Upload
amrutesh-ghadham
View
213
Download
0
Embed Size (px)
Citation preview
7/28/2019 06047135
1/5
A Completeness and Freshness Guarantee Scheme for Outsourced
Database
Dai Jiazhu1,* Zhang Yurong1,# Li Xin2,3,
Luo Shuangyan1,
1 School of Computer Engineering and Science Shanghai UniversityShanghai 200072
2The Third Research Institute of Ministry of Public Security, Shanghai 310027
3Shanghai Chen Rui Information Technology Corporation, Shanghai 310027
AbstractOutsourced database system
(ODS) has become more and more popular
recently. In ODS, the database is outsourced
on the third-party service provider andusually the providers are untrusted. Thus, the
security of the outsourced database become
an important challenge, the ODS must
introduce some mechanisms to protect the
security of the database information. Previous
work has used encryption to provide the
protection for the privacy and confidentiality
of the database, and integrity can be
guaranteed by adopting one-way hash
function. In contrast, the other aspects of
security, especially freshness and
completeness, are important issues but have
not been researched in detail. In this paper,
we develop a mechanism to provide freshness
guarantee while ensuring the completeness. In
our mechanism, we use small amounts of data
insertion in the outsourced database, called
fake attribute, to achieve our goals.
Keywords-outsourced database; security;freshness, completeness; fake attribute
I. INTRODUCTIONWith the great progress of Internet technologies,
outsourced database become more and more
attractive, meanwhile, Outsourced Database
System (ODS) has gain great improvement in
performance and optimization. The gap between
local database and the outsourced one become
smaller and smaller. Also, compared with
traditional database, outsourced database has
many advantages: reducing equipment costs,
on-demand lease, flexible management and so
on. As shown in Figure 1, there are three roles in
ODS: database owner, the third-party service
provider and the user.
Figure 1 An Outsourced database system (ODS)
2011 Second International Conference on Networking and Distributed Computing
978-0-7695-4427-4/11 $26.00 2011 IEEE
DOI 10.1109/ICNDC.2011.48
201
7/28/2019 06047135
2/5
In this scenario, the database owners upload and
store the data on the service provide. When users
want to access the data, they will send the search
request to the service provider, and the provider
will send the query results.
In normal circumstances or in local databasesystem, users can trust the results sent back by
the provider. But in outsourced scenario, the
service provider is untrusted, so outsourced
database presents many challenges, and the
security of the data becomes a concern of the
users. It is important to provide a mechanism for
the users to verify the data and decide to trust
and accept the sent back query results or not. In
ODS, the security contains the following
aspects: privacy, integrity, completeness and
freshness. The privacy, also called
confidentiality means only authorized users can
get the data. This problem can be solved by
taking encryption method. The integrity means
the results received by the users are not
destroyed or tampered by attacker, the integrity
can be guaranteed by adopting one-way hash
function signature. Much research has been done
in these two areas. In contrast completeness,
especially freshness has drawn people's attention
just recently [6,7,8,9,10]. Concretely, the
completeness means the query results contains
all the tuples that satisfy the search requests
without any omission, and the freshness means
the query results received by client is up-to-date
instead of the outdated data. Research in these
areas is very little [7]. In this paper, we use the
additional attribute which we called fake
attribute to provide completeness and freshness
guarantee.
Structure of this paper is as follows. In section 2,
we introduce the previous work related to
provide completeness and freshness guarantee
for outsourced database. In section 3, we
describe our solution to this problem. In section
4, we will analyze the security and performance
of the proposed solution and draw the
conclusion. In section 5 we summarize our
solution and outline the future work.
II. RELATED WORKAuthenticating query results from untrusted
databases has been an active area of research in
the past few years.In this section we introduce
some related research in this area. In theoutsourced scenario data were created by a
trusted source and encrypted before outsourcing
to the untrusted remote service provider.
Extensive related work exists on authenticated
data structures. Its usually employing
encryption and one way hash function to
protect the privacy and integrity of the
outsourced database. In this paper, we will focus
more on the other two issues: completeness and
freshness. Research on these issues has made
some achievements. In[1] author proposed a
solution to protect the integrity based on
Merkles Hash Tree(MHT)[2], and MHT
become one of the most common method.
Despite MHT has many advantages, such as just
signing on the root node and saving storage
space, it also has some serious drawbacks:
before signature, the database tuples must be
sorted, and it cannot support dynamic update
well, because with any update it must build a
new MHT, that is a time consuming work. [4]
introduced MB (Merkle B-tree)to improve the
MHT, and [5] generalized the Merkle hash tree
ideas to work with DAG (Directed Acyclic
Graph) structure. In [6][7] author introduced a
mechanism called fake tuples to provide
integrity and freshness guarantee, they achieved
the goal by checking the fake tuples only known
by the owner and users. But this method must
update the fake tuples frequently and the user
should maintain some deterministic functions in
order to make sure the fake tuples inserted into
the ODS in a certain time, also it is a
probabilistic approach.[11]introduced a query
execution proofs, a cryptographic proof
mechanism that showed queries were actually
executed, and this solution mainly focused on
read-only queries.
202
7/28/2019 06047135
3/5
In this paper, we introduce a new mechanism to
provide completeness and freshness guarantee
for ODS. Analysis shows that in the
precondition of guaranteeing the completeness
and freshness, our solution can save storage
space and reduce the cost of transmission. In thefollowing text we will describe our solution in
detail.
III. OUR METHOD FOR COMPLETENESSAND FRESHNESS GUARANTEE
In this section we first introduce some concepts
that we will use in our solution, then present the
details of the proposed approach.
A. PreliminariesHomomorphic encryption. In 2009, Craig Gentry
showed the first fully homomorphic encryption
scheme as announced by IBM on June
25.Homomorphic encryption is a form of
encryption where a specific algebraic operation
performed on the plaintext is equivalent to
another (possibly different) algebraic operation
performed on the ciphertext. Depending on one's
viewpoint, this can be seen as either a positive or
negative attribute of the cryptosystem.
Homomorphic encryption schemes are malleable
by design. The homomorphic property of various
cryptosystems can be used to create secure
voting systems, collision-resistant hash
functions, private information retrieval schemesand enable widespread use of cloud computing
by ensuring the confidentiality of processed
data[12].
Fake attribute. In this paper, we consider a
database that contains many tuples
T, ai is an attribute of the
To and ai can be any type of data, such as
numeric, string, etc. In order to achieve the
anticipatory goal and realize our mechanism, we
add a fake attribute called af into the original
tuple, and the tuple changes to Tf. In our paper we suppose
that the fake attribute af is numeric for
simplicity, and for every tuple we add an
attribute which is different from the others, the
reason we will introduce in the following text.
Figure 2 shows the procedure.
Figure 2 New Tuple Structure
TTP(Trusted Third-Party). A trusted third party
(TTP) is an entity which facilitates interactions
between two parties who both trust the third
party; The Third Party reviews all critical
transaction communications between the parties,
based on the case of creating fraudulent digital
content. In TTP models, the relying parties use
this trust to secure their own interactions [13]. In
a word you can trust the data receiving from the
TTP.
In the following paper, we will introduce how to
realize our solution using fake attribute and hash
function.
B. The Verification ProcedureIn our mechanism there are four participants:
Database owner, the third-party service provider,
user and TTP (Trusted Third-Party). We have
introduced all participants in the earlier
paragraph.
Compared with Figure 1, we introduce TTP into
our mechanism which we use to store the
verification object. Before transmitting the
database to the service provider, the owner
should make some processing: First, the owner
inserts fake attributes f1,f2,f3,fn into the
original tuples, and then encrypts the tuples, here
the original tuples can be encrypted with the
same or different keys according to access con-
trol policies, but the fake attribute in a same da-
tabase must use a particular key, because in the
203
7/28/2019 06047135
4/5
next we will use fake attribute to get a check
value ,if the fake attribute is encrypted using
different keys, homomorphic encryption will not
work. We suppose the fake attribute is encrypted
using key k, then the value become
k(f1),k(f2),k(f3),,k(fn). After that the ownerwill adopt homomorphic encryption to compute
the cryptographic check value, here we use +
operation:
sum=k(f1)+k(f2)+k(f3)++k(fn)
At last the owner will store the encrypted
database on the service provider, and meanwhile
transmit the check value sum to the TTP. We
will use this check value to verify thecompleteness and freshness of the search results
sent back by the service provider.
Figure 3 Realization Mechanism
Figure 3 shows the specific process, we describe
it in detail as follows:
The owner stores the encrypted databasethat contains fake attribute on the service
provider.
The owner transmits the cryptographiccheck valuesum to the TTP.
When one authenticated user wants toaccess the database, he will send search
request to the service provider. The search
request contains two parts: the real search
request and the verification one. For the real
one user can receive the expected results
and for the verification one we want to
receive a check value sumgenerated by the
service provider. User will use sum to
verify the completeness and freshness. In
this paper we suppose the service provider
cannot distinguish the two parts.
Service provider sends back the searchresults according to users request, In this
request there is a check value sum.
At the same time the user gets thecryptographic check value sum from TTP,
and then comparing the two check values
sum and sum. if the two values are same
we are sure that the completeness and
freshness have been guaranteed. In this
condition, we will accept the result, on the
contrary, we will refuse that.
IV. SECURITY AND PERFORMANCEANALYSIS
In this paper we introduce an additional data
called fake attribute to provide completeness and
freshness guarantee. Our solution has the
following advantages:
1) Secure. For every tuple we use differentfake attribute, the malicious attackers will
not find the additional attribute is fake, so
they cannot falsify it. Using fake attribute
we have provided completeness and
freshness guarantee for ODS.
2) Efficient and simple. The fake attribute isjust a simple field, it only need little storage,
and generating the also consumes little
computing power. So this is a simple and
efficient solution comparing with other
solutions.
3) Supporting dynamic update. When ownerwants to update the database, he just adds
different fake attribute into the new tuples
and then generates a new cryptographic
204
7/28/2019 06047135
5/5
check value, at last update the check value
on the TTP.
V. CONCLUSION
In this paper we propose a new mechanism
based on fake attribute. From the fake attribute
we can generate a check value which we can useto provide completeness and freshness
guarantee. Analysis shows that our solution is
secure and efficient. Furthermore, our method
can also support dynamic update.
ACKNOWLEDGEMENT
The work of this paper is supported by Shanghai
Key Subject Fund under grant NO: J50103
REFERENCES
[1] Devanbu P, Gertz M, Martel C, et al. Authentic
Third-party Data Publication[C]//Proc. of the 14th IFIP
TC11/WG11.3 Annual Working Conference on Database
Security. Schoorl, Netherlands: [s. n.], 2000.
[2] Merkle R C. Protocols for Public Key
Cryptosystems[C]//proc. of IEEE Symposium on Research in
Security and Privacy. [S. l.]: IEEE Press, 1980.
[3]Merkle RC. A certified digital signature. In: Proc. of the
9th Annual Intl Cryptology Conf. on Advances in
Cryptology. LNCS 435, Heidelberg, Berlin: Springer-Verlag,
1989.
[4] Li Feifei, Marios H, George K, et al. Dynamic Authenti-
cated Index Structures for Outsourced Database[C]//Proc. of
ACM SIGMOD06. Chicago, Illinois, USA: ACM Press,
2006.
[5] C. Martel, G. Nuckolls, P. Devanbu, M. Gertz, A.
Kwong, and S. Stubblebine. A general model for authenti-
cated data structures. Algorithmica, 39(1):2141, 2004.
[6] Min Xie, Haixun Wang, Jian Yin, and Xiaofeng Meng.
Integrity auditing of outsourced data. In VLDB, 2007.[7] Xie M, Wang HX, Yin J, Meng XF. Providing freshness
guarantees for outsourced databases. In: Kemper A, Valdu-
riez P, Mouaddib N, Teubner J, Bouzeghoub M, Markl V,
Amsaleg L, Manolescu I, eds. Proc. of the 11th Intl Conf. on
Extending Database Technology: Advances in Database
Technology, Vol.261. New York: ACM Press, 2008.
[8] Einar Mykletun, Maithili Narasimha, and Gene Tsudik.
Authentication and integrity in outsourced databases. In
NDSS. The Internet Society, 2004.
[9] HweeHwa Pang, Arpit Jain, Krithi Ramamritham, and
Kian-Lee Tan. Verifying completeness of relational query
results in data publishing. In Fatma A Ozcan, editor, SIG-
MOD Conference, ACM, 2005.
[10] Radu Sion. Query execution assurance for outsourced
databases. In: Bohm K, Jensen CS, eds. Proc. of the 31st Intl
Conf. on Very Large Data Bases. New York: ACM Press,
2005.
[11] Sion R. Query execution assurance for outsourced data-
base. In: Bohm K, Jensen CS, eds. Proc. of the 31st Intl
Conf. on Very Large Data Bases. New York: ACM Press,
2005.
[12] http://en.wikipedia.org/wiki/Homomorphic_encryption
[13] http://en.wikipedia.org/wiki/Trusted_third_party
205