1 / 27

DSAC (Digital Signature Aggregation and Chaining) - PowerPoint PPT Presentation

DSAC (Digital Signature Aggregation and Chaining). Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases. Contents. Signature Aggregation Mechanisms Chaining Mechanism Comparison of the results with previous work. ODB.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

PowerPoint Slideshow about ' DSAC (Digital Signature Aggregation and Chaining)' - heinz

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

DSAC(Digital Signature Aggregation and Chaining)

Digital Signature Aggregation & Chaining

An approach to ensure integrity of

outsourced databases

• Signature Aggregation Mechanisms

• Chaining Mechanism

• Comparison of the results with previous work

• Outsourced Data Base(ODB) model : Client stores its data at an external data base service provider.

• Concern: Ensure the database security & integrity.

• Authenticity: The tuples in the result set have not been tampered i.e correctness.

• Integrity: No valid tuples have been omitted from the result set i.e completeness

• Result result includes all the tuples matching the query predicates.

• Size : 0-n, or 2^n subsets,

where, n is total number of tuples in the database.

• Use to prove existence of an element in a set. For eg. prove x1 exists in the set y={x2, x6, x1, x9}

• Constructed as binary tree where leaves are hash value of corresponding element.

• Non leaf & Leaf nodes

• Root of the MHT is digitally signed using public key signature scheme (RSA/ DSA)

Auth DS (Authenticated Data Structures)

• Approach to prove correctness

• Uses MHT to prove correctness of the result set.

• Limitation : Need to pre-compute and store a potentially large number of authenticated data structures to answer queries.

• Completeness issue not answered

• Uses a modified MHT

• Not only root of MHT is signed but all nodes as well

• Limitation: Consumes large storage space and increased verification time.

• Provides proof of correctness

• Completeness issue not answered !

• Overheads associated with building, storing and updating data structures in AuthDS and VB tree.

• Signs each individual tuple before storing.

• Server stores tuples along with its corresponding signature.

• In response to a query, server sends both tuple and its signature.

• Query reply set consists of thousands of

tuples.

• Sending/ receiving and verifying signature of each tuple.

• Expensive for the querier.

• Combines multiple individual signatures in the result set into a unified/ aggregated signature.

• Verifying a unified signature is same as verifying signatures of each individual tuple in the result set.

• Includes the boundary tuples as well to ensure all the tuples matching the query is returned.

• Link the tuple level signatures to form a signature chain.

• If h() is a hash function such as SHA,

• || denotes concatenation,

• IPRi denotes immediate predecessor tuple along dimension ‘i’ ,

• l being number of searchable dimensions,

• SK is private signing key of the data owner

Computing IPR of a tuple follows

• Sort tuple in increasing order of the attribute value for each dimension.

• IPR of a given tuple in a given dimension is a tuple with highest value of the attribute that is less than the value of that tuple.

• Each tuple has as many IPRs as the number of searchable dimensions.

• Consider tuple R5

Completeness (contd.) follows

• In this way, server answers range queries by releasing all matching tuples, boundary tuples as well as aggregated signature.

• Signature chain proves querier that server has returned all tuples in the query range proving completeness.

Compleness(contd.) follows

• Querier on receiving the result set:

• Verifies the values in boundary tuples are just beyond the query range.

Building a result set follows

• Compute the tuple set Ts={Ra…Rz}

• Compute Tn consisting of immediate predecessor and successor nodes

Tn= {R(a-1), R(b+1)}

• Obtain corresponding signature of each tuple

• Calculate the aggregate the signature

(Contd) follows

• Chain the signature of all tuples along with its corresponding IPR

Now, the result consists of {Ts, Tn, Sign(r), ∑}

Analysis of DSAC scheme follows

• We compare the DSAC scheme with other prominent correctness/ completeness guarantee schemes such as AuthDS and VB tree.

Freshness follows

• Freshness : The result set in response to a query should be the recent snapshot of the database.

• Prevents the server from replaying the old signature chains, hence freshness is part of data integrity concerns.

Further scope follows

• How to reduce the size of the verification object.

{Ts, Tn, Sign(r), ∑}

• Freshness Issues

Reference follows

• DSAC : An approach to ensure integrity of outsourced databases using signature aggregation and chaining

• Authors : Maithili Narasimha & Gene Tsudik

Computer Science Department

University of California, Irvine