Separating Authentication from Query Execution in Outsourced Databases

In the database outsourcing paradigm, a data owner (DO) delegates its DBMS administration to a specialized service provider (SP) that receives and processes queries from clients. The traditional outsourcing model (TOM) requires that the DO and the SP maintain authenticated data structures to enable authentication of query results. In this paper, we present SAE, a novel outsourcing model that separates authentication from query execution. Specifically, the DO does not perform any task except for maintaining its dataset (if there are updates). The SP only stores the DO's dataset and computes the query results using a conventional DBMS. All security-related tasks are outsourced to a separate trusted entity (TE), which maintains limited authentication information about the original dataset. A client contacts the TE when it wishes to establish the correctness of a result returned by the SP. The TE efficiently generates a verification token of negligible size. The client can verify the token with minimal cost. SAE eliminates the participation of the DO and the SP in the authentication process, and outperforms TOM in every aspect, including processing cost for all parties involved, communication overhead, query response time and ease of implementation in practical applications.