article

Authentication and integrity in outsourced databases

Authors:

Einar Mykletun,

Maithili Narasimha,

Gene TsudikAuthors Info & Claims

ACM Transactions on Storage (TOS), Volume 2, Issue 2

Pages 107 - 138

https://doi.org/10.1145/1149976.1149977

Published: 01 May 2006 Publication History

Abstract

In the Outsourced Database (ODB) model, entities outsource their data management needs to a third-party service provider. Such a service provider offers mechanisms for its clients to create, store, update, and access (query) their databases. This work provides mechanisms to ensure data integrity and authenticity for outsourced databases. Specifically, this article provides mechanisms that assure the querier that the query results have not been tampered with and are authentic (with respect to the actual data owner). It investigates both the security and efficiency aspects of the problem and constructs several secure and practical schemes that facilitate the integrity and authenticity of query replies while incurring low computational and communication costs.

References

[1]

Bellare, M., Garay, J., and Rabin, T. 1998. Fast batch verification for modular exponentiation and digital signatures. In Proceedings of the Eurocrypt Conference, vol. 1403, 191--204.]]

[2]

Bellare, M. and Palacio, A. 2002. Gq and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks. In Advances in Cryptology---CRYPTO, M. Yung, ed. Lecture Notes in Computer Science, vol. 2442, Springer-Verlag, Berlin Germany, 162--177.]]

[3]

Bellare, M. and Rogaway, P. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security. 62--73.]]

[4]

Boneh, D., Gentry, C., Lynn, B., and Shacham, H. 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In Advances in Cryptology---EUROCRYPT, E. Biham, ed. LNCS, Springer-Verlag, Berlin.]]

[5]

Boyd, C. and Pavlovski, C. 2000. Attacking and repairing batch verification schemes. In Asiacrypt. 58--71.]]

[6]

Camenisch, J. 1998. Group signature schemes and paymen systems based on the discrete logarithm problem, vol. 2, ETH-Series in Information Security and Cryptography. Hartung-Gorre Verlag, Konstanz, Germany.]]

[7]

Camenisch, J. and Stadler, M. 1997. Efficient group signature schemes for large groups. In Advances in Cryptology---CRYPTO, vol. 1294, Springer-Verlag, Berlin Germany. 410--424.]]

[8]

Chor, B., Gilboa, N., and Naor, M. 1997. Private information retrieval by keywords. Tech. Rep. TR CS0917, Technion, University.]]

[9]

Chor, B., Goldreich, O., Kushilevitz, E., and Sudan, M. 1998. Private information retrieval. J. ACM 45, 6 (Nov.), 965--981.]]

[10]

Devanbu, P., Gertz, M., Martel, C., and Stubblebine, S. G. 2000. Authentic third-party data publication. In Proceedings of the 14th IFIP 11.3 Working Conference in Database Security, 101--112.]]

[11]

Fiat, A. and Shamir, A. 1987. How to prove yourself: practical solutions to identification and signature problems. In Advances in Cryptology---CRYPTO '86, A. M. Odlyzko, ed, Lecture Notes in Computer Science, vol. 263, Springer-Verlag, Berlin Germany, Santa, 186--194.]]

[12]

Fiat, A. 1990. Batch RSA. In Advances in Cryptology---CRYPTO '89, G. Brassard, ed. Lecture Notes in Computer Science, vol. 435, Springer-Verlag, Berlin Germany, 175--185.]]

[13]

Fiat, A. 1997. Batch RSA. J. Cryptology 10, 2, 75--88.]]

[14]

Gertner, Y., Ishai, Y., Kushilevitz, E., and Malkin, T. 1998. Protecting data privacy in private information retrieval schemes. In Proceedings of the 30th Annual Symposium on Theory of Computing (STOC) (Dallas, TX).]]

[15]

Goh, E.-J. 2003. Secure indexes for efficient searching on encrypted compressed data. Cryptology ePrint Archive, Rep. 2003/216 http://eprint.iacr.org/2003/216/]]

[16]

Guillou, L. and Quisquater, J. J. 1988. A “paradoxical” identity-based signature scheme resulting from zero-knowledge. In Advances in Cryptology---CRYPTO, S. Goldwasser, ed. Lecture Notes in Computer Science, vol. 403, Springer-Verlag, Berlin Germany.]]

[17]

Hacigümüş, H., Iyer, B., Li, C., and Mehrotra, S. 2002. Executing SQL over encrypted data in the database-service-provider model. In Proceedings of the ACM SIGMOD Conference on Management of Data, 216--227.]]

[18]

Hacigümüş, H., Iyer, B., and Mehrotra, S. 2002a. Encrypted database integrity in database service provider model. In Proceedings of the International Workshop on Certification and Security in E-Services (CSES IFIP WCC).]]

[19]

Hacigümüş, H., Iyer, B., and Mehrotra, S. 2002b. Providing database as a service. In Proceedings of the International Conference on Data Engineering.]]

[20]

Harn, L. 1995. DSA-Type secure interactive batch verification protocols. Electron. Lett. 31, 4 (Feb.), 257--258.]]

[21]

Harn, L. 1998a. Batch verifying multiple DSA-Type digital signatures. Electron. Lett. 34, 9 (Apr.), 870--871.]]

[22]

Harn, L. 1998b. Batch verifying RSA signatures. Electron. Lett. 34, 12 (Apr.), 1219--1220.]]

[23]

Joux, A. and Nguyen, K. 2001. Separating decision Diffie-Hellman from Diffie-Hellman in cryptographic groups. In Cryptology ePrint Archive. Number Rep. 2001/003.]]

[24]

Law, P. 1996. The health insurance portability and accountability act of 1996 (HIPAA). http://www.cms.hhs.gov/hipaa/]]

[25]

Menezes, A. J., Van Oorschot, P. C., and Vanstone, S. A. 1997. Handbook of Applied Cryptography. CRC Press.]]

[26]

Merkle, R. 1980. Protocols for public key cryptosystems. In Proceedings of the IEEE Symposium on Research in Security and Privacy.]]

[27]

Miracl, Library. 2006 http://indigo.ie/~mscott]]

[28]

Mykletun, E., Narasimha, M., and Tsudik, G. 2004a. Authentication and integrity in outsourced databases. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS).]]

[29]

Mykletun E., Narasimha M., and Tsudik G. 2004b. Signature 'Bouquets': Immutability of Aggregated Signatures, In Proceedings of the European Symposium on Research in Computer Security (ESORICS).]]

[30]

Naccache, D., M'Raïhi, D., Raphaeli, D., and Vaudenay, S. 1994. Can DSA be improved: Complexity trade-offs with the digital signature standard. In Advances in Cryptology---EUROCRYPT, Lecture Notes in Computer Science, Springer-Verlag, Berlin Germany, 85--94.]]

[31]

Narasimha, M. and Tsudik, G. 2005. DSAC: Integrity of outsourced databases with signature aggregation and chaining. In Proceedings of the ACM Conference on Information and Knowledge Management.]]

[32]

OpenSSL Project. 2006. http://www.openssl.org]]

[33]

Pang, H. and Tan, K.-L. 2004. Authenticating query results in edge computing. In Proceedings of the International Conference on Data Engineering, 560--571.]]

[34]

Rivest, R. L., Shamir, A., and Adleman, L. M. 1978. A method for obtaining digital signatures and public-key cryptosystems. Communi. ACM 21, 2 (Feb.), 120--126.]]

[35]

Song, D., Wagner, D., and Perrig, A. 2000. Practical techniques for searches on encrypted data. In Proceedings of the IEEE Symposium on Security and Privacy.]]

[36]

United States Code. 2002. Sarbanes-Oxley act of 2002, HR 3763, PL 107-204, 116 Stat 745. Codified in sections 11, 15, 18, 28, and 29 USC.]]

[37]

Yen, S. and Laih, C. 1995. Improved digital signature suitable for batch verification. IEEE Trans. Comput. 44, 7 (July), 957--959.]]

Cited By

SUN YYANG FCHEN XDU XLIN W(2024)Research progress of verifiable technologies for outsourcing servicesSCIENTIA SINICA Informationis10.1360/SSI-2022-036054:3(514)Online publication date: 6-Mar-2024
https://doi.org/10.1360/SSI-2022-0360
Li SZhang ZZhang MYuan YWang G(2024)Authenticated Subgraph Matching in Hybrid-Storage Blockchains2024 IEEE 40th International Conference on Data Engineering (ICDE)10.1109/ICDE60146.2024.00159(1986-1998)Online publication date: 13-May-2024
https://doi.org/10.1109/ICDE60146.2024.00159
Mikroyannidis AThird ADomingue J(2024)Blockchain-based decentralised micro-accreditation for lifelong learningInteractive Learning Environments10.1080/10494820.2024.2401485(1-15)Online publication date: 24-Sep-2024
https://doi.org/10.1080/10494820.2024.2401485
Show More Cited By

Index Terms

Authentication and integrity in outsourced databases
1. Information systems
  1. Data management systems

Recommendations

Dynamic authenticated index structures for outsourced databases
SIGMOD '06: Proceedings of the 2006 ACM SIGMOD international conference on Management of data

In outsourced database (ODB)systems the database owner publishes its data through a number of remote servers, with the goal of enabling clients at the edge of the network to access and query the data more efficiently. As servers might be untrusted or can ...
Practical Immutable Signature Bouquets PISB for Authentication and Integrity in Outsourced Databases
DBSec 2013: Proceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVII - Volume 7964

Database outsourcing is a prominent trend that enables organizations to offload their data management overhead e.g., query handling to the external service providers. Immutable signatures are ideal tools to provide authentication and integrity for such ...
Integrity analysis of authenticated encryption based on stream ciphers

We study the security of authenticated encryption based on a stream cipher and a universal hash function. We consider ChaCha20-Poly1305 and generic constructions proposed by Sarkar, where the generic constructions include 14 AEAD (authenticated ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Storage

ACM Transactions on Storage Volume 2, Issue 2

May 2006

113 pages

ISSN:1553-3077

EISSN:1553-3093

DOI:10.1145/1149976

Issue’s Table of Contents

Copyright © 2006 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2006

Published in TOS Volume 2, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

185
Total Citations
View Citations
2,546
Total Downloads

Downloads (Last 12 months)40
Downloads (Last 6 weeks)6

Reflects downloads up to 28 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

SUN YYANG FCHEN XDU XLIN W(2024)Research progress of verifiable technologies for outsourcing servicesSCIENTIA SINICA Informationis10.1360/SSI-2022-036054:3(514)Online publication date: 6-Mar-2024
https://doi.org/10.1360/SSI-2022-0360
Li SZhang ZZhang MYuan YWang G(2024)Authenticated Subgraph Matching in Hybrid-Storage Blockchains2024 IEEE 40th International Conference on Data Engineering (ICDE)10.1109/ICDE60146.2024.00159(1986-1998)Online publication date: 13-May-2024
https://doi.org/10.1109/ICDE60146.2024.00159
Mikroyannidis AThird ADomingue J(2024)Blockchain-based decentralised micro-accreditation for lifelong learningInteractive Learning Environments10.1080/10494820.2024.2401485(1-15)Online publication date: 24-Sep-2024
https://doi.org/10.1080/10494820.2024.2401485
Ren YChen LBai YYe JZhao Y(2024)Blockchain-based cross-domain query integrity verification mechanism for outsourced databaseComputer Standards & Interfaces10.1016/j.csi.2024.103926(103926)Online publication date: Sep-2024
https://doi.org/10.1016/j.csi.2024.103926
Yeh JArifin MShen NKarki UXie YNanjundarao A(2024)Integrity coded databases - protecting data integrity for outsourced databasesComputers & Security10.1016/j.cose.2023.103569136(103569)Online publication date: Jan-2024
https://doi.org/10.1016/j.cose.2023.103569
Zhou EGuo SHong ZJensen CXiao YZhang DLiang JPei Q(2023)VeriDKG: A Verifiable SPARQL Query Engine for Decentralized Knowledge GraphsProceedings of the VLDB Endowment10.14778/3636218.363624217:4(912-925)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.14778/3636218.3636242
Hong ZGuo SZhou EChen WHuang HZomaya A(2023)GriDB: Scaling Blockchain Database via Sharding and Off-Chain Cross-Shard MechanismProceedings of the VLDB Endowment10.14778/3587136.358714316:7(1685-1698)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.14778/3587136.3587143
Kumar MMaple CChand S(2023)An efficient and secure identity-based integrity auditing scheme for sensitive data with anti-replacement attack on multi-cloud storageJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.10174535:9(101745)Online publication date: Oct-2023
https://doi.org/10.1016/j.jksuci.2023.101745
Hu YYao XZhang RZhang Y(2022)Freshness Authentication for Outsourced Multi-Version Key-Value StoresIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.3172380(1-1)Online publication date: 2022
https://doi.org/10.1109/TDSC.2022.3172380
Wang QZhou FZhou BXu JChen CWang Q(2022)Privacy-Preserving Publicly Verifiable DatabasesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.303296119:3(1639-1654)Online publication date: 1-May-2022
https://doi.org/10.1109/TDSC.2020.3032961
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents