Meanwhile, there is an increasing privacy consciousness among users regarding this storage paradigm. While encryption provides some protection for data privacy, it cannot protect data access patterns, which can reveal private information about cloud storage clients. In particular, a curious owner or employee of a cloud storage service or an attacker invading the system can observe a client's access patterns, develop a model relating the patterns to the client's activities and later on use the model and observed access patterns to infer or predict the client's activities. Although several schemes have been proposed to protect the access patterns, in particular Oblivious Random Access Memory (RAM), it is hard to put these into practice owing to the high communication, storage, or computational overheads they incur. Towards addressing this problem, the project aims to offer an efficient, scalable and practical solution using Oblivious RAM that can protect the privacy of access pattern and can seamlessly integrate with existing cloud storage infrastructures. Specifically, the project leverages the emerging hybrid cloud storage architecture that has a cloud storage gateway with a moderate level of resource at the client side, the well-known reference locality principle for data access, and the availability of multiple independent cloud storage servers in the market. The project would benefit the community by enhancing the users' awareness of security and privacy risks in using cloud services and providing them with user-friendly protection tools so that they benefit from using such services with confidence. The project designs a new hierarchical, Oblivious RAM storage system to include multiple layers of Oblivious RAM modules, each of which is optimized for different performance metrics depending on its niche on the hierarchy; hence, the hierarchy as whole can attain high efficiency in communication, storage and computation simultaneously. The project formalizes the problem of protecting the data access pattern for the whole hierarchy of Oblivious RAM modules, and develops novel algorithms to solve the problem. The project also aims to deliver a set of provably-secure Oblivious RAM algorithms optimized for short data access delay or low server-side storage overhead, and a set of provably-secure algorithms for planning an optimal architecture for a hierarchy of Oblivious RAM modules, configuring the hierarchy and coordinating the operations of all Oblivious RAM modules in the hierarchy.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

基于云的存储服务因其诱人的即付即用模式以及高可用性、可靠性和经济效率而越来越受欢迎。与此同时，用户对这种存储模式的隐私意识也在不断增强。虽然加密为数据隐私提供了一些保护，但它无法保护数据访问模式，因为数据访问模式可能会泄露有关云存储客户端的私人信息。特别是，好奇的云存储服务的所有者或员工或入侵系统的攻击者可以观察客户端的访问模式，开发将模式与客户端的活动相关联的模型，并在以后使用该模型和观察到的访问模式来推断或预测客户端的活动。虽然已经提出了几种方案来保护访问模式，特别是不经意的随机存取存储器(RAM)，但由于它们引起的高通信、存储或计算开销，这些方案很难付诸实践。为了解决这一问题，该项目旨在提供一种高效、可扩展和实用的解决方案，使用不经意的RAM来保护访问模式的隐私，并可以与现有的云存储基础设施无缝集成。具体地说，该项目利用了新兴的混合云存储架构，该架构具有一个云存储网关，在客户端具有中等水平的资源，众所周知的数据访问参考位置原则，以及市场上多个独立云存储服务器的可用性。该项目将提高用户对使用云服务的安全和隐私风险的认识，并为他们提供方便使用的保护工具，使他们能够放心地使用该等服务，从而使社区受益。该项目设计了一种新的层次化的不经意RAM存储系统，包括多层不经意RAM模块，每个模块根据其在层次结构上的利基位置针对不同的性能指标进行优化，从而使层次结构作为一个整体能够同时达到通信、存储和计算的高效率。该项目将保护整个不经意RAM模块层次的数据访问模式的问题形式化，并开发了解决该问题的新算法。该项目还旨在提供一套针对短数据访问延迟或低服务器端存储开销进行优化的可证明安全的不经意RAM算法，以及一套可证明安全的算法，用于规划不经意RAM模块层次结构的最佳体系结构，配置层次结构并协调层次结构中所有不经意RAM模块的操作。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Efficient and Accountable Oblivious Cloud Storage with Three Servers

• DOI: 10.1109/cns.2019.8802848
• 发表时间: 2019-06
• 期刊: 2019 IEEE Conference on Communications and Network Security (CNS)
• 作者: Qiumao Ma;Wensheng Zhang

Game Theoretic Approach for Secure and Efficient Heavy-Duty Smart Contracts

• DOI: 10.1109/cns48642.2020.9162290
• 发表时间: 2020-06
• 期刊: 2020 IEEE Conference on Communications and Network Security (CNS)
• 作者: Pinglan Liu;Wensheng Zhang

A Practical Oblivious Cloud Storage System based on TEE and Client Gateway

基于TEE和客户端网关的实用Oblivious云存储系统

• DOI: 10.1109/pst52912.2021.9647827
• 发表时间: 2021
• 期刊: Security and Trust (PST
• 作者: Zhang, Wensheng

Optimizing Fund Allocation for Game-based Verifiable Computation Outsourcing

• DOI: 10.1007/978-3-030-99191-3_6
• 发表时间: 2021-03
• 作者: Pinglan Liu;Xiaojuan Ma;Wensheng Zhang

Octopus ORAM: An Oblivious RAM with Communication and Server Storage Efficiency

Octopus ORAM：一种具有通信和服务器存储效率的不经意的 RAM

• DOI: 10.4108/eai.29-4-2019.162405
• 发表时间: 2019
• 期刊: ICST Transactions on Security and Safety
• 作者: Ma, Qiumao;Zhang, Wensheng
• 通讯作者: Zhang, Wensheng