Query assurance verification for outsourced multi-dimensional databases

In data outsourcing model, data owners engage third-party data servers (called publishers) to manage their data and process queries on their behalf. As these publishers may be untrusted or susceptible to attacks, it could produce incorrect query results to users. In this paper, we introduce an authentication scheme for outsourced multi-dimensional databases. With the proposed scheme, users can verify that their query answers from a publisher are complete (i.e., no qualifying tuples are omitted) and authentic (i.e., all the result values are legitimate). In addition, our scheme guarantees minimality (i.e., no non-answer points are returned in the plain). Our scheme supports window, range, kNN and RNN queries on multi-dimensional databases. We have implemented the proposed scheme, and our experimental results on kNN queries show that our approach is a practical scheme with low overhead.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[3]  Kian-Lee Tan,et al.  Verifying Completeness of Relational Query Answers from Online Servers , 2008, TSEC.

[4]  J. K. Wong Middle-Tier Database Caching for e-Business , 2002 .

[5]  Kian-Lee Tan,et al.  Authenticating kNN Query Results in Data Publishing , 2007, Secure Data Management.

[6]  Kian-Lee Tan,et al.  StegFS: a steganographic file system , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[7]  Roberto Tamassia,et al.  Efficient Content Authentication over Distributed Hash Tables , 2006 .

[8]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[9]  Michael Gertz,et al.  Authentic Data Publication Over the Internet , 2003, J. Comput. Secur..

[10]  Kian-Lee Tan,et al.  Authenticating query results in edge computing , 2004, Proceedings. 20th International Conference on Data Engineering.

[11]  Divyakant Agrawal,et al.  Constrained Nearest Neighbor Queries , 2001, Encyclopedia of GIS.

[12]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[13]  Krishna P. Gummadi,et al.  An analysis of Internet content delivery systems , 2002, OPSR.

[14]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[15]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[16]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[17]  Beng Chin Ooi,et al.  Indexing the Distance: An Efficient Method to KNN Processing , 2001, VLDB.

[18]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[19]  Michael Gertz,et al.  A General Model for Authenticated Data Structures , 2004, Algorithmica.

[20]  H. Sagan Space-filling curves , 1994 .

[21]  Scott Shenker,et al.  Querying the Internet with PIER , 2003, VLDB.

[22]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[23]  Kian-Lee Tan,et al.  Authenticating Multi-dimensional Query Results in Data Publishing , 2006, DBSec.

[24]  Hans-Peter Kriegel,et al.  The R*-tree: an efficient and robust access method for points and rectangles , 1990, SIGMOD '90.

[25]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.