VERID: towards verifiable IoT data management

Ensuring the authenticity and integrity of the sensing data that are stored in a third-party cloud is a crucial task for the correctness and safety of many IoT applications. Although verifiable data outsourcing has been studied for over a decade, current solutions are not fully suitable for IoT systems, due to the hardware constraints, deployment features, and application requirements of IoT. This paper presents VERID, a verifiable data management system designed for IoT applications. VERID enables important ranged selection and aggregate queries of sensing data while imposing minimal overhead for resource-constraint IoT devices. Our important innovation is a computational and space-efficient authentication data structure called PrefixMHT which fits into resource-constrained IoT devices and supports both range and aggregate queries. We design a new signature aggregation scheme called Condensed Bilinear Pairing to further improve the efficiency. The experiments using real IoT datasets show that VERID is able to provide authenticity, integrity, and completeness of data queries while achieving substantial advantages in computation, memory, and communication efficiency than possible methods.

[1]  Yin Yang,et al.  Authenticated join processing in outsourced databases , 2009, SIGMOD Conference.

[2]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[3]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[4]  Nimrod Megiddo,et al.  Range queries in OLAP data cubes , 1997, SIGMOD '97.

[5]  Qian Wang,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[6]  Ch. Ramesh Babu,et al.  Internet of Vehicles: From Intelligent Grid to Autonomous Cars and Vehicular Clouds , 2016 .

[7]  Ratul Mahajan,et al.  Bolt: Data Management for Connected Homes , 2014, NSDI.

[8]  Shouhuai Xu,et al.  Efficient query integrity for outsourced dynamic databases , 2012, CCSW '12.

[9]  Ye Yu,et al.  Toward Secure and Efficient Communication for the Internet of Things , 2019, IEEE/ACM Transactions on Networking.

[10]  T. H. Merrett,et al.  A class of data structures for associative searching , 1984, PODS.

[11]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[12]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[13]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[14]  Jon Howell,et al.  Geppetto: Versatile Verifiable Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[15]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[16]  Lei Zhang,et al.  Privacy-Preserving Public Auditing Protocol for Low-Performance End Devices in Cloud , 2016, IEEE Transactions on Information Forensics and Security.

[17]  Christos Faloutsos,et al.  Analysis of the Clustering Properties of the Hilbert Space-Filling Curve , 2001, IEEE Trans. Knowl. Data Eng..

[18]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[19]  Srinath T. V. Setty,et al.  Depot: Cloud Storage with Minimal Trust , 2010, TOCS.

[20]  Feifei Li,et al.  Authenticated Index Structures for Aggregation Queries , 2010, TSEC.

[21]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[22]  Jonathan Katz,et al.  IntegriDB: Verifiable SQL for Outsourced Databases , 2015, CCS.

[23]  Kian-Lee Tan,et al.  Authenticating Multi-dimensional Query Results in Data Publishing , 2006, DBSec.

[24]  Shoji Nishimura,et al.  QUILTS: Multidimensional Data Partitioning Framework Based on Query-Aware and Skew-Tolerant Space-Filling Curves , 2017, SIGMOD Conference.

[25]  Li Duan,et al.  Event-Driven SOA for IoT Services , 2014, 2014 IEEE International Conference on Services Computing.

[26]  Wei Xi,et al.  Verifiable Smart Packaging with Passive RFID , 2016, IEEE Transactions on Mobile Computing.

[27]  Yael Tauman Kalai,et al.  Memory Delegation , 2011, CRYPTO.

[28]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[29]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[30]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[31]  Xin Li,et al.  SICS: Secure In-Cloud Service Function Chaining , 2016, ArXiv.

[32]  Elaine Shi,et al.  Signatures of Correct Computation , 2013, TCC.

[33]  Jonathan Katz,et al.  vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[34]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[35]  Jie Gao,et al.  Sparse Data Aggregation in Sensor Networks , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[36]  Prasun Sinha,et al.  Scalable data aggregation for dynamic events in sensor networks , 2006, SenSys '06.

[37]  Ratul Mahajan,et al.  Digital neighborhood watch: investigating the sharing of camera data amongst neighbors , 2013, CSCW.

[38]  Michael T. Goodrich,et al.  Super-Efficient Verification of Dynamic Outsourced Databases , 2008, CT-RSA.

[39]  Mauro Conti,et al.  SANA: Secure and Scalable Aggregate Network Attestation , 2016, CCS.

[40]  Radu Sion,et al.  CorrectDB: SQL Engine with Practical Query Authentication , 2013, Proc. VLDB Endow..

[41]  Hossam S. Hassanein,et al.  CRAWDAD dataset queensu/crowd_temperature (v.2015-11-20) , 2015 .

[42]  Jakob Jonsson,et al.  PKCS #1: RSA Cryptography Specifications Version 2.2 , 2016, RFC.

[43]  Sawan Kumar,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[44]  Francisco Rodríguez-Henríquez,et al.  High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves , 2010, Pairing.

[45]  Chen Qian,et al.  Collaborative Validation of Public-Key Certificates for IoT by Distributed Caching , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[46]  Stavros Papadopoulos,et al.  Taking Authenticated Range Queries to Arbitrary Dimensions , 2014, CCS.

[47]  Kyriakos Mouratidis,et al.  Scalable Verification for Outsourced Dynamic Databases , 2009, Proc. VLDB Endow..

[48]  Abhi Shelat,et al.  Computing on Authenticated Data , 2012, Journal of Cryptology.

[49]  Xin Li,et al.  Butterfly: Environment-Independent Physical-Layer Authentication for Passive RFID , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[50]  F. E. A Relational Model of Data Large Shared Data Banks , 2000 .

[51]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[52]  Alan Jay Smith,et al.  Sequentiality and prefetching in database systems , 1978, TODS.

[53]  Xin Li,et al.  Towards Replay-resilient RFID Authentication , 2018, MobiCom.

[54]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[55]  Lucas Schabhüser,et al.  A Linearly Homomorphic Signature Scheme from Weaker Assumptions , 2017, IMACC.