Nils is a Senior Security Engineer on Kudelski Security’s research team performing research on various topics including privacy, authentication, big data analytics, and internet scanning. He also writes blog posts on various topics for Kudelski’s research blog. Nils likes open source software and has presented his research at DEF CON and Black Hat Arsenal. He was part of creating a massively distributed system for breaking RSA public keys.
You may believe traditional storage encryption is enough to protect the privacy of your data at rest, even in untrusted environments. Think twice: Access pattern leakage can, in many cases, reveal sensitive information to an attacker. For example, a malicious cloud provider can still see whether a user performs read or write operations and which part of the data is accessed, even if all of the data is encrypted.
Oblivious Random Access Machines (ORAMs) are cryptographic schemes that hide both data and access patterns. This obfuscation is achieved by making redundant read/write operations and encrypting, re-randomizing, and shuffling the blocks composing the storage layer on every access. The resulting loss of performance is a tradeoff that allows to turn untrusted storage into a trusted one solely via software. However, existing solutions are cumbersome for the user, requiring the storage provider to support the ORAM scheme.
We implemented oramfs: an open source, cloud- and storage-agnostic, resizable ORAM client written in Rust that offers privacy features beyond encryption. In this talk, we look at how a practical ORAM scheme such as PathORAM works, give some background about oramfs, and show how it can be used to protect data resting on untrusted storage.