Cloud-based data sharing is increasing in popularity, but there is also an increasing privacy consciousness. Continued growth in cloud computing will require reconciling these issues. While data encryption can provide some protection, it has been shown that even access patterns to encrypted data can reveal private information (e.g., knowing encrypted data was uploaded by the Centers for Disease Control and later accessed by a particular user suggests that the user is concerned about some disease, even if the specifics are not known.) There is a lack of study and understanding of how to protect data access pattern in practical scenarios, where there are multiple users and cloud servers and the users and server may not trust each other. The first objective of the research project is to deepen the understanding of the challenges in protecting data access patterns as well as the collateral security risks.
Specifically, this project will develop formal models for protecting data access patterns and initial approaches to that protection, laying a solid foundation for developing novel solutions to protect data access patterns and strictly evaluating the security properties of the solutions. The project also plans to deliver security-provable, oblivious, efficient and accountable multi-user access protocols to outsourced data, for the sake of preserving each individual user's access pattern under a selected set of representative adversary models.