This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Query Access Assurance in Outsourced Databases
Second 2012 (vol. 5 no. 2)
pp. 178-191
Wangchao Le, Florida State University, Tallahassee
Feifei Li, Florida State University, Tallahassee
Query execution assurance is an important concept in defeating lazy servers in the database as a service model. We show that extending query execution assurance to outsourced databases with multiple data owners is highly inefficient. To cope with lazy servers in the distributed setting, we propose query access assurance (Qaa) that focuses on IO-bound queries. The goal in Qaa is to enable clients to verify that the server has honestly accessed all records that are necessary to compute the correct query answer, thus eliminating the incentives for the server to be lazy if the query cost is dominated by the IO cost in accessing these records. We formalize this concept for distributed databases, and present two efficient schemes that achieve Qaa with high success probabilities. The first scheme is simple to implement and deploy, but may incur excessive server to client communication cost and verification cost at the client side, when the query selectivity or the database size increases. The second scheme is more involved, but successfully addresses the limitation of the first scheme. Our design employs a few number theory techniques. Extensive experiments demonstrate the efficiency, effectiveness, and usefulness of our schemes.

[1] M. Agrawal, N. Kayal, and N. Saxena, "PRIMES Is in P," Annals of Math. (2), vol. 160, no. 2, pp. 781-793, 2004.
[2] A. Anagnostopoulos, M. Goodrich, and R. Tamassia, "Persistent Authenticated Dictionaries and Their Applications," Proc. Fourth Int'l Conf. Information Security (ISC), 2001.
[3] M.J. Atallah, Y. Cho, and A. Kundu, "Efficient Data Authentication in an Environment of Untrusted Third-Party Distributors," Proc. IEEE 24th Int'l Conf. Data Eng. (ICDE), 2008.
[4] E. Bach and J. Shallit, Algorithmic Number Theory. The MIT Press, 1996.
[5] H. Balakrishnan, M.F. Kaashoek, D. Karger, R. Morris, and I. Stoica, "Looking Up Data in P2P Systems," Comm. ACM, vol. 46, no. 2, pp. 43-48, 2003.
[6] E. Bertino, B. Carminati, E. Ferrari, B. Thuraisingham, and A. Gupta, "Selective and Authentic Third-Party Distribution of XML Documents," IEEE Trans. Knowledge and Data Eng., vol. 16, no. 10, pp. 1263-1278, Oct. 2004.
[7] W. Cheng, H. Pang, and K. Tan, "Authenticating Multi-Dimensional Query Results in Data Publishing," Proc. IFIP Workshop Database Security (DBSec), 2006.
[8] H. Cramér, "On the Order of Magnitude of the Difference Between Consecutive Prime Numbers," Acta Arithmetica, vol. 2, pp. 23-46, 1936.
[9] R. Crandall and C. Pomerance, Prime Numbers - A Computational Perspective. Springer-Verlag, 2000.
[10] P. Devanbu, M. Gertz, C. Martel, and S.G. Stubblebine, "Authentic Third-Party Data Publication," Proc. IFIP Workshop Database Security (DBSec), pp. 101-112, 2000.
[11] M.T. Goodrich, R. Tamassia, and N. Triandopoulos, "Super-Efficient Verification of Dynamic Outsourced Databases," Proc. Cryptopgraphers' Track at the RSA Conf. Topics in Cryptology (CT-RSA), 2008.
[12] M.T. Goodrich, R. Tamassia, N. Triandopoulos, and R. Cohen, "Authenticated Data Structures for Graph and Geometric Searching," Proc. RSA Conf. the Cryptographers' Track (CT-RSA), 2003.
[13] A. Granville, "Harald Cramér and the Distribution of Prime Numbers," Scandinavian Actuarial J., vol. 1, pp. 12-28, 1995.
[14] H. Hacigümüs, B.R. Iyer, and S. Mehrotra, "Providing Database as a Service," Proc. 18th Int'l Conf. Data Eng. (ICDE), 2002.
[15] G.J.O. Jameson, The Prime Number Theorem, London Mathematical Society Student Texts, vol. 53. Cambridge Univ. Press, 2003.
[16] F. Li, M. Hadjieleftheriou, G. Kollios, and L. Reyzin, "Dynamic Authenticated Index Structures for Outsourced Databases," Proc. SIGMOD Int'l Conf. Management of Data, 2006.
[17] C. Martel, G. Nuckolls, P. Devanbu, M. Gertz, A. Kwong, and S. Stubblebine, "A General Model for Authenticated Data Structures," Algorithmica, vol. 39, no. 1, pp. 21-41, 2004.
[18] K. Mouratidis, D. Sacharidis, and H. Pang, "Partially Materialized Digest Scheme: An Efficient Verification Method for Outsourced Databases," The VLDB J., vol. 18, no. 1, pp. 363-381, 2009.
[19] E. Mykletun, M. Narasimha, and G. Tsudik, "Authentication and Integrity in Outsourced Databases," Proc. Network and Distributed Systems Security Symp. (NDSS), 2004.
[20] M. Narasimha and G. Tsudik, "DSAC: Integrity of Outsourced Databases with Signature Aggregation and Chaining," Proc. 14th ACM Int'l Conf. Information and Knowledge Management (CIKM), 2005.
[21] T.R. Nicely, "New Maximal Prime Gaps and First Occurrences," Math. Computation, vol. 68, no. 227, pp. 1311-1315, 1999.
[22] G. Nuckolls, C. Martel, and S. Stubblebine, "Certifying Data from Multiple Sources," Proc. Fourth ACM Conf. Electronic Commerce, 2003.
[23] H. Pang, A. Jain, K. Ramamritham, and K.-L. Tan, "Verifying Completeness of Relational Query Results in Data Publishing," Proc. SIGMOD Int'l Conf. Management of Data, 2005.
[24] H. Pang and K. Mouratidis, "Authenticating the Query Results of Text Search Engines," Proc. VLDB Endowment, vol. 1, no. 1, pp. 126-137, 2008.
[25] H. Pang, J. Zhang, and K. Mouratidis, "Scalable Verification for Outsourced Dynamic Databases," Proc. VLDB Endowment, vol. 2, no. 1, pp. 802-813, 2009.
[26] S. Papadopoulos, D. Papadias, W. Cheng, and K.-L. Tan, "Separating Authentication from Query Execution in Outsourced Databases," Proc. IEEE 25th Int'l Conf. Data Eng. (ICDE), 2009.
[27] C. Papamanthou, R. Tamassia, and N. Triandopoulos, "Authenticated Hash Tables," Proc. 15th ACM Conf. Computer and Comm. Security (CCS), 2008.
[28] M.R. Schroeder, Number Theory in Science and Communication, Information Sciences, second enlarged ed. Springer-Verlag, 1990.
[29] V. Shoup, "Searching for Primitive Roots in Finite Fields," Math. of Computation, vol. 58, no. 197, pp. 369-380, 1992.
[30] Y. Shu, B.C. Ooi, K.-L. Tan, and A. Zhou, "Supporting Multi-Dimensional Range Queries in Peer-to-Peer Systems," Proc. IEEE Int'l Conf. Peer-to-Peer Computing, 2005.
[31] S. Singh and S. Prabhakar, "Ensuring Correctness over Untrusted Private Database," Proc. 11th Int'l Conf. Extending Database Technology: Advances in Database Technology (EDBT), 2008.
[32] R. Sion, "Query Execution Assurance for Outsourced Databases," Proc. 31st Int'l Conf. Very Large Data Bases (VLDB), 2005.
[33] I. Stoica, R. Morris, D. Karger, M.F. Kaashoek, and H. Balakrishnan, "Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications," Proc. SIGCOMM, 2001.
[34] R. Tamassia and N. Triandopoulos, "Computational Bounds on Hierarchical Data Processing with Applications to Information Security," Proc. 32nd Int'l Colloquium Automata, Languages and Programming (ICALP), 2005.
[35] R. Tamassia and N. Triandopoulos, "Efficient Content Authentication in Peer-to-Peer Networks," Proc. Fifth Int'l Conf. Applied Cryptography and Network Security (ACNS), 2007.
[36] M. Xie, H. Wang, J. Yin, and X. Meng, "Integrity Auditing of Outsourced Data," Proc. 33rd Int'l Conf. Very Large Data Bases (VLDB), 2007.
[37] M. Xie, H. Wang, J. Yin, and X. Meng, "Providing Freshness Guarantees for Outsourced Databases," Proc. 11th Int'l Conf. Extending Database Technology: Advances in Database Technology (EDBT), 2008.
[38] Y. Yang, D. Papadias, S. Papadopoulos, and P. Kalnis, "Authenticated Join Processing in Outsourced Databases," Proc. 35th SIGMOD Int'l Conf. Management of Data, 2009.
[39] Y. Yang, S. Papadopoulos, D. Papadias, and G. Kollios, "Spatial Outsoucing for Location-Based Services," Proc. IEEE 24th Int'l Conf. Data Eng. (ICDE), 2008.
[40] Y. Yang, S. Papadopoulos, D. Papadias, and G. Kollios, "Authenticated Indexing for Outsourced Spatial Databases," The VLDB J., vol. 18, no. 3, pp. 631-648, 2009.

Index Terms:
Database as a service, database security, quality of services, query assurance, service enforcement and assurance.
Citation:
Wangchao Le, Feifei Li, "Query Access Assurance in Outsourced Databases," IEEE Transactions on Services Computing, vol. 5, no. 2, pp. 178-191, Second 2012, doi:10.1109/TSC.2010.55
Usage of this product signifies your acceptance of the Terms of Use.