Cited By
View all- Yan HCheng XSu SZhang S(2017)Authenticated Location-Aware Publish/Subscribe Services in Untrusted Outsourced EnvironmentsSecurity and Communication Networks10.1155/2017/42154252017(1-15)Online publication date: 2017
Lightweight Query Authentication on Streams
Authors: 
Stavros Papadopoulos, 
Graham Cormode, Antonios Deligiannakis, and 
Minos GarofalakisAuthors Info & Claims
Stavros Papadopoulos, Graham Cormode, Antonios Deligiannakis, and Minos GarofalakisAuthors Info & ClaimsArticle No.: 30, Pages 1 - 45
Abstract
We consider a stream outsourcing setting, where a data owner delegates the management of a set of disjoint data streams to an untrusted server. The owner authenticates his streams via signatures. The server processes continuous queries on the union of the streams for clients trusted by the owner. Along with the results, the server sends proofs of result correctness derived from the owner's signatures, which are verifiable by the clients. We design novel constructions for a collection of fundamental problems over streams represented as linear algebraic queries. In particular, our basic schemes authenticate dynamic vector sums, matrix products, and dot products. These techniques can be adapted for authenticating a wide range of important operations in streaming environments, including group-by queries, joins, in-network aggregation, similarity matching, and event processing. We also present extensions to address the case of sliding window queries, and when multiple clients are interested in different subsets of the data. These methods take advantage of a novel nonce chaining technique that we introduce, which is used to reduce the verification cost without affecting any other costs. All our schemes are lightweight and offer strong cryptographic guarantees derived from formal definitions and proofs. We experimentally confirm the practicality of our schemes in the performance-sensitive streaming setting.
Supplementary Material
Supplemental movie, appendix, image and software files for, Lightweight Query Authentication on Streams
- Download
- 65.71 KB
References
[1]
Daniel J. Abadi, Donald Carney, Ugur Cetintemel, Mitch Cherniack, Christian Convey, Sangdon Michael Stonebraker, Nesime Tatbul, and Stanley B. Zdonik. 2003. Aurora: A new model and architecture for data stream management. VLDB J. 12, 2, 120--139.
[2]
Shweta Agrawal and Dan Boneh. 2009. Homomorphic MACs: MAC-based integrity for network coding. In Proceedings of the 7th International Conference on Applied Cryptography and Network Security (ACNS'09). 292--305.
[3]
Arvind Arasu, Brian Babcock, Shivnath Babu, Mayur Datar, Keith Ito, Itaru Nishizawa, Justin Rosenstein, and Jennfier Widom. 2003. STREAM: The stanford stream data manager (demonstration description). In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'03). 665.
[4]
Mihir Bellare. 2006. New proofs for NMAC and HMAC: Security without collision-resistance. In Proceedings of the 26th Annual International Conference on Advances in Cryptology (CRYPTO'06). 602--619.
[5]
Dan Boneh and David Mandell Freeman. 2011. Homomorphic signatures for polynomial functions. In Proceedings of the 30th Annual International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology (EUROCRYPT'11). 149--168.
[6]
Paul G. Brown. 2010. Overview of SciDB: Large scale array storage, processing and analysis. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'10). 963--968.
[7]
Jan Camenisch, Markulf Kohlweiss, and Claudio Soriente. 2009. An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography (PKC'09). 481--500.
[8]
Amit Chakrabarti, Graham Cormode, and Andrew McGregor. 2009. Annotations in data streams. In Proceedings of the 36th International Colloquium on Automata, Languages and Programming (ICALP'09). 222--234.
[9]
Kai-Min Chung, Yael Tauman Kalai, Feng-Hao Liu, and Ran Raz. 2011. Memory delegation. In Proceedings of the 31st Annual Conference on Advances in Cryptology (CRYPTO'11). 151--168.
[10]
Graham Cormode, Michael Mitzenmacher, and Justin Thaler. 2012. Practical verified computation with streaming interactive proofs. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference (ITCS'12). 90--112.
[11]
Graham Cormode, Justin Thaler, and Ke Yi. 2011. Verifying computations with streaming interactive proofs. Proc. VLDB Endow. 5, 1, 25--36.
[12]
Chuck Cranor, Theodore Johnson, Oliver Spatscheck, and Vladislav Shkapenyuk. 2003. Gigascope: A stream database for network applications. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'03). 647--651.
[13]
Abhinandan Das, Johannes Gehrke, and Mirek Riedewald. 2003. Approximate join processing over data streams. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'03). 40--51.
[14]
Alan J. Demers, Johannes Gehrke, Biswanath Panda, Mirek Riedewald, Varun Sharma, and Walker M. White. 2007. Cayuga: A general purpose event monitoring system. In Proceedings of the Conference on Innovative Data Systems Research (CIDR'07). 412--422.
[15]
Premkumar Devanbu, Michael Gertz, Charles Martel, and Stuart G. Stubblebine. 2003. Authentic data publication over the internet. J. Comput. Secur. 11, 3, 291--314.
[16]
Minos N. Garofalakis, Joseph M. Hellerstein, and Petros Maniatis. 2007. Proof sketches: Verifiable in-network aggregation. In Proceedings of the IEEE International Conference on Data Engineering (ICDE'07). 996--1005.
[17]
Rosario Gennaro, Craig Gentry, and Bryan Parno. 2010. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In Proceedings of the 30th Annual Conference on Advances in Cryptology (CRYPTO'10). 465--482.
[18]
Oded Goldreich. 2001. The Foundations of Cryptography - Volume 1 (Basic Techniques). Cambridge University Press.
[19]
Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum. 2008. Delegating computation: Interactive proofs for muggles. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC'08). 113--122.
[20]
Jonathan Katz and Yehuda Lindell. 2007. Introduction to Modern Cryptography. Chapman and Hall/CRC Press.
[21]
Feifei Li, Marios Hadjieleftheriou, George Kollios, and Leonid Reyzin. 2006. Dynamic authenticated index structures for outsourced databases. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'06). 121--132.
[22]
Feifei Li, Ke Yi, Marios Hadjieleftheriou, and George Kollios. 2007. Proof-infused streams: Enabling authentication of sliding window queries on streams. In Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB'07). 147--158.
[23]
Samuel Madden, Michael J. Franklin, Joseph M. Hellerstein, and Wei Hong. 2002. TAG: A tiny aggregation service for ad-hoc sensor networks. SIGOPS Oper. Syst. Rev. 36, SI, 131--146.
[24]
Alfred J. Menezes, Scott A. Vanstone, and Paul C. Van Oorschot. 1996. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL.
[25]
Microsoft. 2010. StreamInsight. http://msdn.microsoft.com/en-us/library/ee362541.aspx.
[26]
Maithili Narasimha and Gene Tsudik. 2006. Authentication of outsourced databases using signature aggregation and chaining. In Proceedings of the 11th International Conference on Database Systems for Advanced Applications (DASFAA'06). 420--436.
[27]
Howard Nasgaard, Bugra Gedik, Mary Komor, and Mark P. Mendell. 2009. IBM infosphere streams: Event processing for a smarter planet. In Proceedings of the Conference of the Center for Advanced Studies on Collaborative Research (CASCON'09). 311--313.
[28]
Suman Nath and Ramarathnam Venkatesan. 2013. Publicly verifiable grouped aggregation queries on outsourced data streams. In Proceedings of the IEEE International Conference on Data Engineering (ICDE'13). 517--528.
[29]
Suman Nath, Haifeng Yu, and Haowen Chan. 2009. Secure outsourced aggregation via one-way chains. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'09). 31--44.
[30]
HweeHwa Pang, Arpit Jain, Krithi Ramamritham, and Kian-Lee Tan. 2005. Verifying completeness of relational query results in data publishing. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'05). 407--418.
[31]
HweeHwa Pang and Kian-Lee Tan. 2004. Authenticating query results in edge computing. In Proceedings of the 20th International Conference on Data Engineering (ICDE'04). 560--571.
[32]
Stavros Papadopoulos, Graham Cormode, Antonios Deligiannakis, and Minos Garofalakis. 2013. Lightweight authentication of linear algebraic queries on data streams. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'13). 881--892.
[33]
Stavros Papadopoulos, Aggelos Kiayias, and Dimitris Papadias. 2011. Secure and efficient in-network processing of exact sum queries. In Proceedings of the IEEE International Conference on Data Engineering (ICDE'11). 517--528.
[34]
Stavros Papadopoulos, Yin Yang, and Dimitris Papadias. 2007. CADS: Continuous authentication on data streams. In Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB'07). 135--146.
[35]
Charalampos Papamanthou, Roberto Tamassia, and Nikos Triandopoulos. 2011. Optimal verification of operations on dynamic sets. In Proceedings of the 31st Annual Conference on Advances in Cryptology (CRYPTO'11). 91--110.
[36]
Victor Shoup. 1997. Lower bounds for discrete logarithms and related problems. In Proceedings of the 16th Annual International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT'97). 256--266.
[37]
Stratis Viglas, Jeffrey F. Naughton, and Josef Burger. 2003. Maximizing the output rate of multi-way join queries over streaming information sources. In Proceedings of the 29th International Conference on Very Large Data Bases (VLDB'03). Vol. 29. 285--296.
[38]
Yin Yang, Dimitris Papadias, Stavros Papadopoulos, and Panos Kalnis. 2009. Authenticated join processing in outsourced databases. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'09). 5--18.
[39]
Ke Yi, Feifei Li, Graham Cormode, Marios Hadjieleftheriou, George Kollios, and Divesh Srivastava. 2009. Small synopses for group-by query verification on outsourced data streams. ACM Trans. Database Syst. 34, 3, 15:1--15:42.
Index Terms
- Lightweight Query Authentication on Streams
Recommendations
Lightweight authentication of linear algebraic queries on data streams
SIGMOD '13: Proceedings of the 2013 ACM SIGMOD International Conference on Management of DataWe consider a stream outsourcing setting, where a data owner delegates the management of a set of disjoint data streams to an untrusted server. The owner authenticates his streams via signatures. The server processes continuous queries on the union of ...
Bucket-based authentication for outsourced databases
When outsourced database owners delegate their data to service providers, which might be untrusted or compromised, two issues of data security emerge, including data confidentiality and data integrity. Most of the previous research focuses on only one ...
When Query Authentication Meets Fine-Grained Access Control: A Zero-Knowledge Approach
SIGMOD '18: Proceedings of the 2018 International Conference on Management of DataQuery authentication has been extensively studied to ensure the integrity of query results for outsourced databases, which are often not fully trusted. However, access control, another important security concern, is largely ignored by existing works. ...
Comments
Information & Contributors
Information
Published In
December 2014
341 pages
ISSN:0362-5915
EISSN:1557-4644
DOI:10.1145/2691190
- Editor:
- Christian S. Jensen
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 December 2014
Accepted: 01 July 2014
Revised: 01 May 2014
Received: 01 October 2013
Published in TODS Volume 39, Issue 4
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed
Funding Sources
- European Commission under ICT-FP7-LEADS-318809 (Large-Scale Elastic Architecture for Data-as-a-Service)
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 393Total Downloads
- Downloads (Last 12 months)16
- Downloads (Last 6 weeks)0
Other Metrics
Citations
Cited By
View all- Yan HCheng XSu SZhang S(2017)Authenticated Location-Aware Publish/Subscribe Services in Untrusted Outsourced EnvironmentsSecurity and Communication Networks10.1155/2017/42154252017(1-15)Online publication date: 2017
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in