Authenticating Multi-dimensional Query Results in Data Publishing

  • Weiwei Cheng
  • HweeHwa Pang
  • Kian-Lee Tan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4127)


In data publishing, the owner delegates the role of satisfying user queries to a third-party publisher. As the publisher may be untrusted or susceptible to attacks, it could produce incorrect query results. This paper introduces a mechanism for users to verify that their query answers on a multi-dimensional dataset are correct, in the sense of being complete (i.e., no qualifying data points are omitted) and authentic (i.e., all the result values originated from the owner). Our approach is to add authentication information into a spatial data structure, by constructing certified chains on the points within each partition, as well as on all the partitions in the data space. Given a query, we generate proof that every data point within those intervals of the certified chains that overlap the query window either is returned as a result value, or fails to meet some query condition. We study two instantiations of the approach: Verifiable KD-tree (VKDtree) that is based on space partitioning, and Verifiable R-tree (VRtree) that is based on data partitioning. The schemes are evaluated on window queries, and results show that VRtree is highly precise, meaning that few data points outside of a query result are disclosed in the course of proving its correctness.


Query Result Space Partitioning Query Answer Cryptographic Primitive Node Capacity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
    Proposed Federal Information Processing Standard for Digital Signature Standard (DSS). Federal Register 56(169), 42980–42982 (1991)Google Scholar
  3. 3.
    Secure Hashing Algorithm. National Institute of Science and Technology. FIPS 180-182 (2001)Google Scholar
  4. 4.
    Bentley, J.: Multidimensional Binary Search Trees Used For Associative Searching. Communications of the ACM 18(9), 509–517 (1975)CrossRefzbMATHGoogle Scholar
  5. 5.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.: Authentic Data Publication over the Internet. In: 14th IFIP 11.3 Working Conference in Database Security, pp. 102–112 (2000)Google Scholar
  7. 7.
    Huebsch, R., Hellerstein, J., Lanham, N., Loo, B., Shenker, S., Stoica, I.: Querying the Internet with PIER. In: Proceedings of the 29th International Conference on Very Large Databases, pp. 321–332 (2003)Google Scholar
  8. 8.
    Luo, Q., Krishnamurthy, S., Mohan, C., Pirahesh, H., Woo, H., Lindsay, B., Naughton, J.: Middle-Tier Database Caching for E-Business. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, pp. 600–611 (2002)Google Scholar
  9. 9.
    Margulius, D.: Apps on the Edge. InfoWorld 24(21) (May 2002),
  10. 10.
    Miklau, G., Suciu, D.: Controlling Access to Published Data Using Cryptography. In: Proceedings of the 29th International Conference on Very Large Data Bases, pp. 898–909 (2003)Google Scholar
  11. 11.
    Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and Integrity in Outsourced Databases. In: Proceedings of the Network and Distributed System Security Symposium (February 2004)Google Scholar
  12. 12.
    Neuman, B., Tso, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine 32(9), 33–38 (1994)CrossRefGoogle Scholar
  13. 13.
    Nievergelt, J., Hinterberger, H., Sevcik, K.: The Grid File: An Adaptable, Symmetric Multikey File Structure. ACM Transactions on Database Systems 9(1), 38–71 (1984)CrossRefGoogle Scholar
  14. 14.
    Orenstein, J.A., Merrett, T.H.: A class of data structures for associative searching. In: Proceedings of the 3rd ACM SIGACT-SIGMOD Symposium on Principles of Database Systems (PODS), pp. 181–190 (1984)Google Scholar
  15. 15.
    Pang, H., Jain, A., Ramamritham, K., Tan, K.: Verifying Completeness of Relational Query Results in Data Publishing. In: Proceedings of the 2005 ACM SIGMOD International Conference on Management of Data (2005)Google Scholar
  16. 16.
    Pang, H., Tan, K.: Authenticating Query Results in Edge Computing. In: IEEE International Conference on Data Engineering, pp. 560–571 (March 2004)Google Scholar
  17. 17.
    Pang, H., Tan, K., Zhou, X.: StegFS: A Steganographic File System. In: Proceedings of the 19th International Conference on Data Engineering, Bangalore, India, pp. 657–668 (March 2003)Google Scholar
  18. 18.
    Rivest, R.L.: RFC 1321: The MD5 Message-Digest Algorithm, Internet Activities Board (1992)Google Scholar
  19. 19.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Sagan, H.: Space-Filling Curves. Springer, Heidelberg (1994)CrossRefzbMATHGoogle Scholar
  21. 21.
    Samet, H.: The Quadtree and Related Hierarchical Data Structures. ACM Computing Surveys 16(2), 187–260 (1984)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Sandhu, R., Samarati, P.: Access Control: Principles and Practice. IEEE Communications Magazine 32(9), 40–48 (1994)CrossRefGoogle Scholar
  23. 23.
    Saroiu, S., Gummadi, K., Dunn, R., Gribble, S., Levy, H.: An Analysis of Internet Content Delivery Systems. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pp. 315–327 (2002)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Weiwei Cheng
    • 1
  • HweeHwa Pang
    • 2
  • Kian-Lee Tan
    • 1
  1. 1.Department of Computer ScienceNational University of SingaporeSingapore
  2. 2.School of Information SystemsSingapore Management UniversitySingapore

Personalised recommendations