Abstract
Query authentication is an essential component in Outsourced DataBase (ODB) systems. This article introduces efficient index structures for authenticating aggregation queries over large datasets. First, we design an index that features good performance characteristics for static environments. Then, we propose more involved structures for the dynamic case. Our structures feature excellent performance for authenticating queries with multiple aggregate attributes and multiple selection predicates. Furthermore, our techniques cover a large number of aggregate types, including distributive aggregates (such as SUM, COUNT, MIN, and MAX), algebraic aggregates (such as the AVG), and holistic aggregates (such as MEDIAN and QUANTILE). We have also addressed the issue of authenticating aggregation queries efficiently when the database is encrypted to protect data confidentiality. Finally, we implemented a working prototype of the proposed techniques and experimentally validated the effectiveness and efficiency of our methods.
- Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y. 2004. Order preserving encryption for numeric data. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 563--574. Google ScholarDigital Library
- Agrawal, R., Srikant, R., and Thomas, D. 2005. Privacy preserving OLAP. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 251--262. Google ScholarDigital Library
- Anagnostopoulos, A., Goodrich, M., and Tamassia, R. 2001. Persistent authenticated dictionaries and their applications. In Proceedings of the Information Security Conference (ISC). 379--393. Google ScholarDigital Library
- Atallah, M. J., Cho, Y., and Kundu, A. 2008. Efficient data authentication in an environment of untrusted third-party distributors. In Proceedings of the International Conference on Data Engineering (ICDE). 696--704. Google ScholarDigital Library
- Bertino, E., Carminati, B., Ferrari, E., Thuraisingham, B., and Gupta, A. 2004. Selective and authentic third-party distribution of XML documents. IEEE Trans. Knowl. Data Engin. 16, 10, 1263--1278. Google ScholarDigital Library
- Cheng, W., Pang, H., and Tan, K. 2006. Authenticating multi-dimensional query results in data publishing. In Proceedings of the IFIP Annual Working Conference on Database Security (DBSec). 60--73. Google ScholarDigital Library
- Dai, W. Crypto++ Library. http://www.eskimo.com/~weidai/cryptlib.html.Google Scholar
- Devanbu, P., Gertz, M., Martel, C., and Stubblebine, S. G. 2000. Authentic third-party data publication. In Proceedings of the IFIP Workshop on Database Security (DBSec). 101--112. Google ScholarDigital Library
- Ge, T. and Zdonik, S. B. 2007. Answering aggregation queries in a secure system model. In Proceedings of the International Conference on Very Large Databases (VLDB). 519--530. Google ScholarDigital Library
- Goodrich, M. T., Tamassia, R., and Triandopoulos, N. 2008. Super-Efficient verification of dynamic outsourced databases. In Proceedings of the Cryptographer’s Track at the RSA Conference (CT-RSA). 407--424. Google ScholarDigital Library
- Goodrich, M. T., Tamassia, R., and Triandopoulos, N. 2010. Efficient authenticated data structures for graph connectivity and geometric search problems. Algorithmica. To appear. Google ScholarDigital Library
- Goodrich, M. T., Tamassia, R., Triandopoulos, N., and Cohen, R. 2003. Authenticated data structures for graph and geometric searching. In Proceedings of the Cryptographer’s Track at the RSA Conference (CT-RSA). 295--313. Google ScholarDigital Library
- Hacigümüs, H., Iyer, B. R., Li, C., and Mehrotra, S. 2002. Executing SQL over encrypted data in the database service provider model. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 216--227. Google ScholarDigital Library
- Hacigümüs, H., Iyer, B. R., and Mehrotra, S. 2004. Efficient execution of aggregation queries over encrypted relational databases. In Proceedings of the International Conference on Database Systems for Advanced Applications (DASFAA). 125--136.Google Scholar
- Ho, C.-T., Agrawal, R., Megiddo, N., and Srikant, R. 1997. Range queries in OLAP data cubes. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 73--88. Google ScholarDigital Library
- Jürgens, M. and Lenz, H. 1999. PISA: Performance models for index structures with and without aggregated data. In Proceedings of the International Conference on Statistical and Scientific Database Management (SSDBM). 78--87. Google ScholarDigital Library
- Kamel, I. and Faloutsos, C. 1993. On packing R-Trees. In Proceedings of the ACM International Conference on Information and Knowledge Management (CIKM). 490--499. Google ScholarDigital Library
- Kundu, A. and Bertino, E. 2008. Structural signatures for tree data structures. Proc. VLDB Endow. 1, 1, 138--150. Google ScholarDigital Library
- Lazaridis, I. and Mehrotra, S. 2001. Progressive approximate aggregate queries with a multi-resolution tree structure. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 401--412. Google ScholarDigital Library
- Levitte, R., Henson, S., and et al. OpenSSL. http://www.openssl.org.Google Scholar
- Li, F., Hadjieleftheriou, M., Kollios, G., and Reyzin, L. 2006a. Authenticated index sturctures for aggregation queries in outsourced databases. Tech. rep. 2006-011, Computer Science Department, Boston University. http://www.cs.bu.edu/techreportsGoogle Scholar
- Li, F., Hadjieleftheriou, M., Kollios, G., and Reyzin, L. 2006b. Dynamic authenticated index structures for outsourced databases. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 121--132. Google ScholarDigital Library
- Li, F., Yi, K., Hadjieleftheriou, M., and Kollios, G. 2007. Proof-Infused streams: Enabling authentication of sliding window queries on streams. In Proceedings of the International Conference on Very Large Databases (VLDB). 147--158. Google ScholarDigital Library
- Martel, C., Nuckolls, G., Devanbu, P., Gertz, M., Kwong, A., and Stubblebine, S. 2004. A general model for authenticated data structures. Algorithmica 39, 1, 21--41. Google ScholarDigital Library
- Merkle, R. 1980. Protocols for public key cryptosystems. In Proceedings of the IEEE Symposium on Security and Privacy. 122--134.Google ScholarCross Ref
- Miklau, G. 2005. Confidentiality and integrity in data exchange. Ph.D. thesis, University of Washington. Google ScholarDigital Library
- Mouratidis, K., Sacharidis, D., and Pang, H. 2009. Partially materialized digest scheme: An efficient verification method for outsourced databases. VLDB J. 18, 1, 363--381. Google ScholarDigital Library
- Mykletun, E., Narasimha, M., and Tsudik, G. 2004a. Authentication and integrity in outsourced databases. In Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).Google Scholar
- Mykletun, E., Narasimha, M., and Tsudik, G. 2004b. Signature bouquets: Immutability for aggregated/condensed signatures. In Proceedings of the European Symposium on Research in Computer Security (ESORICS). 160--176.Google Scholar
- Mykletun, E. and Tsudik, G. 2006. Aggregation queries in the database-as-a-service model. In Proceedings of the IFIP Annual Working Conference on Database Security (DBSec). 89--103. Google ScholarDigital Library
- Naor, M. and Nissim, K. 1998. Certificate revocation and certificate update. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Narasimha, M. and Tsudik, G. 2005. DSAC: Integrity of outsourced databases with signature aggregation and chaining. In Proceedings of the ACM International Conference on Information and Knowledge Management (CIKM). 235--236. Google ScholarDigital Library
- Pang, H., Jain, A., Ramamritham, K., and Tan, K.-L. 2005. Verifying completeness of relational query results in data publishing. In Proceeedings of the ACM SIGMOD International Conference on Management of Data. 407--418. Google ScholarDigital Library
- Pang, H. and Mouratidis, K. 2008. Authenticating the query results of text search engines. Proc. VLDB Endow. 1, 1, 126--137. Google ScholarDigital Library
- Pang, H., Zhang, J., and Mouratidis, K. 2009. Scalable verification for outsourced dynamic databases. Proc. VLDB Endow. 2, 1, 802--813. Google ScholarDigital Library
- Papadopoulos, S., Papadias, D., Cheng, W., and Tan, K.-L. 2009. Separating authentication from query execution in outsourced databases. In Proceedings of the International Conference on Data Engineering (ICDE). 1148--1151. Google ScholarDigital Library
- Papadopoulos, S., Yang, Y., and Papadias, D. 2007. CADS: Continuous authentication on data streams. In Proceedings of the International Conference on Very Large Databases (VLDB). 135--146. Google ScholarDigital Library
- Papamanthou, C., Tamassia, R., and Triandopoulos, N. 2008. Authenticated hash tables. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). 437--448. Google ScholarDigital Library
- Singh, S. and Prabhakar, S. 2008. Ensuring correctness over untrusted private database. In Proceedings of the International Conference on Extending Database Technology (EDBT). 476--486. Google ScholarDigital Library
- Sion, R. 2005. Query execution assurance for outsourced databases. In Proceedings of the International Conference on Very Large Databases (VLDB). 601--612. Google ScholarDigital Library
- Tamassia, R. and Triandopoulos, N. 2005. Computational bounds on hierarchical data processing with applications to information security. In Proceedings of the International Colloquium on Automata, Languages and Programming (ICALP). 153--165. Google ScholarDigital Library
- Tamassia, R. and Triandopoulos, N. 2007. Efficient content authentication in peer-to-peer networks. In Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS). 354--372. Google ScholarDigital Library
- Tao, Y. and Papadias, D. 2004. Range aggregate processing in spatial databases. IEEE Trans. Knowl. Data Engin. 16, 12, 1555--1570. Google ScholarDigital Library
- Theodoridis, Y. and Sellis, T. K. 1996. A model for the prediction of R-tree performance. In Proceedings of the ACM SIGACT-SIDMOD-SIGART Symposium on Principles of Database Systems (PODS). 161--171. Google ScholarDigital Library
- Xie, M., Wang, H., Yin, J., and Meng, X. 2007. Integrity auditing of outsourced data. In Proceedings of the International Conference on Very Large Databases (VLDB). 782--793. Google ScholarDigital Library
- Xie, M., Wang, H., Yin, J., and Meng, X. 2008. Providing freshness guarantees for outsourced databases. In Proceedings of the International Conference on Extending Database Technology (EDBT). 323--332. Google ScholarDigital Library
- Yang, Y., Papadopoulos, S., Papadias, D., and Kollios, G. 2008. Spatial outsoucing for location-based services. In Proceedings of the International Conference on Data Engineering (ICDE). 1082--1091. Google ScholarDigital Library
- Yang, Y., Papadias, D., Papadopoulos, S., and Kalnis, P. 2009a. Authenticated join processing in outsourced databases. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 5--18. Google ScholarDigital Library
- Yang, Y., Papadopoulos, S., Papadias, D., and Kollios, G. 2009b. Authenticated indexing for outsourced spatial databases. VLDB J. 18, 3, 631--648. Google ScholarDigital Library
Index Terms
- Authenticated Index Structures for Aggregation Queries
Recommendations
Dynamic authenticated index structures for outsourced databases
SIGMOD '06: Proceedings of the 2006 ACM SIGMOD international conference on Management of dataIn outsourced database (ODB)systems the database owner publishes its data through a number of remote servers, with the goal of enabling clients at the edge of the network to access and query the data more efficiently. As servers might be untrusted or ...
Efficient aggregation over objects with extent
PODS '02: Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systemsWe examine the problem of efficiently computing sum/count/avg aggregates over objects with non-zero extent. Recent work on computing multi-dimensional aggregates has concentrated on objects with zero extent (points) on a multi-dimensional grid, or one-...
Authentication and integrity in outsourced databases
In the Outsourced Database (ODB) model, entities outsource their data management needs to a third-party service provider. Such a service provider offers mechanisms for its clients to create, store, update, and access (query) their databases. This work ...
Comments