PrivateFS: A Parallel Oblivious File System

摘要

Privatefs is an oblivious file system that enables access to remote storage, while keeping both the file contents and client access patterns secret. Privatefs is based on a new parallel Oblivious RAM mechanism (PD-ORAM) - instead of waiting for the completion of all ongoing client-server transactions, client threads can now engage a server in parallel without loss of privacy. This critical piece is missing from existing Oblivious RAMs (ORAM), which can not allow multiple clients threads to operate simultaneously without revealing intra- and interquery correlations and thus incurring privacy leaks. And since ORAMs often require many communication rounds, this significantly and unnecessarily constrains throughput. The mechanisms introduced here eliminate this constraint, allowing overall throughput to be bound by server bandwidth only, and thus to increase by an order of magnitude. Further, new de-amortization techniques bring the worst case query cost in line with the average cost. Both of these results are shown to be fundamental to any ORAM. Extensions providing fork consistency against an actively malicious adversary are then presented. A high performance, fully functional PD-ORAM implementation was designed, built and analyzed. It performs multiple queries per second on a 1TB+ database across 50ms latency links, with unamortized, bound query latencies. Based on PD-ORAM, privatefs was built and deployed on Linux as a userspace file system.