| 发明名称 |
Concealing access patterns to electronic data storage for privacy |
| 摘要 |
Methods and systems of concealing access patterns to data storage, such as within servers of a cloud computing environment are presented. Server data storage is securely partitioned into smaller electronic data storage partitions of predetermined size. The client side maintains a shuffling buffer and position map for these blocks as stored on the electronic data storage partitions of the server. Concealment is performed with respect to accesses from the client to server using an oblivious sorting protocol. Access operation is concealed with each block being randomly assigned to any of the data storage partitions, and whenever a block is accessed, the block is logically removed from its current partition and logically assigned to a fresh random partition selected from all partitions, while the client maintains tracking of which partition each block is associated with at any point of time. |
| 申请公布号 |
US9015853(B2) |
申请公布日期 |
2015.04.21 |
| 申请号 |
US201313919621 |
申请日期 |
2013.06.17 |
| 申请人 |
The Regents of the University of California |
发明人 |
Stefanov Emil;Shi Elaine;Song Dawn |
| 分类号 |
G06F21/10;G06F21/60;G06F21/62 |
主分类号 |
G06F21/10 |
| 代理机构 |
|
代理人 |
O'Banion John P. |
| 主权项 |
1. A method of concealing access patterns to electronic data storage, the method comprising:
(a) within at least one server device configured for providing data storage services to at least one client, securely partitioning electronic data storage having N data blocks, each data block having a size of B bytes; (b) wherein said electronic data storage is partitioned within a partitioning framework into a plurality of P smaller electronic data storage partitions having a size of N/P, and in which P is equal to √N data blocks; (c) performing electronic data storage access concealment, in which each block is randomly assigned to any of the P partitions, and whenever a data block is accessed during data accesses for reading a data block or writing a data block by the client, the data block is logically removed from its current partition and logically assigned to a fresh random partition selected from all P partitions, with the client tracking which partition each block is associated with at any point of time; and (d) encrypting data by the client when data blocks are stored on the server; (e) wherein the client repeatedly sorts and shuffles subsets of said data blocks in each partition during data accesses. |
| 地址 |
Oakland CA US |
