Write-once read-many oblivious RAM

Bogdan Carbunar; Radu Sion

doi:10.1109/TIFS.2011.2160169

Write-once read-many oblivious RAM

Bogdan Carbunar
, Radu Sion

Computer Science

Florida International University

Research output: Contribution to journal › Article › peer-review

4 Scopus citations

Abstract

We introduce WORM-ORAM, a first mechanism that combines Oblivious RAM (ORAM) access privacy and data confidentiality with Write-Once Read-Many (WORM) regulatory data retention guarantees. Clients can outsource their database to a server with full confidentiality and data access privacy, and, for data retention, the server ensures client access WORM semantics. In general simple confidentiality and WORM assurances are easily achievable, e.g., via an encrypted outsourced data repository with server-enforced read-only access to existing records (albeit encrypted). However, this becomes hard when also access privacy is to be ensuredwhen client access patterns are necessarily hidden and the server cannot enforce access control directly. WORM-ORAM overcomes this by deploying a set of zero-knowledge proofs to convince the server that all stages of the protocol are WORM-compliant.

Original language	English
Article number	5898408
Pages (from-to)	1394-1403
Number of pages	10
Journal	IEEE Transactions on Information Forensics and Security
Volume	6
Issue number	4
DOIs	https://doi.org/10.1109/TIFS.2011.2160169
State	Published - Dec 2011

Access to Document

10.1109/TIFS.2011.2160169

Cite this

@article{f8f9e84dd664477c84afdcf5ddbb97f5,

title = "Write-once read-many oblivious RAM",

abstract = "We introduce WORM-ORAM, a first mechanism that combines Oblivious RAM (ORAM) access privacy and data confidentiality with Write-Once Read-Many (WORM) regulatory data retention guarantees. Clients can outsource their database to a server with full confidentiality and data access privacy, and, for data retention, the server ensures client access WORM semantics. In general simple confidentiality and WORM assurances are easily achievable, e.g., via an encrypted outsourced data repository with server-enforced read-only access to existing records (albeit encrypted). However, this becomes hard when also access privacy is to be ensuredwhen client access patterns are necessarily hidden and the server cannot enforce access control directly. WORM-ORAM overcomes this by deploying a set of zero-knowledge proofs to convince the server that all stages of the protocol are WORM-compliant.",

author = "Bogdan Carbunar and Radu Sion",

year = "2011",

month = dec,

doi = "10.1109/TIFS.2011.2160169",

language = "English",

volume = "6",

pages = "1394--1403",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

number = "4",

}

TY - JOUR

T1 - Write-once read-many oblivious RAM

AU - Carbunar, Bogdan

AU - Sion, Radu

PY - 2011/12

Y1 - 2011/12

N2 - We introduce WORM-ORAM, a first mechanism that combines Oblivious RAM (ORAM) access privacy and data confidentiality with Write-Once Read-Many (WORM) regulatory data retention guarantees. Clients can outsource their database to a server with full confidentiality and data access privacy, and, for data retention, the server ensures client access WORM semantics. In general simple confidentiality and WORM assurances are easily achievable, e.g., via an encrypted outsourced data repository with server-enforced read-only access to existing records (albeit encrypted). However, this becomes hard when also access privacy is to be ensuredwhen client access patterns are necessarily hidden and the server cannot enforce access control directly. WORM-ORAM overcomes this by deploying a set of zero-knowledge proofs to convince the server that all stages of the protocol are WORM-compliant.

AB - We introduce WORM-ORAM, a first mechanism that combines Oblivious RAM (ORAM) access privacy and data confidentiality with Write-Once Read-Many (WORM) regulatory data retention guarantees. Clients can outsource their database to a server with full confidentiality and data access privacy, and, for data retention, the server ensures client access WORM semantics. In general simple confidentiality and WORM assurances are easily achievable, e.g., via an encrypted outsourced data repository with server-enforced read-only access to existing records (albeit encrypted). However, this becomes hard when also access privacy is to be ensuredwhen client access patterns are necessarily hidden and the server cannot enforce access control directly. WORM-ORAM overcomes this by deploying a set of zero-knowledge proofs to convince the server that all stages of the protocol are WORM-compliant.

UR - https://www.scopus.com/pages/publications/82055176922

U2 - 10.1109/TIFS.2011.2160169

DO - 10.1109/TIFS.2011.2160169

M3 - Article

AN - SCOPUS:82055176922

SN - 1556-6013

VL - 6

SP - 1394

EP - 1403

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

IS - 4

M1 - 5898408

ER -

Write-once read-many oblivious RAM

Abstract

Access to Document

Other files and links

Fingerprint

Cite this