University of Hohenheim
It is well-known that data encryption alone is often not enough to protect users' privacy in outsourced storage applications. The sequence of storage locations accessed by the client (i.e., access pattern) can leak a significant amount of sensitive information about the unencrypted data through statistical inference. For example, Islam et. al. demonstrated that by observing accesses to an encrypted email repository, an adversary can infer as much as 80% of the search queries. Oblivious RAM (ORAM) algorithms, first proposed by the researcher, which allow a client to conceal its access pattern to the remote storage by continuously shuffling and re-encrypting data as they are accessed.