Академический Документы
Профессиональный Документы
Культура Документы
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 99
Abstract— In database outsourcing, organizations outsource their databases to service providers. Service provider hosts clients' databases.
When Digital Signatures are used for achieving authentication and Integrity in outsourced database, storage overhead occurs. If query reply
contains thousands of tuples then verification of each tuple signature is very expensive for querier. For many of the security applications, one
way hash chains are used (sensor networks, mobile devices). One way chains are efficiently used for authentication of one time passwords
and have no storage overhead. The Sandwich chain is composed of primary chain, secondry chains and light chain (for authentication of
values of secondry chains).Sandwich chain can be incorporated in database outsourcing model to reduce storage overhead caused by using
digital signatures. Hashes computed for construction of sandwich chain are used for authentication of tuples returned by service provider.
Index Terms—Outsourced Database(ODB), Digital Signature Algorithm(DSA), Merkle Hash Tree(MHT), Rivest, Shamir and
Adleman(RSA).
—————————— ——————————
1 INTRODUCTION
T HE range of the size of digital signature is between
320 bits for Digital signature algorithm(DSA) and
1024 bits for Rivest,shamir and Adleman (RSA). As
more efficient.One way hash chain with length n would
require storage of O(n) memory. For efficient verification,
hierarchical one way chains are proposed in which
tuple level signatures are used, so thousands of tuples can secondry chains are derived from primary chain. Primary
be in query reply and for querier it can be expensive to chain acts as a root for secondry chains.
verify the tuple signatures and also overhead occurs for
storage of integrity information, so there is a need to min‐
imize this storage overhead [1]. For the cryptography of Fig. 2: The graphical representation of primary and secondry chain
data, one way chains are commonly used.The one way
hash chain is a chain in which the next value is always
depending on the previous one.
Fig. 1: The graphical representation of hash chain [2] Figure 2 shows hierarchical structure of hash chains and
this structure has efficient setup [2]
Figure 1 shows graphical representation of hash chain
described in [2].Hash chains are basically used for cryp‐ Organization of paper: In section 2, literature review is
tographic applications. For the authentication of values, given. In section 3 overview of framework is graphically
one of the types of one way hash chains i.e sandwich discussed. Section 4 describes sandwich chain teachnique.
chain is used. Sandwich chain is incorporated in database Section 5 shows experimental results of sandwich chain
outsourcing in such a way that : each individual tuple has approach.
sandwich chain and tuples (against userʹs query predi‐
cate) with corresponding hashes are sent to querier. The‐ 2. Review Stage
se hashes are used to check authentication of results by Fake tuples are used to check authenticaton of results sent
recomputing hashes. by service provider. In this scheme, small number of tu‐
Variety of improvements are proposed by researchers in ples are inserted into the outsourced database. Against
order to make setup and storage of one way hash chains user’s query, small number of the inserted tuples are re‐
————————————————
turned with the original data. The integrity of results is
Pakeeza Batool is with the Fatima Jinnah Women University, the Mall
monitored by analyzing these inserted tuples in a reply.
Road Rawalpindi. The client is informed about tuples that have been insert‐
Malik Sikander Hayat Khiyal is with the Department of Software Engineer- ed into the outsourced database. If an inserted tuple that
ing, Fatima Jinnah Women University, the Mall Road, Rawalpindi. satisfies the query is absent from the query reply, then it
Aihab Khan is with the Software Engineering Department, University of
Fatimah Jinnah, the Mall, Rawalpindi. means integrity is not achieved.If any adversaries or the
service provider can differentiate these inserted tuples
from original tuples, then this scheme will fail [3].
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 2, FEBRUARY 2011, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 100
The range of the size of digital signature is between 320 TABLE 1
bits for DSA and 1024 bits for RSA. In this scheme, as tu‐ NOTATIONS USED IN THIS PAPER
ple level signatures are used, so thousands of tuples can
be in query reply and verification of each tuple signatures
can be expensive. In digital signature schemes, many dif‐
ferent signatures can be combined into one signature and
if that only one signature is verified then it means all the
signatures are also verified. [4].
Merkle Treeʹs is another scheme which is used to provide
authentication and integrity in outsourced database
(ODB). Merkle hash tree (MHT) for a relation is built by
database owner, and tuples are sorted based on one of the
relationsʹs attribute values. Database owner just signs the
root of MHT and after signing the root, MHT is given to
the server. To check existence of a particular attribute val‐
ue v, client sends query to the server. If v is present in the Table. 1: shows symbols used in the technique.
tree, the server will return the nodes on co‐path from the
specific leaf node up to the root. To verify the rootʹs signa‐ 4. Technique
ture, these nodes on the co‐path are used by the client to
recompute the root of the tree. If signature is valid, it 4.1 Sandwich-Chain Setup
means tuples sent back to the querier are correct, and that The Sandwich chain is a composed of primary chain,
the attribute value exists [5]. secondry chains and one way chain W (for verification of
In database outsourcing model, server executes query the end values of the light chain). Database owner picks
sent by client/querier and after obtaining tuples match- Vn and computes primary chain where Vi =H(Vi+1).
ing query predicate and their corresponding signatures, Against each Vi, database owner computes secondry
server simply combines these individual signatures and chain : vi,k = hs(Vi) and vi,j = hs(vi,j+1). Secondry chain
returns this aggregated signature and tuples to querier starts with hash value Vi, and salts are drived using hash
[6]. function (Hs) where output of this hash function is trun‐
cated to some fixed length. The database owner then
3. Framework Overview computes W one way chain i.e Wi‐1 equals concatenated
result of hash of Wi, vi,o ,Vi‐1.
Fig. 4: A Sandwich Chain
REFERENCES
[1] Maithili Narasimha, Gene Tsudik, Einar Mykletun, ʺ Authentica
tion And Integrity In Outsourced Databases ʺ Journal ACM
Transactions On Storage (TOS). Volume 2, Issue 2 , pp 1‐10 , May
2006.
[2] Adrian Perrig , Yih‐Chun Hu, Markus Jakobsson , ʺEfficient Con‐
structions For One‐Way Hash Chainsʺ . In Proceedings Of Ap‐
plied Cryptography And Network Securityʹ2005, Vol# 3531,
pp.423‐441, NewYork.
[3] Xiaofeng Meng , Min Xie , Haixun Wang , Jian Yin ʺ Integrity
Auditing Of Outsourced Data ʺ. VLDB ʹ07 Proceedings Of The
33rd International Conference On Very Large Databases. pp.
782–793, 2007, Beijing, China.
[4] Einar Mykletun, Maithili Narasimha, Gene Tsudik ʺ Authentica‐
Fig. 5: Relation between number of tuples and hash chain's tion and integrity in outsourced databases ʺ. Journal ACM
Transactions on Storage (TOS), Volume 2 , Issue 2,pp 1‐32, May
Construction time (sec) 2006.
[5] Einar Mykletun, Maithili Narasimha, Gene Tsudik “Providing
Figure 5 shows that when new tuple is inserted in out‐ Authentication and Integrity in Outsourced Databases using
sourced database,time required to construct Primary and Merkle Hash Treeʹsʺ. IEEE Symposium on Research in Security
Secondry chains will increase eg if there are 50 tuples in and Privacy, pp 1‐7, 1980, California, Irvine..
outsourced database and 51th tuple is added then prima‐ [6] Maithili Narasimha, Gene Tsudik ʺ DSAC: An Approach To En‐
ry chain and secondry chains of all 50 tuples will be sure Integrity of Outsourced Databases Using Signature Aggre‐
recomputed/Updated. gation And Chaining ʺ. CIKM ʹ05 Proceedings of the 14th ACM
international conference on Information and knowledge man‐
agement, pp1‐10, Nov 2005, California, Irvine.
Computation cost
Figure 6 shows that when more and more tuples are add‐
ed in outsourced database, computation cost will also
increase.
6. CONCLUSION
When Digital signatures are used to achieve authentic‐
cation and integrity in outsourced database, storage
overhead occurs. One way hash chains are used for
verification purpose and have no storage overhead. So
sandwich chain is incorporated in database outsourc‐
ing model to check authentication of results sent by