Authentication of Outsourced Databases Using Signature Aggregation and Chaining

  • Maithili Narasimha
  • Gene Tsudik
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3882)


Database outsourcing is an important emerging trend which involves data owners delegating their data management needs to an external service provider. Since a service provider is almost never fully trusted, security and privacy of outsourced data are important concerns. A core security requirement is the integrity and authenticity of outsourced databases. Whenever someone queries a hosted database, the results must be demonstrably authentic (with respect to the actual data owner) to ensure that the data has not been tampered with. Furthermore, the results must carry a proof of completeness which will allow the querier to verify that the server has not omitted any valid tuples that match the query predicate. Notable prior work ([4,9,15]) focused on various types of Authenticated Data Structures. Another prior approach involved the use of specialized digital signature schemes. In this paper, we extend the state-of-the-art to provide both authenticity and completeness guarantees of query replies. Our work analyzes the new approach for various base query types and compares it with Authenticated Data Structures. We also point out some possible security flaws in the approach suggested in the recent work of [15].


Signature Scheme Query Reply Storage Overhead Signature Chain Aggregate Signature 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography and application to virus protection. In: 27th Annual Symposium of Theory of Computing (1995)Google Scholar
  2. 2.
    Bellare, M., Micciancio, D.: A new paradigm for collsion-free hashing: Incrementality at reduced cost. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic third-party data publication. In: 14th IFIP Working Conference in Database Security (2000)Google Scholar
  5. 5.
    Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over Encrypted Data in the Database-Service-Provider Model. In: SIGMOD (2002)Google Scholar
  6. 6.
    Hacigümüş, H., Iyer, B., Mehrotra, S.: Encrypted Database Integrity in Database Service Provider Model. In: CSES 2002 IFIP WCC (2002)Google Scholar
  7. 7.
    Hacigümüş, H., Iyer, B., Mehrotra, S.: Providing Database as a Service. In: ICDE 2002 (2002)Google Scholar
  8. 8.
    Hore, B., Mehrotra, S., Tsudik, G.: A Privacy-Preserving Index for Range Queries. In: VLDB (2004)Google Scholar
  9. 9.
    Martel, C., Nuckolls, G., Devanbu, P., Gertz, M., Kwong, A., Stubblebine, S.G.: A general model for authenticated data structures. Algorithmica 39(1) ( January 2004)Google Scholar
  10. 10.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  11. 11.
    Merkle, R.: Protocols for public key cryptosystems. In: IEEE Symposium on Research in Security and Privacy (1980)Google Scholar
  12. 12.
    Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and Integrity in Outsourced Databases. In: Network and Distributed Systems Security (2004)Google Scholar
  13. 13.
    National Institute of Standards and Technology (NIST). Secure Hash Standard. FIPS PUB 180-1 (April 1995)Google Scholar
  14. 14.
    OpenSSL Project,
  15. 15.
    Pang, H., Tan, K.-L.: Authenticating Query Results in Edge Computing. In: ICDE (2004)Google Scholar
  16. 16.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2) (1978)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Maithili Narasimha
    • 1
  • Gene Tsudik
    • 1
  1. 1.Computer Science Department, School of Information and Computer ScienceUniversity of CaliforniaIrvineUSA

Personalised recommendations