Conference Paper

Dynamic authenticated index structures for outsourced databases.

DOI: 10.1145/1142473.1142488 Conference: Proceedings of the ACM SIGMOD International Conference on Management of Data, Chicago, Illinois, USA, June 27-29, 2006
Source: DBLP

ABSTRACT In outsourced database (ODB) systems the database owner publishes its data through a number of remote servers, with the goal of enabling clients at the edge of the network to access and query the data more efficiently.As servers might be untrusted or can be compromised, query authentication becomes an essential component of ODB systems.Existing solutions for this problem concentrate mostly on static scenarios and are based on idealistic properties for certain cryptographic primitives.In this work, first we define a variety of essential and prac- tical cost metrics associated with ODB systems.Then, we analytically evaluate a number of different approaches, in search for a solution that best leverages all metrics.Most importantly, we look at solutions that can handle dynamic scenarios, where owners periodically update the data residing at the servers.Finally, we discuss query freshness, a new dimension in data au- thentication that has not been explored before.A comprehensive experimental evaluation of the proposed and existing approaches is used to validate the analytical models and verify our claims.Our findings exhibit that the proposed solutions improve performance substantially over existing approaches, both for static and dynamic environments.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Data outsourcing offers cost-effective computing power to manage massive data streams and reliable access to data. Data owners can forward their data to clouds, and the clouds provide data mirroring , backup, and online access services to end users. However, outsourcing data to untrusted clouds requires data authenticity and query integrity to remain in the control of the data owners and users. In this paper, we address the authenticated data-outsourcing problem specifically for multi-version key-value data that is subject to continuous updates under the constraints of data integrity, data authenticity, and " freshness " (i.e., ensuring that the value returned for a key is the latest version). We detail this problem and propose INCBM-TREE, a novel construct delivering freshness and authenticity. Compared to existing work, we provide a solution that offers (i) lightweight signing and verification on massive data update streams for data owners and users (e.g., allowing for small memory footprint and CPU usage for a low-budget IT department), (ii) immediate authentication of data freshness, (iii) support of authentica-tion in the presence of both real-time and historical data accesses. Extensive benchmark evaluations demonstrate that INCBM-TREE achieves higher throughput (in an order of magnitude) for data stream authentication than existing work. For data owners and end users that have limited computing power, INCBM-TREE can be a practical solution to authenticate the freshness of outsourced data while reaping the benefits of broadly available cloud services.
    ACSAC; 12/2014
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we study the authentication of top-k spatial keyword queries in outsourced databases. We first present a scheme based on tree-forest indexes, which consist of an MR-tree (which is the state-of-the-art authenticated data structure for the authentication of spatial queries) and a collection of Merkle term trees (MT-trees). The tree-forest indexes can support efficient top-k spatial keyword query (kSKQ) processing and authentication. To derive a small verification object (VO) to be returned to the user, we put forward an entry pruning based scheme, where an MT*-tree is presented. The entries in each node of MT*-tree are ordered and an embedded Merkle hash tree (embedded-MHT) is constructed over them. By employing a novel pruning strategy, the redundant entries in each node of MT*-trees can be eliminated from VO. Our extensive experiments verify the effectiveness, efficiency and scalability of our proposed schemes on several performance metrics, including the index construction time, index size, running time, VO size and authentication time.
    DASFAA 2015, Hanoi, Vietnam; 04/2015
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Cloud outpouring is careful when an information distributor has given sensitive data to a set of trusted agents and few o f the information is leaked and found in an unauthorized place. An enterprise data leak may be a scary proposition. Security practitioners always deal with data cloud leakage issues that arise from various ways like e-mail and different net channels. In case of information cloud leakage from trusted agents, the distributor should assess the probability that the leaked information came from one or more agents.
    Procedia Computer Science 12/2015; 50. DOI:10.1016/j.procs.2015.04.073


Available from