CN110830561A - Multi-user ORAM access system and method under asynchronous network environment - Google Patents

Multi-user ORAM access system and method under asynchronous network environment Download PDF

Info

Publication number
CN110830561A
CN110830561A CN201911029233.3A CN201911029233A CN110830561A CN 110830561 A CN110830561 A CN 110830561A CN 201911029233 A CN201911029233 A CN 201911029233A CN 110830561 A CN110830561 A CN 110830561A
Authority
CN
China
Prior art keywords
data
server
data block
path
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911029233.3A
Other languages
Chinese (zh)
Other versions
CN110830561B (en
Inventor
曾令仿
桑大邹
程稳
李春艳
熊美珍
王芳
冯丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201911029233.3A priority Critical patent/CN110830561B/en
Publication of CN110830561A publication Critical patent/CN110830561A/en
Application granted granted Critical
Publication of CN110830561B publication Critical patent/CN110830561B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Abstract

The invention discloses a multi-user ORAM access system and a multi-user ORAM access method in an asynchronous network environment, and belongs to the technical field of information security. The invention selects 'no-eviction' data write-back, divides the barrel data into 'true' data area and 'false' data area, writes the data back to the 'true' data area of the destination barrel node when the client end writes back, for other barrel nodes on the path, randomly selects a position to write in the 'true' data area and the 'false' data area which can be written in, directly determines the data write-back path and position at the client end, reduces the whole data access consumption by slight 'client end' calculation and storage consumption, achieves the whole average bandwidth amplification really close to 0(1), and guarantees the safety of the system at the same time. And a selection vector is constructed by adopting a Shamir secret sharing algorithm to search data, the intermediate data of each server is a value calculated by the secret sharing algorithm, and compared with the previous similar work, the complex homomorphic encryption process is not needed, so that the practicability of the ORAM is greatly improved.

Description

Multi-user ORAM access system and method under asynchronous network environment
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a multi-user ORAM access system and a multi-user ORAM access method in an asynchronous network environment.
Background
The rapid development of cloud computing enables more and more data to be stored on the cloud, and brings convenience and a series of security problems. Traditional encryption can guarantee the security of data content, but it is not enough to completely guarantee the data privacy by means of encryption alone, because the access pattern (Accesspattern), i.e. the sequence of address accesses and the operation behavior on the address of the client to the server, can reveal a lot of sensitive information of the client. At present, the technology of the random access machine (ORAM) is an important access mode protection technology.
However, since ORAM was proposed and then developed to today, the ORAM scheme is still difficult to apply to business or real life because of its huge bandwidth consumption and its distance from the actual single user node design. Since the birth of ORAM technology, the ORAM scheme S has a lower bandwidth limit of O (log N), and the current best single-user node3ORAM achieves O (1) bandwidth amplification by Shamir algorithm, but its delayed eviction operation produces a large response delay, is not suitable for performing concurrent access in a multi-user scenario, and has some security issuesAll hidden troubles.
Disclosure of Invention
The invention provides a multi-user ORAM access system and a method in an asynchronous network environment, aiming at solving the problem that the prior art cannot give consideration to both performance and safety and is difficult to be practically applied, and aiming at realizing the safety of multi-user concurrent access and O (1) -level bandwidth amplification and client storage.
To achieve the above object, according to a first aspect of the present invention, there is provided a multi-user ORAM access system in an asynchronous network environment, the system comprising:
the server side comprises l servers which are not communicated with each other and are independent from each other, and each server stores data in a complete binary tree form, communicates with the proxy server and transmits the data;
a plurality of clients, each client for requesting data;
a trusted proxy server for handling concurrent accesses by a plurality of clients to a server side and writing back a data block to l servers without eviction after retrieving data, the trusted proxy server comprising:
the sequencer is used for storing the client access requests in sequence, sending the access requests to the request processing module in sequence and returning access results to the client in sequence;
and the request processing module is used for performing real data access on the server terminal by adopting a Shamir secret sharing algorithm according to the access request transmitted by the sequencer and transmitting the data returned by the server terminal to the sequencer.
Specifically, in a complete binary tree T with a high H at the server side of the SORAM, each node bucket stores Z data blocks, including: r real data blocks and (Z-r) virtual data blocks, each tree T being able to store at most N ≦ r (2)H-1) real data blocks, indexing the data blocks in T in order from top to bottom and from left to right, the index of the blocks in the tree T [ i, j]Indicating that the data block is the jth block in the ith bucket in T, i is more than or equal to 1 and less than or equal to 2HJ is more than or equal to 1 and less than or equal to Z, and each block is divided into M chunks.
In particular, the trusted proxy server stores numbersA data block position mapping table for recording data block index and maintaining true and false data area; the data blocks are stored in the form of (id, < pl, pidx >), which indicates that the path where the block with the index id is located is pl, the position index of the block with the index id in the tree T is pidx, the path pl corresponding to the data block in the address mapping table is the path formed by the leaf node and the root node which are distributed by the data block, the position index pidx of the block data in the tree T is the position from the root node to the leaf node, the data block is located at the position of the several blocks of the several bucket nodes, wherein id is more than or equal to 1 and less than or equal to N, and 2H-1≤pl≤2H,1≤pid≤Z·(2H-1)。
Specifically, T [ i, j ] is related to pidx as follows:
pidx=i*Z+j。
to achieve the above object, according to a second aspect of the present invention, there is provided a multi-user ORAM access method in an asynchronous network environment, the method comprising the steps of:
(1) initializing a trusted proxy server and a server side;
(2) when receiving an access request sent by a client, the trusted agent server adopts a Shamir secret sharing algorithm to retrieve a target data block requested by the client;
(3) after retrieving the data, the trusted proxy server writes the data block back to the l servers without eviction; and if the access request is a read request, the trusted proxy server sends the contents of the retrieved data blocks to the client in the access sequence.
Specifically, step (1) includes the following substeps:
(1.1) initializing a complete binary tree with the height of H in a trusted proxy server, marking nodes as buckets, wherein the bucket nodes are used for storing data according to blocks, establishing an address mapping table for storing the distributed path and the specific position in the path of each data block, randomly distributing the address of each data block in the bucket to a true data area and a false data area, and establishing a path pool for storing a path index of the spare position in the true data area;
(1.2) calculating each data block in the binary tree according to an SSS (security system) creating algorithm shared by Shamir secret to obtain l shared values, distributing each shared value of the data block to a corresponding server, and establishing a complete binary tree with the height of H in the server.
Specifically, step (2) includes the following substeps:
(2.1) searching the position information of the target data block id in the address mapping table according to the target data block id < pl, pidx >, and constructing a selection vector according to the pidxQuerying the pth data, then A will bep1, and 0 in other positions;
(2.2) Each value A of the vector will be selectedpCalculating by an SSS (secondary synchronization system) creation algorithm shared by Shamir secrecy to obtain
Figure BDA0002248112230000041
Sharing vector values, and distributing each sharing vector value and pl of the selection vector to a corresponding server;
(2.3) each server reads all data blocks on the retrieval path pl from the server according to each sharing vector value and pl of the received selection vector, and forms the chunk at the same position of each data block into a data vector
Figure BDA0002248112230000042
Computing a received selection vectorAnd each data vector
Figure BDA0002248112230000045
To obtain the dot product of this positionTransmitting to a trusted agent server;
and (2.4) recovering each chunk data in the target data block by the trusted agent server through SSS recovery algorithm shared by Shamir secret for the return values of the l servers, and combining to obtain a complete target data block.
Specifically, the trusted proxy server writes back a data block to l servers without eviction, comprising the sub-steps of:
(1) the trusted proxy server randomly re-allocates a new path pl' to the data block id to be written back;
(2) if the path pl' is in the path pool, if yes, entering the step (3), otherwise, returning to the step (1);
(3) randomly selecting a bucket on the path as a write-back bucket of the target data block;
(4) if the real data area of the write-back bucket is full, turning to the step (5), otherwise, turning to the step (6);
(5) if the path is completely traversed, turning to the step (1), otherwise, turning to the step (3);
(6) taking the selected path pl 'as an allocation path, randomly selecting a data block position pidx' in the write-back bucket, and updating the address mapping table information (id, < pl ', pidx' >) of the data block;
(7) releasing original corresponding address mapping table information < pl, pidx > of the data block, and exchanging the data block with position pidx in the original path pl with a random dummy data area data block of a barrel of the original path pl;
(8) randomly selecting a writable position in other buckets of the distribution path, forming a write-back vector together with the writable position in the write-back bucket, writing the writable position into a corresponding position 1, setting the rest positions to be 0, and simultaneously transmitting the write-back vector to the one servers;
(9) calculating the written target data block by using a SSS (secondary synchronization system) establishing algorithm shared by Shamir secret to obtain l shared values of the target block, and distributing the l shared values to a corresponding server;
(10) and the server writes the obtained shared value of the data block into a corresponding position in a path corresponding to the write-back vector.
Generally, by the above technical solution conceived by the present invention, the following beneficial effects can be obtained:
(1) the invention adopts the data write-back without the eviction, the barrel data is simply divided into a true data area and a false data area, and the addresses in the barrel nodes are randomly disordered and divided into the true data area and the false data area when the system is initialized. When the client is written back, data is written back to a true data area of a target barrel node, for other barrel nodes on a path, a position is randomly selected to be written in the written true data area and the written false data area, the data writing back path and the position are directly determined at the client, the overall data access consumption is reduced by slight calculation and storage consumption of the client, the overall average bandwidth amplification which is really close to 0(1) is achieved, and meanwhile the safety of the system is guaranteed.
(2) The invention adopts Shamir secret sharing algorithm to construct selection vector to search data, because the intermediate data of each server is the value calculated by the secret sharing algorithm, because the algorithm has self security-less than t server combinations can not calculate the shared data value, and the intermediate values calculated by share distribution are different every time, the client data does not need to be repeatedly re-encrypted, which undoubtedly saves a great part of time. Compared with the prior similar work, the method does not need a complex homomorphic encryption process, does not have the problems of ciphertext expansion and the like, can realize one round of interactive data acquisition, and greatly improves the practicability of the ORAM.
Drawings
Fig. 1 is a schematic structural diagram of a multi-user ORAM access system in an asynchronous network environment according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a data structure of a server according to an embodiment of the present invention;
fig. 3 is a flowchart of a write-back method of non-evicted data according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The invention designs a multi-user concurrent access secure ORAM system, which comprises a single-node SORAM access method and an integral ASORAM system.
For the monolithic ASORAM (asynchronous-userShamir-based ORAM) system, which uses a proxy to handle concurrent accesses of multiple clients, it relies on the sequencer of the proxy to enforce the saving of block requests in order and the return of block responses in order to ensure security. The method realizes that one user block request only relates to one data block by depending on a bottom-layer SORAM access method and a processing module of an agent, and ensures low response time and high expansibility of multi-user access.
As shown in fig. 1, a multi-user ORAM access system in an asynchronous network environment, the system comprising:
and the server side comprises l servers which are not communicated with each other and are independent from each other, and each server is used for storing data in a complete binary tree form, communicating with the proxy server and transmitting the data.
The server on the server side is semi-honest, i.e. the server is completely compliant with the execution process of the protocol, but it collects all intermediate records in the reserved execution process and tries to analyze and deduce the private information of the client. Each server stores a piece of tree structure data calculated by a secret sharing algorithm.
As shown in fig. 2, server data of the SORAM is stored in a complete binary tree with a tree height H, denoted as T, where a node bucket stores Z data blocks, and a path is allocated to the block in each bucket. Wherein, r real data blocks and (Z-r) virtual data blocks are included, therefore, N is not more than r (2)H-1) real data blocks. Each block is of size B and is further divided into M chunks. Indexing the data blocks in the T from top to bottom and from left to right, and recording the index of a leaf bucket node as [2 ]H-1,2H). As shown in FIG. 2, the indices T [ i, j ] of the blocks in the tree](1≤i≤2HJ is more than or equal to 1 and less than or equal to Z) indicates that the data block is the jth block in the ith bucket in T.
A plurality of clients, each client for requesting data.
In the overall scheme design of the ASORAM, the client does not need to perform any calculation operation and does not need any extra storage space.
The trusted agent server is used for processing concurrent access of a plurality of clients to the server side, and comprises the following components:
and the sequencer is used for storing and processing the access requests of the plurality of clients in sequence and returning the results output by the processing module to the clients in sequence.
And the request processing module is used for carrying out real data access on the server side according to the access request transmitted by the sequencer and transmitting the data returned by the server side to the sequencer.
The request processing module comprises: block read, request processing, and block write back.
The trusted proxy server is an intermediate interface for data access, and is a trusted third party server. It can be seen as a "client" of the original single-client ORAM scheme. The proxy server uses the sequencer to store the access requests of the plurality of clients in sequence, then the processing module is used for carrying out real data access on the server, and the returned result is returned to the clients through the sequencer according to the order of the requests. pm represents a data block location mapping table stored in the trusted proxy server, and the address mapping table is used for maintaining a true data area and a false data area. The block data in the mapping table corresponds to leaf nodes of the binary tree, and the path from the root node to the leaf node is the path allocated to the block data. Data block is as per (id, < pl, pidx >), 1 ≦ id ≦ N, 2H-1≤pl≤2H,1≤pidx≤Z·(2H-1), the index of the block denoted id in path pl (the path is usually represented in its leaf node index form) is pidx. And the path pl corresponding to the data block in the address mapping table is a path formed from the leaf node to the root node to which the data block is allocated. The position index pidx of the block data in the path is the position of the data block in the second block of the second bucket node from the root node to the leaf node. The path pool stores paths into which real data blocks can be inserted.
T [ i, j ] is related to pidx as follows:
pidx=i*Z+j
for the underlying ORAM access method SORAM, it is designed as a single node. PIR (private information retrieval) is constructed using Shamir secret sharing technology to access the data block. The data block is written back to the server after each access using a "no eviction" data write back method. Security is guaranteed by relying on the security features of the Shamir secret sharing technology itself and a write-back method that preserves the original security features of ORAM. The two technologies ensure that only 2 data blocks need to be transmitted for each access write-back, and ensure the bandwidth consumption of O (1).
A multi-user ORAM access method in an asynchronous network environment, the method comprising the steps of:
(1) and initializing the trusted proxy server and the server side.
(1.1) initializing a complete binary tree with the height of H in the trusted proxy server, marking the nodes as buckets, wherein the bucket nodes are used for storing data according to blocks, establishing an address mapping table (position map) for storing the distributed path and the specific position in the path of each data block, randomly distributing the address of each data block in the bucket to a true data area and a false data area, and establishing a path pool for storing a path index of a spare position in the true data area.
(1.2) calculating each data block in the binary tree according to an SSS (security system) creating algorithm shared by Shamir secret to obtain l shared values, distributing each shared value of the data block to a corresponding server, and at the moment, establishing a complete binary tree with the height of H in the server, wherein l represents the number of server-side servers.
The qth share value of the data block is distributed to the qth server,
Figure BDA0002248112230000081
(2) and when receiving the access request sent by the client, the trusted proxy server retrieves the target data block requested by the client.
The trusted proxy server uses the selection vector to look up the data. The trusted agent server searches a data block numbered as id through a position mapping map pm to obtain < pl, pidx >, then the whole path is used as a selection vector, the value with index pidx is set to be 1, the rest values are 0, and the value and pl are calculated through SSS. The server side forms the chunk at the same position of all the buckets in the path pl into a data vector, performs dot product calculation with the selection vector to obtain [ chunk ] at the position, and forms a whole share of the block to be returned to the trusted agent server. And finally, the trusted proxy server reconstructs the data block through SSS.Recover according to the share of the block returned by the server, and the finally queried id data block is obtained.
(2.1) searching the position information of the target data block id in the address mapping table according to the target data block id < pl, pidx >, and constructing a selection vector according to the pidx
Figure BDA0002248112230000091
Querying the pth data, then A will bepPut 1, the others put 0.
The entire path is treated as a selection vector. Firstly, the index T [ i, j ] of the target data block in the binary tree is calculated according to pidx],i=「pidx/Z]J ═ pidx mod Z. Recalculating the index p in the path as Z × log2i + j, selecting A in the vector p1, placing.
(2.2) Each value A of the vector will be selectedpAnd calculating by using a Shamir secret sharing algorithm to obtain l sharing vector values, and distributing each sharing vector value and pl of the selection vector to a corresponding server.
The qth shared vector value and pl of the selection vector are distributed to the qth server,
(2.3) each server reads all data blocks on the retrieval path pl from the server according to each sharing vector value and pl of the received selection vector, and forms the chunk at the same position of each data block into a data vector
Figure BDA0002248112230000093
Computing a received selection vector
Figure BDA0002248112230000094
And each data vector
Figure BDA0002248112230000095
To obtain the dot product of this position
Figure BDA0002248112230000096
Will be M
Figure BDA0002248112230000097
To the trusted proxy server.
A set of the pidx chunks of all buckets in the path pl is constructed, pidx ═ 1, 2. A total of M data vectors is obtained
Figure BDA0002248112230000098
And (2.4) recovering each chunk data in the target data block by the trusted agent server through SSS recovery algorithm shared by Shamir secret for the return values of the l servers, and combining to obtain a complete target data block.
And (4) recovering each chunk data in the target data block through Lagrange interpolation calculation, and combining to obtain a complete target data block.
(3) And if the access request is a read request, the trusted proxy server sends the obtained data blocks to the client in sequence.
(4) The trusted proxy server writes the data block back to the l servers without eviction.
Whatever the type of access request, after the data is retrieved, the data needs to be written back to the i servers again without eviction, ensuring that the addresses of the target data blocks in the servers are different after each access. If the request is a read request, the retrieved data needs to be sent to the client. The step (3) and the step (4) can be in parallel and have no relation to the sequence.
As shown in FIG. 3, the SORAM maintains a small pool of paths, path _ pool, that holds paths with empty "true" data areas. When the write-back starts, a path is randomly selected, then a barrel is randomly selected in the path to be used as a real write-back barrel, whether a 'true' data area of the barrel has a spare position or not is checked, and if the 'true' data area of the barrel has the spare position, the barrel is determined to be the final write-back barrel; otherwise, randomly selecting a real write-back bucket again in the rest buckets of the path, and repeating the process until determining the write-back bucket or determining that no writable 'true' data area exists in the path, and moving the path out of the path _ pool at this time. After the real write-back bucket is determined, the path is redistributed to the data block, the information of the data block in the position mapping table is updated, and then the data storage position in the original bucket is released. Here we do a small process-exchange the freed address index with a random address index in the "false" data block. This is to avoid the occurrence of duplicate addresses and the leakage of access privacy when the data volume is large and the path is close to overflow and the data path is repeatedly accessed. And finally, setting the data write-back position in the final write-back bucket to be 1, randomly taking a writable position in a non-write-back bucket in the distributed path, setting the position of the write-back vector to be 1 and setting other positions of the vector to be 0, sending the write-back vector and the share value calculated by the new Shamir of the block to a corresponding server, and writing back the data block by the server according to the write-back vector.
(4.1) the trusted proxy server re-randomly allocates a new path pl' to the data block id to be written back.
(4.2) if path pl' is in the path pool, if yes, go to step 4.3, otherwise, go back to step 4.1.
And (4.3) randomly selecting one bucket on the path to be used as a write-back bucket of the target data block.
(4.4) if the true data area of the write-back bucket is full, go to step 4.5, otherwise go to step 4.6.
(4.5) if the path is completely traversed, go to step 4.1, otherwise go to step 4.3.
(4.6) taking the selected path pl 'as an allocation path, randomly selecting a data block position pidx' in the write-back bucket, and updating the address mapping table information (id, < pl ', pidx' >) of the data block.
(4.7) releasing the original corresponding address mapping table information < pl, pidx > -of the data block, and exchanging the data block with the position pidx in the original path pl with a random dummy data area data block of a barrel in which the data block exists.
In step 4.6 the free real data area is reduced by one because it is allocated to the target data block. In step 4.7, if the original data block is modified and written back, the idle real data area is added by one, because the position of the original full data block is released and becomes empty, if the original data block is newly added, the position of the original data block is idle, and the idle data block is not added after the release. Thus, the real data area is gradually filled up when new data is added.
And (4.8) randomly selecting writable positions (not distinguishing true and false data areas) in other buckets of the distribution path, forming a write-back vector together with the writable positions in the write-back bucket, writing the writable positions into corresponding positions 1, setting the rest positions to be 0, and simultaneously transmitting the write-back vector to the I servers.
Write back vector C ═ C1,…Ci,…,CZ×H],CiIndicating whether the data block position with index i on the path needs to be written with the data block, the position is written with 1, the position is not written with 0,
and (4.9) carrying out Shamir secret calculation on the written target data block to obtain l shared values of the target block, and distributing the l shared values to a corresponding server.
And (4.10) writing the obtained shared value of the data block into a corresponding position in a path corresponding to the write-back vector by the server.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (8)

1. A multi-user ORAM access system in an asynchronous network environment, the system comprising:
a server side comprising
Figure FDA0002248112220000011
The servers are not communicated with each other and are independent from each other, and each server stores data in a complete binary tree form, communicates with the proxy server and transmits the data;
a plurality of clients, each client for requesting data;
a trusted proxy server for processing concurrent accesses from multiple clients to the server and writing back the data block to the server without eviction after retrieving the data
Figure FDA0002248112220000012
A server, said trusted proxy server comprising:
the sequencer is used for storing the client access requests in sequence, sending the access requests to the request processing module in sequence and returning access results to the client in sequence;
and the request processing module is used for performing real data access on the server terminal by adopting a Shamir secret sharing algorithm according to the access request transmitted by the sequencer and transmitting the data returned by the server terminal to the sequencer.
2. The system of claim 1, wherein in a high-H complete binary tree T of the service side of the SORAM, each node bucket stores Z data blocks, comprising: r real data blocks and (Z-r) virtual data blocks, each tree T being able to store at most N ≦ r (2)H-1) real data blocks, indexing the data blocks in T in order from top to bottom and from left to right, the index of the blocks in the tree T [ i, j]Indicating that the data block is the jth block in the ith bucket in T, i is more than or equal to 1 and less than or equal to 2HJ is more than or equal to 1 and less than or equal to Z, and each block is divided into M chunks.
3. The system of claim 2, wherein the trusted agent server stores a data block location mapping table for recording data block indexes and maintaining true and false data areas; the data blocks are stored in the form of (id, < pl, pidx >), which indicates that the path of the block with index id is pl, the position index of the block with index id in the tree T is pidx, and the address mapping table corresponds to the data blockThe path pl is a path formed by a leaf node and a root node which are distributed by the data block, the position index pidx of the data block in the tree T is from the root node to the leaf node, the data block is at the position of the several blocks of the several barrel nodes, wherein id is more than or equal to 1 and less than or equal to N, and 2H-1≤pl≤2H,1≤pidx≤Z·(2H-1)。
4. The system of claim 3, wherein T [ i, j ] is related to pidx as follows:
pidx=i*Z+j。
5. a multi-user ORAM access method in an asynchronous network environment, the method comprising the steps of:
(1) initializing a trusted proxy server and a server side;
(2) when receiving an access request sent by a client, the trusted agent server adopts a Shamir secret sharing algorithm to retrieve a target data block requested by the client;
(3) upon retrieving the data, the trusted proxy server writes back the data block to without eviction
Figure FDA0002248112220000021
A server; and if the access request is a read request, the trusted proxy server sends the contents of the retrieved data blocks to the client in the access sequence.
6. The method of claim 5, wherein step (1) comprises the sub-steps of:
(1.1) initializing a complete binary tree with the height of H in a trusted proxy server, marking nodes as buckets, wherein the bucket nodes are used for storing data according to blocks, establishing an address mapping table for storing the distributed path and the specific position in the path of each data block, randomly distributing the address of each data block in the bucket to a true data area and a false data area, and establishing a path pool for storing a path index of the spare position in the true data area;
(1.2) merging each of the binary treesThe data block is calculated according to SSS creation algorithm shared by Shamir secret to obtain
Figure FDA0002248112220000022
And distributing each shared value of the data block to a corresponding server, and establishing a complete binary tree with the height of H in the server.
7. The method of claim 5, wherein step (2) comprises the sub-steps of:
(2.1) searching the position information of the target data block according to the id of the target data block in the address mapping table<pl,pidx>Constructing a selection vector from pidx
Figure FDA0002248112220000031
Querying the pth data, then A will bep1, and 0 in other positions;
(2.2) Each value A of the vector will be selectedpCalculating by an SSS (secondary synchronization system) creation algorithm shared by Shamir secrecy to obtain
Figure FDA0002248112220000035
Sharing vector values, and distributing each sharing vector value and pl of the selection vector to a corresponding server;
(2.3) each server reads all data blocks on the retrieval path pl from the server according to each sharing vector value and pl of the received selection vector, and forms the chunk at the same position of each data block into a data vector
Figure FDA0002248112220000032
Computing a received selection vectorAnd each data vector
Figure FDA0002248112220000034
The dot product of (D) to obtain the positionIs/are as followsTransmitting to a trusted agent server;
(2.4) trusted proxy Server Pair
Figure FDA0002248112220000038
And recovering each chunk data in the target data block by the returned value of each server through an SSS recovery algorithm shared by Shamir secrets, and combining to obtain a complete target data block.
8. The method of claim 5, wherein the trusted proxy server writes back a data block to without eviction
Figure FDA0002248112220000036
A server comprising the sub-steps of:
(1) the trusted proxy server randomly re-allocates a new path pl' to the data block id to be written back;
(2) if the path pl' is in the path pool, if yes, entering the step (3), otherwise, returning to the step (1);
(3) randomly selecting a bucket on the path as a write-back bucket of the target data block;
(4) if the real data area of the write-back bucket is full, turning to the step (5), otherwise, turning to the step (6);
(5) if the path is completely traversed, turning to the step (1), otherwise, turning to the step (3);
(6) taking the selected path pl 'as an allocation path, randomly selecting a data block position pidx' in the write-back bucket, and updating address mapping table information (id, < pl ', pidx' >) of the data block;
(7) releasing the original corresponding address mapping table information < pl, pidx > of the data block, and exchanging the data block with position pidx in the original path pl with a random dummy data area data block of a barrel of the original path pl;
(8) randomly selecting write-enabled locations in other buckets of the allocation path and write-back bits in the bucketsSetting them together to form a write-back vector, writing into the corresponding position with 1, setting the rest positions with 0, and simultaneously transmitting the write-back vector to
Figure FDA0002248112220000041
A server;
(9) calculating the written target data block by the SSS creation algorithm shared by Shamir secret to obtain the target blockEach shared value is distributed to a corresponding server;
(10) and the server writes the obtained shared value of the data block into a corresponding position in a path corresponding to the write-back vector.
CN201911029233.3A 2019-10-25 2019-10-25 Multi-user ORAM access system and method under asynchronous network environment Active CN110830561B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911029233.3A CN110830561B (en) 2019-10-25 2019-10-25 Multi-user ORAM access system and method under asynchronous network environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911029233.3A CN110830561B (en) 2019-10-25 2019-10-25 Multi-user ORAM access system and method under asynchronous network environment

Publications (2)

Publication Number Publication Date
CN110830561A true CN110830561A (en) 2020-02-21
CN110830561B CN110830561B (en) 2020-11-17

Family

ID=69550749

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911029233.3A Active CN110830561B (en) 2019-10-25 2019-10-25 Multi-user ORAM access system and method under asynchronous network environment

Country Status (1)

Country Link
CN (1) CN110830561B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111898157A (en) * 2020-07-23 2020-11-06 东南大学 Method for accessing inadvertent storage of machine learning multi-source training set
CN112214805A (en) * 2020-10-15 2021-01-12 华中科技大学 Safe ORAM memory based on hybrid DRAM-NVM and access method thereof
CN113094383A (en) * 2021-04-08 2021-07-09 上海科技大学 Construction method of private information retrieval protocol capable of detecting cheating server
CN114039990A (en) * 2021-11-01 2022-02-11 上海交通大学 Inadvertent access to a storage system
CN116594758A (en) * 2023-07-18 2023-08-15 山东三未信安信息科技有限公司 Password module call optimization system and optimization method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685148A (en) * 2012-05-31 2012-09-19 清华大学 Method for realizing secure network backup system under cloud storage environment
CN105589814A (en) * 2015-12-17 2016-05-18 北京大学 Fork type access method for Path ORAM
US20170185534A1 (en) * 2015-12-29 2017-06-29 Sameer Wagh Tunable oblivious ram
CN109144894A (en) * 2018-08-01 2019-01-04 浙江大学 Memory access patterns guard method based on data redundancy
CN110134514A (en) * 2019-04-18 2019-08-16 华中科技大学 Expansible memory object storage system based on isomery memory
CN110245515A (en) * 2019-05-08 2019-09-17 北京大学 A kind of guard method and system towards HDFS access module
CN110287262A (en) * 2019-06-28 2019-09-27 中国科学技术大学 The bit coin Transaction Inquiries method of effective protection privacy of user
CN110347685A (en) * 2019-06-28 2019-10-18 华中科技大学 Index structure, data query optimization method, main memory management device based on dictionary tree

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685148A (en) * 2012-05-31 2012-09-19 清华大学 Method for realizing secure network backup system under cloud storage environment
CN105589814A (en) * 2015-12-17 2016-05-18 北京大学 Fork type access method for Path ORAM
US20170185534A1 (en) * 2015-12-29 2017-06-29 Sameer Wagh Tunable oblivious ram
CN109144894A (en) * 2018-08-01 2019-01-04 浙江大学 Memory access patterns guard method based on data redundancy
CN110134514A (en) * 2019-04-18 2019-08-16 华中科技大学 Expansible memory object storage system based on isomery memory
CN110245515A (en) * 2019-05-08 2019-09-17 北京大学 A kind of guard method and system towards HDFS access module
CN110287262A (en) * 2019-06-28 2019-09-27 中国科学技术大学 The bit coin Transaction Inquiries method of effective protection privacy of user
CN110347685A (en) * 2019-06-28 2019-10-18 华中科技大学 Index structure, data query optimization method, main memory management device based on dictionary tree

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CETIN SAHIN;VICTOR ZAKHARY;AMR EL ABBADI: "TaoStore: Overcoming Asynchronicity in Oblivious Data Storage", 《2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP)》 *
孙晓妮, 蒋 瀚, 徐秋亮: "基于二叉树存储的多用户ORAM方案", 《软件学报》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111898157A (en) * 2020-07-23 2020-11-06 东南大学 Method for accessing inadvertent storage of machine learning multi-source training set
CN111898157B (en) * 2020-07-23 2024-03-26 东南大学 Unintentional storage access method for machine learning multisource training set
CN112214805A (en) * 2020-10-15 2021-01-12 华中科技大学 Safe ORAM memory based on hybrid DRAM-NVM and access method thereof
CN112214805B (en) * 2020-10-15 2024-02-02 华中科技大学 Secure ORAM memory based on hybrid DRAM-NVM memory and access method thereof
CN113094383A (en) * 2021-04-08 2021-07-09 上海科技大学 Construction method of private information retrieval protocol capable of detecting cheating server
CN113094383B (en) * 2021-04-08 2023-07-07 上海科技大学 Construction method of private information retrieval protocol capable of detecting cheating server
CN114039990A (en) * 2021-11-01 2022-02-11 上海交通大学 Inadvertent access to a storage system
CN114039990B (en) * 2021-11-01 2022-07-29 上海交通大学 Inadvertent access to storage systems
CN116594758A (en) * 2023-07-18 2023-08-15 山东三未信安信息科技有限公司 Password module call optimization system and optimization method
CN116594758B (en) * 2023-07-18 2023-09-26 山东三未信安信息科技有限公司 Password module call optimization system and optimization method

Also Published As

Publication number Publication date
CN110830561B (en) 2020-11-17

Similar Documents

Publication Publication Date Title
CN110830561B (en) Multi-user ORAM access system and method under asynchronous network environment
US11775192B2 (en) Memory system and method of controlling nonvolatile memory
CN106776967B (en) Method and device for storing massive small files in real time based on time sequence aggregation algorithm
CN104408111B (en) A kind of method and device of deleting duplicated data
CN110837650B (en) Cloud storage ORAM access system and method under untrusted network environment
CN106648464B (en) Multi-node mixed block cache data reading and writing method and system based on cloud storage
US9842114B2 (en) Peer to peer network write deduplication
CN103329111A (en) Data processing method, device and system based on block storage
CN109144413A (en) A kind of metadata management method and device
CN105518631B (en) EMS memory management process, device and system and network-on-chip
CN104811493A (en) Network-aware virtual machine mirroring storage system and read-write request handling method
CN109697016A (en) Method and apparatus for improving the storage performance of container
CN103970875A (en) Parallel repeated data deleting method
US10057348B2 (en) Storage fabric address based data block retrieval
CN108431815A (en) The duplicate removal complex data of distributed data in processor grid
CN114817994A (en) Log-structured security data storage method and device
CN104951475B (en) Distributed file system and implementation method
WO2016065610A1 (en) Method for accessing files, distributed storage system and storage node
CN112131304B (en) Novel calculation and storage architecture based on block chain technology
CN109726591A (en) One kind being based on the self-destructed cloud storage data system of data
Al-Saleh et al. Radix path: A reduced bucket size oram for secure cloud storage
CN105095105B (en) A kind of method and device of Cache subregions
CN111291388A (en) Cloud platform privacy protection method based on cuckoo filter
Zhang et al. TSKT-ORAM: A two-server k-ary tree ORAM for access pattern protection in cloud storage
KR100785774B1 (en) Obeject based file system and method for inputting and outputting

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant