3 research outputs found
Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems
Authenticated data structures provide cryptographic proofs that their answers
are as accurate as the author intended, even if the data structure is being
controlled by a remote untrusted host. We present efficient techniques for
authenticating data structures that represent graphs and collections of
geometric objects. We introduce the path hash accumulator, a new primitive
based on cryptographic hashing for efficiently authenticating various
properties of structured data represented as paths, including any decomposable
query over sequences of elements. We show how to employ our primitive to
authenticate queries about properties of paths in graphs and search queries on
multi-catalogs. This allows the design of new, efficient authenticated data
structures for fundamental problems on networks, such as path and connectivity
queries over graphs, and complex queries on two-dimensional geometric objects,
such as intersection and containment queries.Comment: Full version of related paper appearing in CT-RSA 200
Verifying Search Results Over Web Collections
Searching accounts for one of the most frequently performed computations over
the Internet as well as one of the most important applications of outsourced
computing, producing results that critically affect users' decision-making
behaviors. As such, verifying the integrity of Internet-based searches over
vast amounts of web contents is essential.
We provide the first solution to this general security problem. We introduce
the concept of an authenticated web crawler and present the design and
prototype implementation of this new concept. An authenticated web crawler is a
trusted program that computes a special "signature" of a collection of web
contents it visits. Subject to this signature, web searches can be verified to
be correct with respect to the integrity of their produced results. This
signature also allows the verification of complicated queries on web pages,
such as conjunctive keyword searches. In our solution, along with the web pages
that satisfy any given search query, the search engine also returns a
cryptographic proof. This proof, together with the signature , enables any
user to efficiently verify that no legitimate web pages are omitted from the
result computed by the search engine, and that no pages that are non-conforming
with the query are included in the result. An important property of our
solution is that the proof size and the verification time both depend solely on
the sizes of the query description and the query result, but not on the number
or sizes of the web pages over which the search is performed.
Our authentication protocols are based on standard Merkle trees and the more
involved bilinear-map accumulators. As we experimentally demonstrate, the
prototype implementation of our system gives a low communication overhead
between the search engine and the user, and allows for fast verification of the
returned results on the user side
Don't Trust the Cloud, Verify: Integrity and Consistency for Cloud Object Stores
Cloud services have turned remote computation into a commodity and enable
convenient online collaboration. However, they require that clients fully trust
the service provider in terms of confidentiality, integrity, and availability.
Towards reducing this dependency, this paper introduces a protocol for
verification of integrity and consistency for cloud object storage (VICOS),
which enables a group of mutually trusting clients to detect data-integrity and
consistency violations for a cloud object-storage service. It aims at services
where multiple clients cooperate on data stored remotely on a potentially
misbehaving service. VICOS enforces the consistency notion of
fork-linearizability, supports wait-free client semantics for most operations,
and reduces the computation and communication overhead compared to previous
protocols. VICOS is based in a generic way on any authenticated data structure.
Moreover, its operations cover the hierarchical name space of a cloud object
store, supporting a real-world interface and not only a simplistic abstraction.
A prototype of VICOS that works with the key-value store interface of commodity
cloud storage services has been implemented, and an evaluation demonstrates its
advantage compared to existing systems