Blockchain-based accountability for multi-party oblivious RAM

Abstract

Recently, oblivious random access machine (ORAM) has been widely used to prevent privacy leakage from user’s access pattern. However, in multi-user scenarios, the obliviousness property of ORAM facilitates the malicious data modification by unauthorized users, which brings a new security challenge of user accountability to ORAM applications. Moreover, based on our observations, existing user accountability schemes for multi-user ORAM induce the extremely unacceptable overhead in both time and storage. What is worse, it is still inherent the traditional cloud accountability problem that the untrusted cloud server may have misbehavior on storing the outsourced data. In this paper, we focus on the issue that how to do accountability for both malicious users and untrusted cloud server without the independent trusted third party server.To address the above problem, we design and implement a Traceable Oblivious RAM, or T-ORAM for short, a cryptographic system that protects the privacy of users and the integrity of outsourced data based on group signatures. It can detect malicious users quickly by utilizing the traceability property of group signatures, and cost less storage overhead comparing with the existing solutions. Then, we further propose a more secure solution of Blockchain-based Traceable Oblivious RAM (BT-ORAM). Specifically, by introducing the blockchain technology, BT-ORAM can detect the malicious behavior from both malicious users and untrusted cloud server. BT-ORAM is the first accountability work for multi-user ORAM that deal with both malicious users and the untrusted cloud server. Finally, security analysis and experimental results show that our method outperforms the state-of-the-art accountability work for oblivious RAM, S-GORAM, in both security and performance.