Conference Paper

Dynamic authenticated index structures for outsourced databases.

DOI: 10.1145/1142473.1142488 Conference: Proceedings of the ACM SIGMOD International Conference on Management of Data, Chicago, Illinois, USA, June 27-29, 2006
Source: DBLP

ABSTRACT In outsourced database (ODB) systems the database owner publishes its data through a number of remote servers, with the goal of enabling clients at the edge of the network to access and query the data more efficiently.As servers might be untrusted or can be compromised, query authentication becomes an essential component of ODB systems.Existing solutions for this problem concentrate mostly on static scenarios and are based on idealistic properties for certain cryptographic primitives.In this work, first we define a variety of essential and prac- tical cost metrics associated with ODB systems.Then, we analytically evaluate a number of different approaches, in search for a solution that best leverages all metrics.Most importantly, we look at solutions that can handle dynamic scenarios, where owners periodically update the data residing at the servers.Finally, we discuss query freshness, a new dimension in data au- thentication that has not been explored before.A comprehensive experimental evaluation of the proposed and existing approaches is used to validate the analytical models and verify our claims.Our findings exhibit that the proposed solutions improve performance substantially over existing approaches, both for static and dynamic environments.

  • [Show abstract] [Hide abstract]
    ABSTRACT: With the advent of Cloud Computing, data are increasingly being stored and processed by untrusted third-party servers on the Internet. Since the data owner lacks direct control over the hardware and the software running at the server, there is a need to ensure that the data are not read or modified by unauthorized entities. Even though a simple encryption of the data before transferring it to the server ensures that only authorized entities who have the private key can access the data, it has many drawbacks. Encryption alone does not ensure that the retrieved query results are trustworthy (e.g., retrieved values are the latest values and not stale). A simple encryption can not enforce access control policies where each entity has access rights to only a certain part of the database. In this paper, we provide a solution to enforce access control policies while ensuring the trustworthiness of the data. Our solution ensures that a particular data item is read and modified by only those entities who have been authorized by the data owner to access that data item. It provides privacy against malicious entities that somehow get access to the data stored at the server. Our solutions allow easy change in access control policies under the lazy revocation model under which a user's access to a subset of the data can be revoked so that the user can not read any new values in that subset of the data. Our solution also provides correctness and completeness verification of query results in the presence of access control policies. We implement our solution in a prototype system built on top of Oracle with no modifications to the database internals. We also provide an empirical evaluation of the proposed solutions and establish their feasibility.
    Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII; 07/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Clients of outsourced databases need Query Authentication (QA) guaranteeing the integrity (correctness and completeness), and authenticity of the query results returned by potentially compromised providers. Existing results provide QA assurances for a limited class of queries by deploying several software cryptographic constructs. Here, we show that, to achieve QA, however, it is significantly cheaper and more practical to deploy server-hosted, tamper-proof co-processors, despite their higher acquisition costs. Further, this provides the ability to handle arbitrary queries. To reach this insight, we extensively survey existing QA work and identify interdependencies and efficiency relationships. We then introduce CorrectDB, a new DBMS with full QA assurances, leveraging server-hosted, tamper-proof, trusted hardware in close proximity to the outsourced data.
    Proceedings of the VLDB Endowment. 05/2013; 6(7):529-540.
  • [Show abstract] [Hide abstract]
    ABSTRACT: We consider a stream outsourcing setting, where a data owner delegates the management of a set of disjoint data streams to an untrusted server. The owner authenticates his streams via signatures. The server processes continuous queries on the union of the streams for clients trusted by the owner. Along with the results, the server sends proofs of result correctness derived from the owner's signatures, which are easily verifiable by the clients. We design novel constructions for a collection of fundamental problems over streams represented as linear algebraic queries. In particular, our basic schemes authenticate dynamic vector sums and dot products, as well as dynamic matrix products. These techniques can be adapted for authenticating a wide range of important operations in streaming environments, including group by queries, joins, in-network aggregation, similarity matching, and event processing. All our schemes are very lightweight, and offer strong cryptographic guarantees derived from formal definitions and proofs. We experimentally confirm the practicality of our schemes.
    Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data; 06/2013


Available from