Authentication and Integrity in Outsourced Databases Kanaka Rajanala

What is Outsourced Database Organizations outsource their data management needs to an external provider. Organizations outsource their data management needs to an external provider. The service provider hosts client database and offers mechanisms. The service provider hosts client database and offers mechanisms. Create databasesCreate databases UpdatingUpdating StoringStoring Accessing (querying)Accessing (querying)

Advantages of ODB The organizations can concentrate on their core tasks and operate their business applications via Internet. The organizations can concentrate on their core tasks and operate their business applications via Internet. Don’t worry about Don’t worry about Deployment, instillation, maintenance,upgrades.Deployment, instillation, maintenance,upgrades. Hire, train/retain people.Hire, train/retain people.

Challenges Overall performance Overall performance Scalability Scalability Usability Usability

Challenges Privacy/Security Privacy/Security Protection of outsourced data from intruders and attacks.Protection of outsourced data from intruders and attacks. Protecting clients from misuse of data by service providers.Protecting clients from misuse of data by service providers. Ensuring integrity+privacy+completeness of query replies.Ensuring integrity+privacy+completeness of query replies.

Goal This paper investigate techniques to help ODB client authenticate the origin and verify the integrity of data returned by the service provider in response to a posed query. This paper investigate techniques to help ODB client authenticate the origin and verify the integrity of data returned by the service provider in response to a posed query.

System Model ODB is an example of Client –Server model. ODB is an example of Client –Server model. Types of ODB Types of ODB Unified Client ModelUnified Client Model Multi Querier ModelMulti Querier Model Multi Owner ModelMulti Owner Model

1. Unified Owner Scenario Data Deposit + Queries A single entity creates, queries, manipulates the database. Owner/Querier Encrypted User Database Server Server Site

2. Multi-Querier Scenario Encrypted User Database Data Deposit & queries Server Server Site Data Queries Querier 1 Querier 3 Querier 2 Owner/Querier

3. Multi-Owner Scenario Owner 1 Encrypted User Database Server Server Site Data Queries Querier 2 Owner 2Owner 3 Querier 1 Data Deposit & queries

Why do we need Integrity In some occasions where we may not want secrecy but want integrity In some occasions where we may not want secrecy but want integrity Every one is allowed to read a messageEvery one is allowed to read a message But no one is allowed to modify it.But no one is allowed to modify it.

Why do we need Authentication To authenticate the source of data. To authenticate the source of data. The main goal is to assure ODB clients that the data they receive from the server has not be tampered from an external adversary or the server itself. The main goal is to assure ODB clients that the data they receive from the server has not be tampered from an external adversary or the server itself.

Granularity of Integrity Table level-impractical for large tables. Table level-impractical for large tables. Column level-very expensive for the owner in terms of computation. Column level-very expensive for the owner in terms of computation. Optimal is to provide integrity at row level. Optimal is to provide integrity at row level.

Overhead Factors and Desired Features Querier computation Querier computation Querier bandwidth Querier bandwidth Server computation Server computation Owner computation Owner computation Server storage Server storage

MAC’s or Signatures With MAC client can ask server to store record along with MAC. With MAC client can ask server to store record along with MAC. Works for Unified Client model where owner and querier are same. Works for Unified Client model where owner and querier are same. Cannot be worked with other models Cannot be worked with other models MAC key to be shared between all owners and queriers.MAC key to be shared between all owners and queriers. Non repudiation of queries cannot be achieved.Non repudiation of queries cannot be achieved.

Standard RSA

Condensed RSA Server : Server : Selects records matching posed querySelects records matching posed query Multiplies corresponding RSA signaturesMultiplies corresponding RSA signatures Returns single signature to querierReturns single signature to querier Given t record signatures: {σ 1, σ 2 … σ t }, compute combined signature σ 1,t = Π σ i mod n Send σ 1,t to the querier Server σ 1,t Given t messages: {m 1,m 2 … m t } and σ 1,t verify combined signature: (σ 1,t ) e = ? = Π h(m i ) (mod n) Querier

Condensed RSA Reduced querier computation costs Reduced querier computation costs Querier performs (t-1) mult-s and a one exponentiationQuerier performs (t-1) mult-s and a one exponentiation Constant bandwidth overhead Constant bandwidth overhead Querier receives a single RSA signatureQuerier receives a single RSA signature As secure as batch RSA (with FDH) As secure as batch RSA (with FDH) Not efficient for Multi-Owner model Not efficient for Multi-Owner model

Batch Verification of RSA Signatures Batching: useful when many signature verifications need to be performed simultaneously Batching: useful when many signature verifications need to be performed simultaneously Reduces computational overhead Reduces computational overhead By reducing the total number of modular exponentiationsBy reducing the total number of modular exponentiations Fast screening of RSA signatures : Fast screening of RSA signatures : Given a batch instance of signatures {σ 1, σ 2 … σ t } on distinct messages {m 1, m 2 … m t }Given a batch instance of signatures {σ 1, σ 2 … σ t } on distinct messages {m 1, m 2 … m t } where h() is a full domain hash function

Fast Screening Reduces (somewhat) querier computation but not bandwidth overhead Reduces (somewhat) querier computation but not bandwidth overhead Individual signatures are sent to the querier for verificationIndividual signatures are sent to the querier for verification Bandwidth overhead can be overwhelming Bandwidth overhead can be overwhelming Consider weak (anemic) queriersConsider weak (anemic) queriers Query reply can have thousands of recordsQuery reply can have thousands of records Each RSA signature is at least 1024 bits!Each RSA signature is at least 1024 bits!

Cost Comparisons Condensed RSA Batch DSA Sign 1 signature Verify t =1000 sigs, k=1 signer t =100 sigs, k=10 signers t =1000 sigs, k = 10 signers Parameters: For RSA: |n| = 1024 For DSA: |p| = 1024 and |q| = Querier computation: