云存储中的ORAM研究综述

摘要/Abstract

摘要： 在云存储环境中,服务器或者第三方可以仅通过对用户访问行为进行分析来获取信息,对用户信息安全造成威胁。ORAM通过构造精巧设计的存储结构和冗余的访问机制,有效地隐藏用户访问行为与访问目标之间的对应关系。隐藏用户访问意图的安全访问机制,是现阶段隐藏用户访问模式的主要手段之一。通过对ORAM基本理论和发展历程进行研究,归纳分析了ORAM的基本方案;建立了SSIBT性能评价指标体系,对经典ORAM算法及其优化方案进行了分析比较;最后,在分析现阶段主要研究重点的基础上,总结提出了ORAM未来可能的主要研究方向。

关键词: ORAM, 访问机制, 行为安全, 隐私保护, 云存储

Abstract: In a cloud storage environment,servers and the third party can fetch information through analyzing the users’ access behaviour,which may cause threats to users’ information security.ORAM mechanism is one of the main strategies which can hide users’ visiting patterns.This mechanism can effectively conceal the corresponding relationships between the access behaviour and the visiting targets.Secure access mechainsm to hide user’s access intention is one of the main means to hide user’s access model at present.Through the study of the basic theories and the development process of the ORAM,this paper concluded the basic scheme of this mechanism and set up a SSIBT performance evaluation index system to make comparisons and analysis between the classic ORAM mechanism and its optimization scheme.Finally,possible research directions of ORAM were summarized based on the main research focus.

Key words: Access mechanisms, Behavioral security, Cloud storage, ORAM, Privacy protection

中图分类号:

TP309

顾晨阳, 付伟, 刘金龙, 孙刚. 云存储中的ORAM研究综述[J]. 计算机科学, 2019, 46(11A): 341-347. https://doi.org/

GU Chen-yang, FU Wei, LIU Jin-long, SUN Gang. Survey of ORAM Research in Cloud Storage[J]. Computer Science, 2019, 46(11A): 341-347. https://doi.org/

参考文献

[1]刘书勇,付义伦.基于PKI技术的可搜索云加密存储系统[J].软件导刊,2018,17(2):182-185.
[2]王斌,杨鹏,杨青.基于密钥分离与加密策略的云存储加密方案[J].电信网技术,2015(9):43-47.
[3]PASQUALE P,REFIK M,MELEK O,et al.CloudDedup:Se-cure Deduplication with Encrypted Data for Cloud Storage[P].2013.
[4]JUNG T,LI X Y,WAN Z,et al.Control cloud data access privilege and anonymity with fully anonymous attribute-basedencryption[J].IEEE Trans.on Information Forensics and Security,2015,10(1):190-199.
[5]刘赛,聂庆节,刘军,等.基于量化行为的实时数据库备份系统访问控制模型[J].计算机与现代化,2018(1):116-122.
[6]李树凤.抗访问模式泄露的ORAM技术研究[D].济南:山东大学,2016.
[7]GOLDREICH O,OSTROVSKY R.Software protection andsimulation on oblivious RAMs[J].Journal of the ACM (JACM),1996,43(3):431-473.
[8]吴鹏飞,沈晴霓,秦嘉,等.不经意随机访问机研究综述[J].软件学报,2018,29(9):2753-2777.
[9]HUSSAIN S.A Low Performance-Overhead ORAM Design for Processor System with Un-trusted Off-chip Memory[C]∥Proceedings of 2018 3rd International Conference on Computer Science and Information Engineering(ICCSIE2018).International Information and Engineering Association:Computer Science and Electronic Technology International Society,2018:12.
[10]李红卫,古春生,景征骏,等.云存储中基于ORAM的数据安全访问[J].微电子学与计算机,2014,31(6):16-20.
[11]KUSHILEVITZ E,LU S,OSTROVSKY R.On the (in) security of hash-based oblivious RAM and a new balancing scheme[C]∥Proc.of the23rd Annual ACM-SIAM Symp.on Discrete Algorithms.Society for Industrial and Applied Mathematics,2012:14-156.
[12]宋宁宁.基于全同态加密的ORAM方案[J].信息技术与网络安全,2018,37(11):1-4.
[13]WANG X,CHAN H,SHI E.Circuit ORAM:On tightness of the goldreich-ostrovsky lower bound[C]∥Proc.of the 22nd ACM Conf.on Computer and Communications Security.ACM Press,2015:850-861.
[14]GENTRY C,HALEVI S,JUTLA C,et al.Private database access with he-over-oram architecture[C]∥Proc.of the 13th Int’l Conf.on Applied Cryptography and Network Security.Springer-Verlag,2015:172-191.
[15]苑丹丹.基于ORAM的隐私保护数据共享方案研究[D].济南:山东大学,2018.
[16]SHI E,CHAN T H,STEFANOV E,et al.Oblivious RAMwith O((logN) 3) worst-casecost [M]∥Advances in Cryptology-ASIA CRYPT 2011.Springer Berlin Heidelberg,2011:197-214.
[17]宋衍.基于属性的云存储访问控制与密文搜索研究[D].北京:北京交通大学,2018.
[18]肖亮,李强达,刘金亮.云存储安全技术研究进展综述[J].数据采集与处理,2016,31(3):464-472.
[19]刘全飞.基于网络环境的计算机软件保护[J].信息与电脑(理论版),2018(10):173-174.
[20]王倩倩.茫然随机存取存储器加密方案的发展[D].烟台:烟台大学,2017.
[21]STEFANOV E,SHI E,SONG D.Towards practical oblivious RAM[EB/OL].http://arxiv.orpjabs/1I06.3652.
[22]SHI E,CHAN T H,STEFANOV E,et al.Oblivious RAMwith O ((logN)3) worst-casecost[M]∥Advances in Cryptology-ASIA CRYPT 2011.Springer Berlin Heidelberg,2011:197-214.
[23]DOERNER J.Scaling ORAM for secure computation[C]∥Proc.of the 24th ACM Conf.on Computer and Communications Security.ACM Press,2017:523-535.
[24]ZHANG J,MA Q,ZHANG W,et al.TSKT-ORAM:A two-server kary tree ORAM for access pattern protection in cloud storage∥2016 IEEE Military Communications Conference(MILCOM).IEEE,2016.
[25]TEEUWEN P:Evolution of oblivious RAM schemes[D].Eindhoven:Eindhoven University of Technology,2015.
[26]STEFANOV E,VAN DIJK M,SHI E,et al.Path oram:An extremely simple obliviousram protocol[C]∥Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security.ACM,2013:299-310.
[27]LING R,FLETCHER C W,KWON A,et al.Constants count practical improverments to oblivious RAM∥Usenix Confe-rence on Security Symposium.2015.
[28]DAUTRICH J,STEFANOV E,SHI E.Burst ORAM:Minimi-zing ORAM response times for bursty access patterns[C]∥23rd USENIX Security Symposium (USENIX Security 14).2014:749-764.
[29]MAAS M,LOVE E,STEFANOV E,et al.Phantom:Practicaloblivious computation in a secure processor[C]∥Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security.ACM,2013:311-324.
[30]PAGH R,RODLER F F.Cuckoo hashing[J].Journal of Algorithms,2003,51(2).
[31]PINKAS B,REINMAN T.Oblivious ram revisited[C]∥Proc.of the 30th Annual Cryptology Conf..Berlin:Springer-Verlag,2010:502-519.
[32]KUSHILEVITZ E,LU S,OSTROVSKY R.On the (in) security of hash-based oblivious RAM and a new balancing scheme[C]∥Proc.of the23rd Annual ACM-SIAM Symp.on Discrete Algorithms.Society for Industrial and Applied Mathematics,2012:143-156.
[33]GOODRICH M T,MITZENMACHER M.Privacy-Preservingaccess of outsourced data via oblivious RAM simulation[C]∥Proc.of the 38th Int’l Colloquium on Automata,Languages,and Programming.Springer-Verlag,2011:576-587.
[34]GOODRICH M T.Randomized shellsort:A simple oblivioussorting algorithm[C]∥Proc.of the 21st Annual ACM-SIAM Symp.On Discrete Algorithms.Society for Industrial and Applied Mathematics,2010:1262-1277.
[35]GOLDBERG I.Improving the robustness of private information retrieval[C]∥Proc.of the 28th IEEE Symp.on Security and Privacy.IEEE,2007:131-148.
[36]GENTRY C,GOLDMAN K A,HALEVI S,et al.OptimizingORAM and using it efficiently for secure computation[C]∥Proc.of the 13th Int’l Symp.on Privacy Enhancing Technologies.Springer-Verlag,2013:1-18.
[37]DEVADAS S,DIJK M V,FLETCHER C W,et al.OnionORAM:A constant bandwidth blowup oblivious RAM[C]∥Proc.of the 13th Theory of Cryptography Conference.Springer-Verlag.2016:145-174.
[38]REN L,FLETCHER C W,KWON A,et al.Constants count:Practical improvements to oblivious RAM[C]∥Proc.of the 24th USENIX Conf.on Security Symp..USENIX Association,2015:415-430.
[39]MOATAZ T,BLASS E O,MAYBERRY T.CHf-ORAM:Aconstant communication ORAM without homomorphic encryption[R].2015/1116,Cryptology ePrint Archive,2015.
[40]WILLIAMS P,SION R,CARBUNAR B.Building castles out of mud:Practical access pattern privacy and correctness on untrusted storage[C]∥Proc.of the 15th ACM Conf.on Computer and Communications Security.ACM Press,2008:139-148.
[41]WILLIAMS P,SION R.Access privacy and correctness on untrusted storage[J].ACM Trans.on Information and System Security,2013,16(3):12.
[42]孙晓妮.二叉树结构的多用户茫然RAM方案[D].济南:山东大学,2016.
[43]BOYLE E,CHUNG K M,PASS R.Oblivious parallel RAM and applications[C]∥Proc.of the 13th Theory of Cryptography Conference.Springer-Verlag,2016:175-204.
[44]GOODRICH M T,MITZENMACHER M,OHRIMENKO O,et al.Privacy-Preserving group data access via stateless oblivious RAM simulation[C]∥Proc.of the 23rd Annual ACM-SIAM Symp.on Discrete Algorithms.Society for Industrial and Applied Mathematics,2012,13(S1):157-167.
[45]孙晓妮,蒋瀚,徐秋亮.基于二叉树存储的多用户ORAM方案[J].软件学报,2016,27(6):1475-1486.
[46]BINDSCHAEDLER V,NAVEED M,PAN X,et al.Practicingoblivious access on cloud storage:The gap,the fallacy,and the new way forward[C]∥Proc.of the 22nd ACM Conference on Computer and Communications Security.ACM Press,2015:837-849.
[47]SAHIN C,ZAKHARY V,ABBADI E,et al.Taostore:Overcoming asynchronicity in oblivious data storage[C]∥Proc.of the 37th IEEE Symp.on Security and Privacy.IEEE,2016:198-217.
[48]李红卫,上官经伦,古春生.基于ORAM存储外包安全访问的研究[J].微电子学与计算机,2015,32(5):6-10,15.
[49]BOGDANOV D,LAUR S,WILLEMSON J.Sharemind:Aframework for fast privacy-preserving computations[C]∥Proc.of the 13th European Symp.on Research in Computer Security.Springer-Verlag,2008:192-206.
[50]BEN-DAVID A,NISAN N,PINKAS B.FairplayMP:A system for secure multi-party computation[C]∥Proc.of the 15th ACM Conf.on Computer and Communications Security.ACM Press,2008:257-266.
[51]李红卫,叶飞跃,陈丹.一种基于ORAM的数据可恢复性证明与访问模式的隐藏[J].电信科学,2013,29(12):101-106.
[52]WANG X S,NAYAK K,LIU C,et al.Oblivious data structures[C]∥Proc.of the 21st ACM Conf.on Computer and Communications Security.ACM Press,2014:215-226.

相关文章 15

[1]	鲁晨阳, 邓苏, 马武彬, 吴亚辉, 周浩浩. 基于分层抽样优化的面向异构客户端的联邦学习 Federated Learning Based on Stratified Sampling Optimization for Heterogeneous Clients 计算机科学, 2022, 49(9): 183-193. https://doi.org/10.11896/jsjkx.220500263
[2]	汤凌韬, 王迪, 张鲁飞, 刘盛云. 基于安全多方计算和差分隐私的联邦学习方案 Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy 计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[3]	吕由, 吴文渊. 隐私保护线性回归方案与应用 Privacy-preserving Linear Regression Scheme and Its Application 计算机科学, 2022, 49(9): 318-325. https://doi.org/10.11896/jsjkx.220300190
[4]	王健. 基于隐私保护的反向传播神经网络学习算法 Back-propagation Neural Network Learning Algorithm Based on Privacy Preserving 计算机科学, 2022, 49(6A): 575-580. https://doi.org/10.11896/jsjkx.211100155
[5]	李利, 何欣, 韩志杰. 群智感知的隐私保护研究综述 Review of Privacy-preserving Mechanisms in Crowdsensing 计算机科学, 2022, 49(5): 303-310. https://doi.org/10.11896/jsjkx.210400077
[6]	王美珊, 姚兰, 高福祥, 徐军灿. 面向医疗集值数据的差分隐私保护技术研究 Study on Differential Privacy Protection for Medical Set-Valued Data 计算机科学, 2022, 49(4): 362-368. https://doi.org/10.11896/jsjkx.210300032
[7]	吕由, 吴文渊. 基于同态加密的线性系统求解方案 Linear System Solving Scheme Based on Homomorphic Encryption 计算机科学, 2022, 49(3): 338-345. https://doi.org/10.11896/jsjkx.201200124
[8]	孔钰婷, 谭富祥, 赵鑫, 张正航, 白璐, 钱育蓉. 基于差分隐私的K-means算法优化研究综述 Review of K-means Algorithm Optimization Based on Differential Privacy 计算机科学, 2022, 49(2): 162-173. https://doi.org/10.11896/jsjkx.201200008
[9]	金华, 朱靖宇, 王昌达. 视频隐私保护技术综述 Review on Video Privacy Protection 计算机科学, 2022, 49(1): 306-313. https://doi.org/10.11896/jsjkx.201200047
[10]	雷羽潇, 段玉聪. 面向跨模态隐私保护的AI治理法律技术化框架 AI Governance Oriented Legal to Technology Bridging Framework for Cross-modal Privacy Protection 计算机科学, 2021, 48(9): 9-20. https://doi.org/10.11896/jsjkx.201000011
[11]	王辉, 朱国宇, 申自浩, 刘琨, 刘沛骞. 基于用户偏好和位置分布的假位置生成方法 Dummy Location Generation Method Based on User Preference and Location Distribution 计算机科学, 2021, 48(7): 164-171. https://doi.org/10.11896/jsjkx.200800069
[12]	季琰, 戴华, 姜莹莹, 杨庚, 易训. 面向混合云的可并行多关键词Top-k密文检索技术 Parallel Multi-keyword Top-k Search Scheme over Encrypted Data in Hybrid Clouds 计算机科学, 2021, 48(5): 320-327. https://doi.org/10.11896/jsjkx.200300160
[13]	郭蕊, 芦天亮, 杜彦辉. WSN中基于目标决策的源位置隐私保护方案 Source-location Privacy Protection Scheme Based on Target Decision in WSN 计算机科学, 2021, 48(5): 334-340. https://doi.org/10.11896/jsjkx.200400099
[14]	彭春春, 陈燕俐, 荀艳梅. 支持本地化差分隐私保护的k-modes聚类方法 k-modes Clustering Guaranteeing Local Differential Privacy 计算机科学, 2021, 48(2): 105-113. https://doi.org/10.11896/jsjkx.200700172
[15]	郭上铜, 王瑞锦, 张凤荔. 区块链技术原理与应用综述 Summary of Principle and Application of Blockchain 计算机科学, 2021, 48(2): 271-281. https://doi.org/10.11896/jsjkx.200800021

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed