Transcript DSAC_1 - Department of Computer Science

DSAC
(Digital Signature Aggregation and Chaining)
Digital Signature Aggregation & Chaining
An approach to ensure integrity of
outsourced databases
Contents
Signature Aggregation Mechanisms
Chaining Mechanism
Comparison of the results with previous
work
ODB
Outsourced Data Base(ODB) model :
Client stores its data at an external data
base service provider.
Concern: Ensure the database security &
integrity.
Authenticity: The tuples in the result set
have not been tampered i.e correctness.
Integrity: No valid tuples have been
omitted from the result set i.e
completeness
Result set & Size of a result set
 Result result includes all the tuples
matching the query predicates.
Size : 0-n, or 2^n subsets,
where, n is total number of tuples in the
database.
Merkle Hash Tree
Use to prove existence of an element in a
set. For eg. prove x1 exists in the set
y={x2, x6, x1, x9}
Constructed as binary tree where leaves
are hash value of corresponding element.
Non leaf & Leaf nodes
Root of the MHT is digitally signed using
public key signature scheme (RSA/ DSA)
MHT example…
Auth DS
(Authenticated Data Structures)
 Approach to prove correctness
 Uses MHT to prove correctness of the result set.
 Limitation : Need to pre-compute and store a
potentially large number of authenticated data
structures to answer queries.
 Completeness issue not answered
VB Tree Approach
 Uses a modified MHT
 Not only root of MHT is signed but all nodes as well
 Limitation: Consumes large storage space and increased
verification time.
 Provides proof of correctness
 Completeness issue not answered !
Drawbacks…
Overheads associated with building,
storing and updating data structures in
AuthDS and VB tree.
Signs each individual tuple before storing.
Server stores tuples along with its
corresponding signature.
In response to a query, server sends both
tuple and its signature.
Drawbacks(contd.)
Query reply set consists of thousands of
tuples.
Sending/ receiving and verifying signature
of each tuple.
Expensive for the querier.
DSAC: Correctness
 Combines multiple individual signatures in the result set
into a unified/ aggregated signature.
 Verifying a unified signature is same as verifying
signatures of each individual tuple in the result set.
DSAC: Completeness
 Includes the boundary tuples as well to ensure
all the tuples matching the query is returned.
 Link the tuple level signatures to form a
signature chain.
Constructing signature chains
If h() is a hash function such as SHA,
|| denotes concatenation,
IPRi denotes immediate predecessor tuple
along dimension ‘i’ ,
l being number of searchable dimensions,
SK is private signing key of the data owner
then the signature of a tuple ‘r’ can be
computed as follows
Computing IPR of a tuple
Sort tuple in increasing order of the
attribute value for each dimension.
IPR of a given tuple in a given dimension
is a tuple with highest value of the attribute
that is less than the value of that tuple.
Each tuple has as many IPRs as the
number of searchable dimensions.
Example of signature chaining
Consider tuple R5
Completeness (contd.)
In this way, server answers range queries
by releasing all matching tuples, boundary
tuples as well as aggregated signature.
Signature chain proves querier that server
has returned all tuples in the query range
proving completeness.
Compleness(contd.)
Querier on receiving the result set:
Verifies the values in boundary tuples are
just beyond the query range.
Building a result set
 Compute the tuple set Ts={Ra…Rz}
 Compute Tn consisting of immediate
predecessor and successor nodes
Tn= {R(a-1), R(b+1)}
 Obtain corresponding signature of each tuple
 Calculate the aggregate the signature
(Contd)
Chain the signature of all tuples along with
its corresponding IPR
Now, the result consists of
{Ts, Tn, Sign(r), ∑}
Analysis of DSAC scheme
We compare the DSAC scheme with other
prominent correctness/ completeness
guarantee schemes such as AuthDS and
VB tree.
Query Verification Time (Naïve approach
vs DSAC)
VO Size (Naïve approach vs DSAC approach)
Freshness
Freshness : The result set in response to a
query should be the recent snapshot of the
database.
Prevents the server from replaying the old
signature chains, hence freshness is part
of data integrity concerns.
Further scope
 How to reduce the size of the verification object.
{Ts, Tn, Sign(r), ∑}
 Freshness Issues
Reference
DSAC : An approach to ensure integrity of
outsourced databases using signature
aggregation and chaining
- Authors : Maithili Narasimha & Gene Tsudik
Computer Science Department
University of California, Irvine