Abstract
In data publishing, the owner delegates the role of satisfying user queries to a third-party publisher. As the publisher may be untrusted or susceptible to attacks, it could produce incorrect query results. This paper introduces a mechanism for users to verify that their query answers on a multi-dimensional dataset are correct, in the sense of being complete (i.e., no qualifying data points are omitted) and authentic (i.e., all the result values originated from the owner). Our approach is to add authentication information into a spatial data structure, by constructing certified chains on the points within each partition, as well as on all the partitions in the data space. Given a query, we generate proof that every data point within those intervals of the certified chains that overlap the query window either is returned as a result value, or fails to meet some query condition. We study two instantiations of the approach: Verifiable KD-tree (VKDtree) that is based on space partitioning, and Verifiable R-tree (VRtree) that is based on data partitioning. The schemes are evaluated on window queries, and results show that VRtree is highly precise, meaning that few data points outside of a query result are disclosed in the course of proving its correctness.
Keywords
- Query Result
- Space Partitioning
- Query Answer
- Cryptographic Primitive
- Node Capacity
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Chapter PDF
References
Encrypting File System (EFS) for Windows 2000, http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp
Proposed Federal Information Processing Standard for Digital Signature Standard (DSS). Federal Register 56(169), 42980–42982 (1991)
Secure Hashing Algorithm. National Institute of Science and Technology. FIPS 180-182 (2001)
Bentley, J.: Multidimensional Binary Search Trees Used For Associative Searching. Communications of the ACM 18(9), 509–517 (1975)
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)
Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.: Authentic Data Publication over the Internet. In: 14th IFIP 11.3 Working Conference in Database Security, pp. 102–112 (2000)
Huebsch, R., Hellerstein, J., Lanham, N., Loo, B., Shenker, S., Stoica, I.: Querying the Internet with PIER. In: Proceedings of the 29th International Conference on Very Large Databases, pp. 321–332 (2003)
Luo, Q., Krishnamurthy, S., Mohan, C., Pirahesh, H., Woo, H., Lindsay, B., Naughton, J.: Middle-Tier Database Caching for E-Business. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, pp. 600–611 (2002)
Margulius, D.: Apps on the Edge. InfoWorld 24(21) (May 2002), http://www.infoworld.com/article/02/05/23/020527feedgetci_1.html
Miklau, G., Suciu, D.: Controlling Access to Published Data Using Cryptography. In: Proceedings of the 29th International Conference on Very Large Data Bases, pp. 898–909 (2003)
Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and Integrity in Outsourced Databases. In: Proceedings of the Network and Distributed System Security Symposium (February 2004)
Neuman, B., Tso, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine 32(9), 33–38 (1994)
Nievergelt, J., Hinterberger, H., Sevcik, K.: The Grid File: An Adaptable, Symmetric Multikey File Structure. ACM Transactions on Database Systems 9(1), 38–71 (1984)
Orenstein, J.A., Merrett, T.H.: A class of data structures for associative searching. In: Proceedings of the 3rd ACM SIGACT-SIGMOD Symposium on Principles of Database Systems (PODS), pp. 181–190 (1984)
Pang, H., Jain, A., Ramamritham, K., Tan, K.: Verifying Completeness of Relational Query Results in Data Publishing. In: Proceedings of the 2005 ACM SIGMOD International Conference on Management of Data (2005)
Pang, H., Tan, K.: Authenticating Query Results in Edge Computing. In: IEEE International Conference on Data Engineering, pp. 560–571 (March 2004)
Pang, H., Tan, K., Zhou, X.: StegFS: A Steganographic File System. In: Proceedings of the 19th International Conference on Data Engineering, Bangalore, India, pp. 657–668 (March 2003)
Rivest, R.L.: RFC 1321: The MD5 Message-Digest Algorithm, Internet Activities Board (1992)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Sagan, H.: Space-Filling Curves. Springer, Heidelberg (1994)
Samet, H.: The Quadtree and Related Hierarchical Data Structures. ACM Computing Surveys 16(2), 187–260 (1984)
Sandhu, R., Samarati, P.: Access Control: Principles and Practice. IEEE Communications Magazine 32(9), 40–48 (1994)
Saroiu, S., Gummadi, K., Dunn, R., Gribble, S., Levy, H.: An Analysis of Internet Content Delivery Systems. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pp. 315–327 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Cheng, W., Pang, H., Tan, KL. (2006). Authenticating Multi-dimensional Query Results in Data Publishing. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_5
Download citation
DOI: https://doi.org/10.1007/11805588_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36796-3
Online ISBN: 978-3-540-36799-4
eBook Packages: Computer ScienceComputer Science (R0)