Database outsourcing requires that a query server constructs a proof of result correctness, which can be verified by the client using the data owner’s signature. Previous authentication techniques deal with range queries on a single relation using an authenticated data structure (ADS). On the other hand, authenticated join processing is inherently more complex than ranges since only the base relations (but not their combination) are signed by the owner. In this paper, we present three novel join algorithms depending on the ADS availability: (i) Authenticated Indexed Sort Merge Join (AISM), which utilizes a single ADS on the join attribute, (ii) Authenticated Index Merge Join (AIM) that requires an ADS (on the join attribute) for both relations, and (iii) Authenticated Sort Merge Join (ASM), which does not rely on any ADS. We experimentally demonstrate that the proposed methods outperform two benchmark algorithms, often by several orders of magnitude, on all performance metrics, and effectively shift the workload to the outsourcing service. Finally, we extend our techniques to complex queries that combine multi-way joins with selections and projections.

The Sarbanes-Oxley Act inspired research on long-term high-integrity retention of business records, based on the long-term immutability guarantees that WORM storage servers offer for files. Researchers recently proposed a Log-compliant DBMS Architecture (LDA) that extends those immutability guarantees to relational tuples, using an approach that imposes a 10-20 % performance penalty on TPC-C benchmark runs. In this paper, we present the transaction log on WORM (TLOW) approach for supporting long-term immutability for relational tuples. TLOW incurs less than 1 % runtime overhead on TPC-C benchmarks with Berkeley DB, which is much less than for LDA. TLOW requires no changes to the DBMS kernel, and audit time is comparable to that of LDA: 2.7 % of transaction time, i.e. ten days for a yearly audit on the platform we used. We also introduce the audit helper (AH) add-on to TLOW, which decreases the cost of a yearly audit on our platform to two hours. We provide a proof of correctness for TLOW, which exposes a subtle threat. The proof also illustrates a non-obvious problem with LDA, which we show how to correct. 1

In an outsourced database system the data owner publishes information through a number of remote, untrusted servers with the goal of enabling clients to access and query the data more efficiently. As clients cannot trust servers, query authentication is an essential component in any outsourced database system. Clients should be given the capability to verify that the answers provided by the servers are correct with respect to the actual data published by the owner. While existing work provides authentication techniques for selection and projection queries, there is a lack of techniques for authenticating aggregation queries. This article introduces the first known authenticated index structures for aggregation queries. First, we design an index that features good performance characteristics for static environments, where few or no updates occur to the data. Then, we extend these ideas and propose more involved structures for the dynamic case, where the database owner is allowed to update the data arbitrarily. Our structures feature excellent average case performance for authenticating queries with multiple aggregate attributes and multiple selection predicates. We also implement working prototypes of the proposed techniques and experimentally validate the correctness of our ideas. 1

We are interested in the integrity of the query results from an outsourced database service provider. Alice passes a set D of d-dimensional points, together with some authentication tag T, to an untrusted service provider Bob. Later, Alice issues some query over D to Bob, and Bob should produce a query result and a proof based on D and T. Alice wants to verify the integrity of the query result with the help of the proof, using only the private key. In this paper, we consider aggregate query conditional on multidimensional range selection. In its basic form, a query asks for the total number of data points within a d-dimensional range. We are concerned about the number of communication bits required and the size of the tag T. We give a method that requires O(d 2) communication bits to authenticate an aggregate query conditional on d-dimensional range selection. Besides counting, summing and finding of the minimum can also be supported. Furthermore, our scheme can be extended slightly to authenticate d-dimensional usual (non-aggregate) range selection query with O(d 2) bits communication overhead, improving known results that require O(log d−1 N) communication overhead, where N is the number of data points in the dataset.

With the rise of cloud computing, it is increasingly attractive for end-users (organizations and individuals) to outsource the management of their data to a small number of largescale service providers. In this paper, we consider a user who wants to outsource storage and search for a corpus of web documents (e.g., an intranet). At the same time, the corpus may contain confidential documents that the organization does not want to reveal to the service provider. While past work has considered the problems of secure keyword search and secure indexing, all of the proposed tools require significant modifications to existing search engines and infrastructure. In this paper, we propose a system called PrivatePond, which allows confidential outsourced web search using an unmodified search engine. The system is built around the central idea of a secure indexable representation, which is attached to each document in the corpus, and constructed with the goal of balancing confidentiality and searchability. In addition, a secure local proxy is used to provide transparency to the end-user. While the idea of a secure indexable representation is very general, we propose a preliminary instantiation of this idea, which provides practical confidentiality. In addition, an experimental evaluation indicates that this indexable representation can provide high-quality search and ranking, similar to what is available using the unmodified corpus. 1.

Abstract In spatial database outsourcing, a data owner delegates its data management tasks to a location-based service (LBS), which indexes the data with an authenticated data structure (ADS). The LBS receives queries (ranges, nearest neighbors) originating from several clients/subscribers. Each query initiates the computation of a verification object (VO) based on the ADS. The VO is returned to the client that can verify the result correctness using the public key of the owner. Our first contribution is the MR-tree, a space-efficient ADS that supports fast query processing and verification. Our second contribution is the MR*-tree, a modified version of the MR-tree, which significantly reduces the VO size through a novel embedding technique. Finally, whereas most ADSs must be constructed and maintained by the owner, we outsource the MR- and MR*-tree construction and maintenance to the LBS, thus relieving the owner from this computationally intensive task.

Abstract. In the last years, data outsourcing has received an increasing attention by the research community thanks to the benefits that it brings in terms of data management. A basic requirement in such a scenario is that outsourced data be made accessible only toauthorized users, that is, no unauthorized party (including the storing server) should have access tothedata. While existingproposals provideasoundbasis for addressing such a need with respect to data dissemination (i.e., enforcement of read authorizations), they fall short on the support of write authorizations. In this paper we address such an open problem and present an approach to enforce write privileges over outsourced data. Our work nicely extends andcomplementsexistingsolutions, andexploitingkeyderivationtokens, hashing, and HMAC functions provides efficient and effective controls.

Cloud storage services have recently emerged as a successful approach for making resources conveniently available to large communities of users. Several techniques have been investigated for enabling such services, including encryption for ensuring data protection, as well as indexing for enabling efficient query execution on encrypted data. When data are to be made available selectively, the combined use of the two techniques must be handled with care, since indexes can put the confidentiality protection guaranteed by encryption at risk. In this paper, we investigate this issue and propose an indexing technique for supporting efficient access to encrypted data while preventingpossible disclosure of datato users not authorized to access them. Intuitively, our indexing technique accounts for authorizations when producing indexes so to ensure that different occurrences of the same plaintext value, but accessible by different sets of users, be not recognizable from their indexes. We show that our solution exhibits alimited performance overheadin queryevaluation, while preventing leakage of information.

Currently, many individuals and organizations outsource their data to remote cloud service providers (CSPs) seeking to reduce the maintenance cost and the burden of large local data storage. The CSP offers paid storage space on its infrastructure to store customers ’ data. Replicating data on multiple servers across multiple data centers achieves a higher level of scalability, availability, and durability. The more copies the CSP is asked to store, the more fees the customers are charged. Therefore, customers need to be strongly convinced that the CSP is storing all data copies that are agreed upon in the service contract, and the data-update requests issued by the customers have been correctly executed on all remotely stored copies. In this paper we propose two dynamic multi-copy provable data possession schemes that achieve two main goals: i) they prevent the CSP from cheating and using less storage by maintaining fewer copies, and ii) they support dynamic behavior of data copies over cloud servers via operations such as block modification, insertion, deletion, and append. We prove the security of the proposed schemes against colluding servers. Through theoretical analysis and experimental results, we demonstrate the performance of these schemes. Additionally, we discuss how to identify corrupted copies by slightly modifying the proposed schemes.

Abstract—Ensuring proper privacy and protection of the information stored, communicated, processed, and disseminated in the cloud as well as of the users accessing such an information is one of the grand challenges of our modern society. As a matter of fact, the advancements in the Information Technology and the diffusion of novel paradigms such as data outsourcing and cloud computing, while allowing users and companies to easily access high quality applications and services, introduce novel privacy risks of improper information disclosure and dissemination. In this paper, we will characterize different aspects of the privacy problem in emerging scenarios. We will illustrate risks, solutions, and open problems related to ensuring privacy of users accessing services or resources in the cloud, sensitive information stored at external parties, and accesses to such an information. Index Terms—Privacy risks, data protection, private access, outsourced data, cloud I.