Multi-user sharing ORAM scheme based on attribute encryption
FU Wei1, GU Chenyang1, GAO Qiang2
1. Department of Information Security, Naval University of Engineering, Wuhan Hubei 430033, China; 2. Command and Support Brigade, Naval Staff, Beijing 100841, China
Abstract:Oblivious Random Access Machine (ORAM) is one of the key technologies to protect the privacy security of the user access behaviors. However, existing ORAM schemes mainly focus on the single-user access requirements and cannot support data sharing between multiple users. Combined with Ring ORAM scheme and Attribute Based Encryption (ABE) technology, a multi-user sharing ORAM scheme was designed and implemented based on attribute encryption, namely ABE-M-ORAM. Attribute encryption was adopted to achieve the fine-grained access control, which can not only protect user access behavior security, but also realize the convenient data sharing between different users. Theoretical analysis and simulation experiments verify the high security, practicability and good access performance of the proposed scheme.
[1] 李树凤. 抗访问模式泄露的ORAM技术研究[D]. 济南:山东大学,2016:9-22. (LI S F. Research on ORAM technique to protect data acess pattern[D]. Jinan:Shandong University,2016:9-22.) [2] STEFANOV E,SHI E,SONG D. Towards practical oblivious RAM[EB/OL].[2019-02-12]. http://www.dhosa.org/wp-content/uploads/2012/08/towards-oram.pdf. [3] SHI E,CHAN T H H,STEFANOV E,et al. Oblivious RAM with O((log N) 3)worst-case cost[C]//Proceedings of the 2011 International Conference on the Theory and Application of Cryptology and Information Security, LNCS 7073. Berlin:Springer, 2011:197-214.. [4] ZAHUR S,WANG X,RAYKOVA M,et al. Revisiting square-root ORAM:efficient random access in multi-party computation[C]//Proceedings of the 2016 IEEE Symposium on Security and Privacy. Piscataway:IEEE,2016:218-234. [5] ZHANG J,MA Q,ZHANG W,et al. TSKT-ORAM:a two-server k-ary tree ORAM for access pattern protection in cloud storage[C]//Proceedings of the 2016 IEEE Military Communications Conference. Piscataway:IEEE,2016:527-532. [6] BINDSCHAEDLER V,NAVEED M,PAN X,et al. Practicing oblivious access on cloud storage:the gap,the fallacy,and the new way forward[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2015:837-849. [7] LIU Z,HUANG Y,LI J,et al. DivORAM:towards a practical oblivious RAM with variable block size[J]. Information Sciences, 2018,447:1-11. [8] 苑丹丹. 基于ORAM的隐私保护数据共享方案研究[D]. 济南:山东大学,2018:12-32. (YUAN D D. Research on data sharing scheme of privacy protection based on ORAM[D]. Jinan:Shandong University,2018:12-32.) [9] 熊露. 基于属性加密的访问结构隐藏技术研究[D]. 成都:西南交通大学,2018:15-19. (XIONG L. Research of the access structure hiding technology based on attribute encryption[D]. Chengdu:Southwest Jiaotong University,2018:15-19.) [10] ZHANG J,ZHANG W,QIAO D. A multi-user oblivious RAM for outsourced data[R]. Iowa State University,2014. [11] 史慧丽. 基于属性的云存储访问控制机制研究[D]. 重庆:重庆邮电大学,2016:22-26. (SHI H L. Research on access control mechanism of cloud storage based on attribute[D]. Chongqing:Chongqing University of Posts and Telecommunications,2016:22-26.) [12] 刘秀彬. 基于云计算的属性加密访问控制研究[J]. 无线互联科技,2017(12):30-31. (LIU X B. Research on attribute encryption access control based on cloud computing[J]. Wireless Internet Technology,2017(12):30-31.) [13] BETHENCOURT J,SAHAI A,WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2007; 321-334. [14] SAHAI A,WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques,LNCS 3494. Berlin:Springer,2005:457-473. [15] GOYAL V,PANDEY O,SAHAI A,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM,2006:89-98. [16] REN L,FLETCHER C,KWON A,et al. Constants count:practical improvements to oblivious RAM[C]//Proceedings of the 24th USENIX Security Symposium. Berkeley,CA:USENIX Association,2015:415-430. [17] DAUTRICH J,STEFANOV E,SHI E. Burst ORAM:minimizing ORAM response times for bursty access patterns[C]//Proceedings of the 23rd USENIX Security Symposium. Berkeley:USENIX Association,2014:749-764. [18] MAAS M,LOVE E,STEFANOV E,et al. PHANTOM:practical oblivious computation in a secure processor[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM,2013:311-324. [19] 张少波, 王国军, 刘琴, 等. 基于多匿名器的轨迹隐私保护方法[J]. 计算机研究与发展,2019,56(3):576-584.(ZHANG S B, WANG G J,LIU Q,et al. Trajectory privacy protection method based on multi-anonymizer[J]. Journal of Computer Research and Development,2019,56(3):576-584.) [20] NAKAMURA Y,SAWAGUCHI S,NISHI H. Implementation and evaluation of an FPGA-based network data anonymizer[J]. IEEJ Transactions on Electrical and Electronic Engineering,2017,12(S1):S134-S140. [21] 孙晓妮, 蒋瀚, 徐秋亮. 基于二叉树存储的多用户ORAM方案[J]. 软件学报,2016,27(6):1475-1486. (SUN X N,JIANG H,XU Q L. Multi-user binary tree based ORAM scheme[J]. Journal of Software,2016,27(6):1475-1486.) [22] 吴杰铭. 基于属性加密算法的云存储研究[D]. 深圳:深圳大学,2017:14-22. (WU J M. Research on cloud storage based on attribute encryption algorithm[D]. Shenzhen:Shenzhen University,2017:14-22.)