CN110837650B - Cloud storage ORAM access system and method under untrusted network environment - Google Patents

Cloud storage ORAM access system and method under untrusted network environment Download PDF

Info

Publication number
CN110837650B
CN110837650B CN201911022014.2A CN201911022014A CN110837650B CN 110837650 B CN110837650 B CN 110837650B CN 201911022014 A CN201911022014 A CN 201911022014A CN 110837650 B CN110837650 B CN 110837650B
Authority
CN
China
Prior art keywords
data
target
data block
bucket
root
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911022014.2A
Other languages
Chinese (zh)
Other versions
CN110837650A (en
Inventor
曾令仿
熊美珍
程稳
桑大邹
李弘南
王芳
冯丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201911022014.2A priority Critical patent/CN110837650B/en
Publication of CN110837650A publication Critical patent/CN110837650A/en
Application granted granted Critical
Publication of CN110837650B publication Critical patent/CN110837650B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0604Improving or facilitating administration, e.g. storage management
    • G06F3/0607Improving or facilitating administration, e.g. storage management by facilitating the process of upgrading existing storage systems, e.g. for improving compatibility between host and storage device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a cloud storage ORAM access system and method under an untrusted network environment, and belongs to the field of information security. In order to reduce the overall bandwidth consumption in the access process, the invention adopts a root bucket eviction method, namely, the data in all the buckets in the whole path are not required to be read to the client in the eviction process, but only the data in the root bucket is required, and the data required to be transmitted in the eviction process is changed from logN buckets into 1 bucket in the write-back process, thereby greatly reducing the bandwidth consumption. In order to ensure the randomness of the storage positions of the data blocks on a certain path, the invention adopts a cyclic shift method, namely, the data in each barrel is moved to the next layer along the path, and the leaf nodes are moved to the root barrel, so that the access requests of the same data blocks can not reveal the access privacy, the untrusted party can not acquire accurate information, the security of the access mode is protected, and the guarantee is provided for the eviction process of the root barrel.

Description

Cloud storage ORAM access system and method under untrusted network environment
Technical Field
The invention belongs to the field of information security, and particularly relates to a cloud storage ORAM access system and method under an untrusted network environment.
Background
With the rapid development of cloud computing, more and more data are stored in the cloud, which brings convenience and brings a series of security problems, and the privacy of user sensitive data becomes a big problem. Conventional encryption can guarantee the security of data content, but relying on encryption alone is not sufficient to fully ensure the privacy of data. After encryption, if a user scans, searches binary or randomly accesses data at different stages, a malicious server still knows an Access pattern (Access pattern) of the user, that is, a series of address Access sequences and operation behaviors on addresses of a client to a server, and a large amount of client sensitive information, such as the frequency of accessing each piece of data, is leaked. At present, the technology of the Random Access Machine (ORAM) is an important Access mode protection technology, and completely eliminates information leakage in the memory Access track. ORAM is set up in a client-server scenario where a client is fully trusted but a server is untrusted, and in the ORAM scheme, a client (e.g., a local machine) accesses a block of data residing on the server, making observable communications between the client and the server of the same length for any two logical access sequences computationally indistinguishable.
However, since ORAM was proposed and then developed to today, the ORAM scheme is still difficult to apply to business or real life due to its huge bandwidth consumption and client storage. Much of the past research has focused on how to improve the performance of ORAM. The data structure of the ORAM is developed from a hierarchical hash table to a binary tree, and the performance is obviously improved. Up to now, the surplus bandwidth can get 0(logN) in both cases of small client and large client. Sssoram is a representative scheme of a large client setting having a bandwidth of 1logN, and PathORAM is a representative scheme of a small client setting having a bandwidth of c logN. Since the birth of the ORAM technology has a lower o (logn) bandwidth limit, in order to increase the response speed, the server is extended from a passive responder to a data manipulator like a client, and the bandwidth performance is remarkably improved. Based on this idea, online bandwidth is proposed to represent the actual response time. The currently superior small client ORAM scheme Ring ORAM achieves O (1) online bandwidth while guaranteeing access mode security by combining virtual data blocks and real data blocks for storage and by giving simple computation power to the server, but its eviction and early shuffle operation causes a large response delay and requires additional client storage consumption.
Disclosure of Invention
Aiming at the problems that in the expelling process in the Ring ORAM technology in the prior art, the data in all the buckets on the path are required to be read to the client, then the data are selected from the client data and written back to each bucket, so that the large response delay is caused, and the extra storage consumption of the client is required, the invention provides the cloud storage ORAM access system and the cloud storage ORAM access method under the untrusted network environment.
To achieve the above object, according to a first aspect of the present invention, there is provided a cloud storage ORAM access system in an untrusted network environment, the system including: a server side and a client side;
the server side includes:
the data storage module is used for storing data file ciphertexts uploaded to a cloud end by a user in a complete binary tree type, the nodes of the tree correspond to buckets, and each bucket comprises: z real data blocks and S virtual data blocks;
the cyclic shift module is used for cyclically shifting all nodes of a root bucket eviction target path selected by a reverse lexicographic order of leaf node number modulo results according to an eviction frequency G in the data storage module after the client accesses the server for A times, so that the leaf nodes are moved to the root, the eviction frequency G is assigned to be 0 when the leaf nodes are circularly shifted for the first time, and the value of the eviction frequency G is added to be 1 when the cyclic shift G is completed for each time;
the client comprises:
the position mapping table is used for storing the path distributed by each data block in the data storage module, the path corresponding to the data block is a path formed from a root node to a leaf node distributed by the data block, and the updating is carried out when the addition of 1 to G is carried out;
the data cache module is used for storing the decrypted target data block stored in the access operation and the data block read out from the data storage module by the root bucket eviction operation;
and the root bucket eviction module is used for reading out all real data blocks which are not accessed in the root node bucket and storing the real data blocks in the data cache module after the cyclic shift module carries out 1-time cyclic shift, forming Z real data blocks with partial real data blocks randomly selected by the data cache module, forming a new root bucket with S virtual data blocks and writing back the root bucket of the data storage module.
Specifically, the client further includes:
the data shuffling module is used for returning all the remaining real data blocks in the barrel to the data cache module after S times of accesses are carried out on the same barrel, forming Z real data blocks with partial real data blocks selected by the data cache module, forming a new barrel with S virtual data blocks and writing the new barrel back to the data storage module;
the data cache module is also used for storing the data blocks read out from the data storage module by the data shuffling operation;
the location mapping table is also used for releasing the original corresponding address mapping table information of the real data block selected by the client cache and updating the address mapping tables to be the location of the target bucket.
Specifically, the bucket also includes metadata, which is the index and offset of each data block in the bucket and the number of times the bucket is accessed.
Specifically, the server further includes: the exclusive-or calculation module is used for carrying out exclusive-or calculation on the data of all the data blocks read out by the data storage module during each access and transmitting an exclusive-or result to the user request processing module;
the client further comprises:
the target path searching module is used for searching a target path from a root to a leaf corresponding to a target data block according to the mapping relation of the target data block requested by a user in a position mapping table when the user sends a reading request, sending the target path to the data reading module, randomly mapping the data block to a target path from the root to the leaf, and updating the position mapping table; when a user sends a write request, according to the mapping relation of a target data block requested by the user in a position mapping table, searching a target path from a root to a leaf corresponding to the data block, sending the target path to a data reading module, randomly mapping the data block to a target path from the root to the leaf, updating the position mapping table, and sending data written by the user to a user request processing module;
the data reading module is used for searching a target path output by the module according to the target path, sequentially reading each barrel from the data storage module according to the target path, reading a real target data block from a barrel in which the target data block exists, randomly reading a virtual data block from other barrels, and directly sending all the read data blocks to the XOR calculation module;
the user request processing module is used for carrying out XOR on the data obtained by the data XOR module and the H virtual data blocks during reading operation to recover a target data block, decrypting the target data block, storing the decrypted target data block into the data cache module and transmitting the target data block to a user if the decrypted data block is the target data block, and directly reading and transmitting the target block in the data storage module if the decrypted data block does not contain real data; and during writing operation, carrying out XOR on the data obtained by the data XOR module and the virtual data block, recovering a target data block, decrypting the target data block, modifying the data in the decrypted target data block into data written by a user if the decrypted data block is the target data block, and storing the data into a data cache module, wherein if the decrypted data block does not contain real data, the obtained target block is already in the data storage module and is directly modified into the data written by the user.
To achieve the above object, according to a second aspect of the present invention, there is provided a cloud storage ORAM access method in an untrusted network environment, the method including the steps of:
s1, initializing a client and a server, wherein the initialization access times are 0, and the initialization eviction times G are 0;
s2, when a client receives a read/write request sent by a user, retrieving a target data block requested by the user, and performing read-write operation on the retrieved data block, wherein the access frequency is increased by 1 every time the read/write operation is performed;
and S3, when the access times are integral multiples of A, performing cyclic shift operation and root barrel expelling operation, and adding 1 to G once the cyclic shift is completed.
Specifically, step S1 includes the following sub-steps:
s11, initializing a data structure in a complete binary tree form at a server end, marking nodes as buckets, storing data in the buckets in blocks, wherein each bucket comprises Z real data blocks, S virtual data blocks and metadata;
and S12, storing a position mapping table at the client, and storing the distributed path of each data block.
Specifically, step S2 includes the following sub-steps:
s21, finding out a target path from a root to a leaf corresponding to a target data block according to the mapping relation of the target data block requested by a user in a position mapping table;
s22, mapping the data block to a target path from a root to a leaf at random, and updating a position mapping table;
s23, reading data blocks along a target path, reading real target blocks by a bucket with the target data blocks, randomly reading a virtual block by other buckets, and adding 1 to the access times of all buckets on the target path;
s24, performing XOR calculation on the data of all the data blocks read out from the target path to obtain an XOR result;
s25, during reading operation, carrying out XOR on an XOR result and a virtual data block, recovering a target data block, decrypting the target data block, storing the decrypted target data block into a cache and simultaneously transmitting the target data block to a user if the decrypted data block is the target data block, and directly reading and transmitting the target block to the user if the decrypted data block does not contain real data, wherein the access frequency is increased by 1; and during write operation, performing XOR on the XOR result and the virtual data block, recovering the target data block, decrypting the target data block, modifying the data in the decrypted target data block into the data written by the user if the decrypted data block is the target data block, storing the data in a cache, and modifying the data into the data written by the user if the decrypted data block does not contain real data, wherein the obtained target block is already in the data storage module, the obtained target block is directly modified into the data written by the user, and the access frequency is increased by 1.
Specifically, the performing the cyclic shift operation and the performing the root bucket eviction operation are as follows:
(1) selecting a root bucket eviction target path according to the reverse dictionary sequence of the leaf node number modulo result of G;
(2) performing cyclic shift on all nodes of the selected root bucket eviction target path, so that leaf nodes are moved to the root, and adding 1 to G;
(3) updating an address mapping table;
(4) finding a root node bucket, reading all the residual un-accessed real blocks in the root bucket and storing the read real blocks in a client cache;
(5) all the real blocks which are left in the root bucket and are not accessed form Z real data blocks together with the real data blocks selected by the client cache, then form a new root bucket together with S randomly selected virtual data blocks, and write back the root bucket.
Specifically, when the same bucket is accessed an integer multiple of S, a data shuffle operation is performed.
Specifically, the performing the data shuffling operation specifically includes:
(1) all the remaining real data blocks in the bucket are transmitted back to the client cache;
(2) all the remaining real data blocks in the bucket and the real data blocks selected by the client cache form Z real data blocks, then form a new bucket with S randomly selected virtual data blocks, and write back the new bucket;
(3) and releasing the information of the original corresponding address mapping table of the real data block cached and selected by the client, and updating the address mapping tables to be the position of the target bucket.
Generally, by the above technical solution conceived by the present invention, the following beneficial effects can be obtained:
(1) in order to reduce the overall bandwidth consumption in the access process, the invention adopts a root bucket eviction method, namely, the data in all the buckets in the whole path are not required to be read to the client in the eviction process, but only the data in the root bucket is required, and the data required to be transmitted in the eviction process is changed into 1 from logN buckets in the same write-back process, so that the bandwidth consumption is greatly reduced, the online bandwidth of O (1) and the lower overall bandwidth can be reached, the system response delay is better than that of the prior art, and the storage consumption of the client is reduced, so that the invention is suitable for the storage of small-sized clients.
(2) In order to ensure the randomness of the storage positions of the data blocks on a certain path, the invention adopts a cyclic shift method, namely, the data in each barrel is moved to the next layer along the path, and the leaf nodes are moved to the root barrel, so that the access requests of the same data blocks can not reveal the access privacy, the untrusted party can not acquire accurate information, the security of the access mode is protected, and the guarantee is provided for the eviction process of the root barrel.
Drawings
Fig. 1 is a schematic structural diagram of a cloud storage ORAM access system in an untrusted network environment according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a complete binary tree stored in server-side data and a location mapping table stored in a client according to an embodiment of the present invention;
fig. 3 is a flowchart of a cloud storage ORAM access method in an untrusted network environment according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method for reading data according to an embodiment of the present invention;
FIG. 5 is a flowchart of a "root bucket eviction" process provided by an embodiment of the invention;
fig. 6 is a flow chart of a "data shuffling" process provided by an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
As shown in fig. 1, the present invention provides a cloud storage ORAM access system in an untrusted network environment, where the system is composed of a server 100 and a client 200.
The server side provides a tree-type semi-honest data storage server, i.e. the server completely complies with the execution process of the protocol, but it collects all intermediate records in the retention execution process and tries to analyze and deduce the private information of the client. The server side stores encrypted tree structure data.
The server 100 includes:
the data storage module is used for storing data file ciphertexts uploaded to a cloud end by a user in a complete binary tree type, the nodes of the tree correspond to buckets, and each bucket comprises: the data processing system comprises Z real data blocks, S virtual data blocks and metadata, wherein the metadata comprises an index and an offset of each data block in a bucket and the number of times the bucket is accessed.
And setting the number Z of the real data blocks according to the maximum storage size of the client. The larger the maximum client storage size, the larger Z is set. In this embodiment, the maximum client storage size is 25, and Z is set to 4.
And setting the number S of the virtual data blocks according to the number Z of the real data blocks. As Z is larger, S is set larger. In the present embodiment, Z is 4, and S is set to 4.
And the exclusive-or calculation module is used for carrying out exclusive-or calculation on the data of all the data blocks read by the data storage module during each access and transmitting an exclusive-or result to the user request processing module.
And the cyclic shift module is used for cyclically shifting all nodes of a root bucket eviction target path selected in the data storage module according to the reverse lexicographic order of the leaf node number modulo result of G after the data reading module performs A times of access, so that the leaf node is moved to the root, the eviction times G are assigned to be 0 when the leaf node is circularly shifted for the first time, and the value of G is added to be 1 when the cyclic shift is completed for each time.
And setting an eviction rate A according to the number Z of the real data blocks. The larger Z, the larger A is set. In this embodiment, Z is 4 and a is set to 3.
And the exclusive-OR calculation operation carries out exclusive-OR on the ciphertexts of all the blocks on the target path together to obtain a single cipher text which is transmitted to the client, so that the online bandwidth consumption is reduced to O (1).
The cyclic shift operation moves to the next layer according to the sequence from the root to the leaf according to each node in the target eviction path, and the leaf node moves to the root, so that all data on the whole path are not required to be read and written back during the eviction path, only the root barrel needs to be operated, the effect of randomly storing the data can be achieved, and the total shared bandwidth is reduced to the greatest extent.
The client 200 includes:
and the position mapping table is used for storing the path distributed by each data block in the data storage module, and the path corresponding to the data block is a path formed from the root node to the leaf node distributed by the data block.
The target path searching module is used for searching a target path from a root to a leaf corresponding to a target data block according to the mapping relation of the target data block requested by a user in a position mapping table when the user sends a reading request, sending the target path to the data reading module, randomly mapping the data block to a target path from the root to the leaf, and updating the position mapping table; when a user sends a write request, according to the mapping relation of a target data block requested by the user in a position mapping table, a target path from a root to a leaf corresponding to the data block is searched and sent to a data reading module, the data block is mapped to a target path from the root to the leaf at random, the position mapping table is updated, and data written by the user is sent to a user request processing module.
And the data reading module is used for searching the target path output by the module according to the target path, sequentially reading each barrel from the data storage module according to the target path, reading a real target data block from the barrel in which the target data block exists, randomly reading one virtual data block from other barrels, and directly sending all the read data blocks to the XOR calculation module.
The user request processing module is used for carrying out XOR on the data obtained by the data XOR module and the H virtual data blocks during reading operation to recover a target data block, decrypting the target data block, storing the decrypted target data block into the data cache module and transmitting the target data block to a user if the decrypted data block is the target data block, and directly reading and transmitting the target block in the data storage module if the decrypted data block does not contain real data; during writing operation, carrying out XOR on data obtained by the data XOR module and the virtual data block, recovering a target data block, decrypting the target data block, modifying the data in the decrypted target data block into data written by a user if the decrypted data block is the target data block, and storing the data in the data cache module, wherein if the decrypted data block does not contain real data, the obtained target block is already in the data storage module and is directly modified into the data written by the user;
and the data cache module is used for storing the decrypted target data block stored in the read operation or the write operation, and the data block read from the data storage module by the root bucket eviction and data shuffling operation.
And the root bucket eviction module is used for returning all the residual real data blocks in the root bucket to the data cache module after the cyclic shift module carries out 1-time cyclic shift, forming Z real data blocks with partial real data blocks randomly selected by the data cache module, forming a new root bucket with S virtual data blocks, and writing back the root bucket of the data storage module.
And the data shuffling module is used for returning all the residual real data blocks in the same barrel to the data cache module after S times of accesses are performed on the same barrel, forming Z real data blocks with partial real data blocks selected by the data cache module, forming a new barrel with S virtual data blocks and writing the new barrel back to the data storage module.
All the real data blocks and the virtual data blocks are encrypted data blocks.
As shown in FIG. 2, server-side data of Loop ORAM (Loop Access Random Access Machine) is stored in a complete binary tree with a tree height H, denoted as T, and capable of storing N ≦ Z · (2 ≦ Z · AH-1) real data blocks. And one node bucket in the T randomly stores Z + S data blocks, wherein Z real data blocks and S virtual data blocks are B in size. Indexing the data blocks in the T according to a path from a root to a leaf, and recording indexes of leaf bucket nodes as 0, 1, … and 2H-1-1. P (l) represents that the data block is a data block in a bucket on the path from the root to the leaf l, where 0 ≦ l ≦ 2H-1-1,. pm represents data deposited in the "clientBlock location mapping table, data is mapped by (id,<p (l) >) is stored, indicating that the block with index id is in path p (l). The metadata in each bucket records the offset of each block in the bucket, and whether the target block is in the bucket can be queried according to the metadata.
As shown in fig. 3, the present invention provides a cloud storage ORAM access method in an untrusted network environment, which includes the following steps:
step S1, initializing a client and a server, wherein the number of times of initialization access is 0, the number of times of initialization eviction G is 0, and the number of times of initialization access to all buckets is 0.
S11, initializing a data structure in a complete binary tree form at a server end, marking nodes as buckets, storing data in the buckets in blocks, wherein each bucket comprises Z real data blocks, S virtual data blocks and metadata.
S12, a position mapping table (position map) is stored at the client, and the distributed path of each data block is stored.
And S2, when the client receives a read/write request sent by a user, retrieving a target data block requested by the user, and performing read-write operation on the retrieved data block, wherein the access frequency is increased by 1 every time the read/write operation is performed.
As shown in fig. 4, step S2 includes the steps of:
and S21, finding out a target path from a root to a leaf corresponding to the data block according to the mapping relation of the target data block requested by the user in the position mapping table.
S22, mapping the data block to a target path from a root to a leaf at random, and updating a position mapping table.
And S23, reading the data block along the target path, wherein the bucket with the target data block reads the real target block, other buckets randomly read a virtual block, and the access times of all the buckets on the target path are increased by 1.
The metadata in the bucket is read along the target path and the offset of the target block or valid virtual block is obtained. Blocks in each bucket on the target path are read according to the offset, the blocks read are all virtual except for the target block, and once a block is accessed, the corresponding slot is invalidated to prevent access again. It is determined whether a target block exists in each bucket based on the metadata of the bucket.
And S24, carrying out XOR calculation on the data of all the data blocks read out from the target path to obtain an XOR result.
S25, during reading operation, carrying out XOR on an XOR result and a virtual data block, recovering a target data block, decrypting the target data block, storing the decrypted target data block into a cache and simultaneously transmitting the target data block to a user if the decrypted data block is the target data block, and directly reading and transmitting the target block to the user if the decrypted data block does not contain real data, wherein the access frequency is increased by 1; and during write operation, performing XOR on the XOR result and the virtual data block, recovering the target data block, decrypting the target data block, modifying the data in the decrypted target data block into the data written by the user if the decrypted data block is the target data block, storing the data in a cache, and modifying the data into the data written by the user if the decrypted data block does not contain real data, wherein the obtained target block is already in the data storage module, the obtained target block is directly modified into the data written by the user, and the access frequency is increased by 1.
And S3, when the access times are integral multiples of A, the step goes to S4, and when the access times of the same bucket are integral multiples of S, the step goes to S5.
When the access times are integral multiples of A, the storage position of the data block in the tree needs to be updated, cyclic shift operation and root bucket eviction operation need to be carried out, and the randomness of the data and the safety of an access mode are guaranteed.
When the number of times of accessing the same bucket is integral multiple of S, the virtual blocks in the bucket may be exhausted at the moment, the bucket is not updated by performing the eviction operation, the data shuffling operation is required to be performed, the virtual blocks in the bucket are ensured to be in each time of accessing the bucket, and the security of an access mode is protected.
And S4, performing cyclic shift operation and root bucket eviction operation.
As shown in fig. 5, step S4 includes the following sub-steps:
s41, selecting a root bucket eviction target path according to the reverse dictionary sequence of the result of the G modulo the leaf node number.
And S42, performing cyclic shift on all nodes of the selected root bucket eviction target path, so that leaf nodes move to the root, and adding 1 to G.
S43, updating the address mapping table.
S44, finding a root node bucket, reading all the residual un-accessed real blocks in the root bucket and storing the read real blocks in a client cache;
and S45, forming Z real data blocks by all the remaining un-accessed real blocks in the root bucket and the real data blocks selected by the client cache, forming a new root bucket by the Z real data blocks and the randomly selected S virtual data blocks, and writing back the root bucket.
And S5, performing data shuffling operation.
As shown in fig. 6, step S5 includes the following sub-steps:
and S51, transmitting all the residual real data blocks in the bucket back to the client cache.
And S52, forming Z real data blocks by all the residual real data blocks in the bucket and the real data blocks selected by the client cache, forming a new bucket by the Z real data blocks and the randomly selected S virtual data blocks, and writing the new bucket back to the bucket.
And S53, releasing the information of the original corresponding address mapping table of the real data block cached and selected by the client, and updating the address mapping tables to be the position of the target bucket.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (9)

1. A cloud storage ORAM access system in an untrusted network environment, the system comprising: a server side and a client side;
the server side includes:
the data storage module is used for storing data file ciphertexts uploaded to a cloud end by a user in a complete binary tree type, the nodes of the complete binary tree correspond to buckets, and each bucket comprises: z real data blocks and S virtual data blocks;
the cyclic shift module is used for cyclically shifting all nodes of a root bucket eviction target path selected by a reverse lexicographic order of leaf node number modulo results in the data storage module according to an eviction frequency G after the client accesses the server for A times, so that the leaf nodes are moved to the root, the eviction frequency G is assigned to be 0 when the leaf nodes are circularly shifted for the first time, and the eviction rate A is set according to the number Z of real data blocks after the cyclic shift G is added to be 1 each time the cyclic shift G is completed;
the client comprises:
the position mapping table is used for storing the path distributed by each data block in the data storage module, the path corresponding to the data block is a path formed from a root node to a leaf node distributed by the data block, and the updating is carried out when the addition of 1 to G is carried out;
the data cache module is used for storing the decrypted target data block stored in the access operation and the data block read out from the data storage module by the root bucket eviction operation;
and the root bucket eviction module is used for reading out all real data blocks which are not accessed in the root bucket and storing the real data blocks in the data cache module after the cyclic shift module carries out 1-time cyclic shift, forming Z real data blocks with partial real data blocks randomly selected by the data cache module, forming a new root bucket with S virtual data blocks and writing back the root bucket of the data storage module.
2. The system of claim 1, wherein the client further comprises:
the data shuffling module is used for serving the same barrel as a target barrel after S times of accesses to the same barrel, returning all the residual real data blocks in the target barrel to the data cache module, forming Z real data blocks with partial real data blocks selected by the data cache module, forming a new barrel with S virtual data blocks and writing back the new barrel to the target barrel of the data storage module;
the data cache module is also used for storing the data blocks read out from the data storage module by the data shuffling operation;
the location mapping table is also used for releasing the original corresponding address mapping table information of the real data block selected by the client cache and updating the address mapping tables to be the location of the target bucket.
3. The system of claim 1 or 2, wherein each bucket further comprises metadata, the metadata being an index and offset of each data block in the bucket and a number of times the bucket is accessed.
4. The system of claim 1 or 2,
the server side further comprises: the exclusive-or calculation module is used for carrying out exclusive-or calculation on the data of all the data blocks read out by the data storage module during each access and transmitting an exclusive-or result to the user request processing module;
the client further comprises:
the target path searching module is used for searching a target path from a root to a leaf corresponding to a target data block according to the mapping relation of the target data block requested by a user in a position mapping table when the user sends a reading request, sending the target path to the data reading module, randomly mapping the data block to a target path from the root to the leaf, and updating the position mapping table; when a user sends a write request, according to the mapping relation of a target data block requested by the user in a position mapping table, searching a target path from a root to a leaf corresponding to the data block, sending the target path to a data reading module, randomly mapping the data block to a target path from the root to the leaf, updating the position mapping table, and sending data written by the user to a user request processing module;
the data reading module is used for searching a target path output by the module according to the target path, sequentially reading each barrel from the data storage module according to the target path, reading a real target data block from a barrel in which the target data block exists, randomly reading a virtual data block from other barrels, and directly sending all the read data blocks to the XOR calculation module;
the user request processing module is used for carrying out XOR on the data obtained by the XOR calculation module and the H virtual data blocks during reading operation to recover a target data block, decrypting the target data block, storing the decrypted target data block into the data cache module and transmitting the data cache module to a user if the decrypted data block is the target data block, and directly reading and transmitting the obtained target block in the data storage module to the user if the decrypted data block does not contain real data; and during writing operation, carrying out XOR on the data obtained by the XOR calculation module and the virtual data block, recovering a target data block, decrypting the target data block, modifying the data in the decrypted target data block into data written by a user if the decrypted data block is the target data block, and storing the data into a data cache module, wherein if the decrypted data block does not contain real data, the obtained target block is already in the data storage module and is directly modified into the data written by the user, and H represents the tree height of a complete binary tree.
5. A cloud storage ORAM access method in an untrusted network environment is characterized by comprising the following steps:
s1, initializing a client and a server, wherein the initialization access times are 0, and the initialization eviction times G are 0;
s2, when a client receives a read/write request sent by a user, retrieving a target data block requested by the user, and performing read/write operation on the retrieved data block, wherein the access frequency is increased by 1 every time the read/write operation is performed;
s3, when the access times are integral multiples of A, performing cyclic shift operation and root bucket eviction operation, wherein each time the cyclic shift G is completed, the value is added to 1, and the eviction rate A is set according to the number of real data blocks;
the performing of the cyclic shift operation and the root bucket eviction operation is specifically as follows:
(1) selecting a root bucket eviction target path according to the reverse dictionary sequence of the leaf node number modulo result of G;
(2) performing cyclic shift on all nodes of the selected root bucket eviction target path, so that leaf nodes are moved to the root, and adding 1 to G;
(3) updating an address mapping table;
(4) finding a root barrel, reading all real data blocks which are left in the root barrel and are not accessed and storing the real data blocks in a client cache;
(5) all the residual un-accessed real data blocks in the root bucket and the real data blocks selected by the client cache form Z real data blocks, and then form a new root bucket with S randomly selected virtual data blocks, and the new root bucket is written back to the root bucket.
6. The method of claim 5, wherein step S1 includes the sub-steps of:
s11, initializing a data structure in a complete binary tree form at a server end, marking nodes as buckets, storing data in the buckets in blocks, wherein each bucket comprises Z real data blocks, S virtual data blocks and metadata;
and S12, storing a position mapping table at the client, and storing the distributed path of each data block.
7. The method of claim 5, wherein step S2 includes the sub-steps of:
s21, finding out a target path from a root to a leaf corresponding to a target data block according to the mapping relation of the target data block requested by a user in a position mapping table;
s22, mapping the data block to a target path from a root to a leaf at random, and updating a position mapping table;
s23, reading data blocks along a target path, reading real target blocks by a bucket with the target data blocks, randomly reading a virtual block by other buckets, and adding 1 to the access times of all buckets on the target path;
s24, performing XOR calculation on the data of all the data blocks read out from the target path to obtain an XOR result;
s25, during reading operation, carrying out XOR on an XOR result and a virtual data block, recovering a target data block, decrypting the target data block, storing the decrypted target data block into a cache and simultaneously transmitting the target data block to a user if the decrypted data block is the target data block, and directly reading and transmitting the target block to the user if the decrypted data block does not contain real data, wherein the access frequency is increased by 1; and during write operation, performing XOR on the XOR result and the virtual data block, recovering the target data block, decrypting the target data block, modifying the data in the decrypted target data block into the data written by the user if the decrypted data block is the target data block, storing the data in a cache, and modifying the data into the data written by the user if the decrypted data block does not contain real data, wherein the obtained target block is already in the data storage module, the obtained target block is directly modified into the data written by the user, and the access frequency is increased by 1.
8. The method of claim 5, wherein the data shuffle operation is performed with the same bucket as the target bucket when it is accessed an integer multiple of S.
9. The method of claim 8, wherein performing the data shuffle operation is specifically as follows:
(1) all the remaining real data blocks in the target bucket are transmitted back to the client cache;
(2) all the residual real data blocks in the target bucket and the real data blocks selected by the client cache form Z real data blocks, then form a new bucket with S randomly selected virtual data blocks, and write back the new bucket to the target bucket;
(3) and releasing the information of the original corresponding address mapping table of the real data block cached and selected by the client, and updating the address mapping tables to be the position of the target bucket.
CN201911022014.2A 2019-10-25 2019-10-25 Cloud storage ORAM access system and method under untrusted network environment Active CN110837650B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911022014.2A CN110837650B (en) 2019-10-25 2019-10-25 Cloud storage ORAM access system and method under untrusted network environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911022014.2A CN110837650B (en) 2019-10-25 2019-10-25 Cloud storage ORAM access system and method under untrusted network environment

Publications (2)

Publication Number Publication Date
CN110837650A CN110837650A (en) 2020-02-25
CN110837650B true CN110837650B (en) 2021-08-31

Family

ID=69575735

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911022014.2A Active CN110837650B (en) 2019-10-25 2019-10-25 Cloud storage ORAM access system and method under untrusted network environment

Country Status (1)

Country Link
CN (1) CN110837650B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111639364B (en) * 2020-06-01 2023-10-03 浙江大学 Distributed efficient confusion method for cloud data access mode
CN111898157B (en) * 2020-07-23 2024-03-26 东南大学 Unintentional storage access method for machine learning multisource training set
CN113722366B (en) * 2021-09-14 2024-05-03 长沙理工大学 Safety data retrieval method based on careless ciphertext inverted index
CN114039990B (en) * 2021-11-01 2022-07-29 上海交通大学 Inadvertent access to storage systems
CN115016988B (en) * 2022-08-08 2022-10-21 四川大学 CDP backup recovery method, system and storage medium based on binary tree log
CN116167092B (en) * 2023-04-21 2023-07-18 支付宝(杭州)信息技术有限公司 Secret state data query method and device, storage medium and electronic equipment
CN118277628B (en) * 2024-05-30 2024-07-30 湖南工商大学 Data access control method, device, computer equipment and storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4734906B2 (en) * 2004-12-07 2011-07-27 ソニー株式会社 Information processing apparatus, information recording medium, information processing method, and computer program
US8103910B2 (en) * 2009-11-13 2012-01-24 International Business Machines Corporation Local rollback for fault-tolerance in parallel computing systems
WO2012112834A2 (en) * 2011-02-17 2012-08-23 Rockstar Bidco Lp Next hop computation functions for equal cost multi-path packet switching networks
CN102279818B (en) * 2011-07-28 2013-09-25 中国人民解放军国防科学技术大学 Vector data access and storage control method supporting limited sharing and vector memory
US10235100B2 (en) * 2016-08-23 2019-03-19 Sap Se Optimizing column based database table compression
CN108268208B (en) * 2016-12-30 2020-01-17 清华大学 RDMA (remote direct memory Access) -based distributed memory file system
CN108052347B (en) * 2017-12-06 2021-07-20 北京中科睿芯智能计算产业研究院有限公司 Device and method for executing instruction selection and instruction mapping method

Also Published As

Publication number Publication date
CN110837650A (en) 2020-02-25

Similar Documents

Publication Publication Date Title
CN110837650B (en) Cloud storage ORAM access system and method under untrusted network environment
Li et al. Searchable symmetric encryption with forward search privacy
Ren et al. Ring ORAM: Closing the Gap Between Small and Large Client Storage Oblivious RAM.
Ren et al. Constants count: Practical improvements to oblivious {RAM}
US10990617B2 (en) Method and system for searching encrypted data
Mayberry et al. Efficient private file retrieval by combining ORAM and PIR
CN110830561B (en) Multi-user ORAM access system and method under asynchronous network environment
Liu et al. Eurus: Towards an efficient searchable symmetric encryption with size pattern protection
CN114817994A (en) Log-structured security data storage method and device
CN115238281A (en) Efficient side channel defense method based on hybrid ORAM
Maiyya et al. Waffle: An online oblivious datastore for protecting data access patterns
CN110442469A (en) A kind of caching side-channel attack defence method based on local Random Maps
CN111639364B (en) Distributed efficient confusion method for cloud data access mode
CN103414555A (en) Array key management method based on IO block encryption
CN113722366B (en) Safety data retrieval method based on careless ciphertext inverted index
Sanchez-Artigas Toward efficient data access privacy in the cloud
Mayberry et al. Multi-client Oblivious RAM secure against malicious servers
CN114039990B (en) Inadvertent access to storage systems
Williams et al. SR-ORAM: Single round-trip oblivious ram
Cheng et al. Tianji: Securing a practical asynchronous multi-user ORAM
CN113297210A (en) Data processing method and device
CN112214805A (en) Safe ORAM memory based on hybrid DRAM-NVM and access method thereof
Zhang et al. TSKT-ORAM: A two-server k-ary tree ORAM for access pattern protection in cloud storage
Al-Saleh et al. Practical suitability and experimental assessment of tree orams
Tian et al. Loco-store: Locality-based oblivious data storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant