Professional Documents
Culture Documents
Name
Course
Professor
Date
2
Abstract
Remote storage and data access are increasing trends in the computing industry.
However, this remote access and storage bring in a plethora of issues regarding the privacy and
security of the stored data. Data encryption is one of the main solutions to this issue. However,
while encryption is effective in securing the stored data, there remain loopholes that adversaries
can manipulate to get access to other confidential details and information. This is mostly through
the recorded access flow and pattern of users. To solve this issue, Oblivious RAM technology is
introduced to conceal and protect any information that can be deduced from access logs and
patterns. ORAM technology, therefore, hides the instructions or operations carried out on a piece
of data and shuffles the access details hiding information on when or how often data was
accessed. This, therefore, accompanied by encryption ensures that remote data storage and
access are secured as best as they can be from unauthorized access. This paper will take a deeper
Contents
Abstract......................................................................................................................................................2
Introduction...............................................................................................................................................3
Background Research...............................................................................................................................4
History of ORAMs.....................................................................................................................................5
Path ORAM...........................................................................................................................................6
Ring ORAM...........................................................................................................................................8
Literature Review......................................................................................................................................8
Conclusion................................................................................................................................................10
References................................................................................................................................................11
4
Introduction
Cloud computing is one of the many rising trends in the ICT industry. An ever-increasing
number of companies, as well as individuals, are opting for the cloud as the platform of choice
for their IT and data infrastructure needs. Some of these cloud services are availed by service
providers such as Microsoft Azure and Amazon cloud among others (Chang et al., 2016).
However, as efficient as cloud services are, they are plagued with several demerits. One of them,
probably the most significant is the security of the data. This is because cloud technology
increases the instances in which data can be stolen or tampered with. Data can be stolen in the
There are several ways to solve this issue of data theft, loss, and an interception in
outsourced storage and computation services. However, the most natural and common starting
point to solve the issue is through encryption (Fletcher, 2016). Encryption converts the data in
question into a code thus preventing unauthorized access. A common and efficient type of
encryption in this scenario would be client-side encryption. Here, encryption defines two parties,
the untrusted storage server and the client who is trusted. Therefore, data stored in the server, can
not be decrypted by the server or any other users without the necessary decryption key.
However, while encryption does protect the data, it fails spectacularly in protecting other aspects
involved in the access of the data. Therefore, the access pattern is vulnerable, and can effectively
Therefore, to protect the data that can be retrieved from exposed access patterns,
Oblivious RAMs (ORAMs) are used. An Oblivious RAM (ORAM) is an interface between the
physical RAM (client) and the program (servers in cases of outsourced storage). With ORAM,
5
read and write operations are carried out simultaneously, therefore, hiding information on
whether the client or user was reading or writing. The ORAM is also responsible for shuffling
the access details often and randomly. This ensures that adversaries cannot know how often or
frequently you accessed data. Therefore, the ORAM efficiently protects the data as well as its
access patterns.
Background Research
According to Chang et al. (2016), ORAMs were proposed by Goldreich and Ostrovsky.
According to them, their key motivation was to protect software from unauthorized parties who
can observe the memory access patterns of a user. Essentially, Oblivious Random Access
Machines (ORAMs) are compilers. This is in that they turn any program into another program
maintaining its functionality completely but in a way that the access patterns of the ‘new’
program are viewed as independent from the original one (Gagliardoni, 2020). Therefore,
ORAM acts as more of a simulator that the user or client (CPU) views as a memory interface.
The workflow of an ORAM scheme generally looks like the following. First, given the
location or index of a data subset in a remote database, access the subset or the location where it
is stored. The second step is downloading the given data to the location (Gagliardoni, 2020).
Decrypt the download and perform the desired operations on the data (read or write). The fourth
step is shuffling of the elements in the data subset operated on. The CPU on the client end will
keep track of the element positions using an internal state. The fifth step s re-encrypting the data
using the same key and code as before then re-upload the new data subset (Gagliardoni, 2020).
6
History of ORAMs
This chapter will discuss the history of ORAMs. The aim here is to delineate the
evolution of ORAMs by describing the three main schemes that have been in use over the years.
This was the first ORAM scheme, initiated in 1987 by Goldreich. He aimed to address
software IP theft which was increasingly becoming an issue. This scheme works by dividing the
server memory into two regions. The main O(N) block region and a shelter with the size O(√N)
blocks. The main region consists of O(N) real blocks and O(√N) dummy blocks and all blocks
are encrypted similarly and shuffled together. The permutations of how the blocks are shuffled
and stored are dependent on the implementation. This ORAM scheme uses hash functions or
The second scheme is the 1996 Hierarchical ORAM. It was proposed by both Goldreich
and Ostrovsky to improve the bandwidth of the previous square root algorithm. This scheme
changes the memory and shelter approach by organizing the server as a pyramid. In the said
pyramid, the arrays are permuted geometrically (i.e., by a given factor). Therefore, compared to
the square root ORAM, each permuted array acts as the main region. This means that it is
parameterized by a hash function and has space set aside for dummy blocks.
The third scheme is the Binary-Tree ORAM, proposed by Shi et al. (2011). This scheme
was developed to reduce the worst-case bandwidth cost brought on by the hierarchical ORAM.
The bandwidth was intended to be reduced to 0(polylogN) blocks. The building block behind
tree ORAM is that instead of blocks having the freedom to be reshuffled into any level of the
pyramid, they will only live in a single predetermined bucket per level. To achieve this, the said
predetermined buckets are connected as if they are binary tree nodes and associated with each of
7
the blocks to a randomly assigned path of buckets. Below is a description of some popular and
Path ORAM
Path ORAM is a novel ORAM algorithm that was proposed by Stefanov et al. (2012).
After its development and introduction in the market, Path ORAM became the most practical
ORAM construction for small client storage and use. As an optimized binary-tree ORAM
scheme, path ORAM stores data in a binary tree structure. Each node (bucket) in the scheme
A key that is kept on the client (let’s call them C) is used to encrypt each block using a
semantically safe symmetric-key encryption technique. From C’s perspective, a data request in
this scheme comes as a tuple (op, id, data). Op refers to a read or a write instruction. The Id is the
database location identifier in the server. Data refers to the output dependent on the op
instruction. A position map, which is a table that links each database location id to a tree leaf
Following the execution of a data request, C searches the position map for the leaf
identifier that corresponds to the block identifier and sends this leaf identifier to the server (let’s
call it S). The identifier, therefore, uniquely pinpoints the leaf in the binary tree and consequently
the entire branch. The identified branch is therefore submitted by S to client C for decryption (if
they have the key). A location identifier and a data chunk are the two components of an
encrypted database block. Except for a specifically specified position identifier (let's say 0),
which indicates an "empty" or "unassigned" block, there cannot be two identical position
Shuffling in the path ORAM scheme is also unique and follows the order of operations
described below. First, the positional mapping guarantees that the desired block is in the branch
transmitted by S (Gagliardoni, 2020). All empty blocks are left untouched and thus not shuffled.
Next, any non-empty block is exchanged for the empty block that is now the branch's furthest
from the root, provided that both of the block's leaf paths overlap the branch. This is repeated for
all blocks. When the desired block is found, it is assigned a new random value as its identifier. If
no vacant blocks are discovered, C temporarily stores the shuffled block locally in an "overflow
stash" and replaces it with a fresh empty block. It can be demonstrated that the size of this
2020). Try to reassign blocks temporarily kept in the stash to freshly created empty blocks in the
branch after all the blocks have been handled in this manner in order to flush the stash. The
According to Stefanov et al. (2012), Path ORAM presents simplicity and practical
efficiency. They did, however, state that its simplicity could not be quantified. Despite this,
Stefanov et al. (2012) did prove how efficient the scheme was stating that it achieved asymptotic
efficiency. For a reasonably large block size (e.g., 4KB blocks), to gain access to a single logical
block, client C, will require O (log N) physical blocks in order to effectively hide the access
patterns from the storage server. This provides efficiency in that the failure probability is
Ring ORAM
Using new insights and techniques, an improved version of the path ORAM known as the
Ring ORAM was proposed in 2015. This scheme achieves up to 4 times better bandwidth
9
compared to path ORAM and allows for tuning of the local client memory dependent on the
With Ring ORAM, the bandwidth is increased by separating it from the bucket size,
therefore, making it independent. Unlike in Path ORAM where all blocks will be accessed and
read or written, in Ring ORAM only one block is acted upon (Thoresen, 2019). Ring ORAM
also employs a superior eviction method. This method relies on doing evictions on paths in
lexicographical order rather than the path that has been accessed most recently. This disperses
eviction paths across the tree more uniformly. Evictions can therefore occur less frequently while
Literature Review
Oblivious Random-Access Machine, ORAM, refers to the technology and the technique
used to anonymize the access flow and patterns between a trusted component, client, and
untrusted storage facility or device. This technology has been around for a while since its
conception by Goldreich and Ostrovsky. ORAMs have undergone immense changes and
development over the years and the work is still being done. Here, we will discuss some research
that has been carried out on ORAMs by various parties aiming to achieve various results.
ORAMs provide very much-needed data privacy and confidentiality. However, this
storage in a system. Pinkas & Reinman (2010), try t solve the overhead issue that Oblivious
ORAMs bring about. They base their solution on the Goldreich-Ostrovsky hierarchical solution.
They use components such as randomized shell sort, cuckoo hashing, and pseudo-random
permutation as building blocks for their protocol. By optimizing several processes such as
10
reshuffling and sorting, the results showed that they reduced overhead in the hierarchical scheme
to about 37% which saved about 65%. Although conducted as far back as 2010, this experiment
was effective in that it helped change how ORAM development is viewed and approached.
Rajat et al. (2022) present the Look Ahead ORAM (LAORAM) a framework that is
designed specifically to protect the user’s privacy and data during embedding table training.
LAORAM takes advantage of the special quality of training, which is the knowledge of the
future training samples. In order to determine the memory blocks that will likely be accessed
jointly in the near future, LAORAM preprocesses the training samples (securely without
disclosing the entry values). In the PathORAM infrastructure, the system aims to assign these
blocks to as few paths as feasible. By combining several blocks that are accessed collectively as
superblocks, LAORAM performs this function. This significantly lowers the number of reads
and writes the framework needs to perform to satisfy future accesses to a set of blocks.
Chang et al. (2016) identify an issue with ORAMs stating that despite there being a
plethora of ORAM schemes and protocols, they have never been compared and tested along
large databases. Therefore, a study is carried out to provide a thorough investigation of several
practical ORAM constructions and protocols. The study provides insight into the performance
characteristics of these ORAM constructions comparing their efficiency, cost, and scalability
(Chang et al., 2016). The study was a successful one and the author’s identified Path ORAM and
TP ORAM as the best constructions in terms of performance. The study also shows that while
Basic-SR and Basic-HR are poor performance, they make up for it in that their storage overhead
is reduced only requiring O (1) client storage. The authors also provide a prediction in that IBS-
11
SR, TP-ORAM, and Path-ORAM will be the most used protocols before new ones are launched.
This study provides great insight into the working of various ORAM schemes and protocols.
This was a much-needed literary work as it offers a comparison of the various characteristics of
ORAMs.
Conclusion
This paper provides a general but detailed view of ORAM technology. With the ever-
increasing threats to the security of the user data, there is no doubt that Oblivious RAMs provide
the best solution to the issue in terms of remote data access and storage. However, it is not a
perfect solution and with development being made even by hackers and other malicious parties,
ORAM technology needs to evolve too to keep up to date. From the paper, we have seen how
developments have been made over the years which need to go. More research needs to be done
in the field on how to optimize the available ORAM algorithms and protocols as well as develop
References
Chang, Z., Xie, D., & Li, F. (2016). Oblivious Ram. Proceedings of the VLDB Endowment,
INSTITUTE OF TECHNOLOGY.
Gagliardoni, T. (2020, April 21). An introduction to oblivious RAM (oram). Kudelski Security
https://research.kudelskisecurity.com/2020/04/22/an-introduction-to-oblivious-ram-oram/
Pinkas, B., & Reinman, T. (2010). Oblivious ram revisited. Advances in Cryptology –
Rajat, R., Wang, Y., & Annavaram, M. (2022). LAORAM: A Look Ahead ORAM
Shi, E., Chan, T.-H., Stefanov, E., & Li, M. (2011). Oblivious Ram with O((logN)3) worst-
642-25385-0_11
Stefanov, E., Dijk, M. V., Shi, E., Chan, T.-H. H., Fletcher, C., Ren, L., Yu, X., & Devadas,
Technology.