EAGER: Protecting Data Access Pattern Privacy in Hybrid Cloud Storage Systems

EAGER：保护混合云存储系统中的数据访问模式隐私

基本信息

批准号：
1844591
负责人：
Wensheng Zhang
金额：
$ 24.98万
依托单位：
Iowa State University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2019
资助国家：
美国
起止时间：
2019-01-01 至 2021-12-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1844591&HistoricalAwards=false
关键词：
EAGER Protecting Data Access Pattern

项目摘要

Cloud-based storage services are gaining increasing popularity for their attractive pay-as-you-go model and high availability, reliability and economic efficiency. Meanwhile, there is an increasing privacy consciousness among users regarding this storage paradigm. While encryption provides some protection for data privacy, it cannot protect data access patterns, which can reveal private information about cloud storage clients. In particular, a curious owner or employee of a cloud storage service or an attacker invading the system can observe a client's access patterns, develop a model relating the patterns to the client's activities and later on use the model and observed access patterns to infer or predict the client's activities. Although several schemes have been proposed to protect the access patterns, in particular Oblivious Random Access Memory (RAM), it is hard to put these into practice owing to the high communication, storage, or computational overheads they incur. Towards addressing this problem, the project aims to offer an efficient, scalable and practical solution using Oblivious RAM that can protect the privacy of access pattern and can seamlessly integrate with existing cloud storage infrastructures. Specifically, the project leverages the emerging hybrid cloud storage architecture that has a cloud storage gateway with a moderate level of resource at the client side, the well-known reference locality principle for data access, and the availability of multiple independent cloud storage servers in the market. The project would benefit the community by enhancing the users' awareness of security and privacy risks in using cloud services and providing them with user-friendly protection tools so that they benefit from using such services with confidence. The project designs a new hierarchical, Oblivious RAM storage system to include multiple layers of Oblivious RAM modules, each of which is optimized for different performance metrics depending on its niche on the hierarchy; hence, the hierarchy as whole can attain high efficiency in communication, storage and computation simultaneously. The project formalizes the problem of protecting the data access pattern for the whole hierarchy of Oblivious RAM modules, and develops novel algorithms to solve the problem. The project also aims to deliver a set of provably-secure Oblivious RAM algorithms optimized for short data access delay or low server-side storage overhead, and a set of provably-secure algorithms for planning an optimal architecture for a hierarchy of Oblivious RAM modules, configuring the hierarchy and coordinating the operations of all Oblivious RAM modules in the hierarchy.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

基于云的存储服务因其有吸引力的即用即付模式以及高可用性、可靠性和经济效益而越来越受欢迎。与此同时，用户对于这种存储模式的隐私意识也日益增强。虽然加密为数据隐私提供了一定的保护，但它无法保护数据访问模式，这可能会泄露有关云存储客户端的私人信息。特别是，云存储服务的好奇所有者或员工或入侵系统的攻击者可以观察客户端的访问模式，开发将模式与客户端活动相关的模型，然后使用该模型和观察到的访问模式来推断或预测客户的活动。尽管已经提出了多种方案来保护访问模式，特别是不经意的随机存取存储器（RAM），但由于它们产生的高通信、存储或计算开销，很难将这些方案付诸实践。为了解决这个问题，该项目旨在使用 Oblivious RAM 提供高效、可扩展且实用的解决方案，该解决方案可以保护访问模式的隐私，并可以与现有的云存储基础设施无缝集成。具体来说，该项目利用了新兴的混合云存储架构，该架构具有客户端具有中等资源水平的云存储网关、众所周知的数据访问参考局部性原则以及多个独立云存储服务器的可用性。市场。该项目将增强用户对使用云服务的安全和隐私风险的认识，并为他们提供人性化的保护工具，使他们放心地使用这些服务，从而使社区受益。该项目设计了一种新的分层 Oblivious RAM 存储系统，其中包括多层 Oblivious RAM 模块，每个模块都根据其在层次结构中的利基针对不同的性能指标进行了优化；因此，整个层次结构可以同时实现高效率的通信、存储和计算。该项目形式化了保护 Oblivious RAM 模块整个层次结构的数据访问模式的问题，并开发了新颖的算法来解决该问题。该项目还旨在提供一组可证明安全的 Oblivious RAM 算法，针对短数据访问延迟或低服务器端存储开销进行了优化，以及一组可证明安全的算法，用于规划 Oblivious RAM 模块层次结构的最佳架构，配置层次结构并协调层次结构中所有 Oblivious RAM 模块的操作。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。