ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave

The access frequency pattern leakage reveals sensitive information over encrypted cloud data, such as query inclinations and interests. Even worse, adversaries can infer the content of storage with the help of auxiliary knowledge. It jeopardizes the mutual trust between the client users and the cloud platform as reported in many cases. In this paper, we study the threats model in which adversaries know both the exact in-memory flow of accessed blocks and the processing boundary of each request. Under these settings, he can precisely observe the access frequency patterns in both aggregated and independent perspectives over queries. We then propose the ReFlat module as a counter solution through the K K -duplication obfuscation mechanism. ReFlat securely runs inside the hardware enclave provided by Intel SGX and requires no modifications on query processors. The K K -duplication mechanism is further optimized with two working functions to practically deal with point and range queries. Comparing with the state-of-the-art schemes using the similar idea, that is, fake query injection, ReFlat eliminates the security risk of involving intermediate proxy and achieves higher robustness under the proposed threat model. We exhibit comparative experiment results showing that ReFlat exceeds existing schemes providing equal security level in multiple system performance metrics.