Abstract
In the database-as-a-service model, a service provider hosts the clients’ data and allows access to the data through the Internet. Database-as-a-service model offers considerable benefits to organizations with data management needs by allowing them to outsource their data management infrastructures. Yet, the model introduces many significant challenges, in particular that of data privacy and security. Ensuring the integrity of the database, which is hosted by a service provider, is a critical and challenging problem in this context. We propose an encrypted database integrity assurance scheme, which allows the owner of the data to ensure the integrity of the database hosted at the service provider site, in addition to the security of the stored data against malicious attacks.
This work was supported in part by NSF grant CCR 0220069 and an IBM Ph.D. Fellowship.
Chapter PDF
Similar content being viewed by others
Keywords
References
AES. Advanced Encryption Standard. National Institute of Science and Technology, FIPS 197, 2001.
Mihir Bellare, Oded Goldreich, and Shafi Goldwasser. Incremental cryptography: The case of hashing and signing. Lecture Notes in Computer Science, 839:216–233, 1994.
Mihir Bellare, Oded Goldreich, and Shafi Goldwasser. Incremental cryptography and application to virus protection. In STOC, pages 45–56, 1995.
Computer Security Institute. CSI/FBI Computer Crime and Security Survey. http://www.gocsi.com, 2002.
ComputerWorld. J.P, Morgan signs outsourcing deal with IBM. Dec. 30, 2002.
ComputerWorld. Business Process Outsourcing. Jan. 01, 2001.
DES. Data Encryption Standard. FIPS PUB 46, Federal Information Processing Standards Pub., 1977.
H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra. Executing SQL over Encrypted Data in Database Service Provider Model. In Proc. of ACM SIGMOD, 2002.
H. Hacigümüş. Privacy in Database-as-a-Service Model. Ph.D. Thesis, Department of Information and Computer Science, University of California, Irvine, 2003.
H. Haclgümüş, B. Iyer, and S. Mehrotra. Encrypted Database Integrity in Database Service Provider Model. In Proc. of Certification and Security in E-Services (CSES’02), IFIP 17 th World Computer Congress, 2002.
H. Hacigümüş, B. Iyer, and S. Mehrotra. Providing Database as a Service. In Proc. of ICDE, 2002.
D. R. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
R. Rivest. The MD5 Message-Digest Algorithm. RFC 1321, 1992.
Bruce Schneier. Description of a new variable-length key, block cipher (blowfish), fast software encryption. In Cambridge Security Workshop Proceedings, 1994.
D. R. Stinson. Cryptography: Theory and Practice. CRC Press, 1995.
TPC-H. Benchmark Specification, http://www.tpc.org/tpch.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Hacigümüş, H., Iyer, B., Mehrotra, S. (2004). Ensuring the Integrity of Encrypted Databases in the Database-as-a-Service Model. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds) Data and Applications Security XVII. IFIP International Federation for Information Processing, vol 142. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8070-0_5
Download citation
DOI: https://doi.org/10.1007/1-4020-8070-0_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8069-2
Online ISBN: 978-1-4020-8070-8
eBook Packages: Springer Book Archive