Practical Immutable Signature Bouquets (PISB) for Authentication and Integrity in Outsourced Databases

Database outsourcing is a prominent trend that enables organizations to offload their data management overhead (e.g., query handling) to the external service providers. Immutable signatures are ideal tools to provide authentication and integrity for such applications with an important property called immutability. Signature immutability ensures that, no attacker can derive a valid signature for unposed queries from previous queries and their corresponding signatures. This prevents an attacker from creating his own de-facto services via such derived signatures. Unfortunately, existing immutable signatures are very computation and communication costly (e.g., highly interactive), which make them impractical for task-intensive and heterogeneous applications. In this paper, we developed two new schemes that we call Practical and Immutable Signature Bouquets (PISB), which achieve efficient immutability for outsourced database systems. Both PISB schemes are very simple, non-interactive, and computation/communication efficient. Our generic scheme can be constructed from any aggregate signature coupled with a standard signature. Hence, it can flexibly provide performance trade-offs for various types of applications. Our specific scheme is constructed from Condensed-RSA and Sequential Aggregate RSA. It has a very low verifier computational overhead and end-to-end delay with a small signature size. We showed that PISB schemes are secure and also much more efficient than previous alternatives.

[1]  Radu Sion Secure Data Outsourcing , 2007, VLDB.

[2]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[3]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[4]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[5]  Gene Tsudik,et al.  Signature Bouquets: Immutability for Aggregated/Condensed Signatures , 2004, ESORICS.

[6]  Ernesto Damiani,et al.  Data and Applications Security XX, 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006, Proceedings , 2006, DBSec.

[7]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[8]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[9]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[10]  David M'Raïhi,et al.  Can D.S.A. be Improved? Complexity Trade-Offs with the Digital Signature Standard , 1994, EUROCRYPT.

[11]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[12]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[13]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[14]  Dieter Gollmann,et al.  Computer Security – ESORICS 2004 , 2004, Lecture Notes in Computer Science.

[15]  Jianying Zhou,et al.  Finding Compact Reliable Broadcast in Unknown Fixed-Identity Networks (Short Paper) , 2006, ICICS.

[16]  Ronald Cramer,et al.  Public Key Cryptography - PKC 2008, 11th International Workshop on Practice and Theory in Public-Key Cryptography, Barcelona, Spain, March 9-12, 2008. Proceedings , 2008, Public Key Cryptography.

[17]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[18]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[19]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[20]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[21]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[22]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[23]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[24]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[25]  Rosario Gennaro,et al.  Off-Line/On-Line Signatures: Theoretical Aspects and Experimental Results , 2008, Public Key Cryptography.

[26]  S. Jaya Nirmala,et al.  Security and Availability of Data in the Cloud , 2012, ACITY.

[27]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[28]  Jonathan Katz,et al.  Introduction to Modern Cryptography: Principles and Protocols , 2007 .

[29]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[30]  Gene Tsudik,et al.  Simple Identity-Based Cryptography with Mediated RSA , 2003, CT-RSA.

[31]  Peng Ning,et al.  BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems , 2012, TSEC.

[32]  Gene Tsudik,et al.  Aggregation Queries in the Database-As-a-Service Model , 2006, DBSec.

[33]  Stuart Haber,et al.  Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases , 2009, Privacy Enhancing Technologies.

[34]  Craig Gentry,et al.  Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing , 2007, CCS '07.

[35]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[36]  Marc Joye,et al.  Topics in Cryptology — CT-RSA 2003 , 2003 .

[37]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[38]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[39]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[40]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[41]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[42]  Peng Ning,et al.  Efficient, Compromise Resilient and Append-Only Cryptographic Schemes for Secure Audit Logging , 2012, Financial Cryptography.