OblivCDN: A Practical Privacy-preserving CDN with Oblivious Content Access

TL;DR

OblivCDN is a practical privacy-preserving CDN system that leverages optimized Range ORAM primitives to protect content confidentiality and user privacy, achieving high performance and compatibility with existing Internet infrastructure.

Contribution

The paper introduces OblivCDN, a novel system that adapts Range ORAM for efficient, real-world CDN deployment without trusted hardware, reducing costs and integration complexity.

Findings

Downloads a 256MB video in 5.6 seconds

Achieves 90x speedup over naive ORAM approaches

Outperforms prior privacy-preserving CDN methods by 366x

Abstract

Content providers increasingly utilise Content Delivery Networks (CDNs) to enhance users' content download experience. However, this deployment scenario raises significant security concerns regarding content confidentiality and user privacy due to the involvement of third-party providers. Prior proposals using private information retrieval (PIR) and oblivious RAM (ORAM) have proven impractical due to high computation and communication costs, as well as integration challenges within distributed CDN architectures. In response, we present \textsf{OblivCDN}, a practical privacy-preserving system meticulously designed for seamless integration with the existing real-world Internet-CDN infrastructure. Our design strategically adapts Range ORAM primitives to optimise memory and disk seeks when accessing contiguous blocks of CDN content, both at the origin and edge servers, while preserving both content confidentiality and user access pattern hiding features. Also, we carefully customise several oblivious building blocks that integrate the distributed trust model into the ORAM client, thereby eliminating the computational bottleneck in the origin server and reducing communication costs between the origin server and edge servers. Moreover, the newly-designed ORAM client also eliminates the need for trusted hardware on edge servers, and thus significantly ameliorates the compatibility towards networks with massive legacy devices.In real-world streaming evaluations, OblivCDN} demonstrates remarkable performance, downloading a $256$ MB video in just $5.6$ seconds. This achievement represents a speedup of $90\times$ compared to a strawman approach (direct ORAM adoption) and a $366\times$ improvement over the prior art, OblivP2P.