DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

Slides:



Advertisements
Similar presentations
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Advertisements

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Augmenting Data Structures Advanced Algorithms & Data Structures Lecture Theme 07 – Part I Prof. Dr. Th. Ottmann Summer Semester 2006.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis Sarmenta Srini Devadas MIT Computer.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Computer Science 1 Dynamic Authenticated Index Structures for Outsourced Databases Feifei Li, Marios Hadjieleftheriou, George Kollios, Leonid Reyzin Boston.
Authentication and Integrity in Outsourced Databases Kanaka Rajanala.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.
1 6 th Workshop on Privacy Enhancing Technologies, June 28-30, 2006 John Solis and Gene Tsudik University of California, Irvine 6th Workshop on Privacy.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Yin Yang, Dimitris Papadias, Stavros Papadopoulos HKUST, Hong Kong Panos Kalnis KAUST, Saudi Arabia Providence, USA, 2009.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)
Computers Data Representation Chapter 3, SA. Data Representation and Processing Data and information processors must be able to: Recognize external data.
Qian Chen, Haibo Hu, Jianliang Xu Hong Kong Baptist University Authenticated Online Data Integration Services1.
Authentication: Owner and user OwnerUser Query: X > 6 Message m: Answer to X>6: X1, X5 Sign(m) DB.
Computer Science iBigTable: Practical Data Integrity for BigTable in Public Cloud CODASPY 2013 Wei Wei, Ting Yu, Rui Xue 1/40.
Certification asynchrone à grande échelle avec des arbres de vérification de certificats Josep Domingo-Ferrer Universitat Rovira i Virgili
Computer Science Integrity Assurance for Outsourced Databases without DBMS Modification DBSec 2014 Wei Wei, Ting Yu 1.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Computer Science 1 Authentication in Outsourced Database Systems With Feifei Li 1, Marios Hadjieleftheriou 2, and Leonid Reyzin 1 1 Boston University 2.
sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.
University of Crete Department of Computer Science ΗΥ-561 Web Data Management XML Data Archiving Konstantinos Kouratoras.
SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.
ASYNCHRONOUS LARGE-SCALE CERTIFICATION BASED ON CERTIFICATE VERIFICATION TREES Josep Domingo-Ferrer, Marc Alba and Francesc Sebé Dept. of Computer Engineering.
Efficient Downloading and Updating Application on Smart Cards Yongsu Park, Junyoung Heo, Yookun Cho School of Computer Science and Engineering Seoul National.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
An Overview and Evaluation of Web Services Security Performance Optimizations Robert van Engelen & Wei Zhang Department of Computer Science Florida State.
This document is for academic purposes only. © 2012 Department of Computer Science, Hong Kong Baptist University. All rights reserved. 1 Authenticating.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Prepared by Dr. Lamiaa Elshenawy
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
DIGITAL SIGNATURE(DS) IN VIDEO. Contents  What is Digital Signature(DS)?  General Signature Vs. Digital Signatures  How DS is Different from Encryption?
Secure Data Outsourcing
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Research Title:Analysis of Advanced Cryptography Technologies Hash-based Post-quantum One-time Digital Signature Schemes Dr. Douglas Stebila Kaan Osmanagaoglu.
Authenticated Join Processing in Outsourced Databases
Cryptographic hash functions
Introduction Used for communication to verify
Josep Domingo-Ferrer Universitat Rovira i Virgili
Dynamic Authenticated Index Structures for Outsourced Databases
CS/ECE 478 Introduction to Network Security
Reporting (1-D) Given a set of points S on the line, preprocess them to build structure that allows efficient queries of the from: Given an interval I=[x1,x2]
NET 536 Network Security Lecture 8: DNS Security
Digital Signatures…!.
Lecture 6: Digital Signature
Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig
University of Cyprus By: Nectarios Efstathiou
Ensuring Correctness over Untrusted Private Database
LAB 3: Digital Signature
Presentation transcript:

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases

Contents Signature Aggregation Mechanisms Chaining Mechanism Comparison of the results with previous work

ODB Outsourced Data Base(ODB) model : Client stores its data at an external data base service provider. Concern: Ensure the database security & integrity.

Authenticity: The tuples in the result set have not been tampered i.e correctness. Integrity: No valid tuples have been omitted from the result set i.e completeness

Size of a result set & VO 0-n, or 2^n subsets, where, n is total number of tuples in the database. Verification Object (VO) : Is the result set including the tuples and verification signatures.

Merkle Hash Tree Use to prove existence of an element in a set. For eg. prove x1 exists in the set y={x2, x6, x1, x9} Constructed as binary tree where leaves are hash value of corresponding element. Non leaf & Leaf nodes Root of the MHT is digitally signed using public key signature scheme (RSA/ DSA)

MHT example…

Auth DS (Authenticated Data Structures) Approach to prove correctness Uses MHT to prove correctness of the result set. Limitation : Need to pre-compute and store a potentially large number of authenticated data structures to answer queries. Completeness issue not answered

VB Tree Approach Uses a modified MHT Not only root of MHT is signed but all nodes as well Limitation: Consumes large storage space and increased verification time. Provides proof of correctness Completeness issue not answered !

Drawbacks… Overheads associated with building, storing and updating data structures in AuthDS and VB tree. Signs each individual tuple before storing. Server stores tuples along with its corresponding signature. In response to a query, server sends both tuple and its signature.

Drawbacks(contd.) Query reply set consists of thousands of tuples. Sending/ receiving and verifying signature of each tuple. Expensive for the querier.

DSAC Combines multiple individual signatures in the result set into a unified/ aggregated signature. Verifying a unified signature is same as verifying signatures of each individual tuple in the result set.

Completeness Includes the boundary tuples as well to ensure all the tuples matching the query is returned. Link the tuple level signatures to form a signature chain.

Constructing signature chains If h() is a hash function such as SHA, || denotes concatenation, IPRi denotes immediate predecessor tuple along dimension ‘i’, l being number of searchable dimensions, SK is private signing key of the data owner

then the signature of a tuple ‘r’ can be computed as follows

Computing IPR of a tuple Sort tuple in increasing order of the attribute value for each dimension. IPR of a given tuple in a given dimension is a tuple with highest value of the attribute that is less than the value of that tuple. Each tuple has as many IPRs as the number of searchable dimensions.

Example of signature chaining Consider tuple R5

Completeness (contd.) In this way, server answers range queries by releasing all matching tuples, boundary tuples as well as aggregated signature. Signature chain proves querier that server has returned all tuples in the query range proving completeness.

Compleness(contd.) Querier on receiving the result set: Verifies the values in boundary tuples are just beyond the query range. This ensures completeness for the querier.

Analysis of DSAC scheme We compare the DSAC scheme with other prominent correctness/ completeness guarantee schemes such as AuthDS and VB tree.

Query Verification Time (Naïve approach vs DSAC)

VO Size (Naïve approach vs DSAC approach)

Freshness Freshness : The result set in response to a query should be the recent snapshot of the database. Prevents the server from replaying the old signature chains, hence freshness is part of data integrity concerns.

Conclusion Developed a new approach DSAC to ensure integrity and authentication of the result set. Completeness guaranteed, which no other works has been able to. Experimenting and comparing the results with other works like AuthDS and VB tree approaches.

Further scope How to reduce the size of the verification object.

Reference DSAC : An approach to ensure integrity of outsourced databases using signature aggregation and chaining -Authors : Maithili Narasimha & Gene Tsudik Computer Science Department University of California, Irvine

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.