A forward and backward private oblivious RAM for storage outsourcing on edge-cloud computing

Abstract

In recent years, edge-cloud computing is regarded as a promising solution to meet the requirements of mobile computing and Internet-of-Things (IoT). However, due to the limited storage resources of edge equipment, there is a security threat when users outsource their sensitive data to the cloud computing center. The users usually adopt a data-encryption approach, Oblivious RAM (ORAM), which enables a user to read/write her outsourced private data without access pattern leakage. Not all users like the fully functional ORAM all the time since the ORAM protocol is usually highly interactive or occupies large edge storage space. We show that forward-private/backward-private (FP/BP) ORAMs are good alternatives for secure storage outsourcing. We introduce the FP/BP-ORAM definitions and present LL-ORAM, the first FP/BP-ORAM that achieves near-zero edge storage, single-round-trip read/write, and worst-case sublinear access time. For any outsourced record, LL-ORAM provides both an oblivious-access interface and a nonoblivious-access interface. FP-ORAM concerns more data-write privacy than data-read privacy. BP-ORAM concerns more data-read privacy. The constructions involve a tree data structure named LL-tree, which supports fast computation in the cloud with an access-pattern-reduced leakage profile. The security analysis shows that LL-ORAM meets the proposed forward and backward security model. The experimental results demonstrate that LL-ORAM is round-efficient and can be deployed on edge-cloud computing systems.