Abstract
Database outsourcing is a popular industry trend which involves organizations delegating their data management needs to an external service provider. Since a service provider is almost never fully trusted, security and privacy of outsourced data are important concerns.
This paper focuses on integrity and authenticity issues in outsourced databases. Whenever someone queries a hosted database, the returned results must be demonstrably authentic: the querier needs to establish – in an efficient manner – that both integrity and authenticity (with respect to the actual data owner) are assured. To this end, some recent work [19] examined two relevant signature schemes: a condensed variant of batch RSA [3] and an aggregated signature scheme based on bilinear maps [6]
In this paper, we introduce the notion of immutability for aggregated signature schemes. Immutability refers to the difficulty of computing new valid aggregated signatures from a set of other aggregated signatures. This is an important feature, particularly for outsourced databases, since lack thereof enables a frequent querier to eventually amass enough aggregated signatures to answer other (un-posed) queries, thus becoming a de facto service provider. Since prior work does not offer immutability, we propose several practical techniques to achieve it.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
MIRACL Library, http://indigo.ie/~mscott
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Advances in Cryptology - Crypto, pp. 186–194 (1987)
Bellare, M., Garay, J., Rabin, T.: Fast Batch Verification for Modular Exponentiation and Digital Signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 191–2048. Springer, Heidelberg (1998)
Bellare, M., Palacio, A.: GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks. In: Advances in Cryptology - Crypto, pp. 162–177 (1992)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols, pp. 62–73. ACM Press, New York (1993)
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Eurocrypt (1993)
Camenisch, J.: Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. ETH-Series in Information Security an Cryptography, vol. 2. Hartung-Gorre Verlag, Konstanz (1998) ISBN 3-89649-286-1
Camenisch, J., Stadler, M.: Efficient Group Signature Schemes for Large Groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)
Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private Information Retrieval. Journal of ACM, 965–981 (1998)
Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.: Authentic third-party data publication. In: 14th IFIP Working Conference in Database Security, pp. 101–112 (2000)
Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting Data Privacy in Private Information Retrieval Schemes 30th Annual Symposium on Theory of Computing (STOC) ACM Press (1998)
Goh, E.: Secure Indexes for Efficient Searching on Encrypted Compressed Data. Cryptology ePrint Archive, Report 2003/216 (2003)
Guillou, L., Quisquater, J.: A “Paradoxical” Identity-Based Signature Scheme Resulting from Zero-Knowledge. In: Advances in Cryptology - Crypto, pp. 216–231 (1998)
Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over Encrypted Data in the Database-Service-Provider Model. In: ACM SIGMOD Conference on Management of Data, pp. 216–227 (2002)
Hacigümüş, H., Iyer, B., Mehrotra, S.: Encrypted Database Integrity in Database Service Provider Model. In: International Workshop on Certification and Security in E-Services (2002)
Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Providing Database as a Service. In: International Conference on Data Engineering (2002)
Joux, A., Nguyen, K.: Separating decision Diffie-Hellman from Diffie-Hellman in cryptographic groups. Cryptology ePrint Archive, Report 2001/003 (2001)
Martel, C., Nuckolls, G., Devanbu, P., Gertz, M., Kwong, A., Stubblebine, S.: A General Model for authenticated data structures. Algorithmica 39 (2004)
Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and Integrity in Outsourced Databases. In: ISOC Symposium on Network and Distributed Systems Security, pp. 205–214 (2004)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 120–126 (1978)
Song, D., Wagner, D., Perrig, A.: Practical Techniques for Searches on Encrypted Data. In: IEEE Symposium on Security and Privacy, pp. 44–55 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mykletun, E., Narasimha, M., Tsudik, G. (2004). Signature Bouquets: Immutability for Aggregated/Condensed Signatures. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds) Computer Security – ESORICS 2004. ESORICS 2004. Lecture Notes in Computer Science, vol 3193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30108-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-30108-0_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22987-2
Online ISBN: 978-3-540-30108-0
eBook Packages: Springer Book Archive