MU-ORAM: Dealing with Stealthy Privacy Attacks in Multi-User Data Outsourcing Services

Outsourcing data to remote storage servers has become more andmore popular, but the related security and privacy concerns havealso been raised. To protect the pattern in which a user accessesthe outsourced data, various oblivious RAM (ORAM) construc-tions have been designed. However, when existing ORAM designsare extended to support multi-user scenarios, they become vulner-able to stealthy privacy attacks targeted at revealing the data accesspatterns of innocent users, even if only one curious or compro-mised user colludes with the storage server. To study the feasibilityand costs of overcoming the above limitation, this paper proposes anew ORAM construction called Multi-User ORAM (MU-ORAM),which is resilient to stealthy privacy attacks. The key ideas in thedesign are (i) introduce a chain of proxies to act as a common inter-face between users and the storage server, (ii) distribute the sharesof the system secrets delicately to the proxies and users, and (iii)enable a user and/or the proxies to collaboratively query and shuffledata. Through extensive security analysis, we quantify the strengthof MU-ORAM in protecting the data access patterns of innocentusers from attacks, under the assumption that the server, users, andsome but not all proxies can be curious but honest, compromisedand colluding. Cost analysis has been conducted to quantify theextra overhead incurred by the MU-ORAM design.