Conference Paper

Dynamic authenticated index structures for outsourced databases.

DOI: 10.1145/1142473.1142488 Conference: Proceedings of the ACM SIGMOD International Conference on Management of Data, Chicago, Illinois, USA, June 27-29, 2006
Source: DBLP

ABSTRACT In outsourced database (ODB) systems the database owner publishes its data through a number of remote servers, with the goal of enabling clients at the edge of the network to access and query the data more efficiently.As servers might be untrusted or can be compromised, query authentication becomes an essential component of ODB systems.Existing solutions for this problem concentrate mostly on static scenarios and are based on idealistic properties for certain cryptographic primitives.In this work, first we define a variety of essential and prac- tical cost metrics associated with ODB systems.Then, we analytically evaluate a number of different approaches, in search for a solution that best leverages all metrics.Most importantly, we look at solutions that can handle dynamic scenarios, where owners periodically update the data residing at the servers.Finally, we discuss query freshness, a new dimension in data au- thentication that has not been explored before.A comprehensive experimental evaluation of the proposed and existing approaches is used to validate the analytical models and verify our claims.Our findings exhibit that the proposed solutions improve performance substantially over existing approaches, both for static and dynamic environments.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Clients of outsourced databases need Query Authentication (QA) guaranteeing the integrity (correctness and completeness), and authenticity of the query results returned by potentially compromised providers. Existing results provide QA assurances for a limited class of queries by deploying several software cryptographic constructs. Here, we show that, to achieve QA, however, it is significantly cheaper and more practical to deploy server-hosted, tamper-proof co-processors, despite their higher acquisition costs. Further, this provides the ability to handle arbitrary queries. To reach this insight, we extensively survey existing QA work and identify interdependencies and efficiency relationships. We then introduce CorrectDB, a new DBMS with full QA assurances, leveraging server-hosted, tamper-proof, trusted hardware in close proximity to the outsourced data.
    Proceedings of the VLDB Endowment. 05/2013; 6(7):529-540.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In the Database As Service(DAS) model, authenticated join processing is more difficult than authenticated range query because the previous approach of authenticated range query, signature on a single relation, can not be used to verify join results directly. In this paper, an authenticated hash join processing algorithm is described in detail, which can take full advantage of database service since most of work is pushed to database service provider. We analyze the performance with respect to cost factors, such as communication cost, server-side cost and client-side cost. Finally, results of experiments validating our approach are also presented.
    International Journal of Computer Network and Information Security. 02/2011; 3(1).
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Memory checking studies the problem of cryptographically verifying the correctness of untrusted in-dexed storage. After a series of results yielding checkers with O(log n) query complexity, Dwork, Naor, Ruthblum and Vaikuntanathan [9] derived an Ω(log n/ log log n) lower bound on the query complexity of any checker operating on memory words of polylogarithmic size, where n is the number of memory indices. In view of this lower bound, we make the following two contributions: 1. We construct an optimal online memory checker of Θ(log n/ log log n) query complexity, closing in this way the relevant complexity gap. Our construction employs pseudorandom functions and a simple data grouping technique inspired by I/O algorithms. 2. In our second and main result, we put forth the notion of parallel online memory checking and provide parallel checker constructions with O(1) query complexity and O(log n) processors. We initially show that checkers that use secret small memory, including our optimal checker, are eas-ily parallelizable; However, checkers that use only reliable small memory cannot be naturally parallelized. We overcome this barrier by employing an algebraic hash function based on lattices assumptions and construct such parallel checkers with only reliable memory. To achieve our result, we establish and exploit a property that we call repeated linearity of lattice-based hash functions, that might be of independent interest. Applications of our checkers include update-optimal external memory authenticated data structures. We construct an authenticated B-tree data structure which can be updated with two I/Os, outperforming the logarithmic update complexity of hash-based external memory Merkle trees.


Available from