不经意随机访问机研究综述

Survey of Oblivious RAM

随着云计算与大数据技术的发展,隐私保护越来越受到人们的关注.加密是一种常见的保护数据隐私的方法,但是单纯地利用加密手段并不能抵抗所有类型的攻击.攻击者可以通过观察用户对数据的访问模式来推断隐私信息,其中包括数据的重要程度、数据的关联性,甚至是加密数据的内容等.不经意随机访问机是一种重要的保护访问模式的手段,它通过混淆每一次访问过程,使其与随机访问不可区分,从而保护真实访问中的访问操作、访问位置等信息.不经意随机访问机在安全云存储系统以及安全计算领域有着非常重要的作用.利用不经意随机访问机可以降低攻击者通过访问模式推测隐私信息的可能性,减小系统受到的攻击面,从而提供更安全更完整的服务.对不经意随机访问机的研究与应用进行综述,主要介绍了不经意随机访问机的相关概念以及设计方法,重点分析并总结了目前学术界研究的性能优化的常见策略及其优劣性,主要包括针对客户端与服务器的平均带宽与最坏情况带宽优化、存储开销优化以及交互轮数优化等方面.同时讨论了将不经意随机访问机应用于安全存储系统的一般性问题,如数据完整性保护以及支持多用户并发访问等,也讨论了将其应用于安全计算领域的问题,如安全计算协议设计以及不经意数据结构的设计等;最后,对不经意随机访问机未来的研究方向进行了展望.

With the development of cloud computing and big data technology,privacy protection draws more people＇s attention. Data encryption is a common way to protect data privacy,but solely using encryption cannot resist all types of attacks. Adversary can observe the access pattern on how users access to the data,to infer the private information including the importance of the data,the relevance between the data and even the plaintext of encrypted data. Oblivious RAM（ORAM） is an important method to protect the access pattern,including access operations and access locations,by obscuring an actual access,which makes adversary unable to distinguish it from a random one. ORAM makes an important role in designing secure cloud storage systems and secure computation. ORAM can reduce the possibility of the adversary inferring the private information through the access pattern and reduce the attack surface of the system,so as to provide a safer and more complete service. This paper summarizes the researches and application settings of the ORAM,mainly introducing the relevant concepts of the model as well as design methods with focus placed on analyzing and summarizing common strategies to optimize the model and their advantages and disadvantages,as well as optimizations for amortized and worst-case bandwidth between client and server,storage overheads reduction and round-trips reduction. Moreover,this paper discusses general issues of the ORAM used for secure storage system designing including data integrity and concurrent accesses for multi-clients. The paper also discusses some issues of the ORAM used for secure computation,including secure computation protocols designing and oblivious data structure designing,and finally makes a conclusion for the future research directions of the ORAM.