Embed Size (px)
Citation preview
Authentication and Integrity Authentication and Integrity in Outsourced Databasesin Outsourced Databases
Kanaka RajanalaKanaka Rajanala
What is Outsourced DatabaseWhat is Outsourced Database
Organizations outsource their data Organizations outsource their data management needs to an external management needs to an external provider.provider.
The service provider hosts client The service provider hosts client database and offers mechanisms.database and offers mechanisms.• Create databases Create databases • UpdatingUpdating• StoringStoring• Accessing (querying)Accessing (querying)
Advantages of ODBAdvantages of ODB
The organizations can concentrate The organizations can concentrate on their core tasks and operate their on their core tasks and operate their business applications via Internet.business applications via Internet.
Don’t worry aboutDon’t worry about• Deployment, instillation, Deployment, instillation,
maintenance ,upgrades.maintenance ,upgrades.• Hire, train/retain people.Hire, train/retain people.
ChallengesChallenges
Overall performanceOverall performance
ScalabilityScalability
UsabilityUsability
ChallengesChallenges
• Privacy/SecurityPrivacy/Security• Protection of outsourced data from Protection of outsourced data from
intruders and attacks.intruders and attacks.
• Protecting clients from misuse of data Protecting clients from misuse of data by service providers.by service providers.
• Ensuring Ensuring integrity+privacy+completeness of integrity+privacy+completeness of query replies.query replies.
GoalGoal
This paper investigate techniques to This paper investigate techniques to help ODB client authenticate the help ODB client authenticate the origin and verify the integrity of data origin and verify the integrity of data returned by the service provider in returned by the service provider in response to a posed query.response to a posed query.
System ModelSystem Model
ODB is an example of Client –Server ODB is an example of Client –Server model.model.
Types of ODBTypes of ODB
• Unified Client ModelUnified Client Model
• Multi Querier ModelMulti Querier Model
• Multi Owner ModelMulti Owner Model
1. Unified Owner Scenario1. Unified Owner Scenario
Data Deposit + Queries
A single entity creates, queries, manipulates thedatabase.
Owner/Querier Encrypted User Database
Server
Server Site
2. Multi-Querier Scenario2. Multi-Querier Scenario
Encrypted User Database
Data Deposit
& queries
Server
Server Site
Data Queries
Querier 1
Querier 3Querier 2
Owner/Querier
3. Multi-Owner Scenario3. Multi-Owner Scenario
Owner 1 Encrypted User Database
Server
Server Site
Data Queries
Querier 2
Owner 2
Owner 3Querier 1
Data D
epo
sit &
qu
eries
Why do we need Integrity Why do we need Integrity
In some occasions where we may not In some occasions where we may not want secrecy but want integritywant secrecy but want integrity
• Every one is allowed to read a messageEvery one is allowed to read a message
• But no one is allowed to modify it.But no one is allowed to modify it.
Why do we need AuthenticationWhy do we need Authentication
To authenticate the source of data.To authenticate the source of data.
The main goal is to assure ODB The main goal is to assure ODB clients that the data they receive clients that the data they receive from the server has not be tampered from the server has not be tampered from an external adversary or the from an external adversary or the server itself.server itself.
Granularity of IntegrityGranularity of Integrity
Table level-impractical for large Table level-impractical for large tables.tables.
Column level-very expensive for the Column level-very expensive for the owner in terms of computation.owner in terms of computation.
Optimal is to provide integrity at row Optimal is to provide integrity at row level.level.
Overhead Factors and Desired Overhead Factors and Desired FeaturesFeatures
Querier computationQuerier computation Querier bandwidthQuerier bandwidth Server computationServer computation Owner computationOwner computation Server storageServer storage
MAC’s or SignaturesMAC’s or Signatures
With MAC client can ask server to With MAC client can ask server to store record along with MAC.store record along with MAC.
Works for Unified Client model where Works for Unified Client model where owner and querier are same.owner and querier are same.
Cannot be worked with other modelsCannot be worked with other models• MAC key to be shared between all MAC key to be shared between all
owners and queriers.owners and queriers.• Non repudiation of queries cannot be Non repudiation of queries cannot be
achieved.achieved.
Standard RSAStandard RSA
Condensed RSA Condensed RSA
ServerServer::• Selects records matching posed querySelects records matching posed query• Multiplies corresponding RSA signaturesMultiplies corresponding RSA signatures• Returns Returns singlesingle signature to querier signature to querier
Given t record signatures:
{σ1, σ2 … σt} ,
compute combined signature
σ1,t = Πσi mod n
Send σ1,t to the querier
Serverσ1,t
Given t messages:
{m1,m2 … mt} and σ1,t
verify combined signature:
(σ1,t)e = ? = Π h(mi) (mod n)
Querier
Condensed RSACondensed RSA
Reduced querier computation costsReduced querier computation costs• Querier performs (Querier performs (t-1) t-1) mult-s and a mult-s and a oneone
exponentiationexponentiation
Constant bandwidth overheadConstant bandwidth overhead• Querier receives a single RSA signatureQuerier receives a single RSA signature
As secure as batch RSA (with FDH)As secure as batch RSA (with FDH)
Not efficient for Multi-Owner modelNot efficient for Multi-Owner model
Batch Verification of RSA SignaturesBatch Verification of RSA Signatures
BatchingBatching: useful when many signature : useful when many signature verifications need to be performed verifications need to be performed simultaneouslysimultaneously
Reduces computational overheadReduces computational overhead• By reducing the total number of modular By reducing the total number of modular
exponentiationsexponentiations
Fast screening of RSA signatures : Fast screening of RSA signatures : • Given a batch instance of signatures {σGiven a batch instance of signatures {σ11, σ, σ22 … … σσtt} on } on
distinct messages {mdistinct messages {m11, m, m22 … m … mtt} }
where h() is a full domain hash function
)(mod)(11
nmht
i
i
et
i
i
Fast Screening Fast Screening
Reduces (somewhat) querier computation Reduces (somewhat) querier computation but but notnot bandwidth overhead bandwidth overhead• Individual signatures are sent to the querier for Individual signatures are sent to the querier for
verificationverification
Bandwidth overhead can be overwhelmingBandwidth overhead can be overwhelming• Consider weak (anemic) queriersConsider weak (anemic) queriers• Query reply can have thousands of recordsQuery reply can have thousands of records• Each RSA signature is at least 1024 bits!Each RSA signature is at least 1024 bits!
Cost ComparisonsCost Comparisons
Condensed RSACondensed RSA Batch DSABatch DSA
SignSign 1 signature1 signature 6.826.82 3.823.82
VerifyVerify
1 signature1 signature
t =1000 sigs, k=1 signert =1000 sigs, k=1 signer
t =100 sigs, k=10 signerst =100 sigs, k=10 signers
t =1000 sigs, k = 10 t =1000 sigs, k = 10 signers signers
0.160.16
44.1244.12
45.1645.16
441.1441.1
8.528.52
1623.591623.59
1655.861655.86
16203.516203.5
Parameters:For RSA: |n| = 1024For DSA: |p| = 1024 and |q| = 160
1. Querier computation:
