Dsac digital signature aggregation and chaining
Download
1 / 27

DSAC (Digital Signature Aggregation and Chaining) - PowerPoint PPT Presentation


  • 128 Views
  • Uploaded on

DSAC (Digital Signature Aggregation and Chaining). Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases. Contents. Signature Aggregation Mechanisms Chaining Mechanism Comparison of the results with previous work. ODB.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' DSAC (Digital Signature Aggregation and Chaining)' - heinz


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Dsac digital signature aggregation and chaining

DSAC(Digital Signature Aggregation and Chaining)

Digital Signature Aggregation & Chaining

An approach to ensure integrity of

outsourced databases


Contents
Contents

  • Signature Aggregation Mechanisms

  • Chaining Mechanism

  • Comparison of the results with previous work


ODB

  • Outsourced Data Base(ODB) model : Client stores its data at an external data base service provider.

  • Concern: Ensure the database security & integrity.


  • Authenticity: The tuples in the result set have not been tampered i.e correctness.

  • Integrity: No valid tuples have been omitted from the result set i.e completeness


Result set size of a result set
Result set & Size of a result set

  • Result result includes all the tuples matching the query predicates.

  • Size : 0-n, or 2^n subsets,

    where, n is total number of tuples in the database.


Merkle hash tree
Merkle Hash Tree

  • Use to prove existence of an element in a set. For eg. prove x1 exists in the set y={x2, x6, x1, x9}

  • Constructed as binary tree where leaves are hash value of corresponding element.

  • Non leaf & Leaf nodes

  • Root of the MHT is digitally signed using public key signature scheme (RSA/ DSA)



Auth ds authenticated data structures
Auth DS (Authenticated Data Structures)

  • Approach to prove correctness

  • Uses MHT to prove correctness of the result set.

  • Limitation : Need to pre-compute and store a potentially large number of authenticated data structures to answer queries.

  • Completeness issue not answered


Vb tree approach
VB Tree Approach

  • Uses a modified MHT

  • Not only root of MHT is signed but all nodes as well

  • Limitation: Consumes large storage space and increased verification time.

  • Provides proof of correctness

  • Completeness issue not answered !


Drawbacks
Drawbacks…

  • Overheads associated with building, storing and updating data structures in AuthDS and VB tree.

  • Signs each individual tuple before storing.

  • Server stores tuples along with its corresponding signature.

  • In response to a query, server sends both tuple and its signature.


Drawbacks contd
Drawbacks(contd.)

  • Query reply set consists of thousands of

    tuples.

  • Sending/ receiving and verifying signature of each tuple.

  • Expensive for the querier.


Dsac correctness
DSAC: Correctness

  • Combines multiple individual signatures in the result set into a unified/ aggregated signature.

  • Verifying a unified signature is same as verifying signatures of each individual tuple in the result set.


Dsac completeness
DSAC: Completeness

  • Includes the boundary tuples as well to ensure all the tuples matching the query is returned.

  • Link the tuple level signatures to form a signature chain.


Constructing signature chains
Constructing signature chains

  • If h() is a hash function such as SHA,

  • || denotes concatenation,

  • IPRi denotes immediate predecessor tuple along dimension ‘i’ ,

  • l being number of searchable dimensions,

  • SK is private signing key of the data owner



Computing ipr of a tuple
Computing IPR of a tuple follows

  • Sort tuple in increasing order of the attribute value for each dimension.

  • IPR of a given tuple in a given dimension is a tuple with highest value of the attribute that is less than the value of that tuple.

  • Each tuple has as many IPRs as the number of searchable dimensions.


Example of signature chaining
Example of signature chaining follows

  • Consider tuple R5


Completeness contd
Completeness (contd.) follows

  • In this way, server answers range queries by releasing all matching tuples, boundary tuples as well as aggregated signature.

  • Signature chain proves querier that server has returned all tuples in the query range proving completeness.


Compleness contd
Compleness(contd.) follows

  • Querier on receiving the result set:

  • Verifies the values in boundary tuples are just beyond the query range.


Building a result set
Building a result set follows

  • Compute the tuple set Ts={Ra…Rz}

  • Compute Tn consisting of immediate predecessor and successor nodes

    Tn= {R(a-1), R(b+1)}

  • Obtain corresponding signature of each tuple

  • Calculate the aggregate the signature


Contd
(Contd) follows

  • Chain the signature of all tuples along with its corresponding IPR

    Now, the result consists of {Ts, Tn, Sign(r), ∑}


Analysis of dsac scheme
Analysis of DSAC scheme follows

  • We compare the DSAC scheme with other prominent correctness/ completeness guarantee schemes such as AuthDS and VB tree.




Freshness
Freshness follows

  • Freshness : The result set in response to a query should be the recent snapshot of the database.

  • Prevents the server from replaying the old signature chains, hence freshness is part of data integrity concerns.


Further scope
Further scope follows

  • How to reduce the size of the verification object.

    {Ts, Tn, Sign(r), ∑}

  • Freshness Issues


Reference
Reference follows

  • DSAC : An approach to ensure integrity of outsourced databases using signature aggregation and chaining

  • Authors : Maithili Narasimha & Gene Tsudik

    Computer Science Department

    University of California, Irvine


ad