Oblivious Outsourced Storage with Delegation

  • Martin Franz
  • Peter Williams
  • Bogdan Carbunar
  • Stefan Katzenbeisser
  • Andreas Peter
  • Radu Sion
  • Miroslava Sotakova
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7035)

Abstract

In the past few years, outsourcing private data to untrusted servers has become an important challenge. This raises severe questions concerning the security and privacy of the data on the external storage. In this paper we consider a scenario where multiple clients want to share data on a server, while hiding all access patterns. We propose here a first solution to this problem based on Oblivious RAM (ORAM) techniques. Data owners can delegate rights to external new clients enabling them to privately access portions of the outsourced data served by a curious server. Our solution is as efficient as the underlying ORAM constructs and allows for delegated read or write access while ensuring strong guarantees for the privacy of the outsourced data. The server does not learn anything about client access patterns while clients do not learn anything more than what their delegated rights permit.

Keywords

Access Pattern Data Owner Oblivious Transfer Broadcast Encryption Private Information Retrieval 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Asonov, D. (ed.): Querying Databases Privately. LNCS, vol. 3128. Springer, Heidelberg (2004)MATHGoogle Scholar
  2. 2.
    Berkovits, S.: How to Broadcast a Secret. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 535–541. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  3. 3.
    Camenisch, J., Dubovitskaya, M., Neven, G.: Oblivious transfer with access control. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)Google Scholar
  4. 4.
    Camenisch, J.L., Neven, G., Shelat, A.: Simulatable Adaptive Oblivious Transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: IEEE Symposium on Foundations of Computer Science, pp. 41–50 (1995)Google Scholar
  6. 6.
    Coull, S., Green, M., Hohenberger, S.: Controlling Access to an Oblivious Database Using Stateful Anonymous Credentials. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 501–520. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Fiat, A., Naor, M.: Broadcast Encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  8. 8.
    Gasarch, W.: A WebPage on Private Information Retrieval, http://www.cs.umd.edu/~gasarch/pir/pir.html
  9. 9.
    Gasarch, W.: A survey on private information retrieval, http://citeseer.ifi.unizh.ch/gasarch04survey.html
  10. 10.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. Journal of the ACM 43, 431–473 (1996)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Halevy, D., Shamir, A.: The LSD Broadcast Encryption Scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    IBM. IBM 4764 PCI-X Cryptographic Coprocessor (2007), http://www-03.ibm.com/security/cryptocards/pcixcc/overview.shtml
  13. 13.
    Iliev, A., Smith, S.W.: Private information storage with logarithmic-space secure hardware. In: Proceedings of i-NetSec 2004: 3rd Working Conference on Privacy and Anonymity in Networked and Distributed Systems, pp. 201–216 (2004)Google Scholar
  14. 14.
    Jarecki, S., Shmatikov, V.: Handcuffing Big Brother: an Abuse-Resilient Transaction Escrow Scheme. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 590–608. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Li, J., Krohn, M., Mazières, D., Shasha, D.: Secure Untrusted Data Repository (SUNDR). In: OSDI 2004, pp. 121–136 (2004)Google Scholar
  16. 16.
    Naor, D., Naor, M., Lotspiech, J.B.: Revocation and Tracing Schemes for Stateless Receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Paterson, K.G.: Id-based signatures from pairings on elliptic curves. Electronics Letters 38, 1025–1026 (2002)CrossRefGoogle Scholar
  18. 18.
    Pinkas, B., Reinman, T.: Oblivious ram revisited. In: Proceedings of the 30th International Cryptology Conference (2010) (to appear)Google Scholar
  19. 19.
    Sion, R., Carbunar, B.: On the Computational Practicality of Private Information Retrieval. In: Proceedings of the Network and Distributed Systems Security Symposium (2007); Stony Brook Network Security and Applied Cryptography Lab Tech Report 2006-06Google Scholar
  20. 20.
    Wang, S., Ding, X., Deng, R.H., Bao, F.: Private Information Retrieval using Trusted Hardware. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 49–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security (2008)Google Scholar
  22. 22.
    Williams, P., Sion, R., Carbunar, B.: Building Castles out of Mud: Practical Access Pattern Privacy and Correctness on Untrusted Storage. In: ACM Conference on Computer and Communication Security CCS (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Martin Franz
    • 1
  • Peter Williams
    • 2
  • Bogdan Carbunar
    • 3
  • Stefan Katzenbeisser
    • 1
    • 4
  • Andreas Peter
    • 4
  • Radu Sion
    • 2
  • Miroslava Sotakova
    • 2
  1. 1.Center for Advanced Security Research Darmstadt - CASEDGermany
  2. 2.Computer ScienceStony Brook UniversityUSA
  3. 3.Applied Research CenterMotorola LabsUSA
  4. 4.Technische Universität DarmstadtGermany

Personalised recommendations