Certifying Data from Multiple Sources
Data integrity can be problematic when integrating and organizing information from many sources. In this paper we describe efficient mechanisms that enable a group of data owners to contribute data sets to an untrusted third-party publisher, who then answers users’ queries. Each owner gets a proof from the publisher that his data is properly represented, and each user gets a proof that the answer given to them is correct. This allows owners to be confident that their data is being properly represented and for users to be confident they are getting correct answers. We show that a group of data owners can efficiently certify that an untrusted third party publisher has computed the correct digest of the owners’ collected data sets. Users can then verify that the answers they get from the publisher are the same as a fully trusted publisher would provide, or detect if they are not. The results presented support selection and range queries on multi-attribute data sets and are an extension of earlier work on Authentic Publication which assumed that a single trusted owner certified all of the data.
KeywordsHash Function Data Item Range Query Data Owner Message Authentication Code
- M. D. Berg, M. V. Kreveld, M. Overmars, and O. Schwarzkopf. Computational Geometry. Springer, New York, 2000.Google Scholar
- A. Buldas, P. Laud, and H. Lipmaa. Eliminating counterevidence with applications to accountable certificate management. Journal of Computer Security, 10:273–296,2002.Google Scholar
- A. Buldas, M. Roos, and J. Willemson. Undeniable replies for database queries. In Proceedings of the Fifth International Baltic Conference on DB and IS, volume 2, pages 215–226, 2002.Google Scholar
- S. Charanjit and M. Yung. Paytree: Amortized signature for flexible micropayments. Second Usenix Workshop on Electronic Commerce Proceedings, 1996.Google Scholar
- P. Devanbu, M. Gertz, A. Kwong, C. Martel, G. Nuckolls, and S. G. Stubblebine. Flexible authentication of xml documents. In Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS-8), pages 136–145, 2001.Google Scholar
- P. Devanbu, M. Gertz, C. Martel, and S. G. Stubblebine. Authentic publication over the internet. Journal of Computer Security, 3(11):291–314, 2003.Google Scholar
- P. Devanbu and S. Stubblebine. Stack and queue integrity on hostile platforms. IEEE Transactions on Software Engineering, 26(2), 2000.Google Scholar
- M. Goodrich, R. Tamassia, N. Triandopoulos, and R. Cohen. Authenticated data structures for graph and geometric searching. Technical report, Center for Geometric Computing, Brown University, 2002.Google Scholar
- S. Haber and W. S. Stornetta. How to timestamp a digital document. J. of Cryptology, 3(2), 1991.Google Scholar
- Petros Maniatis and Mary Baker. Enabling the archival storage of signed documents. In Proceedings of the USENIX Conference on File and Storage Technologies (FAST 2002), pages 31–45, Monterey, CA, USA, January 2002. USENIX Association.Google Scholar
- Petros Maniatis and Mary Baker. Secure history preservation through timeline entanglement. In Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, August 2002.Google Scholar
- C. Martel, G. Nuckolls, P. Devanbu, M. Gertz, A. Kwong, and S. Stubblebine. A general model for authentic data publication. To appear in Algorithmica, http://truthsayer.cs.ucdavis.edu/pubs.html.
- R.C. Merkle. Protocols for public key cryptosystems. In Proceedings of the IEEE Symposium on Security and Privacy, pages 122–134. IEEE Computer Society Press, 1980.Google Scholar
- M. Naor and K. Nissim. Certificate revocation and certificate update. Proceedings of the 7th USENIX Security Symposium, 1998.Google Scholar
- G. Nuckolls, C. Martel, and S. Stubblebine. Certifying data from multiple sources. Available at http://truthsayer.cs.ucdavis.edu/pubs.html.