Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science 1 Authentication in Outsourced Database Systems With Feifei Li 1, Marios Hadjieleftheriou 2, and Leonid Reyzin 1 1 Boston University 2.

Published byJonas Harmon Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science 1 Authentication in Outsourced Database Systems With Feifei Li 1, Marios Hadjieleftheriou 2, and Leonid Reyzin 1 1 Boston University 2."— Presentation transcript:

1 Computer Science 1 Authentication in Outsourced Database Systems With Feifei Li 1, Marios Hadjieleftheriou 2, and Leonid Reyzin 1 1 Boston University 2 AT&T Labs-Research

2 H. Hacigumus, B. R. Iyer, and S. Mehrotra, ICDE022 Outsourced Database (ODB) Systems [HIM02] Owner(s): publish database Servers: host database and provide query services Clients: query the owner’s database through servers Security Issues: untrusted or compromised servers Owner Clients Servers

3 3 Query Example Client Select * from T where 5<A<11 Server AB r1r1 … …… r i-1 5 riri 6 r i+1 9 r i+2 12 Owner AB r1r1 … …… r i-1 5 riri 6 r i+1 9 r i+2 12 Return 6,9

4 4 Injection Client Select * from T where 5<A<11 Server AB r1r1 … …… r i-1 5 riri 6 r i+1 9 r i+2 12 Owner AB r1r1 … …… r i-1 5 riri 6 r i+1 9 r i+2 12 Returns 6, 7, 9

5 5 Drop Client Select * from T where 5<A<11 Server AB r1r1 … …… r i-1 5 riri 6 r i+1 9 r i+2 12 Owner AB r1r1 … …… r i-1 5 riri 6 r i+1 9 r i+2 12 Returns 6

6 6 Omission Client Select * from T where 5<A<11 Server AB r1r1 … …… r i-1 5 riri 6 r i+1 9 r i+2 12 Owner AB r1r1 … …… r i-1 5 riri 6 r i+1 8 r i+2 9 r i+3 12 Returns 6,9 Update

7 7 Query Authentication Query Correctness results do exist in the owner's database Query Completeness no answers have been omitted from the result Query Freshness results are based on the most current version of the database

8 8 Other Security Issues Encryption\Privacy The server should not be able to see\know the content of the data (e.g., data can be encrypted) Still must provide database services! Orthogonal (and much harder problem) Query execution assurance

9 9 General Approach for Query Authentication in ODB Systems Client Query Q Server Owner AB r1r1 … …… r i-1 5 riri 6 r i+2 9 r i+3 12 Authenticated Structures Returns both result for Q and associated VO VO: verifiable object

10 10 Cost Metrics The computation overhead for the owner The owner-server communication cost The storage overhead for the server The computation overhead for the server The client-server communication cost The computation cost for the client (for verification) The update cost

11 11 Outline Problem overview Cryptographic tools Merkle B (MB) Tree Embedded Merkle B (EMB) Tree Related Works Query Freshness Experiments

12 K. McCurley, American Mathematical Society, 1990.12 Collision-resistant hash functions It is computational hard to find x 1 and x 2 s.t. h(x 1 )=h(x 2 ) Computational hard? Based on well established assumptions such as discrete logarithms [M90] SHA1 [SHA195] Observations: Computation cost: 3-6 s Storage cost: 20 bytes Under Crypto++ [crypto] and OpenSSL [openssl]

13 13 Public key digital signature schemes Sender Recipient KeyGen (SK, PK)  m Ver(m, PK, )  valid? m  SK Sign(m, SK)   Insecure Channel

14 S. Goldwasser S. Micali R. Rivest SIAM Journal on Computing 1988. R. Rivest A. Shamir L. Adleman, Commun. ACM 197814 Public key digital signature schemes Formally defined by [GMR88] One such scheme: RSA [RSA78] Observations Computation cost: about 3-4 ms for signing and 200-300 s for verifying Storage cost: 128 bytes Under Crypto++ [crypto] and OpenSSL [openssl]

15 R. C. Merkle. CRYPTO, 198915 Merkle Hash Tree [M89] r1r1 r2r2 r3r3 r4r4 r5r5 r6r6 r7r7 r8r8 h1h1 h2h2 h3h3 h4h4 h5h5 h6h6 h7h7 h8h8 h 12 h 34 h 56 h 78 h 1..4 h 5..8 h 1..8  Sign(h 1..8,SK) h 12 = H(h 1 |h 2 )

16 16 Outline Problem overview Cryptographic tools Merkle B (MB) Tree Embedded Merkle B (EMB) Tree Related Work Query Freshness Experiments

17 17 Merkle B(MB) Tree h0h0 p1p1 k1k1 p0p0 h1h1 … pfpf kfkf hfhf h 10 p 11 k 11 p 10 h 11 h 1 =Hash(h 10 |…|h 1f ) Given page size P, fanout of B+ tree f is: f=(P-|int|-|h|)/(2|int|+|h|) For root node, =Sign(h 0 |…|h f )

18 18 Range Selection Query in MB tree Query range q LB(q) RB(q) Query subtree LCA(q) Path LCA(q) Path: its hash path in Merkle B tree

19 19 Query path L2L2 L3L3 L4L4 L1L1 L5L5 L6L6 L8L8 L9L9 L 10 L7L7 L 11 L 12 … I2I2 I3I3 I4I4 I1I1 I5I5 I6I6 I8I8 I7I7 … Query q LB(q) return r i return h i

20 20 Query Example: f=2 123456912 h1h1 h2h2 h3h3 h4h4 h5h5 h6h6 h7h7 h8h8 h 12 h 34 h 56 h 78 h 1..4 h 5..8 h 1..8  Sign(h 1..8,SK) q LB(q) RB(q) Select * from T where 5<A<11 LCA(q) h 1..4 Path LCA(q) VO: 5, 12, h 1..4, 

21 21 Client Side Verification 56912 h5h5 h6h6 h7h7 h8h8 h 56 h 78 h 1..4 h 5..8 h 1..8 Valid? Ver(h 1..8,PK,  ) q Select * from T where 5<A<11 VO: 5, 12, h 1..4,  Query results: 6, 9 Unknown to the client Reconstruct query subtree

22 22 Query Example: f=5 3561912141610 22232520 ………… 294210 q VO: 5 LB(q) tuple 5, 10 RB(q) 10, 31121416 hash of 1, 3, 12, 14, 16, 202942 hash of entry 20, 29, 42 8 hashes

23 23 VO size of MB tree Hash values for sibling entries for nodes along the two boundary paths of query subtree Hash values for sibling entries for nodes along the path LCA(q).

24 24 Cost Analysis Merkle B Tree Construction cost O/S comm. cost Storage Cost Server computation cost 0 Query cost O(log f n)

25 25 Cost Analysis Merkle B Tree Update cost O(log f n) C H +C s Update comm. cost O(log f n) |h|+|| C/S comm. cost Client computation cost

26 26 Outline Problem overview Cryptographic tools Merkle B (MB) Tree Embedded Merkle B (EMB) Tree Related Works Query Freshness Experiments

27 27 Improve c/s comm. cost We can show that is minimized when 2<f<3. so f=2 is optimal in practice. However, the query efficiency is the worst.

28 28 Embedded Merkle B (EMB) tree: A fractal structure h0h0 p1p1 k1k1 p0p0 h1h1 … pfpf kfkf hfhf h 10 p 11 k 11 p 10 h 11 … p 1f k 1f h 1f A MB tree with fanout f e built on this node

29 29 Query and Authentication MB tree with fanout f K Each node is built with a MB tree with fanout f e

30 30 EMB tree Analysis We can show that: Query cost is as a MB tree with fanout f k Authentication cost (c/s comm. cost and client verification cost) is as a MB tree with fanout f e, intuition: f k is smaller than a normal MB tree given a page size P

31 31 Query Example: f=5 3561912141610 22232520 ………… 294210 q VO: 5 LB(q) tuple 5, 10 RB(q) 10, hash of red circle nodes(2), 5 hashes hash of red circle node, 13569 1012141610202942 hash of red circle nodes(2),

32 32 EMB tree’s variants Don’t store the embedded tree, build it on the fly – EMB - tree Fanout f k is as a normal MB tree, better query performance, better storage performance Use multi-way search tree instead of B + tree as embedded tree – EMB * tree Hash path in the embedded tree could stop in index level, not necessary to go to the leaf level, hence reduce the VO size

33 H. Pang, A. Jain, K. Ramamritham, and K.-L. Tan.SIGMOD, 2005.33 Signature-Based Approach: ASB Tree based on [PJR05] S(r 1 |r 2 )S(r 2 |r 3 )……S( n-2 |r n-1 )S(r n-1 |r n ) 1.order database tuples w.r.t query attribute 2.sign consecutive pairs 3.build B+ tree on top of it 4.return tuples [a-1, b+1] together with signatures in [a-1, b]. (query is [a, b]) (a, b here are index) 5.verify any two consecutive pairs B+ Tree

34 E. Mykletun, M. Narasimha, and G. Tsudik. NDSS'0434 Reduce S/C comm. Cost [MNT04] Aggregation Signature: m1m1 11 mkmk kk m1m1  mkmk =combine( 1,…,  k ) Overhead: computation cost of modular multiplication with big modular base number (approx. 100  s per multiplication)

35 35 Cost Analysis ASB tree Construction cost nC s +C b O/S comm. cost Storage Cost Server computation cost 0 or |q|C mod_mutiplication Query cost log f n+|q|/f+|q|||/P

36 36 Cost Analysis ASB tree Update cost 2C s or C s Update comm. cost 2|| or || C/S comm. cost |q|||+|q| or ||+|q| Client computation cost |q|C v or C v +|q|C mod_mutiplication

37 C. Martel, G. Nuckolls, P. Devanbu, M. Gertz, A. Kwong, and S. Stubblebine. Algorithmica 2004.37 Extend Merkle Tree for DAG Model [DGMS03] [MNDGKS04] DAG: Directed Acyclic Graph Apply the same idea used in merkle tree to a DAG structure They have briefly mentioned the possibility of using B tree to improve the query efficiency: MB tree is a generalization of this idea

38 38 Freshness? Client Server query Owner update new signature(s):  v Return VO constructed based on previous version:  v-1 (s) q+VO emm, it’s correct!

39 39 Solution to Freshness Must have client-owner communication Reduce this communication cost is the key issue Observation: this cost is correlated with the number of signatures maintained in the authentication structure used by the owner

40 40 Updates Batch update will help! Using standard bin and ball argument, we can show that number of affected nodes for k updates is: Cost for Per-update approach

41 41 Updates Batch update still has linear (number of signing operations) cost. In terms of number of signing operations: Insertion - Best case: k+2 Worst case: 2k Deletion - Best case: 1 Worst case: k

42 42 Other Query Types Projection Basic authenticated unit for the tuple Join Authenticating one relation first, then authenticate a set of selection queries into the other relation Aggregate Based on Aggregation Index

43 43 Experiments Experiment setup Crypto function – Crypto++ and OpenSSL Pagesize: 1KB 100,000 tuples 2.8GHz Intel Pentium 4 CPU Linux Machine

44 44 Construction Cost: time

45 45 Construction Cost: Size

46 46 Query specific I/O:

47 47 VO construction I/O:

48 48 Query Cost: Total I/O

49 49 Query Cost: VO computation time

50 50 VO size

51 51 Verification time

52 52 Update for ASB Tree

53 53 Update cost

54 54 Conclusion Authenticated index structures that achieve good balance between query efficiency and authentication efficiency Other query types Multi-dimensional query authentication

55 55 Thanks! Download the Authenticated Index Structure Library prototype at: http://cs-people.bu.edu/lifeifei/aisl/

56 56 References [CRYPTO] Crypto++ Library. http://www.eskimo.com/ weidai/cryptlib.html. [DGMS00] P. Devanbu, M. Gertz, C. Martel, and S. G. Stubblebine. Authentic third- party data publication. In IFIP Workshop on Database Security, 2000. [DGMS03] P. Devanbu, M. Gertz, C. Martel, and S. Stubblebine. Authentic data publication over the internet. Journal of Computer Security, 11(3), 2003. [GR97] R. Gennaro, P. Rohatgi. How to Sign Digital Streams. In Crypto 97 [GMR88] S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2), April 1988. [HIM02] H. Hacigumus, B. R. Iyer, and S. Mehrotra. Providing database as a service. In ICDE, 2002. [M90] K. McCurley. The discrete logarithm problem. In Cryptology and Computational Number Theory, Proc. Symposium in Applied Mathematics 42. American Mathematical Society, 1990. [M89] R. C. Merkle. A certied digital signature. In CRYPTO, 1989.

57 57 References [MNDGKS04] C. Martel, G. Nuckolls, P. Devanbu, M. Gertz, A. Kwong, and S. Stubblebine. A general model for authenticated data structures. Algorithmica, 39(1), 2004. [MNT04] E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. In Symposium on Network and Distributed Systems Security (NDSS'04), 2004. [NT05] M. Narasimha and G. Tsudik. Dsac: Integrity of outsourced databases with signature aggregation and chaining. In CIKM, 2005. [OPENSSL] OpenSSL. http://www.openssl.org.http://www.openssl.org [PT04] H. Pang and K.-L. Tan. Authenticating query results in edge computing. In ICDE, 2004. [PJR05] H. Pang, A. Jain, K. Ramamritham, and K.-L. Tan. Verifying completeness of relational query results in data publishing. In SIGMOD, 2005. [RSA78] R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2), 1978. [SHA195]National Institute of Standards and Technology. FIPS PUB180-1: Secure Hash Standard. pub-NIST, 1995.

Download ppt "Computer Science 1 Authentication in Outsourced Database Systems With Feifei Li 1, Marios Hadjieleftheriou 2, and Leonid Reyzin 1 1 Boston University 2."

Similar presentations

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.
Advanced Security Constructions and Key Management Class 16.

Advanced Security Constructions and Key Management Class 16.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
B+-trees. Model of Computation Data stored on disk(s) Minimum transfer unit: a page = b bytes or B records (or block) N records -> N/B = n pages I/O complexity:

B+-trees. Model of Computation Data stored on disk(s) Minimum transfer unit: a page = b bytes or B records (or block) N records -> N/B = n pages I/O complexity:
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Query Assurance on Data Streams  Ke Yi (AT&T Labs, now at HKUST)  Feifei Li (Boston U, now at Florida State)  Marios Hadjieleftheriou (AT&T Labs) 

Query Assurance on Data Streams  Ke Yi (AT&T Labs, now at HKUST)  Feifei Li (Boston U, now at Florida State)  Marios Hadjieleftheriou (AT&T Labs) 
Computer Science 1 Dynamic Authenticated Index Structures for Outsourced Databases Feifei Li, Marios Hadjieleftheriou, George Kollios, Leonid Reyzin Boston.

Computer Science 1 Dynamic Authenticated Index Structures for Outsourced Databases Feifei Li, Marios Hadjieleftheriou, George Kollios, Leonid Reyzin Boston.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
B+-tree and Hashing.

B+-tree and Hashing.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
VLDB 20051 Revisiting Pipelined Parallelism in Multi-Join Query Processing Bin Liu and Elke A. Rundensteiner Worcester Polytechnic Institute

VLDB Revisiting Pipelined Parallelism in Multi-Join Query Processing Bin Liu and Elke A. Rundensteiner Worcester Polytechnic Institute
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
On-The-Fly Verification of Rateless Erasure Codes Max Krohn (MIT CSAIL) Michael Freedman and David Mazières (NYU)

On-The-Fly Verification of Rateless Erasure Codes Max Krohn (MIT CSAIL) Michael Freedman and David Mazières (NYU)
KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.

KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.
Authenticating streamed data in the presence of random packet loss March 17th, 2000. Philippe Golle, Stanford University.

Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Similar presentations

Ads by Google