Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ensuring Correctness over Untrusted Private Database

Published byIrma Lillo Modified over 5 years ago

Similar presentations

Presentation on theme: "Ensuring Correctness over Untrusted Private Database"— Presentation transcript:

1 Ensuring Correctness over Untrusted Private Database
Written by: Sarvjeet Singh Sunil Prabhakar

2 Meet Bob and Alice Bob owns a database
Alice needs to query the database Bob wants to ensure that Alice only has access to the parts of the database she needs, and no more than this Alice wants to ensure that the query results or database itself were not altered by Bob before he returns the result to her

3 Background Info Possible solution: 3rd external, trusted entity
Expensive in terms of traffic and storage Potential weakness/liability Freezing data Related work Too much trust in database owner

4 What is "correctness"? α-correctness β-correctness
Correctness of result values Values returned match values frozen β-correctness Correctness of query execution Joins and selections done correctly Checks for missing valid tuples from result set Independent of each other Together imply correctness of query results

5 First you need to know... One way hashing Merkle trees
Two important requirements Hard to work backwards Low probably that h(x) = h(y) and x≠y SHA-256 Merkle trees Binary tree with labeled notes Derivation of parent nodes Authentication path

6 About the solution Proof of integrity (PoI) Verification
Shipped whenever Bob freezes the data Verification Only when Alice suspects foul play Public hash function h Focuses on α correctness

7 Solution 1 PoI: Bob computes hash of entire database, sends it to Alice Verification: Bob ships entire database contents, Alice computes hash and makes such it matches what Bob originally sent Pro: Bob only sends one number Con: Violates Bob's privacy

8 Solution 2 PoI: Strong hash function, Bob computes hash for each tuple and sends results to Alice Verification: Alice only needs this to verify results Pro: Respects privacy Con: Not practical - size of proof proportional to size of database PoI probably sent more often than verification done

9 Solution 3 PoI: Bob computes hash for each tuple, then computes hash of this result Results in hash-tree of height 1 Verification: Alice computes hash over 2 sets Pro: Respects privacy, proof size reduced to one number Con: Greatly increased verification size (okay if verification rare)

10 Solution 4 PoI: Bob computes Merkle tree, sends the hash of root as proof Verification: Bob sends authentication path, Alice computes hash over received result and the hash values along the given path Pro: Respects privacy, one single hash as PoI (like 3), verificaton reduced from O(N) to O(logN)

11 Solution 5α New way to define label of a leaf node
Concatenate the labels of the attributes in a tuple and concatenate this with the label id, take the hash value of this With this finer granularity, have greater database privacy (don't need to reveal all attributes)

12 Solution 5α (continued)
If hash function has a small domain, need to concatenate hash of data value with secret value, called "salt" Now the label for attributes is the hash of the attribute value concatenated with the salt The salt of the attribute is the hash of the attribute value concatenated with the tuple id and the table id

13 Solution 5β: β -correctness too
Want to ensure all results of query sent Assume only equality joins For labeling the nodes: Attribute's salt is Bob's digital signature on the value with private key d (with public key e) The label of the attribute is the hash of the attribute value concatenated with last step's salt The label of a leaf is the hash of the tuple id concatenated with the labels of attributes from last step The label of the root is the hash of the concatenation of the last step's results

14 Solution 5β: β -correctness too (cont.)
For the proof, Bob sends only the hash of the root for each table to Alice For verification, Bob also sends the hash of all attributes involved in the selection, with their salts She checks hash of root Checks that the hash of the attribute concatenated with its salt is a label in the tree Alice also uses Bob's public key e to verify that the tuples returned match Bob's signature

15 In the real world/wrap-up
Implementation PostgreSQL-Hash function SHA-1 from crypto library Database commands: send_proof, send_verify Send_proof: DB sends single hash value Send_verify: DB returns authentication paths for all the tuples being verified Overhead is on the same order as the cost of inserting data Future work Will address β-correctness for general queries

16 Thanks for listening! Questions?

Download ppt "Ensuring Correctness over Untrusted Private Database"

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
U-DBMS: A Database System for Managing Constantly-Evolving Data (VLDB 2005) Reynold Cheng Hong Kong Polytechnic University.

U-DBMS: A Database System for Managing Constantly-Evolving Data (VLDB 2005) Reynold Cheng Hong Kong Polytechnic University.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Yin Yang, Dimitris Papadias, Stavros Papadopoulos HKUST, Hong Kong Panos Kalnis KAUST, Saudi Arabia Providence, USA, 2009.

Yin Yang, Dimitris Papadias, Stavros Papadopoulos HKUST, Hong Kong Panos Kalnis KAUST, Saudi Arabia Providence, USA, 2009.
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)

Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Csci5233 computer security & integrity 1 Cryptography: an overview.

Csci5233 computer security & integrity 1 Cryptography: an overview.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.

Digital Signatures, Message Digest and Authentication Week-9.
This document is for academic purposes only. © 2012 Department of Computer Science, Hong Kong Baptist University. All rights reserved. 1 Authenticating.

This document is for academic purposes only. © 2012 Department of Computer Science, Hong Kong Baptist University. All rights reserved. 1 Authenticating.

Similar presentations

Ads by Google