Practical Immutable Signature Bouquets (PISB) for Authentication and Integrity in Outsourced Databases
Database outsourcing is a prominent trend that enables organizations to offload their data management overhead (e.g., query handling) to the external service providers. Immutable signatures are ideal tools to provide authentication and integrity for such applications with an important property called immutability. Signature immutability ensures that, no attacker can derive a valid signature for unposed queries from previous queries and their corresponding signatures. This prevents an attacker from creating his own de-facto services via such derived signatures. Unfortunately, existing immutable signatures are very computation and communication costly (e.g., highly interactive), which make them impractical for task-intensive and heterogeneous applications.
In this paper, we developed two new schemes that we call Practical and Immutable Signature Bouquets (PISB ), which achieve efficient immutability for outsourced database systems. Both PISB schemes are very simple, non-interactive, and computation/communication efficient. Our generic scheme can be constructed from any aggregate signature coupled with a standard signature. Hence, it can flexibly provide performance trade-offs for various types of applications. Our specific scheme is constructed from Condensed-RSA and Sequential Aggregate RSA. It has a very low verifier computational overhead and end-to-end delay with a small signature size. We showed that PISB schemes are secure and also much more efficient than previous alternatives.
KeywordsApplied cryptography outsourced databases immutable digital signatures distributed systems public key cryptography
- 1.Hacigumus, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proceedings of the 18th International Conference on Data Engineering, ICDE 2002, Washington, DC, USA, pp. 29–38 (2002)Google Scholar
- 2.Sion, R.: Secure data outsourcing. In: Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB), pp. 1431–1432 (2007)Google Scholar
- 4.Patel, A.A., Jaya Nirmala, S., Mary Saira Bhanu, S.: Security and availability of data in the cloud. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds.) Advances in Computing & Inform. Technology. AISC, vol. 176, pp. 255–261. Springer, Heidelberg (2012)Google Scholar
- 5.Wang, H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted xml databases. In: Proceedings of the 32nd International Conference on Very Large Data Bases, VLDB 2006, pp. 127–138 (2006)Google Scholar
- 6.Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Privacy-preserving group data access via stateless oblivious ram simulation. In: Proceedings of the Twenty-Third Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 157–167 (2012)Google Scholar
- 10.American Bankers Association: ANSI X9.62-1998: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm, ECDSA (1999)Google Scholar
- 11.Shamus: Multiprecision integer and rational arithmetic c/c++ library (MIRACL), http://www.shamus.ie/
- 13.Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC (2007)Google Scholar
- 20.Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 276–285. ACM (2007)Google Scholar
- 23.Samarati, P., di Vimercati, S.D.C.: Data protection in outsourcing scenarios: issues and directions. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 1–14 (2010)Google Scholar
- 26.Yavuz, A.A., Ning, P., Reiter, M.K.: BAF and FI-BAF: Efficient and publicly verifiable cryptographic schemes for secure logging in resource-constrained systems. ACM Transaction on Information System Security 15(2) (2012)Google Scholar
- 29.Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: Cryptdb: protecting confidentiality with encrypted query processing. In: Proc. of the 23rd ACM Symposium on Operating Systems Principles, SOSP 2011, New York, NY, USA, pp. 85–100 (2011)Google Scholar