authentic publication the truthsayer project
DESCRIPTION
Authentic Publication The TRUTHSAYER Project. Chip Martel Premkumar Devanbu Michael Gertz April Kwong Glen Nuckolls Stuart Stubblebine Department of Computer Science, University of California, Davis http://truthsayer.cs.ucdavis.edu. Databases Play a Vital Role. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/1.jpg)
Authentic Publication
The TRUTHSAYER Project
Chip Martel Premkumar DevanbuMichael GertzApril KwongGlen Nuckolls
Stuart Stubblebine
Department of Computer Science,University of California, Davishttp://truthsayer.cs.ucdavis.edu
![Page 2: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/2.jpg)
Databases Play a Vital Role
1)Commerce: credit card data, find goods
2)Financial: Investment sites
3)Health: treatments, doctors/credentials, drugs
4)Many more
![Page 3: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/3.jpg)
Answering queries
Data Query
Answers
Server Integrity? Correct Query processing?Performance? Reliability?
Database
User
![Page 4: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/4.jpg)
Goals
•Correct and complete answers (with assurance)
•Efficient Protocols
![Page 5: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/5.jpg)
Example Queries
• Is Credit card number 5543… Valid?
• List all Hong Kong to San Francisco flights.
• Find Digital cameras with 3-5 Mega-pixels, and cost < $200
• List all bars within one mile of HKU
![Page 6: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/6.jpg)
What is a Correct Answer?
• We assume a trusted Data Owner with the official copy of the Database: Defines the “correct answer”
![Page 7: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/7.jpg)
What is a Correct Answer?
• We assume a trusted Data Owner with the official copy of the Database: Defines the “correct answer”
• Problems with a single Data Owner: 1) May not want/be able to answer queries 2) Hard to keep online DB secure 3) Scalability
![Page 8: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/8.jpg)
Solution: Third-Party Servers
• Third party sites (Publishers) get information from the Data Owner and answer queries
• Example: Travel sites (Expedia, Travelocity, Orbitz) answer using government airline Data (FAA)
![Page 9: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/9.jpg)
Server Replication
Can ITrustThis
Server?
FAA
Orbitz
DataExpedia
Travelocity
![Page 10: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/10.jpg)
Trust Issues
• Sites have left out cheaper flights from non-preferred airlines (deliberate)
• Sites may be corrupted: outside hacker or insider
• Errors
![Page 11: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/11.jpg)
Authentic Publication: The TRUTHSAYER project.
Data + Digest of
Data
Query
Answer +Verification Object
Initially: for RDB (DBSEC 2000, Jnl. Comp. Sec.)General Model for a Variety of Data (Algorithmica, 2004)
Owner
Publisher
![Page 12: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/12.jpg)
Talk Outline
• Introduction• Background--- Merkle Trees• Range Queries (Multi-attribute Queries)
• A General Model for Authenticated Data Structures
• Conclusion
![Page 13: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/13.jpg)
Authentic Publication
1) A trusted Owner digests the Data Set, and signs it.
2) Untrusted Publishers receive the data & signature.
3) Clients submit queries to untrusted Publishers.
4) Publishers return Answers (A), and Verification Objects (A+ VO)
5) Clients use A + VO to Prove the answer is correct/complete.
Protocol is correct, and secure.
![Page 14: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/14.jpg)
Verifying answers
Protocol provides: • Correctness: Returns exact elements matching the query.
• Completeness: Returns all elements matching query.
• Security: Cheating is infeasible.• Efficiency: Overhead is low.
Recall: No signatures!!
![Page 15: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/15.jpg)
Merkle hashing a data set.
h2h1
h* (Root Hash)
• Leaves: data in some lexical order.
• One way hash function h; h1= h(d1)• Bottom-up hashing, starting with data
• Root hash value = the digest of the data set.
h(h1 ||h2) h(d1)
![Page 16: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/16.jpg)
Merkle Trees
• Classic use: prove that data value d is in the data set
• Solves: Is Credit card number 5543… Valid?
• But also can verify all items in a range: e.g. camcorders from $400 to $900
![Page 17: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/17.jpg)
Verifying a Range
To Show that q =(5,6,8) is the Answer to 4<d <10:
1 3 5 6 8 10 11 15
q
Used Lower Bound 3, Upper Bound 10 and starred hash values to compute/verify root hash.
![Page 18: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/18.jpg)
Verifying a Range
Query: 4<d <10:Answer: 5,6,8 (in practice, key + data)
1 3 5 6 8 10 11 15
q
Verification Object: [( (h(1),3), (5,6) ) ( (8,10), *) ]
![Page 19: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/19.jpg)
Authentic Publication
Merkle Tree
Hash Digest
![Page 20: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/20.jpg)
Security Property
• If the Answer and VO are correct, user accepts
![Page 21: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/21.jpg)
Security Property
• User accepts an Invalid answer only if a specific collision in h is found (provable):
h(x,y)= z in a correct VO (x,y, z are the hash values of tree nodes),
VO uses different x’, y’ with h(x’,y’)=z
![Page 22: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/22.jpg)
Good Features
• Proofs are short (size proportional to tree height and answer size).
• Use hashes, a fast cryptographic operation
• Proofs as easy to compute as finding the answer
• No secret keys: hash function and digests all are public (no insider attack once data set is digested).
![Page 23: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/23.jpg)
Extensions
• Want to handle more complex queries
• Find Digital cameras with 3-5 Mega pixels, and cost < $200
• List all bars within one mile of HKU
![Page 24: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/24.jpg)
Multi-Attribute Queries
• Model as a 2-D Range query
• Find points (x,y) with a < x < b c < y < d
(a,d) (b,d)
(a,c) (b,c)
Cost
Pixels
![Page 25: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/25.jpg)
2-Dimensional range tree
• Leaves are 2D points, or 2 attributes (cost, pixels). Sorted by x-value in X-tree
• A Y-tree for each internal node
![Page 26: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/26.jpg)
Searching a 2D-range Tree
• Find (x,y) with 4 < x <50 AND 4 < y < 10
• All in Associated Y-trees Match x-range
![Page 27: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/27.jpg)
Searching a 2D-range Tree
• Find pairs (x,y) with 4 < x <50 AND 4 < y < 10
• In X-tree: subtrees rooted at 5 and 13• Search in Associated Y-trees
![Page 28: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/28.jpg)
Searching a 2D-range Tree
• Find (x,y) with 4 < x <50 AND 4 < y < 10
• Answer: (12,5) and (23,8) AND values in 5’s Y-tree
![Page 29: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/29.jpg)
Digesting a 2D-range Tree
• Digest each Y-tree as Merkle tree
• Each internal node in the X-tree gets the hash of three values: two children and associated Y-tree value
![Page 30: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/30.jpg)
Range Trees
• Let k be the number of answers (out of n)
• Search: O(k+ log2n) time, nlogn space
• improve to O(k+ logn) time with extra
pointers (can still get a hash digest)
• VO (proof) size also O(k+logn)
• Extend to d-dimensions (d-attribute query).
Search time: O(k+log(d-1) n), VO size: same.
![Page 31: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/31.jpg)
Authenticated Data Structures
• Problem: May want to use a variety of efficient data-structures: B-trees (reduce disk access) Suffix arrays (string queries) Geometric data structures (items within one mile)
Many more
![Page 32: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/32.jpg)
Authenticated Data Structures
• Solution: General method to digest a data structure (produce a single summary hash value).
• Efficient: Proof size and construction time = search time.
• Secure: Similar security property: break only with a specific collision in h
![Page 33: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/33.jpg)
Search DAGS
• Our general setting is any data structure modeled by: A labeled Directed Acyclic Graph (DAG)
A search process that visits DAG nodes and determines which neighboring nodes to visit next (based on labels of visited nodes)
This Models a wide range of structures
![Page 34: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/34.jpg)
A Search DAG
• Search starts at the unique source node s of in-degree zero
• Digesting starts from the sinks (here u, v ): hash the associated values
s
a c
b
vu
![Page 35: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/35.jpg)
A Search DAG
• D(u): Digest of u
• Node u data : du
• D(u)= h(du)• D(v)= h(dv)
s
a c
b
vu
![Page 36: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/36.jpg)
A Search DAG
• Other Digests use data and successors
• D(c) = h(dc, D(v) )
• D(b)=h(db,D(v),D(c))
• D(s) is DAG Digest
s
a c
b
vu
![Page 37: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/37.jpg)
Verification for Search DAG
• Traditional Merkle Tree verification is Bottom up (hash path values to root)
• We use top down verification to simulate a correct search
• Owner provides search procedure P and root digest D(s)
![Page 38: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/38.jpg)
Authentic Publication
DAG, P
D(s), P
![Page 39: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/39.jpg)
Verification Object for DAG
• VO: information so User can reproduce the search (and thus verify answers)
• “Lines” of VO match steps of P:• Data of a node and successor hashes
ds, D(v1), D(v2) … (successors of s) dv1
, D(u1), D(u2), … (successors of v1)
![Page 40: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/40.jpg)
An Example Search
• Starts at s, then visits b then v
• VO: ds, D(a), D(b), D(c) (line 1)
D(s) = h(ds, D(a), D(b), D(c))So know data ds is OK.
s
a c
b
vu
![Page 41: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/41.jpg)
An Example Search
• Starts at s, process ds and decide b is next
• VO: ds, D(a), D(b), D(c) [line 1]
db, D(v), D(c) [line 2]
If D(b)=h(db,D(v),D(c))(using D(b) from line 1)
Data db is correct
s
a c
b
vu
![Page 42: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/42.jpg)
Verified Search
• The verified computation proceeds until all nodes in the actual search are visited (the VO has one line for each node visited).
• The correct answer is now returned by search procedure P.
![Page 43: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/43.jpg)
Verified Search
• The verified computation takes time proportional to the original search (visits the same nodes).
• Security Proof: shows that a User accepts the wrong answer only if a specific collision in hash function h used (e.g. D(b)=h(d’b,D’(v),D’(c))
![Page 44: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/44.jpg)
Updates
• Typically Digests are updated with work similar to the data structure’s update time (e.g. length of the search paths to updated items)
• If updates are frequent, overall scheme doesn’t work well (can use time-stamped digests)
![Page 45: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/45.jpg)
Generalizations
• Allowing multiple Owners: often want to query data collected from several owners. Can be done, but now need to trust owners and data collector.
• Privacy: VO’s may reveal information about about the data set. Methods to conceal extra data.
![Page 46: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/46.jpg)
Generalizations
• I/O efficient digests/VO’s: can use a multi-way tree to store multiple values in one disk block (still logically a binary tree for VO purposes, but stored more efficiently).
• Top-down search DAG approach may be improved for specific data-structures (e.g. 2D range trees)
![Page 47: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/47.jpg)
Generalizations
• Collections of structured data: XML documents (can answer path queries)
• Relational operations (Joins, Selection, Projection)
• Fancier Crypto operations (to reduce VO size)
![Page 48: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/48.jpg)
References
P. Devanbu, M. Gertz, C. Martel, and S.G. Stubblebine. Authentic Third PartyData Publication, 14th IFIP 11.3 Working Conf. in DB Security (DBSec 2000), Original Authentic Publication Paper
A General Model for Authenticated Data Structures, Algorithmica, 2004Many Data Structures and Search DAG ( above group and G. Nuckolls)
![Page 49: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/49.jpg)
References
Certifying Data from Multiple Sources, Proceedings of the 17th Database Security Conference, 2003
Shows how to use multiple Owners
Flexible authentication of XML documents, Journal Computer Security, 2004
![Page 50: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/50.jpg)
Survey Chapters
Li, Hadjieleftheriou, Kollios, Reyzin Authenticated Index Structures for Outsourced
Databases(Overview of area and efficiency issues)
R. Sion: Towards Secure Data Outsourcing
Both in: Michael Gertz and Sushil Jajodia (eds.): "Handbook of Database Security: Applications and Trends", Springer, 2007, to appear.
![Page 51: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/51.jpg)
A. Anagnostopoulos, M. Goodrich, R. Tamassia,
Persistent Authenticated Dictionaries and Their Applications (allows queries of
prior DB versions)
Authenticated Data Structures for Graph and Geometric Searching (fancy geometric
data structures)
![Page 52: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/52.jpg)
Pointer for more information
http://truthsayer.cs.ucdavis.edu
![Page 53: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/53.jpg)
Conclusion
• A single signed Digest, can authenticate answers to many queries
• Secure against hackers and insiders• Can handle a wide range of data structures
• Efficient protocols: fast query processing and small VO’s
![Page 54: Authentic Publication The TRUTHSAYER Project](https://reader036.vdocuments.site/reader036/viewer/2022062520/56815da9550346895dcbd894/html5/thumbnails/54.jpg)
Future Work
• Better Update Mechanisms
• Integration of Database optimization methods
• Actual implementation (partly done by others), and evaluation