DSAC (Digital Signature Aggregation and Chaining) - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

DSAC (Digital Signature Aggregation and Chaining)

Description:

Verifying a unified signature is same as verifying signatures of each individual ... Sort tuple in increasing order of the attribute value for each dimension. ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 27
Provided by: CalSta7
Category:

less

Transcript and Presenter's Notes

Title: DSAC (Digital Signature Aggregation and Chaining)


1
DSAC(Digital Signature Aggregation and Chaining)
  • Digital Signature Aggregation Chaining
  • An approach to ensure integrity of
  • outsourced databases

2
Contents
  • Signature Aggregation Mechanisms
  • Chaining Mechanism
  • Comparison of the results with previous work

3
ODB
  • Outsourced Data Base(ODB) model Client stores
    its data at an external data base service
    provider.
  • Concern Ensure the database security integrity.

4
  • Authenticity The tuples in the result set have
    not been tampered i.e correctness.
  • Integrity No valid tuples have been omitted from
    the result set i.e completeness

5
Size of a result set VO
  • 0-n, or 2n subsets,
  • where, n is total number of tuples in the
    database.
  • Verification Object (VO) Is the result set
    including the tuples and verification signatures.

6
Merkle Hash Tree
  • Use to prove existence of an element in a set.
    For eg. prove x1 exists in the set
    yx2, x6, x1, x9
  • Constructed as binary tree where leaves are hash
    value of corresponding element.
  • Non leaf Leaf nodes
  • Root of the MHT is digitally signed using public
    key signature scheme (RSA/ DSA)

7
MHT example
8
Auth DS (Authenticated Data Structures)
  • Approach to prove correctness
  • Uses MHT to prove correctness of the result set.
  • Limitation Need to pre-compute and store a
    potentially large number of authenticated data
    structures to answer queries.
  • Completeness issue not answered

9
VB Tree Approach
  • Uses a modified MHT
  • Not only root of MHT is signed but all nodes as
    well
  • Limitation Consumes large storage space and
    increased verification time.
  • Provides proof of correctness
  • Completeness issue not answered !

10
Drawbacks
  • Overheads associated with building, storing and
    updating data structures in AuthDS and VB tree.
  • Signs each individual tuple before storing.
  • Server stores tuples along with its corresponding
    signature.
  • In response to a query, server sends both tuple
    and its signature.

11
Drawbacks(contd.)
  • Query reply set consists of thousands of
  • tuples.
  • Sending/ receiving and verifying signature of
    each tuple.
  • Expensive for the querier.

12
DSAC
  • Combines multiple individual signatures in the
    result set into a unified/ aggregated signature.
  • Verifying a unified signature is same as
    verifying signatures of each individual tuple in
    the result set.

13
Completeness
  • Includes the boundary tuples as well to ensure
    all the tuples matching the query is returned.
  • Link the tuple level signatures to form a
    signature chain.

14
Constructing signature chains
  • If h() is a hash function such as SHA,
  • denotes concatenation,
  • IPRi denotes immediate predecessor tuple along
    dimension i ,
  • l being number of searchable dimensions,
  • SK is private signing key of the data owner

15
  • then the signature of a tuple r can be computed
    as follows

16
Computing IPR of a tuple
  • Sort tuple in increasing order of the attribute
    value for each dimension.
  • IPR of a given tuple in a given dimension is a
    tuple with highest value of the attribute that is
    less than the value of that tuple.
  • Each tuple has as many IPRs as the number of
    searchable dimensions.

17
Example of signature chaining
  • Consider tuple R5

18
Completeness (contd.)
  • In this way, server answers range queries by
    releasing all matching tuples, boundary tuples as
    well as aggregated signature.
  • Signature chain proves querier that server has
    returned all tuples in the query range proving
    completeness.

19
Compleness(contd.)
  • Querier on receiving the result set
  • Verifies the values in boundary tuples are just
    beyond the query range.
  • This ensures completeness for the querier.

20
Analysis of DSAC scheme
  • We compare the DSAC scheme with other prominent
    correctness/ completeness guarantee schemes such
    as AuthDS and VB tree.

21
Query Verification Time (Naïve approach vs DSAC)
22
VO Size (Naïve approach vs DSAC approach)
23
Freshness
  • Freshness The result set in response to a query
    should be the recent snapshot of the database.
  • Prevents the server from replaying the old
    signature chains, hence freshness is part of data
    integrity concerns.

24
Conclusion
  • Developed a new approach DSAC to ensure integrity
    and authentication of the result set.
  • Completeness guaranteed, which no other works has
    been able to.
  • Experimenting and comparing the results with
    other works like AuthDS and VB tree approaches.

25
Further scope
  • How to reduce the size of the verification
    object.

26
Reference
  • DSAC An approach to ensure integrity of
    outsourced databases using signature aggregation
    and chaining
  • Authors Maithili Narasimha Gene Tsudik
  • Computer Science Department
  • University of California,
    Irvine
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "DSAC (Digital Signature Aggregation and Chaining)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!