New efficient constructions of verifiable data streaming with accountability

Abstract

Data streaming is widely used in various environments. Resource-limited devices outsource the processing and storage of massive numbers of sequential elements to cloud-based servers, and security protection is of primary importance for the outsourced streams. The streaming authenticated data structure schemes and verifiable data streaming schemes are introduced to provide data owners and verifiers with the ability to verify streaming elements. However, due to their enormous numbers of key parameters, expensive updating overheads, signature revocation, and other security and application problems, few of the existing schemes are feasible when massive numbers of streaming elements are involved and allowed to be updated. In this paper, we define and construct a new primitive, namely, dimension-increasing vector commitment (DIVC). Then, we present the definition of constant verifiable data streaming (CVDS), which is an extension of the original verifiable data streaming (VDS) scheme. Moreover, with the proposed DIVC scheme, which is based on the CDH assumption in bilinear pairings, we construct two concrete CVDS schemes, namely, the probabilistic verifiability CVDS (P-CVDS) scheme and the deterministic verifiability CVDS (D-CVDS) scheme, by respectively employing the counting Bloom filter and a dynamic accumulator, which is based on the q-SDH assumption in bilinear pairings. The analyses prove that both the P-CVDS and D-CVDS schemes satisfy the security requirements that are formulated in the CVDS definition. Finally, the efficiency and performance evaluation demonstrate that the proposed schemes are feasible in practical applications.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Notes

  1. 1.

    When we want to refer to the cell commitment value of a completed cell, for simplicity, in this context, we may employ any index that falls into the same cell, rather than only using the last index. In other words, for a completed cell, only the cell commitment value and its signature are stored in the server.

  2. 2.

    The purpose of splitting the proof is to support the security requirement of accountability; the core idea comes from the basic concept of verifiable outsourcing computation, which can be found in related works, such as [37, 38]. To reduce the client’s workload, the client proof πci can be released by a trusted agent or proxy instead of the client. In addition, in data streaming environments, since the client is always online until the data streaming has finished, there is no need to distinguish between when the client is online or offline in related algorithms.

  3. 3.

    In this scheme, n is equal to the maximum number of cells in the data stream, which means there could be n × s stream elements.

  4. 4.

    According to the characteristics of the CBF scheme, if this step of verification is not passed, the final result of the CVDS.Verify() algorithm cannot be passed; however, if this verification step is passed, the final result could be correct or not. That is the reason why we say that this SVDS scheme is probabilistically verifiable.

  5. 5.

    The proof of commitment verification can be found in [13, 25] and other related works.

  6. 6.

    These parameters are mainly the security-related parameters, such as the security parameter in the setup algorithm of a verifiable data streaming scheme, the security parameter of an accumulator scheme, and the upper bound of element number within one Bloom filter.

References

  1. 1.

    Babcock B, Babu S, Datar M, Motwani R, Widom J (2002) Models and issues in data stream systems. In: ACM Sigmod-Sigact-Sigart symposium on principles of database systems, pp 1–16

  2. 2.

    Abadi DJ, Carney D, Çetintemel U, Cherniack M, Convey C, Lee S, Stonebraker M, Tatbul N, Zdonik S (2003) Aurora: a new model and architecture for data stream management. VLDB J 12(2):120–139

    Article  Google Scholar 

  3. 3.

    Golab L, Tamer Özsu M (2003) Issues in data stream management. Acm Sigmod Record 32(2):5–14

    Article  MATH  Google Scholar 

  4. 4.

    Krishnaswamy S (2005) Mining data streams: a review. Acm Sigmod Record 34(2):18–26

    Article  Google Scholar 

  5. 5.

    Papamanthou C, Shi E, Tamassia R, Yi K (2013) Streaming authenticated data structures. In: Advances in cryptology – EUROCRYPT 2013, Springer, Berlin, pp 353–370.

  6. 6.

    Yi Q, Zhang Y, Xi C, Papamanthou C (2014) Streaming authenticated data structures: abstraction and implementation. In: Edition of the ACM workshop on cloud computing security, pp 129–139

  7. 7.

    Schröder D, Schröder H (2012) Verifiable data streaming. In: Proceedings of the ACM conference on computer and communications security, ACM, pp 953–964

  8. 8.

    Schöder Dominique, Simkin Mark (2015) Veristream – a framework for verifiable data streaming. In: International conference on financial cryptography and data security. pp 548–566

  9. 9.

    Krupp J, Schröder D, Simkin M, Fiore D, Ateniese G, Nuernberger S (2016) Nearly optimal verifiable data streaming. In: Proceedings, Part I, of the 19th IACR international conference on public-key cryptography – PKC 2016, vol 9614. Springer, New york inc., pp 417–445

  10. 10.

    Merkle RC (1980) Protocols for public key cryptosystems. In: IEEE symposium on security and privacy(SP). pp 122–134

  11. 11.

    Chen X, Zhang F, Susilo W, Tian H, Li J, Kim K (2014) Identity-based chameleon hashing and signatures without key exposure. Information Sciences An International Journal 265(5):198– 210

    Article  MATH  Google Scholar 

  12. 12.

    Zhang Z, Chen X, Li J, Tao X, Ma J (2018) Hvdb: a hierarchical verifiable database scheme with scalable updates. Journal of Ambient Intelligence and Humanized Computing

  13. 13.

    Chen X, Li J, Huang X, Ma J, Lou W (2015) New publicly verifiable databases with efficient updates. IEEE Trans Dependable Secure Comput 12(5):546–556

    Article  Google Scholar 

  14. 14.

    Li J, Liu Z, Chen X, Xhafa F, Tan X, Wong DS (2015) L-encdb: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl-Based Syst 79:18–26

    Article  Google Scholar 

  15. 15.

    Wang J, Chen X, Huang X, You I, Xiang Y (2015) Verifiable auditing for outsourced database in cloud computing. IEEE Trans Comput 64(11):3293–3303

    MathSciNet  Article  MATH  Google Scholar 

  16. 16.

    Li T, Liu Z, Li J, Jia C, Li KC (2017) CDPS: a cryptographic data publishing system. J Comput Syst Sci 89:80–91

    MathSciNet  Article  MATH  Google Scholar 

  17. 17.

    Liu Q, Guo Y, Wu J, Wang G (2017) Effective query grouping strategy in clouds. J Comput Sci Technol 32(6):1231–1249

    MathSciNet  Article  Google Scholar 

  18. 18.

    Li P, Li J, Huang Z, Gao CZ, Chen WB, Chen K (2017) Privacy-preserving outsourced classification in cloud computing. Cluster Computing

  19. 19.

    Li J, Huang X, Li J, Chen X, Xiang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210

    Article  Google Scholar 

  20. 20.

    Chen X, Huang X, Li J, Ma J, Lou W, Wong DS (2015) New algorithms for secure outsourcing of large-scale systems of linear equations. IEEE Trans Inf Forensics Secur 10(1):69–78

    Article  Google Scholar 

  21. 21.

    Chen X, Li J, Weng J, Ma J, Lou W (2016) Verifiable computation over large database with incremental updates. IEEE Trans Comput 65(10):3184–3195

    MathSciNet  Article  MATH  Google Scholar 

  22. 22.

    Li J, Li J, Xie D, Cai Z (2016) Secure auditing and deduplicating data in cloud. IEEE Trans Comput 65(8):2386–2396

    MathSciNet  Article  MATH  Google Scholar 

  23. 23.

    Wang J, Chen X, Li J, Zhao J, Shen J (2016) Towards achieving flexible and verifiable search for outsourced database in cloud computing. Futur Gener Comput Syst 67

  24. 24.

    Benabbas S, Gennaro R, Vahlis Y (2011) Verifiable delegation of computation over large datasets. In: Annual cryptology conference, Springer, pp 111–131

  25. 25.

    Catalano D, Fiore D (2013) Vector commitments and their applications. In: Public key cryptography, Springer, pp 55–72

  26. 26.

    Merkle RC (1980) Protocols for public key cryptosystems. ieee symposium on security and privacy, pp 122–122

  27. 27.

    Merkle RC (1990) A certified digital signature. In Advances in cryptology — CRYPTO’ 89 proceedings, Springer, New York, pp 218–238

  28. 28.

    Tamassia R (2003) Authenticated data structures. In: European symposium on algorithms, pp 2–5

  29. 29.

    Miller A, Hicks M, Katz J, Shi E (2014) Authenticated data structures, generically. In: ACM Sigplan-sigact symposium on principles of programming languages, pp 411–423

  30. 30.

    Ajtai M (1996) Generating hard instances of lattice problems. In: Twenty-Eighth ACM symposium on theory of computing, pp 99–108

  31. 31.

    Do J-M, Song Y-J (2014) Secure streaming media data management protocol. International Journal of Security and Its Applications 8(2):193–202

    Article  Google Scholar 

  32. 32.

    Puthal D, Nepal S, Ranjan R, Chen J (2015) A dynamic key length based approach for real-time security verification of big sensing data stream, In: International conference on web information systems engineering, pp 93–108

  33. 33.

    Chen C-Y, Wu H-M, Wang L, Yu C-M (2017) Practical integrity preservation for data streaming in cloud-assisted healthcare sensor systems. Comput Netw 129:472–480. Special Issue on 5G Wireless Networks for IoT and Body Sensors

    Article  Google Scholar 

  34. 34.

    Yi S, Chen X, Du X, Xu J (2017) Dynamic authenticated data structures with access control for outsourcing data stream. IET Inf Secur 11(5):235–242

    Article  Google Scholar 

  35. 35.

    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, pp 321–334

  36. 36.

    Boneh D, Boyen X (2004) Short signatures without random oracles. In: International conference on the theory and applications of cryptographic techniques, Springer, pp 56–73

  37. 37.

    Chen X, Li J, Ma J, Tang Q, Lou W (2014) New algorithms for secure outsourcing of modular exponentiations. IEEE Trans Parallel Distrib Syst 25(9):2386–2396

    Article  MATH  Google Scholar 

  38. 38.

    Chen X, Li J, Huang X, Li J, Xiang Y, Wong DS (2014) Secure outsourced attribute-based signatures. IEEE Trans Parallel Distrib Syst 25(12):3285–3294

    Article  Google Scholar 

  39. 39.

    Bloom BH (1970) Space/time trade-offs in hash coding with allowable errors. Commun ACM 13(7):422–426

    Article  MATH  Google Scholar 

  40. 40.

    Li F, Cao P, Almeida J, Broder AZ (2000) Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM Trans Networking 8(3):281–293

    Article  Google Scholar 

  41. 41.

    Rottenstreich O, Kanizo Y, Keslassy I (2014) The variable-increment counting bloom filter. IEEE/ACM Transactions on Networking (TON) 22(4):1092–1105

    Article  Google Scholar 

  42. 42.

    Benaloh J, de Mare M (1994) One-way accumulators: A decentralized alternative to digital signatures. In: Advances in cryptology — EUROCRYPT ’93, Springer, Berlin, pp 274–285

  43. 43.

    Camenisch J, Lysyanskaya A (2002) Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Annual international cryptology conference, Springer, pp 61–76

  44. 44.

    Nguyen L (2005) Accumulators from bilinear pairings and applications. In: Cryptographers’ track at the RSA conference, Springer, pp 275–292

Download references

Funding

This work is supported by the National Natural Science Foundation of China (no. 61572382), Key Project of Natural Science Basic Research Plan in Shaanxi Province of China (no. 2016JZ021), China 111 Project (no. B16037), Guangxi Cooperative Innovation Center of cloud computing and Big Data (no. YD17X07), and Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems (no. YF17103).

Author information

Affiliations

Authors

Corresponding author

Correspondence to Zhiwei Zhang.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Zhang, Z., Chen, X., Ma, J. et al. New efficient constructions of verifiable data streaming with accountability. Ann. Telecommun. 74, 483–499 (2019). https://doi.org/10.1007/s12243-018-0687-7

Download citation

Keywords

  • Verifiable data streaming
  • Vector commitment
  • Counting Bloom filter
  • Dynamic accumulator
  • Cloud computing