ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave

The access frequency pattern leakage reveals sensitive information over encrypted cloud data, such as query inclinations and interests. Even worse, adversaries can infer the content of storage with the help of auxiliary knowledge. It jeopardizes the mutual trust between the client users and the clou...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on cloud computing Vol. 11; no. 2; pp. 1474 - 1486
Main Authors Han, Ziyang, Hu, Haibo, Ye, Qingqing
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.04.2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Access pattern hiding
Access protocols
Cloud computing
cloud security
Codes
Data structures
Hardware
hardware enclave
Isomorphism
K-isomorphism
Memory management
Performance measurement
Program processors
Queries
Query processing
request frequency distribution
Robustness (mathematics)
Security
Online AccessGet full text

Cover

More Information
Summary:The access frequency pattern leakage reveals sensitive information over encrypted cloud data, such as query inclinations and interests. Even worse, adversaries can infer the content of storage with the help of auxiliary knowledge. It jeopardizes the mutual trust between the client users and the cloud platform as reported in many cases. In this paper, we study the threats model in which adversaries know both the exact in-memory flow of accessed blocks and the processing boundary of each request. Under these settings, he can precisely observe the access frequency patterns in both aggregated and independent perspectives over queries. We then propose the ReFlat module as a counter solution through the <inline-formula><tex-math notation="LaTeX">K</tex-math> <mml:math><mml:mi>K</mml:mi></mml:math><inline-graphic xlink:href="han-ieq1-3137351.gif"/> </inline-formula>-duplication obfuscation mechanism. ReFlat securely runs inside the hardware enclave provided by Intel SGX and requires no modifications on query processors. The <inline-formula><tex-math notation="LaTeX">K</tex-math> <mml:math><mml:mi>K</mml:mi></mml:math><inline-graphic xlink:href="han-ieq2-3137351.gif"/> </inline-formula>-duplication mechanism is further optimized with two working functions to practically deal with point and range queries. Comparing with the state-of-the-art schemes using the similar idea, that is, fake query injection, ReFlat eliminates the security risk of involving intermediate proxy and achieves higher robustness under the proposed threat model. We exhibit comparative experiment results showing that ReFlat exceeds existing schemes providing equal security level in multiple system performance metrics.
ISSN:2168-7161
2168-7161
2372-0018
DOI:10.1109/TCC.2021.3137351