Ensuring Correctness over Untrusted Private Database

Slides:



Advertisements
Similar presentations
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Advertisements

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Digital Signatures and Hash Functions. Digital Signatures.
U-DBMS: A Database System for Managing Constantly-Evolving Data (VLDB 2005) Reynold Cheng Hong Kong Polytechnic University.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Yin Yang, Dimitris Papadias, Stavros Papadopoulos HKUST, Hong Kong Panos Kalnis KAUST, Saudi Arabia Providence, USA, 2009.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Csci5233 computer security & integrity 1 Cryptography: an overview.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
This document is for academic purposes only. © 2012 Department of Computer Science, Hong Kong Baptist University. All rights reserved. 1 Authenticating.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Research Title:Analysis of Advanced Cryptography Technologies Hash-based Post-quantum One-time Digital Signature Schemes Dr. Douglas Stebila Kaan Osmanagaoglu.
Authenticated Join Processing in Outsourced Databases
Improving Authenticated Dynamic Dictionaries
Problem: Internet diagnostics and forensics
Information and Computer Security CPIS 312 Lab 9
Cryptography: an overview
Cryptography: an overview
Hash Functions Which of these problems is easier to solve:
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Computer Communication & Networks
Information Security message M one-way hash fingerprint f = H(M)
Cryptographic Hash Function
Assignment #5 – Solutions
Relational Database Design by Dr. S. Sridhar, Ph. D
Introduction to security goals and usage of cryptographic algorithms
Cryptography.
Chapter 12: Query Processing
Topic 14: Random Oracle Model, Hashing Applications
The TESLA Broadcast Authentication Protocol CS 218 Fall 2017
Information Security message M one-way hash fingerprint f = H(M)
Chapter Trees and B-Trees
Chapter Trees and B-Trees
NET 311 Information Security
Public Key Infrastructure (PKI)
CS/ECE 478 Introduction to Network Security
Secure Electronic Transaction (SET) University of Windsor
Blockchains slides have been taken from:
Information Security message M one-way hash fingerprint f = H(M)
Data Integrity: Applications of Cryptographic Hash Functions
Cryptography: an overview
Protocol ap1.0: Alice says “I am Alice”
Chapter 4 Cryptography / Encryption
Lecture 2- Query Processing (continued)
Outline Using cryptography in networks IPSec SSL and TLS.
Hash Functions Motivation Hash Functions: collision, pre-images SHA-1
Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Cryptography Lecture 14.
Chapter 13 Digital Signature
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
One Way Functions Motivation Complexity Theory Review, Motivation
B-Trees.
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

Ensuring Correctness over Untrusted Private Database Written by: Sarvjeet Singh Sunil Prabhakar

Meet Bob and Alice Bob owns a database Alice needs to query the database Bob wants to ensure that Alice only has access to the parts of the database she needs, and no more than this Alice wants to ensure that the query results or database itself were not altered by Bob before he returns the result to her

Background Info Possible solution: 3rd external, trusted entity Expensive in terms of traffic and storage Potential weakness/liability Freezing data Related work Too much trust in database owner

What is "correctness"? α-correctness β-correctness Correctness of result values Values returned match values frozen β-correctness Correctness of query execution Joins and selections done correctly Checks for missing valid tuples from result set Independent of each other Together imply correctness of query results

First you need to know... One way hashing Merkle trees Two important requirements Hard to work backwards Low probably that h(x) = h(y) and x≠y SHA-256 Merkle trees Binary tree with labeled notes Derivation of parent nodes Authentication path

About the solution Proof of integrity (PoI) Verification Shipped whenever Bob freezes the data Verification Only when Alice suspects foul play Public hash function h Focuses on α correctness

Solution 1 PoI: Bob computes hash of entire database, sends it to Alice Verification: Bob ships entire database contents, Alice computes hash and makes such it matches what Bob originally sent Pro: Bob only sends one number Con: Violates Bob's privacy

Solution 2 PoI: Strong hash function, Bob computes hash for each tuple and sends results to Alice Verification: Alice only needs this to verify results Pro: Respects privacy Con: Not practical - size of proof proportional to size of database PoI probably sent more often than verification done

Solution 3 PoI: Bob computes hash for each tuple, then computes hash of this result Results in hash-tree of height 1 Verification: Alice computes hash over 2 sets Pro: Respects privacy, proof size reduced to one number Con: Greatly increased verification size (okay if verification rare)

Solution 4 PoI: Bob computes Merkle tree, sends the hash of root as proof Verification: Bob sends authentication path, Alice computes hash over received result and the hash values along the given path Pro: Respects privacy, one single hash as PoI (like 3), verificaton reduced from O(N) to O(logN)

Solution 5α New way to define label of a leaf node Concatenate the labels of the attributes in a tuple and concatenate this with the label id, take the hash value of this With this finer granularity, have greater database privacy (don't need to reveal all attributes)

Solution 5α (continued) If hash function has a small domain, need to concatenate hash of data value with secret value, called "salt" Now the label for attributes is the hash of the attribute value concatenated with the salt The salt of the attribute is the hash of the attribute value concatenated with the tuple id and the table id

Solution 5β: β -correctness too Want to ensure all results of query sent Assume only equality joins For labeling the nodes: Attribute's salt is Bob's digital signature on the value with private key d (with public key e) The label of the attribute is the hash of the attribute value concatenated with last step's salt The label of a leaf is the hash of the tuple id concatenated with the labels of attributes from last step The label of the root is the hash of the concatenation of the last step's results

Solution 5β: β -correctness too (cont.) For the proof, Bob sends only the hash of the root for each table to Alice For verification, Bob also sends the hash of all attributes involved in the selection, with their salts She checks hash of root Checks that the hash of the attribute concatenated with its salt is a label in the tree Alice also uses Bob's public key e to verify that the tuples returned match Bob's signature

In the real world/wrap-up Implementation PostgreSQL-Hash function SHA-1 from crypto library Database commands: send_proof, send_verify Send_proof: DB sends single hash value Send_verify: DB returns authentication paths for all the tuples being verified Overhead is on the same order as the cost of inserting data Future work Will address β-correctness for general queries

Thanks for listening! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.