Security in Outsourced Databases
Overview | System Model |
Objectives | People |
Publications | Presentations
In the Outsourced Database Model (ODB), organizations outsource their data management needs to an external service provider. The service provider hosts client's databases and offers seamless mechanisms to create, store, update and access (query) their databases. This model introduces several research issues related to data security which we explore.
The Outsourced Database Model consists of 3 entities: (1) the data owner(s), (2) the database service provider (server) and (3) the client(s) (also referred to querier(s)). The data owner
creates, modifies and deletes the contents of the database. The server
hosts the owner's database, i.e., the owner outsources its database to the
server. The clients issue queries about the database to the server.
Some of the parameters identifying a specific ODB include the number of owners and clients and the type of trust in the server. Is the server trusted with the data contents but not with integrity? Or do we not trust the database administrators and therefore need to employ encryption to provide data privacy?
We wish to address various security issues that arise in the Outsourced Database Model. These range from providing data confidentiality, authenticity and integrity, to enabling an untrusted server to run queries over encrypted data. We also focus on the performance aspects of our solutions.
-
Authenticity and Integrity
Using signatures we provide mechanisms to allow the querier (client) to ensure that the records returned from the untrusted server originated from the data owner and have not been tampered with. We aim at minimizing the bandwidth and computation required to enable this verification. A new signature scheme, Condensed-RSA, is proposed and we compare its performance with an elliptic curve based signature scheme introduced by Boneh, et al.
-
Data Privacy
If the database server is fully untrusted, the measures need to be taken
such as to protect the owner's data privacy. The goal is to hide the data contents from the server, by employing data encryption, while still allowing the server to operate the database. In other words the challenge can be formulated as: how to allow the server to perform queries over encrypted data.
-
Efficient Secure Storage Model in RDBMS
Several database vendors already offer integrated solutions that aim to provide data privacy within existing products. Treating security and privacy issues as an afterthought often results in inefficient implementations. Some notable RDBMS storage models (such as the N-ary Storage Model) suffer from this problem. We analyze issues in storage, looking at trade-offs between security and efficiency, and then propose a secure storage model, Partition Plaintext Ciphertext (PPC), which enables efficient cryptographic operations while maintaining a high level of security.
- Principal Invesitagors (UCI)
- Graduate Student Researchers (UCI)
- Privacy and Authenticity/Integrity
-
Aggregation Queries in the
Database-As-a-Service Model
Einar Mykletun and Gene Tsudik
Data and Application Security
(DBSEC 2006), July 2006
-
Authentication of Outsourced Databases using Signature Aggregation and Chaining
Maithili Narasimha and Gene Tsudik
International Conference on Database Systems for Advanced Applications
(DASFAA 2006), Apr 2006
PDF
-
DSAC: Integrity of Outsourced Databases with Signature Aggregation and Chaining (Short Paper/Poster)
Maithili Narasimha and Gene Tsudik
ACM Conference on Information and Knowledge Management
(CIKM 2005), Nov 2005
PDF
-
Efficient Aggregation of Encrypted Data in Wireless Sensor Networks
Claude Castelluccia, Einar Mykletun and Gene Tsudik
International Conference on Mobile and Ubiquitous Systems
(MobiQuitous 2005), Jul 2005
PDF
-
Incorporating a Secure Coprocessor in the Database-as-a-Service Model
Einar Mykletun and Gene Tsudik
International Workshop on Innovative Architecture for Future Generation High Performance Processors and Systems
(IWIA 2005), Jan 2005
PDF
-
Signature Bouquets: Immutability for Aggregated/Condensed Signatures
Einar Mykletun, Maithili Narasimha and Gene Tsudik
European Symposium On Research in Computer Security
(ESORICS 2004), Sep 2004
PDF
-
A Privacy-Preserving Index for Range Queries
Bijit Hore, Sharad Mehrotra Gene Tsudik
International Conference on Very Large Databases
(VLDB 2004), Aug 2004
PDF
-
A Framework for Efficient Storage Security in RDBMS
Bala Iyer, Sharad Mehrotra, Einar Mykletun, Gene Tsudik and Yonghua Wu
International Conference on Extending Database Technology
(EDBT 2004), Mar 2004
PDF
-
Authentication and Integrity in Outsourced Databases
Einar Mykletun, Maithili Narasimha and Gene Tsudik
Network and Distributed System Security
(NDSS 2004), Feb 2004
PDF
-
Efficient Execution of Aggregation Queries over Encrypted Relational Databases
Hakan Hacigumus, Bala Iyer and Sharad Mehrotra
Database Systems for Advanced Applications
(DASFAA 2004), Mar 2004
-
Executing SQL over Encrypted Data in the Database-Service-Provider Model
Hakan Hacigumus, Bala Iyer, Chen Li and Sharad Mehrotra
ACM SIGMOD Conference on Management of Data
(SIGMOD 2002), June 2002
PDF
-
Providing Database as a Service
Hakan Hacigumus, Bala Iyer and Sharad Mehrotra
IEEE International Conference on Data Engineering
(ICDE 2002), Feb 2002
PDF
-
Querying Encrypted XML Documents
Ravi Jammalamadaka, Sharad Mehrotra
UCI Technical Report
-
Privacy and Integrity in Outsourced Databases
PDF
Distinguished invited talk at CERIAS, Purdue University, April 2004
-
A Framework for Efficient Storage Security in RDBMS
PDF
Conference presentation at EDBT 2004
-
Authentication and Integrity in Outsourced Databases
PDF
Conference presentation at NDSS 2004
|