research-article

Waffle: An Online Oblivious Datastore for Protecting Data Access Patterns

Authors:

Sharath Chandra Vemula,

Divyakant Agrawal,

Florian KerschbaumAuthors Info & Claims

Proceedings of the ACM on Management of Data, Volume 1, Issue 4

Article No.: 266, Pages 1 - 25

https://doi.org/10.1145/3626760

Published: 12 December 2023 Publication History

Abstract

We present Waffle, a datastore that protects an application's data access patterns from a passive persistent adversary. Waffle achieves this without prior knowledge of the input data access distribution, making it the first of its kind to adaptively handle input sequences under a passive persistent adversary. Waffle maintains a constant bandwidth and client-side storage overhead, which can be adjusted to suit the application owner's preferences. This flexibility allows the owner to fine-tune system parameters and strike a balance between security and performance. Our evaluation, utilizing the Yahoo! Cloud Serving Benchmark (YCSB) benchmark and Redis as the backend storage, demonstrates promising results. The insecure baseline outperforms Waffle by a mere 5-6x, whereas Waffle outperforms Pancake-a state-of-the-art oblivious datastore under passive persistent adversaries-by 45-57%, and a concurrent ORAM system, TaoStore, by 102x.

References

[1]

Atikoglu, B., Xu, Y., Frachtenberg, E., Jiang, S., and Paleczny, M. Workload analysis of a large-scale key-value store. In Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems (2012), pp. 53--64.

Digital Library

[2]

Bindschaedler, V., Naveed, M., Pan, X., Wang, X., and Huang, Y. Practicing oblivious access on cloud storage: the gap, the fallacy, and the new way forward. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015), pp. 837--849.

Digital Library

[3]

Blackstone, L., Kamara, S., and Moataz, T. Revisiting leakage abuse attacks. Cryptology ePrint Archive (2019).

[4]

Boyle, E., and Naor, M. Is there an oblivious ram lower bound? In Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science (2016), pp. 357--368.

Digital Library

[5]

Bronson, N., Amsden, Z., Cabrera, G., Chakka, P., Dimov, P., Ding, H., Ferris, J., Giardullo, A., Kulkarni, S., Li, H., et al. Tao: Facebook's distributed data store for the social graph. In 2013 USENIX Annual Technical Conference (USENIXATC 13) (2013), pp. 49--60.

[6]

Cash, D., Drucker, A., and Hoover, A. A lower bound for one-round oblivious ram. In Theory of Cryptography: 18th International Conference, TCC 2020, Durham, NC, USA, November 16--19, 2020, Proceedings, Part I 18 (2020), Springer, pp. 457--485.

Digital Library

[7]

Cash, D., Grubbs, P., Perry, J., and Ristenpart, T. Leakage-abuse attacks against searchable encryption. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security (2015), pp. 668--679.

Digital Library

[8]

Chakraborti, A., and Sion, R. Concuroram: High-throughput stateless parallel multi-client oram. arXiv preprint arXiv:1811.04366 (2018).

[9]

Cloud Adoption Statistics. https://bit.ly/3ZdCzpt. Accessed Feb 10, 2023.

[10]

Cooper, B. F., Silberstein, A., Tam, E., Ramakrishnan, R., and Sears, R. Benchmarking cloud serving systems with ycsb. In Proceedings of the 1st ACM symposium on Cloud computing (2010), pp. 143--154.

Digital Library

[11]

Crooks, N., Burke, M., Cecchetti, E., Harel, S., Agarwal, R., and Alvisi, L. Obladi: Oblivious serializable transactions in the cloud. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18) (2018), pp. 727--743.

[12]

Dauterman, E., Fang, V., Demertzis, I., Crooks, N., and Popa, R. A. Snoopy: Surpassing the scalability bottleneck of oblivious storage. In Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles (2021), pp. 655--671.

Digital Library

[13]

DeCandia, G., Hastorun, D., Jampani, M., Kakulapati, G., Lakshman, A., Pilchin, A., Sivasubramanian, S., Vosshall, P., and Vogels, W. Dynamo: amazon's highly available key-value store. ACM SIGOPS operating systems review 41, 6 (2007), 205--220.

Digital Library

[14]

Demertzis, I., Papadopoulos, D., Papamanthou, C., and Shintre, S. Seal: Attack mitigation for encrypted databases via adjustable leakage. In 29th USENIX Security Symposium (USENIX Security 20) (2020), pp. 2433--2450.

[15]

Ghemawat, S., Gobioff, H., and Leung, S.-T. The google file system. In Proceedings of the nineteenth ACM symposium on Operating systems principles (2003), pp. 29--43.

Digital Library

[16]

Goldreich, O., and Ostrovsky, R. Software protection and simulation on oblivious rams. J. ACM 43, 3 (May 1996), 431--473.

Digital Library

[17]

Grubbs, P., Khandelwal, A., Lacharité, M.-S., Brown, L., Li, L., Agarwal, R., and Ristenpart, T. Pancake: Frequency smoothing for encrypted data stores. In 29th USENIX Security Symposium (USENIX Security 20) (2020), pp. 2451--2468.

[18]

Grubbs, P., Lacharité, M.-S., Minaud, B., and Paterson, K. G. Pump up the volume: Practical database reconstruction from volume leakage on range queries. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (2018), pp. 315--331.

Digital Library

[19]

Grubbs, P., Lacharité, M.-S., Minaud, B., and Paterson, K. G. Learning to reconstruct: Statistical learning theory and encrypted database attacks. In 2019 IEEE Symposium on Security and Privacy (SP) (2019), IEEE, pp. 1067--1083.

[20]

Gui, Z., Johnson, O., and Warinschi, B. Encrypted databases: New volume attacks against range queries. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (2019), pp. 361--378.

Digital Library

[21]

Health Care Cloud Computing Trends. https://bit.ly/3ZyCWdI. Accessed Feb 10, 2023.

[22]

Herlihy, M. P., and Wing, J. M. Linearizability: A correctness condition for concurrent objects. ACM Transactions on Programming Languages and Systems (TOPLAS) 12, 3 (1990), 463--492.

[23]

Islam, M. S., Kuzu, M., and Kantarcioglu, M. Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In Ndss (2012), vol. 20, Citeseer, p. 12.

[24]

Kellaris, G., Kollios, G., Nissim, K., and O'neill, A. Generic attacks on secure outsourced databases. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016), pp. 1329--1340.

Digital Library

[25]

Kornaropoulos, E. M., Papamanthou, C., and Tamassia, R. Data recovery on encrypted databases with k-nearest neighbor query leakage. In 2019 IEEE Symposium on Security and Privacy (SP) (2019), IEEE, pp. 1033--1050.

[26]

Lacharité, M.-S., Minaud, B., and Paterson, K. G. Improved reconstruction attacks on encrypted data using range query leakage. In 2018 IEEE Symposium on Security and Privacy (SP) (2018), IEEE, pp. 297--314.

[27]

Lacharité, M.-S., and Paterson, K. G. A note on the optimality of frequency analysis vs. lp-optimization. Cryptology ePrint Archive (2015).

[28]

Lacharité, M.-S., and Paterson, K. G. Frequency-smoothing encryption: preventing snapshot attacks on deterministically encrypted data. Cryptology ePrint Archive (2017).

[29]

Lamport, L. The part-time parliament. In Transactions on Computer Systems. ACM, 1998, pp. 133--169.

Digital Library

[30]

Larsen, K. G., Malkin, T., Weinstein, O., and Yeo, K. Lower bounds for oblivious near-neighbor search. In Proceedings of the Fourteenth Annual ACM-SIAM Symposium on Discrete Algorithms (2020), SIAM, pp. 1116--1134.

[31]

Larsen, K. G., and Nielsen, J. B. Yes, there is an oblivious ram lower bound! In Annual International Cryptology Conference (2018), Springer, pp. 523--542.

[32]

Li, J., Qin, C., Lee, P. P., and Zhang, X. Information leakage in encrypted deduplication via frequency analysis. In 2017 47th Annual IEEE/IFIP international conference on dependable systems and networks (DSN) (2017), IEEE, pp. 1--12.

[33]

Liashchynskyi, P., and Liashchynskyi, P. Grid search, random search, genetic algorithm: a big comparison for nas. arXiv preprint arXiv:1912.06059 (2019).

[34]

Maiyya, S., Ibrahim, S., Scarberry, C., Agrawal, D., Abbadi, A. E., Lin, H., Tessaro, S., and Zakhary, V. QuORAM: A Quorum-Replicated fault tolerant ORAM datastore. In 31st USENIX Security Symposium (USENIX Security 22) (Boston, MA, Aug. 2022), USENIX Association, pp. 3665--3682.

[35]

Mavroforakis, C., Chenette, N., O'Neill, A., Kollios, G., and Canetti, R. Modular order-preserving encryption, revisited. In Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data (2015), pp. 763--777.

Digital Library

[36]

Naveed, M., Kamara, S., and Wright, C. V. Inference attacks on property-preserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015), pp. 644--655.

Digital Library

[37]

Oya, S., and Kerschbaum, F. Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption. In USENIX Security Symposium (2021), pp. 127--142.

[38]

Oya, S., and Kerschbaum, F. Ihop: Improved statistical query recovery against searchable symmetric encryption through quadratic optimization. In 31st USENIX Security Symposium (USENIX Security 22) (2022), pp. 2407--2424.

[39]

Papadimitriou, A., Bhagwan, R., Chandran, N., Ramjee, R., Haeberlen, A., Singh, H., Modi, A., and Badrinarayanan, S. Big data analytics over encrypted datasets with seabed. In OSDI (2016), vol. 16, pp. 587--602.

[40]

Patel, S., Persiano, G., and Yeo, K. What storage access privacy is achievable with small overhead? In Proceedings of the 38th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems (2019), pp. 182--199.

Digital Library

[41]

Persiano, G., and Yeo, K. Lower bounds for differentially private rams. In Advances in Cryptology--EUROCRYPT 2019: 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19--23, 2019, Proceedings, Part I 38 (2019), Springer, pp. 404--434.

Digital Library

[42]

Petersen, C., Simonsen, J. G., and Lioma, C. Power law distributions in information retrieval. ACM Transactions on Information Systems (TOIS) 34, 2 (2016), 1--37.

[43]

Poddar, R., Boelter, T., and Popa, R. A. Arx: an encrypted database using semantically secure encryption. Cryptology ePrint Archive (2016).

[44]

Poddar, R., Wang, S., Lu, J., and Popa, R. A. Practical volume-based attacks on encrypted databases. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P) (2020), IEEE, pp. 354--369.

[45]

Popa, R. A., Redfield, C. M., Zeldovich, N., and Balakrishnan, H. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the twenty-third ACM symposium on operating systems principles (2011), pp. 85--100.

Digital Library

[46]

Redis. https://redis.io/. Accessed Feb 10, 2023.

[47]

Ren, L., Fletcher, C., Kwon, A., Stefanov, E., Shi, E., Van Dijk, M., and Devadas, S. Constants count: Practical improvements to oblivious ram. In 24th USENIX Security Symposium (USENIX Security 15) (2015), pp. 415--430.

Digital Library

[48]

Sahin, C., Zakhary, V., El Abbadi, A., Lin, H., and Tessaro, S. Taostore: Overcoming asynchronicity in oblivious data storage. In 2016 IEEE Symposium on Security and Privacy (SP) (2016), IEEE, pp. 198--217.

[49]

Sepehri, M., and Kerschbaum, F. Low-cost hiding of the query pattern. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (2021), pp. 593--603.

Digital Library

[50]

Stefanov, E., and Shi, E. Oblivistore: High performance oblivious cloud storage. In 2013 IEEE Symposium on Security and Privacy (2013), IEEE, pp. 253--267.

Digital Library

[51]

Stefanov, E., Van Dijk, M., Shi, E., Fletcher, C., Ren, L., Yu, X., and Devadas, S. Path oram: an extremely simple oblivious ram protocol. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013), ACM, pp. 299--310.

Digital Library

[52]

The Infrastructure Behind Twitter: Scale. https://bit.ly/3KJR7J1. Accessed Feb 10, 2023.

[53]

TLS. https://datatracker.ietf.org/doc/html/rfc5246. Accessed July 14, 2023.

[54]

Weiss, M., and Wichs, D. Is there an oblivious ram lower bound for online reads? Journal of Cryptology 34, 3 (2021), 18.

Digital Library

[55]

Wikipedia ClickStream Dataset. https://dumps.wikimedia.org/other/clickstream/. Accessed July 14, 2023.

[56]

Zhang, Y., Katz, J., and Papamanthou, C. All your queries are belong to us: The power of file-injection attacks on searchable encryption. In USENIX Security Symposium (2016), vol. 2016, pp. 707--720.

Cited By

Zheng LXu LWang CWang SHu YQin ZLi FRen K(2024)SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data StoresProceedings of the VLDB Endowment10.14778/3675034.367503817:10(2445-2458)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.14778/3675034.3675038

Index Terms

Waffle: An Online Oblivious Datastore for Protecting Data Access Patterns
1. Information systems
  1. Data management systems
2. Security and privacy
  1. Database and storage security
    1. Management and querying of encrypted data

Recommendations

Write-only oblivious RAM-based privacy-preserved access of outsourced data

Data outsourcing is plagued with several security and privacy concerns. Oblivious RAM (ORAM) can be used to address one of the many concerns, specifically to protect the privacy of data access pattern from outsourced cloud storage. This is achieved by ...
Protecting privacy in data release
Foundations of security analysis and design VI

The evolution of the Information and Communication Technology has radically changed our electronic lives, making information the key driver for today's society. Every action we perform requires the collection, elaboration, and dissemination of personal ...
Protecting Privacy in Data Release

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Management of Data

Proceedings of the ACM on Management of Data Volume 1, Issue 4

PACMMOD

December 2023

1317 pages

EISSN:2836-6573

DOI:10.1145/3637468

Editor:
Divyakant Agrawal
UC Santa Barbara, United States

Issue’s Table of Contents

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 December 2023

Published in PACMMOD Volume 1, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
112
Total Downloads

Downloads (Last 12 months)112
Downloads (Last 6 weeks)8

Reflects downloads up to 13 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zheng LXu LWang CWang SHu YQin ZLi FRen K(2024)SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data StoresProceedings of the VLDB Endowment10.14778/3675034.367503817:10(2445-2458)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.14778/3675034.3675038

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents