The 8th IEEE International Workshop on Trusted Collaboration

Research Article

Analysis of Heuristic Based Access Pattern Obfuscation

Download582 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2013.254199,
        author={Huseyin Ulusoy and Murat Kantarcioglu and Bhavani Thuraisingham and Ebru Cankaya and Erman Pattuk},
        title={Analysis of Heuristic Based Access Pattern Obfuscation},
        proceedings={The 8th IEEE International Workshop on Trusted Collaboration},
        publisher={ICST},
        proceedings_a={TRUSTCOL},
        year={2013},
        month={11},
        keywords={access pattern obsfuscation encrypted search security and privacy oblivious ram},
        doi={10.4108/icst.collaboratecom.2013.254199}
    }
    
  • Huseyin Ulusoy
    Murat Kantarcioglu
    Bhavani Thuraisingham
    Ebru Cankaya
    Erman Pattuk
    Year: 2013
    Analysis of Heuristic Based Access Pattern Obfuscation
    TRUSTCOL
    ICST
    DOI: 10.4108/icst.collaboratecom.2013.254199
Huseyin Ulusoy1, Murat Kantarcioglu1, Bhavani Thuraisingham1, Ebru Cankaya1, Erman Pattuk1,*
  • 1: The University of Texas at Dallas
*Contact email: exp111430@utdallas.edu

Abstract

As cloud computing becomes popular, the security and privacy issues emerge as important hindrances to more widespread adoption of cloud computing. In particular, outsourcing sensitive data to untrusted cloud service providers creates important security and regulatory compliance challenges. Encryption of the outsourced data has been introduced as an alternative to protect privacy and security. In the context of searchable symmetric encryption, many solutions have been proposed to perform efficient search on the encrypted outsourced data. Some of them achieve protecting privacy of outsourced data, but may disclose the access patterns. Recently, it has been shown that such access pattern disclosures could be exploited even further to infer sensitive information about underlying data, even if the data is stored in encrypted form. To address the access pattern disclosures, oblivious RAM and heuristic based techniques are proposed. However, the overhead of oblivious RAM based solutions is too high in many cases, and the security and scalability of heuristic based techniques have not been carefully analyzed yet. In this paper, we provide the first framework to analyze and compare the security and efficiency of such heuristics. In addition, we provide extensive empirical analysis that yields important insights into how to use such heuristics effectively in practice; and we discuss how such heuristics can be combined to improve security and efficiency.