ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave

ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave

The access frequency pattern leakage reveals sensitive information over encrypted cloud data, such as query inclinations and interests. Even worse, adversaries can infer the content of storage with the help of auxiliary knowledge. It jeopardizes the mutual trust between the client users and the clou...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on cloud computing 2023-04, Vol.11 (2), p.1474-1486
Hauptverfasser: Han, Ziyang, Hu, Haibo, Ye, Qingqing
Format: Artikel
Sprache:eng
Schlagworte:
Access pattern hiding
Access protocols
Cloud computing
cloud security
Codes
Data structures
Hardware
hardware enclave
Isomorphism
K-isomorphism
Memory management
Performance measurement
Program processors
Queries
Query processing
request frequency distribution
Robustness (mathematics)
Security
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1486
container_issue 2
container_start_page 1474
container_title IEEE transactions on cloud computing
container_volume 11
creator Han, Ziyang
Hu, Haibo
Ye, Qingqing
description The access frequency pattern leakage reveals sensitive information over encrypted cloud data, such as query inclinations and interests. Even worse, adversaries can infer the content of storage with the help of auxiliary knowledge. It jeopardizes the mutual trust between the client users and the cloud platform as reported in many cases. In this paper, we study the threats model in which adversaries know both the exact in-memory flow of accessed blocks and the processing boundary of each request. Under these settings, he can precisely observe the access frequency patterns in both aggregated and independent perspectives over queries. We then propose the ReFlat module as a counter solution through the K K -duplication obfuscation mechanism. ReFlat securely runs inside the hardware enclave provided by Intel SGX and requires no modifications on query processors. The K K -duplication mechanism is further optimized with two working functions to practically deal with point and range queries. Comparing with the state-of-the-art schemes using the similar idea, that is, fake query injection, ReFlat eliminates the security risk of involving intermediate proxy and achieves higher robustness under the proposed threat model. We exhibit comparative experiment results showing that ReFlat exceeds existing schemes providing equal security level in multiple system performance metrics.
doi_str_mv 10.1109/TCC.2021.3137351
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_9661343</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9661343</ieee_id><sourcerecordid>2823186256</sourcerecordid><originalsourceid>FETCH-LOGICAL-c291t-cdf4428cba54a9c66a2365afec96634ac30603d7c6543f4bbea4ef8cdbdf7ebc3</originalsourceid><addsrcrecordid>eNo9kD1PwzAQhi0EElXpjsRiiTnFH4mTsJWoX6ISpZQ5cuwzpErjYiegLvx2ErXilrvhee9OD0K3lIwpJenDNsvGjDA65pTHPKIXaMB4zAJCaHLZzVQkQUwFvUYj73ekqySiKU0H6HcDs0o2j3iCN7ZofYMnSoH3eC2bBlyNF6Uu6w_8Zqu2KW2NjXV4DjU4WeGssq3Gry24I1472-d69kl60Lhjn4Olt3vrDp-l32NZa7yQTv9IB3haq0p-ww26MrLyMDr3IXqfTbfZIli9zJfZZBUoltImUNqEIUtUIaNQpkoIybiIpAGVCsFDqTgRhOtYiSjkJiwKkCGYROlCmxgKxYfo_rT34OxXC77Jd7Z1dXcyZwnjNBEsEh1FTpRy1nsHJj-4ci_dMack70Xnnei8F52fRXeRu1OkBIB_vPuK8pDzPyeVemM</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2823186256</pqid></control><display><type>article</type><title>ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave</title><source>IEEE Electronic Library (IEL)</source><creator>Han, Ziyang ; Hu, Haibo ; Ye, Qingqing</creator><creatorcontrib>Han, Ziyang ; Hu, Haibo ; Ye, Qingqing</creatorcontrib><description><![CDATA[The access frequency pattern leakage reveals sensitive information over encrypted cloud data, such as query inclinations and interests. Even worse, adversaries can infer the content of storage with the help of auxiliary knowledge. It jeopardizes the mutual trust between the client users and the cloud platform as reported in many cases. In this paper, we study the threats model in which adversaries know both the exact in-memory flow of accessed blocks and the processing boundary of each request. Under these settings, he can precisely observe the access frequency patterns in both aggregated and independent perspectives over queries. We then propose the ReFlat module as a counter solution through the <inline-formula><tex-math notation="LaTeX">K</tex-math> <mml:math><mml:mi>K</mml:mi></mml:math><inline-graphic xlink:href="han-ieq1-3137351.gif"/> </inline-formula>-duplication obfuscation mechanism. ReFlat securely runs inside the hardware enclave provided by Intel SGX and requires no modifications on query processors. The <inline-formula><tex-math notation="LaTeX">K</tex-math> <mml:math><mml:mi>K</mml:mi></mml:math><inline-graphic xlink:href="han-ieq2-3137351.gif"/> </inline-formula>-duplication mechanism is further optimized with two working functions to practically deal with point and range queries. Comparing with the state-of-the-art schemes using the similar idea, that is, fake query injection, ReFlat eliminates the security risk of involving intermediate proxy and achieves higher robustness under the proposed threat model. We exhibit comparative experiment results showing that ReFlat exceeds existing schemes providing equal security level in multiple system performance metrics.]]></description><identifier>ISSN: 2168-7161</identifier><identifier>EISSN: 2372-0018</identifier><identifier>DOI: 10.1109/TCC.2021.3137351</identifier><identifier>CODEN: ITCCF6</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Access pattern hiding ; Access protocols ; Cloud computing ; cloud security ; Codes ; Data structures ; Hardware ; hardware enclave ; Isomorphism ; K-isomorphism ; Memory management ; Performance measurement ; Program processors ; Queries ; Query processing ; request frequency distribution ; Robustness (mathematics) ; Security</subject><ispartof>IEEE transactions on cloud computing, 2023-04, Vol.11 (2), p.1474-1486</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c291t-cdf4428cba54a9c66a2365afec96634ac30603d7c6543f4bbea4ef8cdbdf7ebc3</citedby><cites>FETCH-LOGICAL-c291t-cdf4428cba54a9c66a2365afec96634ac30603d7c6543f4bbea4ef8cdbdf7ebc3</cites><orcidid>0000-0002-1976-4241 ; 0000-0003-1547-2847 ; 0000-0002-9008-2112</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9661343$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9661343$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Han, Ziyang</creatorcontrib><creatorcontrib>Hu, Haibo</creatorcontrib><creatorcontrib>Ye, Qingqing</creatorcontrib><title>ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave</title><title>IEEE transactions on cloud computing</title><addtitle>TCC</addtitle><description><![CDATA[The access frequency pattern leakage reveals sensitive information over encrypted cloud data, such as query inclinations and interests. Even worse, adversaries can infer the content of storage with the help of auxiliary knowledge. It jeopardizes the mutual trust between the client users and the cloud platform as reported in many cases. In this paper, we study the threats model in which adversaries know both the exact in-memory flow of accessed blocks and the processing boundary of each request. Under these settings, he can precisely observe the access frequency patterns in both aggregated and independent perspectives over queries. We then propose the ReFlat module as a counter solution through the <inline-formula><tex-math notation="LaTeX">K</tex-math> <mml:math><mml:mi>K</mml:mi></mml:math><inline-graphic xlink:href="han-ieq1-3137351.gif"/> </inline-formula>-duplication obfuscation mechanism. ReFlat securely runs inside the hardware enclave provided by Intel SGX and requires no modifications on query processors. The <inline-formula><tex-math notation="LaTeX">K</tex-math> <mml:math><mml:mi>K</mml:mi></mml:math><inline-graphic xlink:href="han-ieq2-3137351.gif"/> </inline-formula>-duplication mechanism is further optimized with two working functions to practically deal with point and range queries. Comparing with the state-of-the-art schemes using the similar idea, that is, fake query injection, ReFlat eliminates the security risk of involving intermediate proxy and achieves higher robustness under the proposed threat model. We exhibit comparative experiment results showing that ReFlat exceeds existing schemes providing equal security level in multiple system performance metrics.]]></description><subject>Access pattern hiding</subject><subject>Access protocols</subject><subject>Cloud computing</subject><subject>cloud security</subject><subject>Codes</subject><subject>Data structures</subject><subject>Hardware</subject><subject>hardware enclave</subject><subject>Isomorphism</subject><subject>K-isomorphism</subject><subject>Memory management</subject><subject>Performance measurement</subject><subject>Program processors</subject><subject>Queries</subject><subject>Query processing</subject><subject>request frequency distribution</subject><subject>Robustness (mathematics)</subject><subject>Security</subject><issn>2168-7161</issn><issn>2372-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kD1PwzAQhi0EElXpjsRiiTnFH4mTsJWoX6ISpZQ5cuwzpErjYiegLvx2ErXilrvhee9OD0K3lIwpJenDNsvGjDA65pTHPKIXaMB4zAJCaHLZzVQkQUwFvUYj73ekqySiKU0H6HcDs0o2j3iCN7ZofYMnSoH3eC2bBlyNF6Uu6w_8Zqu2KW2NjXV4DjU4WeGssq3Gry24I1472-d69kl60Lhjn4Olt3vrDp-l32NZa7yQTv9IB3haq0p-ww26MrLyMDr3IXqfTbfZIli9zJfZZBUoltImUNqEIUtUIaNQpkoIybiIpAGVCsFDqTgRhOtYiSjkJiwKkCGYROlCmxgKxYfo_rT34OxXC77Jd7Z1dXcyZwnjNBEsEh1FTpRy1nsHJj-4ci_dMack70Xnnei8F52fRXeRu1OkBIB_vPuK8pDzPyeVemM</recordid><startdate>20230401</startdate><enddate>20230401</enddate><creator>Han, Ziyang</creator><creator>Hu, Haibo</creator><creator>Ye, Qingqing</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-1976-4241</orcidid><orcidid>https://orcid.org/0000-0003-1547-2847</orcidid><orcidid>https://orcid.org/0000-0002-9008-2112</orcidid></search><sort><creationdate>20230401</creationdate><title>ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave</title><author>Han, Ziyang ; Hu, Haibo ; Ye, Qingqing</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c291t-cdf4428cba54a9c66a2365afec96634ac30603d7c6543f4bbea4ef8cdbdf7ebc3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Access pattern hiding</topic><topic>Access protocols</topic><topic>Cloud computing</topic><topic>cloud security</topic><topic>Codes</topic><topic>Data structures</topic><topic>Hardware</topic><topic>hardware enclave</topic><topic>Isomorphism</topic><topic>K-isomorphism</topic><topic>Memory management</topic><topic>Performance measurement</topic><topic>Program processors</topic><topic>Queries</topic><topic>Query processing</topic><topic>request frequency distribution</topic><topic>Robustness (mathematics)</topic><topic>Security</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Han, Ziyang</creatorcontrib><creatorcontrib>Hu, Haibo</creatorcontrib><creatorcontrib>Ye, Qingqing</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on cloud computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Han, Ziyang</au><au>Hu, Haibo</au><au>Ye, Qingqing</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave</atitle><jtitle>IEEE transactions on cloud computing</jtitle><stitle>TCC</stitle><date>2023-04-01</date><risdate>2023</risdate><volume>11</volume><issue>2</issue><spage>1474</spage><epage>1486</epage><pages>1474-1486</pages><issn>2168-7161</issn><eissn>2372-0018</eissn><coden>ITCCF6</coden><abstract><![CDATA[The access frequency pattern leakage reveals sensitive information over encrypted cloud data, such as query inclinations and interests. Even worse, adversaries can infer the content of storage with the help of auxiliary knowledge. It jeopardizes the mutual trust between the client users and the cloud platform as reported in many cases. In this paper, we study the threats model in which adversaries know both the exact in-memory flow of accessed blocks and the processing boundary of each request. Under these settings, he can precisely observe the access frequency patterns in both aggregated and independent perspectives over queries. We then propose the ReFlat module as a counter solution through the <inline-formula><tex-math notation="LaTeX">K</tex-math> <mml:math><mml:mi>K</mml:mi></mml:math><inline-graphic xlink:href="han-ieq1-3137351.gif"/> </inline-formula>-duplication obfuscation mechanism. ReFlat securely runs inside the hardware enclave provided by Intel SGX and requires no modifications on query processors. The <inline-formula><tex-math notation="LaTeX">K</tex-math> <mml:math><mml:mi>K</mml:mi></mml:math><inline-graphic xlink:href="han-ieq2-3137351.gif"/> </inline-formula>-duplication mechanism is further optimized with two working functions to practically deal with point and range queries. Comparing with the state-of-the-art schemes using the similar idea, that is, fake query injection, ReFlat eliminates the security risk of involving intermediate proxy and achieves higher robustness under the proposed threat model. We exhibit comparative experiment results showing that ReFlat exceeds existing schemes providing equal security level in multiple system performance metrics.]]></abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/TCC.2021.3137351</doi><tpages>13</tpages><orcidid>https://orcid.org/0000-0002-1976-4241</orcidid><orcidid>https://orcid.org/0000-0003-1547-2847</orcidid><orcidid>https://orcid.org/0000-0002-9008-2112</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2168-7161
ispartof IEEE transactions on cloud computing, 2023-04, Vol.11 (2), p.1474-1486
issn 2168-7161
2372-0018
language eng
recordid cdi_ieee_primary_9661343
source IEEE Electronic Library (IEL)
subjects Access pattern hiding
Access protocols
Cloud computing
cloud security
Codes
Data structures
Hardware
hardware enclave
Isomorphism
K-isomorphism
Memory management
Performance measurement
Program processors
Queries
Query processing
request frequency distribution
Robustness (mathematics)
Security
title ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T22%3A03%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=ReFlat:%20A%20Robust%20Access%20Pattern%20Hiding%20Solution%20for%20General%20Cloud%20Query%20Processing%20Based%20on%20K-Isomorphism%20and%20Hardware%20Enclave&rft.jtitle=IEEE%20transactions%20on%20cloud%20computing&rft.au=Han,%20Ziyang&rft.date=2023-04-01&rft.volume=11&rft.issue=2&rft.spage=1474&rft.epage=1486&rft.pages=1474-1486&rft.issn=2168-7161&rft.eissn=2372-0018&rft.coden=ITCCF6&rft_id=info:doi/10.1109/TCC.2021.3137351&rft_dat=%3Cproquest_RIE%3E2823186256%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2823186256&rft_id=info:pmid/&rft_ieee_id=9661343&rfr_iscdi=true