Concealing access patterns to electronic data storage for privacy
First Claim
1. A method of concealing access patterns to electronic data storage, the method comprising:
- (a) within at least one server device configured for providing data storage services to at least one client, securely partitioning electronic data storage having N data blocks, each data block having a size of B bytes;
(b) wherein said electronic data storage is partitioned within a partitioning framework into a plurality of P smaller electronic data storage partitions having a size of N/P, and in which P is equal to √
N data blocks;
(c) performing electronic data storage access concealment, in which each block is randomly assigned to any of the P partitions, and whenever a data block is accessed during data accesses for reading a data block or writing a data block by the client, the data block is logically removed from its current partition and logically assigned to a fresh random partition selected from all P partitions, with the client tracking which partition each block is associated with at any point of time; and
(d) encrypting data by the client when data blocks are stored on the server;
(e) wherein the client repeatedly sorts and shuffles subsets of said data blocks in each partition during data accesses.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems of concealing access patterns to data storage, such as within servers of a cloud computing environment are presented. Server data storage is securely partitioned into smaller electronic data storage partitions of predetermined size. The client side maintains a shuffling buffer and position map for these blocks as stored on the electronic data storage partitions of the server. Concealment is performed with respect to accesses from the client to server using an oblivious sorting protocol. Access operation is concealed with each block being randomly assigned to any of the data storage partitions, and whenever a block is accessed, the block is logically removed from its current partition and logically assigned to a fresh random partition selected from all partitions, while the client maintains tracking of which partition each block is associated with at any point of time.
-
Citations
21 Claims
-
1. A method of concealing access patterns to electronic data storage, the method comprising:
-
(a) within at least one server device configured for providing data storage services to at least one client, securely partitioning electronic data storage having N data blocks, each data block having a size of B bytes; (b) wherein said electronic data storage is partitioned within a partitioning framework into a plurality of P smaller electronic data storage partitions having a size of N/P, and in which P is equal to √
N data blocks;(c) performing electronic data storage access concealment, in which each block is randomly assigned to any of the P partitions, and whenever a data block is accessed during data accesses for reading a data block or writing a data block by the client, the data block is logically removed from its current partition and logically assigned to a fresh random partition selected from all P partitions, with the client tracking which partition each block is associated with at any point of time; and
(d) encrypting data by the client when data blocks are stored on the server;
(e) wherein the client repeatedly sorts and shuffles subsets of said data blocks in each partition during data accesses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of concealing access patterns to electronic data storage, the method comprising:
-
(a) within at least one server device configured for providing storage services to at least one client, securely partitioning a electronic data storage having N data blocks, each having a size of B bytes; (b) wherein said electronic data storage is partitioned within a partitioning framework into a plurality of P smaller electronic data storage partitions having a size of N/P, and in which P is equal to √
N data blocks; and(c) performing electronic data storage access concealment, in which each block is randomly assigned to any of the P partitions, and whenever a data block is accessed during data accesses for reading a data block or writing a data block by the client, the data block is logically removed from its current partition and logically assigned to a fresh random partition selected from all P partitions, with the client tracking which partition each block is associated with at any point of time; (d) wherein said electronic data storage access concealment performs downloading and decrypting data blocks from data blocks that are to be shuffled, shuffling said data blocks locally, then finally encrypting said data blocks and uploading them back to the server; and
(e) wherein the client repeatedly sorts and shuffles subsets of said data blocks in each partition during data accesses.
-
-
21. A system for concealing access patterns to electronic data storage, the system comprising:
-
(a) at least one server configured for servicing at least one client with data storage services; (b) at least one client configured for accessing said server for performing write and read accesses of data blocks from said server; (c) wherein said server and said client are configured with a computer for executing programming for carrying out steps of access concealment, comprising; (i) securely partitioning electronic data storage in said at least one server to have N data blocks having a size of B bytes; (ii) wherein said electronic data storage is partitioned within a partitioning framework into a plurality of P smaller electronic data storage partitions having a size of N/P, and in which P is equal to equal to √
N data blocks;(iii) performing electronic data storage access concealment, in which each block is randomly assigned to any of the P partitions, and whenever a data block is accessed during data accesses for reading a data block or writing a data block by said client, the data block is logically removed from its current partition and logically assigned to a fresh random partition selected from all P partitions, with the client tracking which partition each block is associated with at any point of time; and (iv) encrypting data by the client when data blocks are stored on the server; (v) wherein the client repeatedly sorts and shuffles subsets of said data blocks in each partition during data accesses.
-
Specification