Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns
نویسندگان
چکیده
We present Burst ORAM, the first oblivious cloud storage system to achieve both practical response times and low total bandwidth consumption for bursty workloads. For real-world workloads, Burst ORAM can attain response times that are nearly optimal and orders of magnitude lower than the best existing ORAM systems by reducing online bandwidth costs and aggressively rescheduling shuffling work to delay the bulk of the IO until idle periods. We evaluate our design on an enterprise file system trace with about 7,500 clients over a 15 day period, comparing to an insecure baseline encrypted block store without ORAM. We show that when baseline response times are low, Burst ORAM response times are comparably low. In a 32TB ORAM with 50ms network latency and sufficient bandwidth capacity to ensure 90% of requests have baseline response times under 53ms, 90% of Burst ORAM requests have response times under 63ms, while requiring only 30 times the total bandwidth consumption of the insecure baseline. Similarly, with sufficient bandwidth to ensure 99.9% of requests have baseline responses under 70ms, 99.9% of Burst ORAM requests have response times under 76ms.
منابع مشابه
Ring ORAM: Closing the Gap Between Small and Large Client Storage Oblivious RAM
We present Ring ORAM, a simple and low-latency ORAM construction that can be parameterized for either small or large client storage. Simply by tuning parameters, Ring ORAM matches or exceeds the performance of the best-known small and large client storage schemes and can achieve a constant factor online bandwidth overhead over insecure systems. We evaluate Ring ORAM in theory and in practice. O...
متن کاملConstants Count: Practical Improvements to Oblivious RAM
Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. This paper proposes Ring ORAM, the most bandwidth-efficient ORAM scheme for the small client storage setting in both theory and practice. Ring ORAM is the first tree-based ORAM whose bandwidth is independent of the ORAM bucket size, a property that unlocks multiple performance impro...
متن کاملUnified Oblivious-RAM: Improving Recursive ORAM with Locality and Pseudorandomness
Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns to untrusted storage. ORAM may be used in secure processors for encrypted computation and/or software protection. While recursive Path ORAM is currently the most practical ORAM for secure processors, it still incurs large performance and energy overhead and is the performance bottleneck of recently proposed secu...
متن کاملFreecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM Citation
Oblivious RAM (ORAM) is a cryptographic primitive that hides memory access patterns as seen by untrusted storage. Recently, ORAM has been architected into secure processors. A big challenge for hardware ORAM schemes is how to efficiently manage the Position Map (PosMap), a central component in modern ORAM algorithms. Implemented naı̈vely, the PosMap causes ORAM to be fundamentally unscalable in ...
متن کاملSORAM: A Computation-Efficient and Constant Client Bandwidth Blowup ORAM with Shamir Secret Sharing∗
Oblivious Random Access Machine (ORAM) enables a client to access her data without leaking her access patterns. Existing client-efficient ORAMs either achieve O(logN) client-server communication blowup without heavy computation, or O(1) blowup but with expensive homomorphic encryptions. It has been shown that O(logN) bandwidth blowup might not be practical for certain applications, while scheme...
متن کامل