Towards practical oblivious cloud storage

Abstract

Many companies and individuals continue to adopt cloud storage due to the convenience of manageability and scalability. However, security concern occurs because the physical machine resides in the remote cloud. Even though a client uses strong encryption schemes to protect his contents from being leaked, a malicious cloud storage provider can still learn valuable information on encrypted data by observing data access pattern. The standard way to hide data access pattern is using a compiler, oblivious RAM. Recently, various research have been conducted to apply oblivious RAM to the cloud storage, but there are limitations such as using a lot of network bandwidth or requiring an unrealistic trust model. In this paper, we introduce a practical oblivious cloud storage by leveraging a hardware technology, trusted execution environment. Our system leverages Intel SGX technology to create secure containers inside the cloud. By executing oblivious RAM inside the secure container, our system eliminates network bandwidth bottleneck. Furthermore, the secure container provides a more realistic trust model than previous research by protecting security-sensitive data from external attacks. Finally, our novel optimistic concurrency control on the storage shows low storage usage with a reasonable performance overhead. We evaluated our system in the cloud-like environment with 20~GB of database, and the system shows 2.4x higher throughput and 2.6x shorter response time than the state-of-the-art oblivious cloud storage. The optimistic concurrency control using less storage also shows a reasonable performance overhead(<7%).