Abstract
Since the development of tree-based Oblivious RAMs by Shi et al. it has become apparent that privacy preserving outsourced storage can be practical. Although most current constructions follow a client-server model, in many applications, such as Genome Wide Association Studies (GWAS), it is desirable that multiple entities can share data, while being able to hide access patterns not only from the server, but also from any other entities that can access parts of the data. Inspired by the efficiency and simplicity of Path-ORAM, in this work, we study an extension of Path-ORAM that allows oblivious sharing of data in a multi-client setting, so that accesses can be hidden from the server and from other clients. We address various challenges that emerge when using Path-ORAM in a multi-client setting, and prove that with adequate changes, Path-ORAM is still secure in a setting, where the clients are semi-honest, do not trust each other, but try to learn the access patterns of each other. We demonstrate our ORAM construction in a GWAS setting. Our experiments show that in databases storing \(2^{23}\) data blocks (corresponding to a database holding \(2^{17}\) blocks per client, capable of storing human genome in the form of SNPs, for 100 clients), the average query time is less than 7 s, yielding a secure and practical solution.
This is a preview of subscription content, log in via an institution to check access.
Notes
- 1.
Adopting directly the eviction from [12], which also involves reading two paths, would unnecessarily degrade the protocol’s performance, since we would have to store smaller ORAMs of size \(\log (KN)\) in every node.
- 2.
Note that since the genome’s alphabet consists only of the four letters A, T, G, C, we only need 2 bits to represent each letter of the alphabet.
References
Backes, M., Herzberg, A., Kate, A., Pryvalov, I.: Anonymous RAM. In: ESORICS 2016 (2016)
Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001). doi:10.1007/3-540-45682-1_33
Brandon, M.C., Wallace, D.C., Baldi, P.: Data structures and compression algorithms for genomic sequence data. Bioinformatics 25, 1731–1738 (2009)
Franz, M., Williams, P., Carbunar, B., Katzenbeisser, S., Peter, A., Sion, R., Sotakova, M.: Oblivious outsourced storage with delegation. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 127–140. Springer, Heidelberg (2012). doi:10.1007/978-3-642-27576-0_11
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43, 431–473 (1996)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24660-2_14
Goodrich, M.T., Mitzenmacher, M.: Privacy-preserving access of outsourced data via oblivious RAM simulation. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6756, pp. 576–587. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22012-8_46
Karvelas, N.P., Peter, A., Katzenbeisser, S.: Blurry-ORAM: a multi-client oblivious storage architecture. IACR Cryptology ePrint Archive, p. 1077 (2016)
Karvelas, N., Peter, A., Katzenbeisser, S., Tews, E., Hamacher, K.: Privacy-preserving whole genome sequence processing through proxy-aided ORAM. In: WPES (2014)
Maffei, M., Malavolta, G., Reinert, M., Schröder, D.: Privacy and access control for outsourced personal records. In: IEEE Symposium on Security and Privacy (2015)
Mayberry, T., Blass, E.O., Noubir, G.: Multi-user oblivious RAM secure against malicious servers. IACR Cryptology ePrint Archive (2015)
Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with O((logN)3) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_11
Stefanov, E., Shi, E.: Oblivistore: High performance oblivious distributed cloud data store. In: NDSS 2013 (2013)
Stefanov, E., Shi, E., Song, D.X.: Towards practical oblivious RAM. In: NDSS 2012 (2012)
Stefanov, E., van Dijk, M., Shi, E., Fletcher, C.W., Ren, L., Yu, X., Devadas, S.: Path ORAM: an extremely simple oblivious RAM protocol. In: CCS 2013 (2013)
Acknowledgments
This work has been funded by the DFG as part of project S5 within the CRC 1119 CROSSING, and by the Netherlands Organisation for Scientific Research (NWO) in the context of the CRIPTIM project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Karvelas, N.P., Peter, A., Katzenbeisser, S. (2017). Using Oblivious RAM in Genomic Studies. In: Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2017 2017. Lecture Notes in Computer Science(), vol 10436. Springer, Cham. https://doi.org/10.1007/978-3-319-67816-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-67816-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67815-3
Online ISBN: 978-3-319-67816-0
eBook Packages: Computer ScienceComputer Science (R0)