Conference Paper

Dynamic Authenticated Index Structures for Outsourced Databases

DOI: 10.1145/1142473.1142488 Conference: Proceedings of the ACM SIGMOD International Conference on Management of Data, Chicago, Illinois, USA, June 27-29, 2006
Source: DBLP

ABSTRACT

In outsourced database (ODB) systems the database owner publishes its data through a number of remote servers, with the goal of enabling clients at the edge of the network to access and query the data more efficiently.As servers might be untrusted or can be compromised, query authentication becomes an essential component of ODB systems.Existing solutions for this problem concentrate mostly on static scenarios and are based on idealistic properties for certain cryptographic primitives.In this work, first we define a variety of essential and prac- tical cost metrics associated with ODB systems.Then, we analytically evaluate a number of different approaches, in search for a solution that best leverages all metrics.Most importantly, we look at solutions that can handle dynamic scenarios, where owners periodically update the data residing at the servers.Finally, we discuss query freshness, a new dimension in data au- thentication that has not been explored before.A comprehensive experimental evaluation of the proposed and existing approaches is used to validate the analytical models and verify our claims.Our findings exhibit that the proposed solutions improve performance substantially over existing approaches, both for static and dynamic environments.

Full-text preview

Available from: psu.edu
  • Source
    • "Completeness requires that no qualifying records have been omitted. Among existing query result authentication methods, Merkle hash tree based approaches [2] [3] [4] [5] in which the MHT was embedded into the data index and the VO is created during query processing shown the advantage compared to the other approaches. However, there are some obstacles for the index authentication approaches such as MB tree [4] to apply suitably on tenant data authentication in SaaS for the following reasons: First, because most SaaS service providers adopt the single instance multi-tenancy strategy to take full advantage of resources such as hardware and database, multiple tenants' data is stored in one physical table such as sparse table in which different data types are stored into a flex column based on tenants' customization [6]. "

    Preview · Article · Jun 2014
  • Source
    • "While the integrity of query services is also an important issue, it is orthogonal to our study. Existing integrity checking and preventing techniques [34], [30], [19] can be integrated into our framework. Thus, the integrity problem will be excluded from the paper, and we can assume the curious cloud provider is interested in the data and queries, but it will honestly follow the protocol to provide the infrastructure service. "
    [Show abstract] [Hide abstract]
    ABSTRACT: With the wide deployment of public cloud computing infrastructures, using clouds to host data query services has become an appealing solution for the advantages on scalability and cost-saving. However, some data might be sensitive that the data owner does not want to move to the cloud unless the data confidentiality and query privacy are guaranteed. On the other hand, a secured query service should still provide efficient query processing and significantly reduce the in-house workload to fully realize the benefits of cloud computing. We propose the RASP data perturbation method to provide secure and efficient range query and kNN query services for protected data in the cloud. The RASP data perturbation method combines order preserving encryption, dimensionality expansion, random noise injection, and random projection, to provide strong resilience to attacks on the perturbed data and queries. It also preserves multidimensional ranges, which allows existing indexing techniques to be applied to speedup range query processing. The kNN-R algorithm is designed to work with the RASP range query algorithm to process the kNN queries. We have carefully analyzed the attacks on data and queries under a precisely defined threat model and realistic security assumptions. Extensive experiments have been conducted to show the advantages of this approach on efficiency and security.
    Full-text · Article · Dec 2012 · IEEE Transactions on Knowledge and Data Engineering
  • Source
    • "The problem of assuring query integrity in the context of outsourced data was fundamentally related to the concept of certified data structures [27], which presents some results that are conceptually important but not efficient. The state-of-the-art solutions to query integrity are due to [13] [23], which are the only solutions that support selection, projection and join queries simultaneously. These two solutions follow two respective approaches to the query integrity problem. "
    [Show abstract] [Hide abstract]
    ABSTRACT: As databases are increasingly outsourced to the cloud, data owners require various security assurances. This paper investigates one particular assurance, query integrity, by which a database querier (either the data owner or a third party) can verify that its queries were faithfully executed by the cloud server with respect to the outsourced database. Query integrity is investigated in the setting of dynamic databases, where the outsourced databases can be updated by the data owners as needed. We present a formal security definition of query integrity and a provably-secure efficient construction. Our solution improves upon the state-of-the-art solutions by additionally allowing aggregate queries and more flexible join queries. In addition, we provide better performance by eliminating a linear factor in the extra storage complexity for security purpose. Our solution also achieves a trade-off between computational and communication complexities.
    Preview · Conference Paper · Oct 2012
Show more