Conference Paper

Dynamic Authenticated Index Structures for Outsourced Databases

DOI: 10.1145/1142473.1142488 Conference: Proceedings of the ACM SIGMOD International Conference on Management of Data, Chicago, Illinois, USA, June 27-29, 2006
Source: DBLP

ABSTRACT In outsourced database (ODB) systems the database owner publishes its data through a number of remote servers, with the goal of enabling clients at the edge of the network to access and query the data more efficiently.As servers might be untrusted or can be compromised, query authentication becomes an essential component of ODB systems.Existing solutions for this problem concentrate mostly on static scenarios and are based on idealistic properties for certain cryptographic primitives.In this work, first we define a variety of essential and prac- tical cost metrics associated with ODB systems.Then, we analytically evaluate a number of different approaches, in search for a solution that best leverages all metrics.Most importantly, we look at solutions that can handle dynamic scenarios, where owners periodically update the data residing at the servers.Finally, we discuss query freshness, a new dimension in data au- thentication that has not been explored before.A comprehensive experimental evaluation of the proposed and existing approaches is used to validate the analytical models and verify our claims.Our findings exhibit that the proposed solutions improve performance substantially over existing approaches, both for static and dynamic environments.

23 Reads
  • Source
    • "While the integrity of query services is also an important issue, it is orthogonal to our study. Existing integrity checking and preventing techniques [34], [30], [19] can be integrated into our framework. Thus, the integrity problem will be excluded from the paper, and we can assume the curious cloud provider is interested in the data and queries, but it will honestly follow the protocol to provide the infrastructure service. "
    [Show abstract] [Hide abstract]
    ABSTRACT: With the wide deployment of public cloud computing infrastructures, using clouds to host data query services has become an appealing solution for the advantages on scalability and cost-saving. However, some data might be sensitive that the data owner does not want to move to the cloud unless the data confidentiality and query privacy are guaranteed. On the other hand, a secured query service should still provide efficient query processing and significantly reduce the in-house workload to fully realize the benefits of cloud computing. We propose the RASP data perturbation method to provide secure and efficient range query and kNN query services for protected data in the cloud. The RASP data perturbation method combines order preserving encryption, dimensionality expansion, random noise injection, and random projection, to provide strong resilience to attacks on the perturbed data and queries. It also preserves multidimensional ranges, which allows existing indexing techniques to be applied to speedup range query processing. The kNN-R algorithm is designed to work with the RASP range query algorithm to process the kNN queries. We have carefully analyzed the attacks on data and queries under a precisely defined threat model and realistic security assumptions. Extensive experiments have been conducted to show the advantages of this approach on efficiency and security.
    IEEE Transactions on Knowledge and Data Engineering 12/2012; 26(2). DOI:10.1109/TKDE.2012.251 · 2.07 Impact Factor
  • Source
    • "For simplicity, we consider the example of the replacement operation while assuming that the replacement preserves the order of the elements. We refer to [13] for details about the insertion and deletion operations. Suppose Upd = " update the element Ei to E ′ i " . "
    [Show abstract] [Hide abstract]
    ABSTRACT: As databases are increasingly outsourced to the cloud, data owners require various security assurances. This paper investigates one particular assurance, query integrity, by which a database querier (either the data owner or a third party) can verify that its queries were faithfully executed by the cloud server with respect to the outsourced database. Query integrity is investigated in the setting of dynamic databases, where the outsourced databases can be updated by the data owners as needed. We present a formal security definition of query integrity and a provably-secure efficient construction. Our solution improves upon the state-of-the-art solutions by additionally allowing aggregate queries and more flexible join queries. In addition, we provide better performance by eliminating a linear factor in the extra storage complexity for security purpose. Our solution also achieves a trade-off between computational and communication complexities.
    Proceedings of the 2012 ACM Workshop on Cloud computing security workshop; 10/2012
  • Source
    • "Another body of related work deals with verifying the accuracy and correctness of the results returned by the processing server [27] [23]. Database authentication schemes have been proposed for shortest path verification in road networks [40]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Shortest path computation is one of the most common queries in location-based services (LBSs). Although particularly useful, such queries raise serious privacy concerns. Exposing to a (potentially untrusted) LBS the client's position and her destination may reveal personal information, such as social habits, health condition, shopping preferences, lifestyle choices, etc. The only existing method for privacy-preserving shortest path computation follows the obfuscation paradigm; it prevents the LBS from inferring the source and destination of the query with a probability higher than a threshold. This implies, however, that the LBS still deduces some information (albeit not exact) about the client's location and her destination. In this paper we aim at strong privacy, where the adversary learns nothing about the shortest path query. We achieve this via established private information retrieval techniques, which we treat as black-box building blocks. Experiments on real, large-scale road networks assess the practicality of our schemes.
    Proceedings of the VLDB Endowment 04/2012; 5(8). DOI:10.14778/2212351.2212352
Show more


23 Reads
Available from