Privacy-Preserving Verification of Aggregate Queries on Outsourced Databases

It is often desirable to be able to guarantee the integrity of historical data, ensuring that any subsequent modifications to the data can be detected. It would be especially convenient to extend such proofs of integrity to certain computations performed later using the historic data. We approach this question in the context of outsourced databases, where a data owner delegates the ability to answer users’ queries to a service provider, and distrustful users may desire to verify the integrity of responses to their queries on the data. We present a solution for integrity verification of database aggregate queries, such as SUM and MAX. We design proofs of correctness and completeness of aggregate results. What makes the problem challenging is that individual data entries may be sensitive (e.g. as in medical databases), and should not be revealed to the user. We give cryptographic protocols to support verification of query results in a privacy-preserving fashion.

[1]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[2]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[3]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[4]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[5]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[6]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[7]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[8]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[9]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[10]  Mihir Bellare,et al.  Forward Integrity For Secure Audit Logs , 1997 .

[11]  Stuart Haber,et al.  Secure names for bit-strings , 1997, CCS '97.

[12]  Wenbo Mao,et al.  Guaranteed Correct Sharing of Integer Factorization with Off-Line Shareholders , 1998, Public Key Cryptography.

[13]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[14]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[15]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.

[16]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  Michael Gertz,et al.  Authentic Third-party Data Publication , 2000, DBSec.

[18]  Matthew K. Franklin,et al.  Distribution chain security , 2000, CCS.

[19]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[20]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[21]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[22]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[23]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[24]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[25]  Charles U. Martel,et al.  Certifying Data from Multiple Sources , 2003, DBSec.

[26]  Ahto Buldas,et al.  On Provably Secure Time-Stamping Schemes , 2004, ASIACRYPT.

[27]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[28]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[29]  Beng Chin Ooi,et al.  Privacy and ownership preserving of outsourced medical data , 2005, 21st International Conference on Data Engineering (ICDE'05).

[30]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[31]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[32]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[33]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[34]  Gene Tsudik,et al.  Authentication of Outsourced Databases Using Signature Aggregation and Chaining , 2006, DASFAA.

[35]  Stuart Haber,et al.  A Content Integrity Service For Long-Term Digital Archives , 2006 .

[36]  Yufei Tao,et al.  Anatomy: simple and effective privacy preservation , 2006, VLDB.

[37]  Gene Tsudik,et al.  Aggregation Queries in the Database-As-a-Service Model , 2006, DBSec.

[38]  Qiang Chen,et al.  Aurora : a new model and architecture for data stream management ) , 2006 .

[39]  T. Sander,et al.  Audit-log integrity using redactable signatures with pseudonyms , 2006 .

[40]  Sven Laur,et al.  Do Broken Hash Functions Affect the Security of Time-Stamping Schemes? , 2006, ACNS.

[41]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.