Computer Systems Organization, Software
In outsourced data services, revealing users’ data access pattern may lead to the exposure of a wide range of sensitive information even if data is encrypted. Oblivious RAM has been a well-studied provable solution to access pattern preservation. However, it is not resilient to attacks towards data integrity from the users or the server. In this paper, we study the problem of protecting access pattern privacy and data integrity together in outsourced data services, and propose a scheme that introduces accountability support into a hash-based ORAM design. The proposed scheme can detect misconduct committed by malicious users or server, and identify the attacker, while not interfering with the access pattern preservation mechanisms inherent from the underlying ORAM. This is accomplished at the cost of slightly increased computational, storage, and communication overheads compared with the original ORAM.