2,141 research outputs found
Integrity Authentication for SQL Query Evaluation on Outsourced Databases: A Survey
Spurred by the development of cloud computing, there has been considerable
recent interest in the Database-as-a-Service (DaaS) paradigm. Users lacking in
expertise or computational resources can outsource their data and database
management needs to a third-party service provider. Outsourcing, however,
raises an important issue of result integrity: how can the client verify with
lightweight overhead that the query results returned by the service provider
are correct (i.e., the same as the results of query execution locally)? This
survey focuses on categorizing and reviewing the progress on the current
approaches for result integrity of SQL query evaluation in the DaaS model. The
survey also includes some potential future research directions for result
integrity verification of the outsourced computations
Verifying Search Results Over Web Collections
Searching accounts for one of the most frequently performed computations over
the Internet as well as one of the most important applications of outsourced
computing, producing results that critically affect users' decision-making
behaviors. As such, verifying the integrity of Internet-based searches over
vast amounts of web contents is essential.
We provide the first solution to this general security problem. We introduce
the concept of an authenticated web crawler and present the design and
prototype implementation of this new concept. An authenticated web crawler is a
trusted program that computes a special "signature" of a collection of web
contents it visits. Subject to this signature, web searches can be verified to
be correct with respect to the integrity of their produced results. This
signature also allows the verification of complicated queries on web pages,
such as conjunctive keyword searches. In our solution, along with the web pages
that satisfy any given search query, the search engine also returns a
cryptographic proof. This proof, together with the signature , enables any
user to efficiently verify that no legitimate web pages are omitted from the
result computed by the search engine, and that no pages that are non-conforming
with the query are included in the result. An important property of our
solution is that the proof size and the verification time both depend solely on
the sizes of the query description and the query result, but not on the number
or sizes of the web pages over which the search is performed.
Our authentication protocols are based on standard Merkle trees and the more
involved bilinear-map accumulators. As we experimentally demonstrate, the
prototype implementation of our system gives a low communication overhead
between the search engine and the user, and allows for fast verification of the
returned results on the user side
A Java Data Security Framework (JDSF) and its Case Studies
We present the design of something we call Confidentiality, Integrity and
Authentication Sub-Frameworks, which are a part of a more general Java Data
Security Framework (JDSF) designed to support various aspects related to data
security (confidentiality, origin authentication, integrity, and SQL
randomization). The JDSF was originally designed in 2007 for use in the two
use-cases, MARF and HSQLDB, to allow a plug-in-like implementation of and
verification of various security aspects and their generalization. The JDSF
project explores secure data storage related issues from the point of view of
data security in the two projects. A variety of common security aspects and
tasks were considered in order to extract a spectrum of possible parameters
these aspects require for the design an extensible frameworked API and its
implementation. A particular challenge being tackled is an aggregation of
diverse approaches and algorithms into a common set of Java APIs to cover all
or at least most common aspects, and, at the same time keeping the framework as
simple as possible. As a part of the framework, we provide the mentioned
sub-frameworks' APIs to allow for the common algorithm implementations of the
confidentiality, integrity, and authentication aspects for MARF's and HSQLDB's
database(s). At the same time we perform a detailed overview of the related
work and literature on data and database security that we considered as a
possible input to design the JDSF.Comment: a 2007 project report; parts appeared in various conferences;
includes inde
vChain: Enabling Verifiable Boolean Range Queries over Blockchain Databases
Blockchains have recently been under the spotlight due to the boom of
cryptocurrencies and decentralized applications. There is an increasing demand
for querying the data stored in a blockchain database. To ensure query
integrity, the user can maintain the entire blockchain database and query the
data locally. However, this approach is not economic, if not infeasible,
because of the blockchain's huge data size and considerable maintenance costs.
In this paper, we take the first step toward investigating the problem of
verifiable query processing over blockchain databases. We propose a novel
framework, called vChain, that alleviates the storage and computing costs of
the user and employs verifiable queries to guarantee the results' integrity. To
support verifiable Boolean range queries, we propose an accumulator-based
authenticated data structure that enables dynamic aggregation over arbitrary
query attributes. Two new indexes are further developed to aggregate
intra-block and inter-block data records for efficient query verification. We
also propose an inverted prefix tree structure to accelerate the processing of
a large number of subscription queries simultaneously. Security analysis and
empirical study validate the robustness and practicality of the proposed
techniques
Efficient Query Verification on Outsourced Data: A Game-Theoretic Approach
To save time and money, businesses and individuals have begun outsourcing
their data and computations to cloud computing services. These entities would,
however, like to ensure that the queries they request from the cloud services
are being computed correctly. In this paper, we use the principles of economics
and competition to vastly reduce the complexity of query verification on
outsourced data. We consider two cases: First, we consider the scenario where
multiple non-colluding data outsourcing services exist, and then we consider
the case where only a single outsourcing service exists. Using a game theoretic
model, we show that given the proper incentive structure, we can effectively
deter dishonest behavior on the part of the data outsourcing services with very
few computational and monetary resources. We prove that the incentive for an
outsourcing service to cheat can be reduced to zero. Finally, we show that a
simple verification method can achieve this reduction through extensive
experimental evaluation.Comment: 13 pages, 8 figures, pre-publicatio
Efficient Authentication of Outsourced String Similarity Search
Cloud computing enables the outsourcing of big data analytics, where a third
party server is responsible for data storage and processing. In this paper, we
consider the outsourcing model that provides string similarity search as the
service. In particular, given a similarity search query, the service provider
returns all strings from the outsourced dataset that are similar to the query
string. A major security concern of the outsourcing paradigm is to authenticate
whether the service provider returns sound and complete search results. In this
paper, we design AutoS3, an authentication mechanism of outsourced string
similarity search. The key idea of AutoS3 is that the server returns a
verification object VO to prove the result correctness. First, we design an
authenticated string indexing structure named MBtree for VO construction.
Second, we design two lightweight authentication methods named VS2 and EVS2
that can catch the service provider various cheating behaviors with cheap
verification cost. Moreover, we generalize our solution for top k string
similarity search. We perform an extensive set of experiment results on real
world datasets to demonstrate the efficiency of our approach
Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems
Authenticated data structures provide cryptographic proofs that their answers
are as accurate as the author intended, even if the data structure is being
controlled by a remote untrusted host. We present efficient techniques for
authenticating data structures that represent graphs and collections of
geometric objects. We introduce the path hash accumulator, a new primitive
based on cryptographic hashing for efficiently authenticating various
properties of structured data represented as paths, including any decomposable
query over sequences of elements. We show how to employ our primitive to
authenticate queries about properties of paths in graphs and search queries on
multi-catalogs. This allows the design of new, efficient authenticated data
structures for fundamental problems on networks, such as path and connectivity
queries over graphs, and complex queries on two-dimensional geometric objects,
such as intersection and containment queries.Comment: Full version of related paper appearing in CT-RSA 200
CloudMine: Multi-Party Privacy-Preserving Data Analytics Service
An increasing number of businesses are replacing their data storage and
computation infrastructure with cloud services. Likewise, there is an increased
emphasis on performing analytics based on multiple datasets obtained from
different data sources. While ensuring security of data and computation
outsourced to a third party cloud is in itself challenging, supporting
analytics using data distributed across multiple, independent clouds is even
further from trivial. In this paper we present CloudMine, a cloud-based service
which allows multiple data owners to perform privacy-preserved computation over
the joint data using their clouds as delegates. CloudMine protects data privacy
with respect to semi-honest data owners and semi-honest clouds. It furthermore
ensures the privacy of the computation outputs from the curious clouds. It
allows data owners to reliably detect if their cloud delegates have been lazy
when carrying out the delegated computation. CloudMine can run as a centralized
service on a single cloud, or as a distributed service over multiple,
independent clouds. CloudMine supports a set of basic computations that can be
used to construct a variety of highly complex, distributed privacy-preserving
data analytics. We demonstrate how a simple instance of CloudMine (secure sum
service) is used to implement three classical data mining tasks
(classification, association rule mining and clustering) in a cloud
environment. We experiment with a prototype of the service, the results of
which suggest its practicality for supporting privacy-preserving data analytics
as a (multi) cloud-based service
Integrity Coded Databases: An Evaluation of Performance, Efficiency, and Practicality
In recent years, cloud database storage has become an inexpensive and
convenient option for businesses and individuals to store information. While
its positive aspects make the cloud extremely attractive for data storage, it
is a relatively new area of service, making it vulnerable to cyber-attacks and
security breaches. Storing data in a foreign location also requires the owner
to relinquish control of their information to system administrators of these
online database services. This opens the possibility for malicious, internal
attacks on the data that may involve the manipulation, omission, or addition of
data. The retention of the data as it was intended to be stored is referred to
as the database's integrity. Our research tests a potential solution for
maintaining the integrity of these cloud-storage databases by converting the
original databases to Integrity Coded Databases (ICDB). ICDBs utilize Integrity
Codes: cryptographic codes created alongside the data by a private key that
only the data owner has access to. When the database is queried, an integrity
code is returned along with the queried information. The owner is then able to
verify that the information is correct, complete, and fresh. Consequently,
ICDBs also incur performance and memory penalties. In our research, we explore,
test, and benchmark ICDBs to determine the costs and benefits of maintaining an
ICDB versus a standard database.Comment: 11 pages, 7 figures. Research Experience for Undergraduates in
Software Security, Boise State University, July 201
A Novel Fuzzy Search Approach over Encrypted Data with Improved Accuracy and Efficiency
As cloud computing becomes prevalent in recent years, more and more
enterprises and individuals outsource their data to cloud servers. To avoid
privacy leaks, outsourced data usually is encrypted before being sent to cloud
servers, which disables traditional search schemes for plain text. To meet both
end of security and searchability, search-supported encryption is proposed.
However, many previous schemes suffer severe vulnerability when typos and
semantic diversity exist in query requests. To overcome such flaw, higher
error-tolerance is always expected for search-supported encryption design,
sometimes defined as 'fuzzy search'. In this paper, we propose a new scheme of
multi-keyword fuzzy search over encrypted and outsourced data. Our approach
introduces a new mechanism to map a natural language expression into a
word-vector space. Compared with previous approaches, our design shows higher
robustness when multiple kinds of typos are involved. Besides, our approach is
enhanced with novel data structures to improve search efficiency. These two
innovations can work well for both accuracy and efficiency. Moreover, these
designs will not hurt the fundamental security. Experiments on a real-world
dataset demonstrate the effectiveness of our proposed approach, which
outperforms currently popular approaches focusing on similar tasks.Comment: 14 pages, 14 figure
- …