Abstract
Integrity critical databases, such as financial data used in high-value decisions, are frequently published over the Internet. Publishers of such data must satisfy the integrity, authenticity, and non-repudiation requirements of clients. Providing this protection over public networks is costly.
This is partly because building and running secure systems is hard. In practice, large systems can not be verified to be secure and are frequently penetrated. The consequences of a system intrusion at the data publisher can be severe. This is further complicated by data and server replication to satisfy availability and scalability requirements.
We aim to reduce the trust required of the publisher of large, infrequently updated databases. To do this, we separate the roles of owner and publisher. With a few trusted digital signatures from the owner, an untrusted publisher can use techniques based on Merkle hash trees to provide authenticity and non-repudiation of the answer to a database query. We do not require a key to be held in an on-line system, thus reducing the impact of system penetrations. By allowing untrusted publishers, we also allow more scalable publication of large databases.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare. Practice-oriented Provable Security. In G. Davida E. Okamoto and M. Mambo (eds.), Proceedings of First International Workshop on Information Security (ISW 97), LNCS 1396, Springer Verlag, 1997.
C.J. Date. An Introduction to Database Systems, Addison-Wesley, 1999.
P. Devanbu and S.G. Stubblebine. Software Engineering for Security: a roadmap. In The Future of Software Engineering, Special volume published in conjunction with ICSE 2000, ACM Press, 2000.
P. Devanbu, M. Gertz, C. Martel, and S.G¿ Stubblebine. Authentic Third-party Data Publication. Technical Report, www.db.cs.ucdavis.edu/publications/DGM00.ps, 2000.
M. D. Berg, M. V. Kreveld, M. Overmars and O. Schwarzkopf. Computational Geometry. Springer-Verlag, New York, 2000.
R.C. Merkle. A Certified Digital Signature. In Advances in Cryptology (Crypto’ 89), LNCS Vol. 435, Springer Verlag, 218–238, 1989.
M. Naor, K. Nissim. Certificate Revocation and Certificate Update. Proceedings of the 7th USENIX Security Symposium, 1998.
A. Silberschatz, H. Korth, S. Sudarshan. Database System Concepts, (3rd edition), McGraw-Hill, 1997.
S. G. Stubblebine. Recent-secure authentication: Enforcing Revocations in distributed systems. IEEE Computer Society Symp. on Security and Privacy, 1995.
J. D. Tygar Open Problems in Electronic Commerce. In Proc. SIGACTSIGMOD-SIGART Symp. on Principles of Database Systems, ACM, 101, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Kluwer Academic Publishers
About this chapter
Cite this chapter
Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.G. (2002). Authentic Third-Party Data Publication. In: Thuraisingham, B., van de Riet, R., Dittrich, K.R., Tari, Z. (eds) Data and Application Security. IFIP International Federation for Information Processing, vol 73. Springer, Boston, MA. https://doi.org/10.1007/0-306-47008-X_9
Download citation
DOI: https://doi.org/10.1007/0-306-47008-X_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7514-2
Online ISBN: 978-0-306-47008-0
eBook Packages: Springer Book Archive