research-article

Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM

Authors:

Christopher W. Fletcher,

Marten van Dijk,

Srinivas DevadasAuthors Info & Claims

ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 103 - 116

https://doi.org/10.1145/2694344.2694353

Published: 14 March 2015 Publication History

Abstract

Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. Recently, ORAM has been architected into secure processors. A big challenge for hardware ORAM schemes is how to efficiently manage the Position Map (PosMap), a central component in modern ORAM algorithms. Implemented naively, the PosMap causes ORAM to be fundamentally unscalable in terms of on-chip area. On the other hand, a technique called Recursive ORAM fixes the area problem yet significantly increases ORAM's performance overhead.

To address this challenge, we propose three new mechanisms. We propose a new ORAM structure called the PosMap Lookaside Buffer (PLB) and PosMap compression techniques to reduce the performance overhead from Recursive ORAM empirically (the latter also improves the construction asymptotically). Through simulation, we show that these techniques reduce the memory bandwidth overhead needed to support recursion by 95%, reduce overall ORAM bandwidth by 37% and improve overall SPEC benchmark performance by 1.27x. We then show how our PosMap compression techniques further facilitate an extremely efficient integrity verification scheme for ORAM which we call PosMap MAC (PMMAC). For a practical parameterization, PMMAC reduces the amount of hashing needed for integrity checking by >= 68x relative to prior schemes and introduces only 7% performance overhead.

We prototype our mechanisms in hardware and report area and clock frequency for a complete ORAM design post-synthesis and post-layout using an ASIC flow in a 32~nm commercial process. With 2 DRAM channels, the design post-layout runs at 1~GHz and has a total area of .47~mm2. Depending on PLB-specific parameters, the PLB accounts for 10% to 26% area. PMMAC costs 12% of total design area. Our work is the first to prototype Recursive ORAM or ORAM with any integrity scheme in hardware.

References

[1]

Open cores. http://opencores.org/.

[2]

D. Apon, J. Katz, E. Shi, and A. Thiruvengadam. Verifiable oblivious storage. In PKC. 2014.

Digital Library

[3]

M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In CRYPTO, 1996.

Digital Library

[4]

D. Boneh, D. Mazieres, and R. A. Popa. Remote oblivious storage: Making oblivious RAM practical. Manuscript, http://dspace.mit.edu/bitstream/handle/1721.1/62006/MIT-CSAIL-TR-2011-0%18.pdf, 2011.

[5]

I. Damgård, S. Meldgaard, and J. B. Nielsen. Perfectly secure oblivious RAM without random oracles. In TCC, 2011.

[6]

C. Fletcher, L. Ren, X. Yu, M. Van Dijk, O. Khan, and S. Devadas. Suppressing the oblivious ram timing channel while making information leakage and program efficiency trade-offs. In HPCA, 2014.

[7]

C. Fletcher, M. van Dijk, and S. Devadas. Secure Processor Architecture for Encrypted Computation on Untrusted Programs. In STC, 2012.

Digital Library

[8]

C. Gentry, K. A. Goldman, S. Halevi, C. S. Jutla, M. Raykova, and D. Wichs. Optimizing oram and using it efficiently for secure computation. In PET, 2013.

[9]

O. Goldreich. Towards a theory of software protection and simulation on oblivious rams. In STOC, 1987.

Digital Library

[10]

O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, 1986.

Digital Library

[11]

O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. In Journal of the ACM, 1996.

Digital Library

[12]

M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Oblivious ram simulation with efficient worst-case access overhead. In CCSW, New York, NY, 2011.

Digital Library

[13]

M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Practical oblivious storage. In CODASPY, New York, NY, 2012.

Digital Library

[14]

M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Privacy-preserving group data access via stateless oblivious RAM simulation. In SODA, 2012.

Digital Library

[15]

J. L. Henning. Spec cpu2006 benchmark descriptions. Computer Architecture News, 2006.

Digital Library

[16]

M. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In NDSS, 2012.

[17]

H. Krawczyk. The order of encryption and authentication for protecting communications (or: How secure is ssl?). In CRYPTO, 2001.

Digital Library

[18]

E. Kushilevitz, S. Lu, and R. Ostrovsky. On the (in) security of hash-based oblivious ram and a new balancing scheme. In SODA, 2012.

Digital Library

[19]

H. Lipmaa, P. Rogaway, and D. Wagner. Comments to NIST concerning AES-modes of operations: CTR-mode encryption. In Symmetric Key Block Cipher Modes of Operation Workshop, 2000.

[20]

C. Liu, M. Hicks, and E. Shi. Memory trace oblivious program execution. In CSF, 2013.

Digital Library

[21]

M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, and D. Song. Phantom: Practical oblivious computation in a secure processor. In CCS, 2013.

Digital Library

[22]

J. E. Miller, H. Kasture, G. Kurian, C. G. III, N. Beckmann, C. Celio, J. Eastep, and A. Agarwal. Graphite: A Distributed Parallel Simulator for Multicores. In HPCA, 2010.

[23]

R. Ostrovsky. Efficient computation on oblivious rams. In STOC, 1990.

Digital Library

[24]

R. Ostrovsky and V. Shoup. Private information storage (extended abstract). In STOC, 1997.

Digital Library

[25]

L. Ren, C. Fletcher, X. Yu, M. van Dijk, and S. Devadas. Integrity verification for path oblivious-ram. In HPCA, 2013.

[26]

L. Ren, X. Yu, C. Fletcher, M. van Dijk, and S. Devadas. Design space exploration and optimization of path oblivious ram in secure processors. In ISCA, 2013.

Digital Library

[27]

B. Rogers, S. Chhabra, M. Prvulovic, and Y. Solihin. Using address independent seed encryption and bonsai merkle trees to make secure processors os- and performance-friendly. In MICRO, 2007.

Digital Library

[28]

P. Rosenfeld, E. Cooper-Balis, and B. Jacob. Dramsim2: A cycle accurate memory system simulator. Computer Architecture Letters, 2011.

Digital Library

[29]

L. F. G. Sarmenta, M. van Dijk, C. W. O'Donnell, J. Rhodes, and S. Devadas. Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS. In STC, 2006.

Digital Library

[30]

E. Shi, T.-H. H. Chan, E. Stefanov, and M. Li. Oblivious ram with o((log n)^3) worst-case cost. In Asiacrypt, 2011.

Digital Library

[31]

E. Stefanov and E. Shi. Oblivistore: High performance oblivious cloud storage. In S&P, 2013.

Digital Library

[32]

E. Stefanov, E. Shi, and D. Song. Towards practical oblivious RAM. In NDSS, 2012.

[33]

E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path oram: An extremely simple oblivious ram protocol. volume abs/1202.5150, 2012.

[34]

E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path oram: An extremely simple oblivious ram protocol. In CCS, 2013.

Digital Library

[35]

X. Wang, K. Nayak, C. Liu, E. Shi, E. Stefanov, and Y. Huang. Oblivious data structures. IACR, 2014.

Digital Library

[36]

P. Williams and R. Sion. Single round access privacy on outsourced storage. In CCS, 2012.

Digital Library

[37]

C. Yan, D. Englender, M. Prvulovic, B. Rogers, and Y. Solihin. Improving cost, performance, and security of memory encryption and authentication. Computer Architecture News, 2006.

Digital Library

[38]

X. Yu, C. W. Fletcher, L. Ren, M. van Dijk, and S. Devadas. Generalized external interaction with tamper-resistant hardware with bounded information leakage. In CCSW, 2013.

Digital Library

[39]

X. Zhuang, T. Zhang, and S. Pande. HIDE: an infrastructure for efficiently protecting information leakage on the address bus. In ASPLOS, 2004.

Digital Library

Cited By

Hayashibara NKawabata K(2024)Caching and Prefetching for Improving ORAM Performance2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)10.1109/DSN-W60302.2024.00016(17-20)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN-W60302.2024.00016
Zhu JLi MZhang XBu KZhang MSong T(2023)Hitchhiker: Accelerating ORAM With Dynamic SchedulingIEEE Transactions on Computers10.1109/TC.2023.324827272:8(2321-2335)Online publication date: 1-Aug-2023
https://doi.org/10.1109/TC.2023.3248272
Raoufi MYang JTang XZhang Y(2023)AB-ORAM: Constructing Adjustable Buckets for Space Reduction in Ring ORAM2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10071064(361-373)Online publication date: Feb-2023
https://doi.org/10.1109/HPCA56546.2023.10071064
Show More Cited By

Index Terms

Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM
1. Hardware
  1. Communication hardware, interfaces and storage

Recommendations

Path ORAM: An Extremely Simple Oblivious RAM Protocol
Distributed Computing, Cryptography, Distributed Computing, Cryptography, Coding Theory, Automata Theory, Complexity Theory, Programming Languages, Algorithms, Invited Paper Foreword and Databases

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM ...
Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM
ASPLOS'15

Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. Recently, ORAM has been architected into secure processors. A big challenge for hardware ORAM schemes is how to efficiently manage the ...
Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM
ASPLOS '15

Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. Recently, ORAM has been architected into secure processors. A big challenge for hardware ORAM schemes is how to efficiently manage the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '15: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems

March 2015

720 pages

ISBN:9781450328357

DOI:10.1145/2694344

General Chairs:
Ozcan Ozturk
Bilkent University, Turkey
,
Kemal Ebcioglu
Global Supercomputing, USA
,
Program Chair:
Sandhya Dwarkadas
University of Rochester, USA

ACM SIGARCH Computer Architecture News Volume 43, Issue 1
ASPLOS'15
March 2015
676 pages
ISSN:0163-5964
DOI:10.1145/2786763
Editor:
Doug DeGroot
acm dot org
Issue’s Table of Contents
ACM SIGPLAN Notices Volume 50, Issue 4
ASPLOS '15
April 2015
676 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2775054
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 March 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ASPLOS '15

Sponsor:

ASPLOS '15: Architectural Support for Programming Languages and Operating Systems

March 14 - 18, 2015

Istanbul, Turkey

Acceptance Rates

ASPLOS '15 Paper Acceptance Rate 48 of 287 submissions, 17%;

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

84
Total Citations
View Citations
560
Total Downloads

Downloads (Last 12 months)58
Downloads (Last 6 weeks)15

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hayashibara NKawabata K(2024)Caching and Prefetching for Improving ORAM Performance2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)10.1109/DSN-W60302.2024.00016(17-20)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN-W60302.2024.00016
Zhu JLi MZhang XBu KZhang MSong T(2023)Hitchhiker: Accelerating ORAM With Dynamic SchedulingIEEE Transactions on Computers10.1109/TC.2023.324827272:8(2321-2335)Online publication date: 1-Aug-2023
https://doi.org/10.1109/TC.2023.3248272
Raoufi MYang JTang XZhang Y(2023)AB-ORAM: Constructing Adjustable Buckets for Space Reduction in Ring ORAM2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10071064(361-373)Online publication date: Feb-2023
https://doi.org/10.1109/HPCA56546.2023.10071064
Fakhrzadehgan ARamrakhyani PQureshi MErez M(2023)SecDDR: Enabling Low-Cost Secure Memories by Protecting the DDR Interface2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00016(14-27)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00016
Raoufi MYang JTang XZhang Y(2023)EP-ORAM: Efficient NVM-Friendly Path Eviction for Ring ORAM in Hybrid Memory2023 60th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC56929.2023.10247714(1-6)Online publication date: 9-Jul-2023
https://doi.org/10.1109/DAC56929.2023.10247714
Mathialagan S(2023)Memory Checking for Parallel RAMsTheory of Cryptography10.1007/978-3-031-48618-0_15(436-464)Online publication date: 29-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-48618-0_15
Mathialagan SVafa N(2023)MacORAMa: Optimal Oblivious RAM with IntegrityAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38551-3_4(95-127)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38551-3_4
Asharov GKomargodski ILin WNayak KPeserico EShi E(2022)OptORAMa: Optimal Oblivious RAMJournal of the ACM10.1145/356604970:1(1-70)Online publication date: 19-Dec-2022
https://dl.acm.org/doi/10.1145/3566049
Kuang JShen MLu YXiao NOshana R(2022)Exploiting data locality in memory for ORAM to reduce memory access overheadsProceedings of the 59th ACM/IEEE Design Automation Conference10.1145/3489517.3530547(703-708)Online publication date: 10-Jul-2022
https://dl.acm.org/doi/10.1145/3489517.3530547
Liu GLi KXiao ZWang RSalapura VZahran MChong FTang L(2022)PS-ORAMProceedings of the 49th Annual International Symposium on Computer Architecture10.1145/3470496.3527425(188-203)Online publication date: 18-Jun-2022
https://dl.acm.org/doi/10.1145/3470496.3527425
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents