Download - Authentic Publication The TRUTHSAYER Project
![Page 1: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/1.jpg)
Authentic Publication
The TRUTHSAYER Project
Chip Martel Premkumar DevanbuMichael GertzApril KwongGlen Nuckolls
Stuart Stubblebine
Department of Computer Science,University of California, Davishttp://truthsayer.cs.ucdavis.edu
![Page 2: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/2.jpg)
Databases Play a Vital Role
1)Commerce: credit card data, find goods
2)Financial: Investment sites
3)Health: treatments, doctors/credentials, drugs
4)Many more
![Page 3: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/3.jpg)
Answering queries
Data Query
Answers
Server Integrity? Correct Query processing?Performance? Reliability?
Database
User
![Page 4: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/4.jpg)
Goals
•Correct and complete answers (with assurance)
•Efficient Protocols
![Page 5: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/5.jpg)
Example Queries
• Is Credit card number 5543… Valid?
• List all Hong Kong to San Francisco flights.
• Find Digital cameras with 3-5 Mega-pixels, and cost < $200
• List all bars within one mile of HKU
![Page 6: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/6.jpg)
What is a Correct Answer?
• We assume a trusted Data Owner with the official copy of the Database: Defines the “correct answer”
![Page 7: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/7.jpg)
What is a Correct Answer?
• We assume a trusted Data Owner with the official copy of the Database: Defines the “correct answer”
• Problems with a single Data Owner: 1) May not want/be able to answer queries 2) Hard to keep online DB secure 3) Scalability
![Page 8: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/8.jpg)
Solution: Third-Party Servers
• Third party sites (Publishers) get information from the Data Owner and answer queries
• Example: Travel sites (Expedia, Travelocity, Orbitz) answer using government airline Data (FAA)
![Page 9: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/9.jpg)
Server Replication
Can ITrustThis
Server?
FAA
Orbitz
DataExpedia
Travelocity
![Page 10: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/10.jpg)
Trust Issues
• Sites have left out cheaper flights from non-preferred airlines (deliberate)
• Sites may be corrupted: outside hacker or insider
• Errors
![Page 11: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/11.jpg)
Authentic Publication: The TRUTHSAYER project.
Data + Digest of
Data
Query
Answer +Verification Object
Initially: for RDB (DBSEC 2000, Jnl. Comp. Sec.)General Model for a Variety of Data (Algorithmica, 2004)
Owner
Publisher
![Page 12: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/12.jpg)
Talk Outline
• Introduction• Background--- Merkle Trees• Range Queries (Multi-attribute Queries)
• A General Model for Authenticated Data Structures
• Conclusion
![Page 13: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/13.jpg)
Authentic Publication
1) A trusted Owner digests the Data Set, and signs it.
2) Untrusted Publishers receive the data & signature.
3) Clients submit queries to untrusted Publishers.
4) Publishers return Answers (A), and Verification Objects (A+ VO)
5) Clients use A + VO to Prove the answer is correct/complete.
Protocol is correct, and secure.
![Page 14: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/14.jpg)
Verifying answers
Protocol provides: • Correctness: Returns exact elements matching the query.
• Completeness: Returns all elements matching query.
• Security: Cheating is infeasible.• Efficiency: Overhead is low.
Recall: No signatures!!
![Page 15: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/15.jpg)
Merkle hashing a data set.
h2h1
h* (Root Hash)
• Leaves: data in some lexical order.
• One way hash function h; h1= h(d1)• Bottom-up hashing, starting with data
• Root hash value = the digest of the data set.
h(h1 ||h2) h(d1)
![Page 16: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/16.jpg)
Merkle Trees
• Classic use: prove that data value d is in the data set
• Solves: Is Credit card number 5543… Valid?
• But also can verify all items in a range: e.g. camcorders from $400 to $900
![Page 17: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/17.jpg)
Verifying a Range
To Show that q =(5,6,8) is the Answer to 4<d <10:
1 3 5 6 8 10 11 15
q
Used Lower Bound 3, Upper Bound 10 and starred hash values to compute/verify root hash.
![Page 18: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/18.jpg)
Verifying a Range
Query: 4<d <10:Answer: 5,6,8 (in practice, key + data)
1 3 5 6 8 10 11 15
q
Verification Object: [( (h(1),3), (5,6) ) ( (8,10), *) ]
![Page 19: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/19.jpg)
Authentic Publication
Merkle Tree
Hash Digest
![Page 20: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/20.jpg)
Security Property
• If the Answer and VO are correct, user accepts
![Page 21: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/21.jpg)
Security Property
• User accepts an Invalid answer only if a specific collision in h is found (provable):
h(x,y)= z in a correct VO (x,y, z are the hash values of tree nodes),
VO uses different x’, y’ with h(x’,y’)=z
![Page 22: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/22.jpg)
Good Features
• Proofs are short (size proportional to tree height and answer size).
• Use hashes, a fast cryptographic operation
• Proofs as easy to compute as finding the answer
• No secret keys: hash function and digests all are public (no insider attack once data set is digested).
![Page 23: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/23.jpg)
Extensions
• Want to handle more complex queries
• Find Digital cameras with 3-5 Mega pixels, and cost < $200
• List all bars within one mile of HKU
![Page 24: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/24.jpg)
Multi-Attribute Queries
• Model as a 2-D Range query
• Find points (x,y) with a < x < b c < y < d
(a,d) (b,d)
(a,c) (b,c)
Cost
Pixels
![Page 25: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/25.jpg)
2-Dimensional range tree
• Leaves are 2D points, or 2 attributes (cost, pixels). Sorted by x-value in X-tree
• A Y-tree for each internal node
![Page 26: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/26.jpg)
Searching a 2D-range Tree
• Find (x,y) with 4 < x <50 AND 4 < y < 10
• All in Associated Y-trees Match x-range
![Page 27: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/27.jpg)
Searching a 2D-range Tree
• Find pairs (x,y) with 4 < x <50 AND 4 < y < 10
• In X-tree: subtrees rooted at 5 and 13• Search in Associated Y-trees
![Page 28: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/28.jpg)
Searching a 2D-range Tree
• Find (x,y) with 4 < x <50 AND 4 < y < 10
• Answer: (12,5) and (23,8) AND values in 5’s Y-tree
![Page 29: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/29.jpg)
Digesting a 2D-range Tree
• Digest each Y-tree as Merkle tree
• Each internal node in the X-tree gets the hash of three values: two children and associated Y-tree value
![Page 30: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/30.jpg)
Range Trees
• Let k be the number of answers (out of n)
• Search: O(k+ log2n) time, nlogn space
• improve to O(k+ logn) time with extra
pointers (can still get a hash digest)
• VO (proof) size also O(k+logn)
• Extend to d-dimensions (d-attribute query).
Search time: O(k+log(d-1) n), VO size: same.
![Page 31: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/31.jpg)
Authenticated Data Structures
• Problem: May want to use a variety of efficient data-structures: B-trees (reduce disk access) Suffix arrays (string queries) Geometric data structures (items within one mile)
Many more
![Page 32: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/32.jpg)
Authenticated Data Structures
• Solution: General method to digest a data structure (produce a single summary hash value).
• Efficient: Proof size and construction time = search time.
• Secure: Similar security property: break only with a specific collision in h
![Page 33: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/33.jpg)
Search DAGS
• Our general setting is any data structure modeled by: A labeled Directed Acyclic Graph (DAG)
A search process that visits DAG nodes and determines which neighboring nodes to visit next (based on labels of visited nodes)
This Models a wide range of structures
![Page 34: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/34.jpg)
A Search DAG
• Search starts at the unique source node s of in-degree zero
• Digesting starts from the sinks (here u, v ): hash the associated values
s
a c
b
vu
![Page 35: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/35.jpg)
A Search DAG
• D(u): Digest of u
• Node u data : du
• D(u)= h(du)• D(v)= h(dv)
s
a c
b
vu
![Page 36: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/36.jpg)
A Search DAG
• Other Digests use data and successors
• D(c) = h(dc, D(v) )
• D(b)=h(db,D(v),D(c))
• D(s) is DAG Digest
s
a c
b
vu
![Page 37: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/37.jpg)
Verification for Search DAG
• Traditional Merkle Tree verification is Bottom up (hash path values to root)
• We use top down verification to simulate a correct search
• Owner provides search procedure P and root digest D(s)
![Page 38: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/38.jpg)
Authentic Publication
DAG, P
D(s), P
![Page 39: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/39.jpg)
Verification Object for DAG
• VO: information so User can reproduce the search (and thus verify answers)
• “Lines” of VO match steps of P:• Data of a node and successor hashes
ds, D(v1), D(v2) … (successors of s) dv1
, D(u1), D(u2), … (successors of v1)
![Page 40: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/40.jpg)
An Example Search
• Starts at s, then visits b then v
• VO: ds, D(a), D(b), D(c) (line 1)
D(s) = h(ds, D(a), D(b), D(c))So know data ds is OK.
s
a c
b
vu
![Page 41: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/41.jpg)
An Example Search
• Starts at s, process ds and decide b is next
• VO: ds, D(a), D(b), D(c) [line 1]
db, D(v), D(c) [line 2]
If D(b)=h(db,D(v),D(c))(using D(b) from line 1)
Data db is correct
s
a c
b
vu
![Page 42: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/42.jpg)
Verified Search
• The verified computation proceeds until all nodes in the actual search are visited (the VO has one line for each node visited).
• The correct answer is now returned by search procedure P.
![Page 43: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/43.jpg)
Verified Search
• The verified computation takes time proportional to the original search (visits the same nodes).
• Security Proof: shows that a User accepts the wrong answer only if a specific collision in hash function h used (e.g. D(b)=h(d’b,D’(v),D’(c))
![Page 44: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/44.jpg)
Updates
• Typically Digests are updated with work similar to the data structure’s update time (e.g. length of the search paths to updated items)
• If updates are frequent, overall scheme doesn’t work well (can use time-stamped digests)
![Page 45: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/45.jpg)
Generalizations
• Allowing multiple Owners: often want to query data collected from several owners. Can be done, but now need to trust owners and data collector.
• Privacy: VO’s may reveal information about about the data set. Methods to conceal extra data.
![Page 46: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/46.jpg)
Generalizations
• I/O efficient digests/VO’s: can use a multi-way tree to store multiple values in one disk block (still logically a binary tree for VO purposes, but stored more efficiently).
• Top-down search DAG approach may be improved for specific data-structures (e.g. 2D range trees)
![Page 47: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/47.jpg)
Generalizations
• Collections of structured data: XML documents (can answer path queries)
• Relational operations (Joins, Selection, Projection)
• Fancier Crypto operations (to reduce VO size)
![Page 48: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/48.jpg)
References
P. Devanbu, M. Gertz, C. Martel, and S.G. Stubblebine. Authentic Third PartyData Publication, 14th IFIP 11.3 Working Conf. in DB Security (DBSec 2000), Original Authentic Publication Paper
A General Model for Authenticated Data Structures, Algorithmica, 2004Many Data Structures and Search DAG ( above group and G. Nuckolls)
![Page 49: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/49.jpg)
References
Certifying Data from Multiple Sources, Proceedings of the 17th Database Security Conference, 2003
Shows how to use multiple Owners
Flexible authentication of XML documents, Journal Computer Security, 2004
![Page 50: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/50.jpg)
Survey Chapters
Li, Hadjieleftheriou, Kollios, Reyzin Authenticated Index Structures for Outsourced
Databases(Overview of area and efficiency issues)
R. Sion: Towards Secure Data Outsourcing
Both in: Michael Gertz and Sushil Jajodia (eds.): "Handbook of Database Security: Applications and Trends", Springer, 2007, to appear.
![Page 51: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/51.jpg)
A. Anagnostopoulos, M. Goodrich, R. Tamassia,
Persistent Authenticated Dictionaries and Their Applications (allows queries of
prior DB versions)
Authenticated Data Structures for Graph and Geometric Searching (fancy geometric
data structures)
![Page 52: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/52.jpg)
Pointer for more information
http://truthsayer.cs.ucdavis.edu
![Page 53: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/53.jpg)
Conclusion
• A single signed Digest, can authenticate answers to many queries
• Secure against hackers and insiders• Can handle a wide range of data structures
• Efficient protocols: fast query processing and small VO’s
![Page 54: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.us/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/54.jpg)
Future Work
• Better Update Mechanisms
• Integration of Database optimization methods
• Actual implementation (partly done by others), and evaluation