Abstract
We consider a stream outsourcing setting, where a data owner delegates the management of a set of disjoint data streams to an untrusted server. The owner authenticates his streams via signatures. The server processes continuous queries on the union of the streams for clients trusted by the owner. Along with the results, the server sends proofs of result correctness derived from the owner's signatures, which are verifiable by the clients. We design novel constructions for a collection of fundamental problems over streams represented as linear algebraic queries. In particular, our basic schemes authenticate dynamic vector sums, matrix products, and dot products. These techniques can be adapted for authenticating a wide range of important operations in streaming environments, including group-by queries, joins, in-network aggregation, similarity matching, and event processing. We also present extensions to address the case of sliding window queries, and when multiple clients are interested in different subsets of the data. These methods take advantage of a novel nonce chaining technique that we introduce, which is used to reduce the verification cost without affecting any other costs. All our schemes are lightweight and offer strong cryptographic guarantees derived from formal definitions and proofs. We experimentally confirm the practicality of our schemes in the performance-sensitive streaming setting.
Supplemental Material
Available for Download
Supplemental movie, appendix, image and software files for, Lightweight Query Authentication on Streams
- Daniel J. Abadi, Donald Carney, Ugur Cetintemel, Mitch Cherniack, Christian Convey, Sangdon Michael Stonebraker, Nesime Tatbul, and Stanley B. Zdonik. 2003. Aurora: A new model and architecture for data stream management. VLDB J. 12, 2, 120--139. Google ScholarDigital Library
- Shweta Agrawal and Dan Boneh. 2009. Homomorphic MACs: MAC-based integrity for network coding. In Proceedings of the 7th International Conference on Applied Cryptography and Network Security (ACNS'09). 292--305. Google ScholarDigital Library
- Arvind Arasu, Brian Babcock, Shivnath Babu, Mayur Datar, Keith Ito, Itaru Nishizawa, Justin Rosenstein, and Jennfier Widom. 2003. STREAM: The stanford stream data manager (demonstration description). In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'03). 665. Google ScholarDigital Library
- Mihir Bellare. 2006. New proofs for NMAC and HMAC: Security without collision-resistance. In Proceedings of the 26th Annual International Conference on Advances in Cryptology (CRYPTO'06). 602--619. Google ScholarDigital Library
- Dan Boneh and David Mandell Freeman. 2011. Homomorphic signatures for polynomial functions. In Proceedings of the 30th Annual International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology (EUROCRYPT'11). 149--168. Google ScholarDigital Library
- Paul G. Brown. 2010. Overview of SciDB: Large scale array storage, processing and analysis. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'10). 963--968. Google ScholarDigital Library
- Jan Camenisch, Markulf Kohlweiss, and Claudio Soriente. 2009. An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography (PKC'09). 481--500. Google ScholarDigital Library
- Amit Chakrabarti, Graham Cormode, and Andrew McGregor. 2009. Annotations in data streams. In Proceedings of the 36th International Colloquium on Automata, Languages and Programming (ICALP'09). 222--234. Google ScholarDigital Library
- Kai-Min Chung, Yael Tauman Kalai, Feng-Hao Liu, and Ran Raz. 2011. Memory delegation. In Proceedings of the 31st Annual Conference on Advances in Cryptology (CRYPTO'11). 151--168. Google ScholarDigital Library
- Graham Cormode, Michael Mitzenmacher, and Justin Thaler. 2012. Practical verified computation with streaming interactive proofs. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference (ITCS'12). 90--112. Google ScholarDigital Library
- Graham Cormode, Justin Thaler, and Ke Yi. 2011. Verifying computations with streaming interactive proofs. Proc. VLDB Endow. 5, 1, 25--36. Google ScholarDigital Library
- Chuck Cranor, Theodore Johnson, Oliver Spatscheck, and Vladislav Shkapenyuk. 2003. Gigascope: A stream database for network applications. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'03). 647--651. Google ScholarDigital Library
- Abhinandan Das, Johannes Gehrke, and Mirek Riedewald. 2003. Approximate join processing over data streams. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'03). 40--51. Google ScholarDigital Library
- Alan J. Demers, Johannes Gehrke, Biswanath Panda, Mirek Riedewald, Varun Sharma, and Walker M. White. 2007. Cayuga: A general purpose event monitoring system. In Proceedings of the Conference on Innovative Data Systems Research (CIDR'07). 412--422.Google Scholar
- Premkumar Devanbu, Michael Gertz, Charles Martel, and Stuart G. Stubblebine. 2003. Authentic data publication over the internet. J. Comput. Secur. 11, 3, 291--314. Google ScholarDigital Library
- Minos N. Garofalakis, Joseph M. Hellerstein, and Petros Maniatis. 2007. Proof sketches: Verifiable in-network aggregation. In Proceedings of the IEEE International Conference on Data Engineering (ICDE'07). 996--1005.Google ScholarCross Ref
- Rosario Gennaro, Craig Gentry, and Bryan Parno. 2010. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In Proceedings of the 30th Annual Conference on Advances in Cryptology (CRYPTO'10). 465--482. Google ScholarDigital Library
- Oded Goldreich. 2001. The Foundations of Cryptography - Volume 1 (Basic Techniques). Cambridge University Press. Google ScholarDigital Library
- Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum. 2008. Delegating computation: Interactive proofs for muggles. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC'08). 113--122. Google ScholarDigital Library
- Jonathan Katz and Yehuda Lindell. 2007. Introduction to Modern Cryptography. Chapman and Hall/CRC Press. Google ScholarDigital Library
- Feifei Li, Marios Hadjieleftheriou, George Kollios, and Leonid Reyzin. 2006. Dynamic authenticated index structures for outsourced databases. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'06). 121--132. Google ScholarDigital Library
- Feifei Li, Ke Yi, Marios Hadjieleftheriou, and George Kollios. 2007. Proof-infused streams: Enabling authentication of sliding window queries on streams. In Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB'07). 147--158. Google ScholarDigital Library
- Samuel Madden, Michael J. Franklin, Joseph M. Hellerstein, and Wei Hong. 2002. TAG: A tiny aggregation service for ad-hoc sensor networks. SIGOPS Oper. Syst. Rev. 36, SI, 131--146. Google ScholarDigital Library
- Alfred J. Menezes, Scott A. Vanstone, and Paul C. Van Oorschot. 1996. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL. Google ScholarDigital Library
- Microsoft. 2010. StreamInsight. http://msdn.microsoft.com/en-us/library/ee362541.aspx.Google Scholar
- Maithili Narasimha and Gene Tsudik. 2006. Authentication of outsourced databases using signature aggregation and chaining. In Proceedings of the 11th International Conference on Database Systems for Advanced Applications (DASFAA'06). 420--436. Google ScholarDigital Library
- Howard Nasgaard, Bugra Gedik, Mary Komor, and Mark P. Mendell. 2009. IBM infosphere streams: Event processing for a smarter planet. In Proceedings of the Conference of the Center for Advanced Studies on Collaborative Research (CASCON'09). 311--313. Google ScholarDigital Library
- Suman Nath and Ramarathnam Venkatesan. 2013. Publicly verifiable grouped aggregation queries on outsourced data streams. In Proceedings of the IEEE International Conference on Data Engineering (ICDE'13). 517--528. Google ScholarDigital Library
- Suman Nath, Haifeng Yu, and Haowen Chan. 2009. Secure outsourced aggregation via one-way chains. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'09). 31--44. Google ScholarDigital Library
- HweeHwa Pang, Arpit Jain, Krithi Ramamritham, and Kian-Lee Tan. 2005. Verifying completeness of relational query results in data publishing. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'05). 407--418. Google ScholarDigital Library
- HweeHwa Pang and Kian-Lee Tan. 2004. Authenticating query results in edge computing. In Proceedings of the 20th International Conference on Data Engineering (ICDE'04). 560--571. Google ScholarDigital Library
- Stavros Papadopoulos, Graham Cormode, Antonios Deligiannakis, and Minos Garofalakis. 2013. Lightweight authentication of linear algebraic queries on data streams. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'13). 881--892. Google ScholarDigital Library
- Stavros Papadopoulos, Aggelos Kiayias, and Dimitris Papadias. 2011. Secure and efficient in-network processing of exact sum queries. In Proceedings of the IEEE International Conference on Data Engineering (ICDE'11). 517--528. Google ScholarDigital Library
- Stavros Papadopoulos, Yin Yang, and Dimitris Papadias. 2007. CADS: Continuous authentication on data streams. In Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB'07). 135--146. Google ScholarDigital Library
- Charalampos Papamanthou, Roberto Tamassia, and Nikos Triandopoulos. 2011. Optimal verification of operations on dynamic sets. In Proceedings of the 31st Annual Conference on Advances in Cryptology (CRYPTO'11). 91--110. Google ScholarDigital Library
- Victor Shoup. 1997. Lower bounds for discrete logarithms and related problems. In Proceedings of the 16th Annual International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT'97). 256--266. Google ScholarDigital Library
- Stratis Viglas, Jeffrey F. Naughton, and Josef Burger. 2003. Maximizing the output rate of multi-way join queries over streaming information sources. In Proceedings of the 29th International Conference on Very Large Data Bases (VLDB'03). Vol. 29. 285--296. Google ScholarDigital Library
- Yin Yang, Dimitris Papadias, Stavros Papadopoulos, and Panos Kalnis. 2009. Authenticated join processing in outsourced databases. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'09). 5--18. Google ScholarDigital Library
- Ke Yi, Feifei Li, Graham Cormode, Marios Hadjieleftheriou, George Kollios, and Divesh Srivastava. 2009. Small synopses for group-by query verification on outsourced data streams. ACM Trans. Database Syst. 34, 3, 15:1--15:42. Google ScholarDigital Library
Index Terms
- Lightweight Query Authentication on Streams
Recommendations
Lightweight authentication of linear algebraic queries on data streams
SIGMOD '13: Proceedings of the 2013 ACM SIGMOD International Conference on Management of DataWe consider a stream outsourcing setting, where a data owner delegates the management of a set of disjoint data streams to an untrusted server. The owner authenticates his streams via signatures. The server processes continuous queries on the union of ...
Bucket-based authentication for outsourced databases
When outsourced database owners delegate their data to service providers, which might be untrusted or compromised, two issues of data security emerge, including data confidentiality and data integrity. Most of the previous research focuses on only one ...
When Query Authentication Meets Fine-Grained Access Control: A Zero-Knowledge Approach
SIGMOD '18: Proceedings of the 2018 International Conference on Management of DataQuery authentication has been extensively studied to ensure the integrity of query results for outsourced databases, which are often not fully trusted. However, access control, another important security concern, is largely ignored by existing works. ...
Comments