计算机科学 ›› 2019, Vol. 46 ›› Issue (11A): 341-347.
顾晨阳1, 付伟1, 刘金龙2, 孙刚2
GU Chen-yang1, FU Wei1, LIU Jin-long2, SUN Gang2
摘要: 在云存储环境中,服务器或者第三方可以仅通过对用户访问行为进行分析来获取信息,对用户信息安全造成威胁。ORAM通过构造精巧设计的存储结构和冗余的访问机制,有效地隐藏用户访问行为与访问目标之间的对应关系。隐藏用户访问意图的安全访问机制,是现阶段隐藏用户访问模式的主要手段之一。通过对ORAM基本理论和发展历程进行研究,归纳分析了ORAM的基本方案;建立了SSIBT性能评价指标体系,对经典ORAM算法及其优化方案进行了分析比较;最后,在分析现阶段主要研究重点的基础上,总结提出了ORAM未来可能的主要研究方向。
中图分类号:
[1]刘书勇,付义伦.基于PKI技术的可搜索云加密存储系统[J].软件导刊,2018,17(2):182-185. [2]王斌,杨鹏,杨青.基于密钥分离与加密策略的云存储加密方案[J].电信网技术,2015(9):43-47. [3]PASQUALE P,REFIK M,MELEK O,et al.CloudDedup:Se-cure Deduplication with Encrypted Data for Cloud Storage[P].2013. [4]JUNG T,LI X Y,WAN Z,et al.Control cloud data access privilege and anonymity with fully anonymous attribute-basedencryption[J].IEEE Trans.on Information Forensics and Security,2015,10(1):190-199. [5]刘赛,聂庆节,刘军,等.基于量化行为的实时数据库备份系统访问控制模型[J].计算机与现代化,2018(1):116-122. [6]李树凤.抗访问模式泄露的ORAM技术研究[D].济南:山东大学,2016. [7]GOLDREICH O,OSTROVSKY R.Software protection andsimulation on oblivious RAMs[J].Journal of the ACM (JACM),1996,43(3):431-473. [8]吴鹏飞,沈晴霓,秦嘉,等.不经意随机访问机研究综述[J].软件学报,2018,29(9):2753-2777. [9]HUSSAIN S.A Low Performance-Overhead ORAM Design for Processor System with Un-trusted Off-chip Memory[C]∥Proceedings of 2018 3rd International Conference on Computer Science and Information Engineering(ICCSIE2018).International Information and Engineering Association:Computer Science and Electronic Technology International Society,2018:12. [10]李红卫,古春生,景征骏,等.云存储中基于ORAM的数据安全访问[J].微电子学与计算机,2014,31(6):16-20. [11]KUSHILEVITZ E,LU S,OSTROVSKY R.On the (in) security of hash-based oblivious RAM and a new balancing scheme[C]∥Proc.of the23rd Annual ACM-SIAM Symp.on Discrete Algorithms.Society for Industrial and Applied Mathematics,2012:14-156. [12]宋宁宁.基于全同态加密的ORAM方案[J].信息技术与网络安全,2018,37(11):1-4. [13]WANG X,CHAN H,SHI E.Circuit ORAM:On tightness of the goldreich-ostrovsky lower bound[C]∥Proc.of the 22nd ACM Conf.on Computer and Communications Security.ACM Press,2015:850-861. [14]GENTRY C,HALEVI S,JUTLA C,et al.Private database access with he-over-oram architecture[C]∥Proc.of the 13th Int’l Conf.on Applied Cryptography and Network Security.Springer-Verlag,2015:172-191. [15]苑丹丹.基于ORAM的隐私保护数据共享方案研究[D].济南:山东大学,2018. [16]SHI E,CHAN T H,STEFANOV E,et al.Oblivious RAMwith O((logN) 3) worst-casecost [M]∥Advances in Cryptology-ASIA CRYPT 2011.Springer Berlin Heidelberg,2011:197-214. [17]宋衍.基于属性的云存储访问控制与密文搜索研究[D].北京:北京交通大学,2018. [18]肖亮,李强达,刘金亮.云存储安全技术研究进展综述[J].数据采集与处理,2016,31(3):464-472. [19]刘全飞.基于网络环境的计算机软件保护[J].信息与电脑(理论版),2018(10):173-174. [20]王倩倩.茫然随机存取存储器加密方案的发展[D].烟台:烟台大学,2017. [21]STEFANOV E,SHI E,SONG D.Towards practical oblivious RAM[EB/OL].http://arxiv.orpjabs/1I06.3652. [22]SHI E,CHAN T H,STEFANOV E,et al.Oblivious RAMwith O ((logN)3) worst-casecost[M]∥Advances in Cryptology-ASIA CRYPT 2011.Springer Berlin Heidelberg,2011:197-214. [23]DOERNER J.Scaling ORAM for secure computation[C]∥Proc.of the 24th ACM Conf.on Computer and Communications Security.ACM Press,2017:523-535. [24]ZHANG J,MA Q,ZHANG W,et al.TSKT-ORAM:A two-server kary tree ORAM for access pattern protection in cloud storage∥2016 IEEE Military Communications Conference(MILCOM).IEEE,2016. [25]TEEUWEN P:Evolution of oblivious RAM schemes[D].Eindhoven:Eindhoven University of Technology,2015. [26]STEFANOV E,VAN DIJK M,SHI E,et al.Path oram:An extremely simple obliviousram protocol[C]∥Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security.ACM,2013:299-310. [27]LING R,FLETCHER C W,KWON A,et al.Constants count practical improverments to oblivious RAM∥Usenix Confe-rence on Security Symposium.2015. [28]DAUTRICH J,STEFANOV E,SHI E.Burst ORAM:Minimi-zing ORAM response times for bursty access patterns[C]∥23rd USENIX Security Symposium (USENIX Security 14).2014:749-764. [29]MAAS M,LOVE E,STEFANOV E,et al.Phantom:Practicaloblivious computation in a secure processor[C]∥Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security.ACM,2013:311-324. [30]PAGH R,RODLER F F.Cuckoo hashing[J].Journal of Algorithms,2003,51(2). [31]PINKAS B,REINMAN T.Oblivious ram revisited[C]∥Proc.of the 30th Annual Cryptology Conf..Berlin:Springer-Verlag,2010:502-519. [32]KUSHILEVITZ E,LU S,OSTROVSKY R.On the (in) security of hash-based oblivious RAM and a new balancing scheme[C]∥Proc.of the23rd Annual ACM-SIAM Symp.on Discrete Algorithms.Society for Industrial and Applied Mathematics,2012:143-156. [33]GOODRICH M T,MITZENMACHER M.Privacy-Preservingaccess of outsourced data via oblivious RAM simulation[C]∥Proc.of the 38th Int’l Colloquium on Automata,Languages,and Programming.Springer-Verlag,2011:576-587. [34]GOODRICH M T.Randomized shellsort:A simple oblivioussorting algorithm[C]∥Proc.of the 21st Annual ACM-SIAM Symp.On Discrete Algorithms.Society for Industrial and Applied Mathematics,2010:1262-1277. [35]GOLDBERG I.Improving the robustness of private information retrieval[C]∥Proc.of the 28th IEEE Symp.on Security and Privacy.IEEE,2007:131-148. [36]GENTRY C,GOLDMAN K A,HALEVI S,et al.OptimizingORAM and using it efficiently for secure computation[C]∥Proc.of the 13th Int’l Symp.on Privacy Enhancing Technologies.Springer-Verlag,2013:1-18. [37]DEVADAS S,DIJK M V,FLETCHER C W,et al.OnionORAM:A constant bandwidth blowup oblivious RAM[C]∥Proc.of the 13th Theory of Cryptography Conference.Springer-Verlag.2016:145-174. [38]REN L,FLETCHER C W,KWON A,et al.Constants count:Practical improvements to oblivious RAM[C]∥Proc.of the 24th USENIX Conf.on Security Symp..USENIX Association,2015:415-430. [39]MOATAZ T,BLASS E O,MAYBERRY T.CHf-ORAM:Aconstant communication ORAM without homomorphic encryption[R].2015/1116,Cryptology ePrint Archive,2015. [40]WILLIAMS P,SION R,CARBUNAR B.Building castles out of mud:Practical access pattern privacy and correctness on untrusted storage[C]∥Proc.of the 15th ACM Conf.on Computer and Communications Security.ACM Press,2008:139-148. [41]WILLIAMS P,SION R.Access privacy and correctness on untrusted storage[J].ACM Trans.on Information and System Security,2013,16(3):12. [42]孙晓妮.二叉树结构的多用户茫然RAM方案[D].济南:山东大学,2016. [43]BOYLE E,CHUNG K M,PASS R.Oblivious parallel RAM and applications[C]∥Proc.of the 13th Theory of Cryptography Conference.Springer-Verlag,2016:175-204. [44]GOODRICH M T,MITZENMACHER M,OHRIMENKO O,et al.Privacy-Preserving group data access via stateless oblivious RAM simulation[C]∥Proc.of the 23rd Annual ACM-SIAM Symp.on Discrete Algorithms.Society for Industrial and Applied Mathematics,2012,13(S1):157-167. [45]孙晓妮,蒋瀚,徐秋亮.基于二叉树存储的多用户ORAM方案[J].软件学报,2016,27(6):1475-1486. [46]BINDSCHAEDLER V,NAVEED M,PAN X,et al.Practicingoblivious access on cloud storage:The gap,the fallacy,and the new way forward[C]∥Proc.of the 22nd ACM Conference on Computer and Communications Security.ACM Press,2015:837-849. [47]SAHIN C,ZAKHARY V,ABBADI E,et al.Taostore:Overcoming asynchronicity in oblivious data storage[C]∥Proc.of the 37th IEEE Symp.on Security and Privacy.IEEE,2016:198-217. [48]李红卫,上官经伦,古春生.基于ORAM存储外包安全访问的研究[J].微电子学与计算机,2015,32(5):6-10,15. [49]BOGDANOV D,LAUR S,WILLEMSON J.Sharemind:Aframework for fast privacy-preserving computations[C]∥Proc.of the 13th European Symp.on Research in Computer Security.Springer-Verlag,2008:192-206. [50]BEN-DAVID A,NISAN N,PINKAS B.FairplayMP:A system for secure multi-party computation[C]∥Proc.of the 15th ACM Conf.on Computer and Communications Security.ACM Press,2008:257-266. [51]李红卫,叶飞跃,陈丹.一种基于ORAM的数据可恢复性证明与访问模式的隐藏[J].电信科学,2013,29(12):101-106. [52]WANG X S,NAYAK K,LIU C,et al.Oblivious data structures[C]∥Proc.of the 21st ACM Conf.on Computer and Communications Security.ACM Press,2014:215-226. |
[1] | 鲁晨阳, 邓苏, 马武彬, 吴亚辉, 周浩浩. 基于分层抽样优化的面向异构客户端的联邦学习 Federated Learning Based on Stratified Sampling Optimization for Heterogeneous Clients 计算机科学, 2022, 49(9): 183-193. https://doi.org/10.11896/jsjkx.220500263 |
[2] | 汤凌韬, 王迪, 张鲁飞, 刘盛云. 基于安全多方计算和差分隐私的联邦学习方案 Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy 计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108 |
[3] | 吕由, 吴文渊. 隐私保护线性回归方案与应用 Privacy-preserving Linear Regression Scheme and Its Application 计算机科学, 2022, 49(9): 318-325. https://doi.org/10.11896/jsjkx.220300190 |
[4] | 王健. 基于隐私保护的反向传播神经网络学习算法 Back-propagation Neural Network Learning Algorithm Based on Privacy Preserving 计算机科学, 2022, 49(6A): 575-580. https://doi.org/10.11896/jsjkx.211100155 |
[5] | 李利, 何欣, 韩志杰. 群智感知的隐私保护研究综述 Review of Privacy-preserving Mechanisms in Crowdsensing 计算机科学, 2022, 49(5): 303-310. https://doi.org/10.11896/jsjkx.210400077 |
[6] | 王美珊, 姚兰, 高福祥, 徐军灿. 面向医疗集值数据的差分隐私保护技术研究 Study on Differential Privacy Protection for Medical Set-Valued Data 计算机科学, 2022, 49(4): 362-368. https://doi.org/10.11896/jsjkx.210300032 |
[7] | 吕由, 吴文渊. 基于同态加密的线性系统求解方案 Linear System Solving Scheme Based on Homomorphic Encryption 计算机科学, 2022, 49(3): 338-345. https://doi.org/10.11896/jsjkx.201200124 |
[8] | 孔钰婷, 谭富祥, 赵鑫, 张正航, 白璐, 钱育蓉. 基于差分隐私的K-means算法优化研究综述 Review of K-means Algorithm Optimization Based on Differential Privacy 计算机科学, 2022, 49(2): 162-173. https://doi.org/10.11896/jsjkx.201200008 |
[9] | 金华, 朱靖宇, 王昌达. 视频隐私保护技术综述 Review on Video Privacy Protection 计算机科学, 2022, 49(1): 306-313. https://doi.org/10.11896/jsjkx.201200047 |
[10] | 雷羽潇, 段玉聪. 面向跨模态隐私保护的AI治理法律技术化框架 AI Governance Oriented Legal to Technology Bridging Framework for Cross-modal Privacy Protection 计算机科学, 2021, 48(9): 9-20. https://doi.org/10.11896/jsjkx.201000011 |
[11] | 王辉, 朱国宇, 申自浩, 刘琨, 刘沛骞. 基于用户偏好和位置分布的假位置生成方法 Dummy Location Generation Method Based on User Preference and Location Distribution 计算机科学, 2021, 48(7): 164-171. https://doi.org/10.11896/jsjkx.200800069 |
[12] | 季琰, 戴华, 姜莹莹, 杨庚, 易训. 面向混合云的可并行多关键词Top-k密文检索技术 Parallel Multi-keyword Top-k Search Scheme over Encrypted Data in Hybrid Clouds 计算机科学, 2021, 48(5): 320-327. https://doi.org/10.11896/jsjkx.200300160 |
[13] | 郭蕊, 芦天亮, 杜彦辉. WSN中基于目标决策的源位置隐私保护方案 Source-location Privacy Protection Scheme Based on Target Decision in WSN 计算机科学, 2021, 48(5): 334-340. https://doi.org/10.11896/jsjkx.200400099 |
[14] | 彭春春, 陈燕俐, 荀艳梅. 支持本地化差分隐私保护的k-modes聚类方法 k-modes Clustering Guaranteeing Local Differential Privacy 计算机科学, 2021, 48(2): 105-113. https://doi.org/10.11896/jsjkx.200700172 |
[15] | 郭上铜, 王瑞锦, 张凤荔. 区块链技术原理与应用综述 Summary of Principle and Application of Blockchain 计算机科学, 2021, 48(2): 271-281. https://doi.org/10.11896/jsjkx.200800021 |
|