## Super-efficient verification of dynamic outsourced databases (2008)

### Cached

### Download Links

- [www.cs.brown.edu]
- [www.cs.bu.edu]
- [cs.brown.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | IN RSA CONFERENCE—CRYPTO TRACK |

Citations: | 14 - 5 self |

### BibTeX

@INPROCEEDINGS{Goodrich08super-efficientverification,

author = {Michael T. Goodrich and Roberto Tamassia and Nikos Triandopoulos},

title = {Super-efficient verification of dynamic outsourced databases},

booktitle = {IN RSA CONFERENCE—CRYPTO TRACK},

year = {2008},

publisher = {}

}

### OpenURL

### Abstract

We develop new algorithmic and cryptographic techniques for authenticating the results of queries over databases that are outsourced to an untrusted responder. We depart from previous approaches by considering super-efficient answer verification, where answers to queries are validated in time asymptotically less that the time spent to produce them and using lightweight cryptographic operations. We achieve this property by adopting the decoupling of query answering and answer verification in a way designed for queries related to range search. Our techniques allow for efficient updates of the database and protect against replay attacks performed by the responder. One such technique uses an off-line audit mechanism: the data source and the user keep digests of the sequence of operations, yet are able to jointly audit the responder to determine if a replay attack has occurred since the last audit.

### Citations

355 |
A certified digital signature
- Merkle
- 1989
(Show Context)
Citation Context ...rovided to the user by the server that can be used to verify the authenticity of the answer. Research has mostly focused on hash-based authentication protocols, where extensions of Merkle’s hash tree =-=[16]-=- are used for authenticating membership queries (e.g., [6, 11, 19, 26, 27]) or more general query types, such as basic operations on relational databases [9], pattern matching and orthogonal range sea... |

175 | Dynamic accumulators and application to efficient revocation of anonymous credentials
- Camenisch, Lysyanskaya
- 2002
(Show Context)
Citation Context ...ctionaries in the two-party model, where the source keeps minimal state to check the integrity of its outsourced data, appear in [10, 24]. Finally, in [12] it is showed how to use the RSA accumulator =-=[7]-=- to realize a dynamic authenticated dictionary that achieves constant (thus super-efficient) verification costs at the client. There has also been a growing body of work on authenticating queries in o... |

172 | Collision-free accumulators and fail-stop signature schemes without trees
- Barić, Pfitzmann
- 1997
(Show Context)
Citation Context ...acy of replay-attack detections. In our authentication schemes, we use standard cryptographic tools, such as collision-resistant hash functions and digital signatures, and the dynamic RSA accumulator =-=[2, 3, 7]-=-. Given a set X of size n, an accumulator can be used to incrementally and order-independently (through bivariate function f(·, ·)) compute a constant-size accumulation value A(X), with respect to whi... |

149 | Certificate revocation and certificate update
- Naor, Nissim
- 2000
(Show Context)
Citation Context ...mited devices query continuously and at high rates data that is outsourced to untrusted, geographically dispersed, proxy machines. Related Work. Extensive work exists on authenticated data structures =-=[19, 25]-=-, which model secure data querying in adversarial environments, where data created by a trusted source becomes available to users through queries after it is replicated to an untrusted remote server. ... |

122 | One-way accumulators: a decentralized alternative to digital signature[A]. EUROCRYPT’93[C
- BENALOH, MARE
- 1993
(Show Context)
Citation Context ...acy of replay-attack detections. In our authentication schemes, we use standard cryptographic tools, such as collision-resistant hash functions and digital signatures, and the dynamic RSA accumulator =-=[2, 3, 7]-=-. Given a set X of size n, an accumulator can be used to incrementally and order-independently (through bivariate function f(·, ·)) compute a constant-size accumulation value A(X), with respect to whi... |

102 | Checking the correctness of memories
- Blum, Evans, et al.
- 1994
(Show Context)
Citation Context ...ies essentially boil down to one-dimensional range search queries. General authentication techniques have been also proposed for certain query classes, including read-write operations on memory cells =-=[5]-=-, queries on static data that are modeled as search DAGs [15], and decomposable queries over sequences and iterativeSuper-Efficient Verification of Dynamic Outsourced Databases 3 searches over catalo... |

102 | G.: Authentication and integrity in outsourced databases
- Mykletun, Narasimha, et al.
(Show Context)
Citation Context ..., in [14] authentication techniques based on B-trees and aggregated signatures are studied experimentally. Table 1. A summary of how our results are qualitatively compared with existing work. [5, 13] =-=[21, 18]-=- [20] this work super-efficient • • • dynamic • • • replay safe • n.a. • Our Contributions. We provide the first super-efficient authentication techniques for one-dimensional range searching (or queri... |

65 | Flexible authentication of XML documents
- DEVANBU, GERTZ, et al.
- 2001
(Show Context)
Citation Context ...) or more general query types, such as basic operations on relational databases [9], pattern matching and orthogonal range searching [15], graph connectivity and geometric searching [13], XML queries =-=[4, 8]-=-, and two-dimensional grid searching [1]. Many of these queries essentially boil down to one-dimensional range search queries. General authentication techniques have been also proposed for certain que... |

62 | L.: Dynamic authenticated index structures for outsourced databases - Li, Hadjieleftheriou, et al. - 2006 |

52 | S.G.: Authentic data publication over the internet
- Devanbu, Gertz, et al.
- 2003
(Show Context)
Citation Context ...s, where extensions of Merkle’s hash tree [16] are used for authenticating membership queries (e.g., [6, 11, 19, 26, 27]) or more general query types, such as basic operations on relational databases =-=[9]-=-, pattern matching and orthogonal range searching [15], graph connectivity and geometric searching [13], XML queries [4, 8], and two-dimensional grid searching [1]. Many of these queries essentially b... |

50 | S.G.: A general model for authenticated data structures
- Martel, Nuckolls, et al.
- 2004
(Show Context)
Citation Context ...ed for authenticating membership queries (e.g., [6, 11, 19, 26, 27]) or more general query types, such as basic operations on relational databases [9], pattern matching and orthogonal range searching =-=[15]-=-, graph connectivity and geometric searching [13], XML queries [4, 8], and two-dimensional grid searching [1]. Many of these queries essentially boil down to one-dimensional range search queries. Gene... |

49 | K.L.: Verifying completeness of relational query results in data publishing
- Pang, Jain, et al.
- 2005
(Show Context)
Citation Context ...yptographic hashing and accumulators are used in the first hash-based super-efficient, but static, verification scheme that achieves O(log t) communication cost and O(t) verification cost, whereas in =-=[23]-=-, static hash trees, where each tree node is individually signed, are used to authenticate range queries, incurring cost of O(t) signature verifications. In [20] signature aggregation is used to accel... |

48 | A.: Selective and authentic third-party distribution of xml documents
- Bertino, Carminati, et al.
- 2004
(Show Context)
Citation Context ...) or more general query types, such as basic operations on relational databases [9], pattern matching and orthogonal range searching [15], graph connectivity and geometric searching [13], XML queries =-=[4, 8]-=-, and two-dimensional grid searching [1]. Many of these queries essentially boil down to one-dimensional range search queries. General authentication techniques have been also proposed for certain que... |

48 | Zero-knowledge sets
- Micali, Rabin, et al.
- 2003
(Show Context)
Citation Context ..., it is showed that for a set of size n, all costs related to authentication are at least logarithmic in n in the worst case. Related work on consistency and privacy of committed databases appears in =-=[6, 17, 22]-=-. Authenticated dictionaries in the two-party model, where the source keeps minimal state to check the integrity of its outsourced data, appear in [10, 24]. Finally, in [12] it is showed how to use th... |

46 | Authenticated data structures for graph and geometric searching
- Goodrich, Tamassia, et al.
- 2003
(Show Context)
Citation Context ...6, 11, 19, 26, 27]) or more general query types, such as basic operations on relational databases [9], pattern matching and orthogonal range searching [15], graph connectivity and geometric searching =-=[13]-=-, XML queries [4, 8], and two-dimensional grid searching [1]. Many of these queries essentially boil down to one-dimensional range search queries. General authentication techniques have been also prop... |

40 | An efficient dynamic and distributed cryptographic accumulator
- Goodrich, Tamassia, et al.
- 2002
(Show Context)
Citation Context ...atabases appears in [6, 17, 22]. Authenticated dictionaries in the two-party model, where the source keeps minimal state to check the integrity of its outsourced data, appear in [10, 24]. Finally, in =-=[12]-=- it is showed how to use the RSA accumulator [7] to realize a dynamic authenticated dictionary that achieves constant (thus super-efficient) verification costs at the client. There has also been a gro... |

39 | Accountable certificate management using undeniable attestations - Buldas, Laud, et al. |

26 | Efficient and fresh certification
- Gassko, Gemmell, et al.
- 2000
(Show Context)
Citation Context ...y the authenticity of the answer. Research has mostly focused on hash-based authentication protocols, where extensions of Merkle’s hash tree [16] are used for authenticating membership queries (e.g., =-=[6, 11, 19, 26, 27]-=-) or more general query types, such as basic operations on relational databases [9], pattern matching and orthogonal range searching [15], graph connectivity and geometric searching [13], XML queries ... |

26 | Authentication of Outsourced Databases using Signature Aggregation and Chaining
- Narasimha, Tsudik
- 2006
(Show Context)
Citation Context ...and O(t) verification cost, whereas in [23], static hash trees, where each tree node is individually signed, are used to authenticate range queries, incurring cost of O(t) signature verifications. In =-=[20]-=- signature aggregation is used to accelerate the verification of the (individually signed) answer records. Both schemes achieve super-efficiency, but not coupled with both efficient updates and replay... |

22 | Authenticated data structures
- Tamassia
- 2003
(Show Context)
Citation Context ...mited devices query continuously and at high rates data that is outsourced to untrusted, geographically dispersed, proxy machines. Related Work. Extensive work exists on authenticated data structures =-=[19, 25]-=-, which model secure data querying in adversarial environments, where data created by a trusted source becomes available to users through queries after it is replicated to an untrusted remote server. ... |

21 | Efficient consistency proofs for generalized queries on a committed database
- Ostrovsky, Rackoff, et al.
- 2004
(Show Context)
Citation Context ..., it is showed that for a set of size n, all costs related to authentication are at least logarithmic in n in the worst case. Related work on consistency and privacy of committed databases appears in =-=[6, 17, 22]-=-. Authenticated dictionaries in the two-party model, where the source keeps minimal state to check the integrity of its outsourced data, appear in [10, 24]. Finally, in [12] it is showed how to use th... |

18 | Computational bounds on hierarchical data processing with applications to information security
- Tamassia, Triandopoulos
- 2004
(Show Context)
Citation Context ...y the authenticity of the answer. Research has mostly focused on hash-based authentication protocols, where extensions of Merkle’s hash tree [16] are used for authenticating membership queries (e.g., =-=[6, 11, 19, 26, 27]-=-) or more general query types, such as basic operations on relational databases [9], pattern matching and orthogonal range searching [15], graph connectivity and geometric searching [13], XML queries ... |

17 |
A.: Efficient Data Authentication in an Environment of Untrusted Third-Party Distributors
- Atallah, Cho, et al.
(Show Context)
Citation Context ...c operations on relational databases [9], pattern matching and orthogonal range searching [15], graph connectivity and geometric searching [13], XML queries [4, 8], and two-dimensional grid searching =-=[1]-=-. Many of these queries essentially boil down to one-dimensional range search queries. General authentication techniques have been also proposed for certain query classes, including read-write operati... |

15 |
Verified query results from hybrid authentication trees
- Nuckolls
- 2005
(Show Context)
Citation Context ...bases residing in external memory and are queries through SQL queries which are founded on onedimensional range search. In [9, 13] range queries are supported with O(log n+t) authentication costs. In =-=[21]-=-, cryptographic hashing and accumulators are used in the first hash-based super-efficient, but static, verification scheme that achieves O(log t) communication cost and O(t) verification cost, whereas... |

13 | Efficient content authentication in peer-to-peer networks
- Tamassia, Triandopoulos
- 2007
(Show Context)
Citation Context ...y the authenticity of the answer. Research has mostly focused on hash-based authentication protocols, where extensions of Merkle’s hash tree [16] are used for authenticating membership queries (e.g., =-=[6, 11, 19, 26, 27]-=-) or more general query types, such as basic operations on relational databases [9], pattern matching and orthogonal range searching [15], graph connectivity and geometric searching [13], XML queries ... |

12 |
Time and space efficient algorithms for two-party authenticated data structures
- Papamanthou, Tamassia
- 2007
(Show Context)
Citation Context ...privacy of committed databases appears in [6, 17, 22]. Authenticated dictionaries in the two-party model, where the source keeps minimal state to check the integrity of its outsourced data, appear in =-=[10, 24]-=-. Finally, in [12] it is showed how to use the RSA accumulator [7] to realize a dynamic authenticated dictionary that achieves constant (thus super-efficient) verification costs at the client. There h... |

8 |
Authenticated relational tables and authenticated skip lists
- Battista, Palazzi
- 2007
(Show Context)
Citation Context ...privacy of committed databases appears in [6, 17, 22]. Authenticated dictionaries in the two-party model, where the source keeps minimal state to check the integrity of its outsourced data, appear in =-=[10, 24]-=-. Finally, in [12] it is showed how to use the RSA accumulator [7] to realize a dynamic authenticated dictionary that achieves constant (thus super-efficient) verification costs at the client. There h... |