Data and Application Security

Volume 73 of the series IFIP International Federation for Information Processing pp 101-112

Authentic Third-Party Data Publication

  • Premkumar DevanbuAffiliated withDepartment of Computer Science, University of California
  • , Michael GertzAffiliated withDepartment of Computer Science, University of California
  • , Charles MartelAffiliated withDepartment of Computer Science, University of California
  • , Stuart G. StubblebineAffiliated withCertCo


Integrity critical databases, such as financial data used in high-value decisions, are frequently published over the Internet. Publishers of such data must satisfy the integrity, authenticity, and non-repudiation requirements of clients. Providing this protection over public networks is costly.

This is partly because building and running secure systems is hard. In practice, large systems can not be verified to be secure and are frequently penetrated. The consequences of a system intrusion at the data publisher can be severe. This is further complicated by data and server replication to satisfy availability and scalability requirements.

We aim to reduce the trust required of the publisher of large, infrequently updated databases. To do this, we separate the roles of owner and publisher. With a few trusted digital signatures from the owner, an untrusted publisher can use techniques based on Merkle hash trees to provide authenticity and non-repudiation of the answer to a database query. We do not require a key to be held in an on-line system, thus reducing the impact of system penetrations. By allowing untrusted publishers, we also allow more scalable publication of large databases.