WO2007136346A1 - Method and system for providing a query result in response to a database query - Google Patents

Method and system for providing a query result in response to a database query Download PDF

Info

Publication number
WO2007136346A1
WO2007136346A1 PCT/SG2006/000126 SG2006000126W WO2007136346A1 WO 2007136346 A1 WO2007136346 A1 WO 2007136346A1 SG 2006000126 W SG2006000126 W SG 2006000126W WO 2007136346 A1 WO2007136346 A1 WO 2007136346A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
digest
real
data entry
digest value
Prior art date
Application number
PCT/SG2006/000126
Other languages
French (fr)
Inventor
Chun Yong Chua
Yong Dong Wu
Lakshminarayanan Anantharaman
Original Assignee
Agency For Science, Technology And Research
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agency For Science, Technology And Research filed Critical Agency For Science, Technology And Research
Priority to PCT/SG2006/000126 priority Critical patent/WO2007136346A1/en
Publication of WO2007136346A1 publication Critical patent/WO2007136346A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Definitions

  • the present invention relates broadly to a method and system for providing a query result in response to a database query, a method of manipulating data in a database for deposition of the database with a publisher processor unit, to a method of verifying a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k, and to respective data storage media for instructing a computer system to execute the respective methods.
  • Databases are often hosted in an insecure environment (e.g., the Internet), where they are susceptible to attacks which can compromise the databases integrity. Even in a protected environment (e.g., in a corporate LAN), exclusion from insider attacks may not be guaranteed.
  • an insecure environment e.g., the Internet
  • a protected environment e.g., in a corporate LAN
  • exclusion from insider attacks may not be guaranteed.
  • the problem is compounded as the owner delegates the task of satisfying user queries to a third-party publisher.
  • the publisher servers outside of the owner's administrative domain, and in fact the publisher servers may reside on poorly secured platforms, the query results that the publisher servers generate cannot be accepted at face value, especially where they are used as the basis for making critical decisions.
  • a method of providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k i.e. ⁇ ⁇ k ⁇ ⁇
  • the method comprising the steps of sorting real data entries ⁇ in the database by ⁇ .k, creating a lower bound data entry r 0 having a value of r 0 .k lower than any of the r. ; creating an upper bound data entry r n+ , having a value of r ⁇ +1 .k higher than any of the ⁇ ; creating a signature for each r.
  • the query result including matched real data entries [r a ,...,r b ] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values; wherein the left digest value comprises a hash function of the real or bound data entry r ⁇ _, having the next lower value for k compared to r a , and the right digest value comprises a hash function of the real or bound data entry r b+l having the next higher value for k compared to r b .
  • the digest values of the real or bound data entries may be based on attribute values of the respective real or bound data entry and a random value attribute assigned to each real or bound data entry.
  • the left digest value comprises h a ⁇ r °- ] ! ⁇ (r a _ ⁇ )
  • the right digest value comprises h rMjc ⁇ ⁇ r b +1 )
  • the method may further comprise verifying the query result, the verifying comprising the steps of hashing the digest left value by (r ⁇ ir- ⁇ ) times; hashing the digest right value by ( ⁇ - r b .k) times; and verifying the signatures provided utilising a public key.
  • the method may further comprise creating a unique shadow data entry t t for each pair of consecutive real data entries (r. , r i+l ), each t t having a value of t r k, with ⁇ .k ⁇ t t .k ⁇ r M .k, and creating a signature for each t.
  • the method further comprises selecting the shadow data entry t j , where ⁇ - j .k ⁇ a, ⁇ ⁇ r J+v k , and returning the query result including the signature sig(t j ) ; if a ⁇ t j k , the left digest value equal to h a ⁇ rj k (r j ) , else the left digest value comprising h tj k ⁇ rj k (T J ) ; if ⁇ > t j k , the right digest value equal to h rj+> k ⁇ (r J+l ) , else the right digest value equal to h rj+l k ⁇ tj
  • the method may further comprise verifying the query result, the verifying comprising the steps of if t j k > a , hashing the left digest value by (t j k -a) times, else using the left digest value provided; if t j .k ⁇ ⁇ , hashing the right digest value by ( ⁇ -t j Jc) times, else using the right digest value provided; and verify the signature provided utilising a public key.
  • the method may further comprise re-writing a given query condition in the form of the database query associated with the range ( ⁇ , ⁇ ) of the attribute k.
  • a system for providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k comprising a first processor unit for sorting real data entries r. in the database by r..k, for creating a lower bound data entry r 0 having a value of r 0 .k lower than any of the ⁇ , for creating an upper bound data entry r ⁇ +1 having a value of r ⁇ +1 .k higher than any of the ⁇ , and for creating a signature for each r t based on a digest value of said each r.
  • a second processor unit for providing the query result including matched real data entries [r a ,...,r b ] sorted in ascending order by k, the ' signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or bound data entry r a _ ⁇ having the next lower value for k compared to r a , and the right digest value comprises a hash function of the real or bound data entry r 6+1 having the next higher value for k compared to r b .
  • the digest values of the real or bound data entries may be based on attribute values of the respective real or bound data entry and a random value attribute assigned to each real or bound data entry.
  • the left digest value comprises h a ⁇ r - i k ⁇ i ⁇ )
  • the right digest value comprises h rh *' k ⁇ (r M )
  • the system may further comprise a third processor unit for verifying the query result, the verifying comprising the steps of hashing the digest left value by (r a .k- a) Wmes; hashing the digest right value by ( ⁇ -r b .k) times; and verifying the signatures provided utilising a public key.
  • the first processor unit may create a unique shadow data entry t t for each pair of consecutive real data entries (r t , r M ), each t t having a value of t..k, with ⁇ .k ⁇ t. .k ⁇ r M .k, and creates a signature for each t n where slg(t,) I t r k I h**++*(r M ))) .
  • the second processor unit may select the shadow data entry t J ⁇ where r s .k ⁇ a, ⁇ ⁇ r J+ ⁇ .k , and returns the query result including the signature sig(t j ) ; ⁇ f a ⁇ t j .k , the left digest value equal to h a ⁇ rj k (r j ) , else the left digest value comprising h Cj k ⁇ rj k (r j ) ⁇ ⁇ 1 ⁇ > t ⁇ .k , the right digest value equal to h rj ⁇ (r J+1 ) , else the right digest value equal to h rj+yk ⁇ tj k (r j ) .
  • the system may further comprising a third processor unit for verifying the query result, the verifying comprising the steps of if t j .k > a , hashing the left digest value by (t j .k-a) times, else using the left digest value provided; if t j .k ⁇ ⁇ , hashing the right digest value by ( ⁇ -t j .k) times, else using the right digest value provided; and verify the signature provided utilising a public key.
  • the second processor unit may re-write a given query condition in the form of the database query associated with the range (a, ⁇ ) of the attribute k for use by the respective processor units.
  • a method of manipulating data in a database for deposition of the database with a publisher processor unit comprising the steps of sorting real data entries r. in the database by r ⁇ .k, where k is an attribute; creating a lower bound data entry r 0 having a value of r 0 .k lower than any of the r. ; creating an upper bound data entry r ⁇ +I having a value of r n+l .k higher than any of the ⁇ ; and creating a signature for each ⁇ based on a digest value of said each r. and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each ⁇ and the next higher value for k compared to r t respectively.
  • the method may further comprise creating a unique shadow data entry t t for each pair of consecutive real data entries (r ⁇ r f+1 ), each t t having a value of t t .k, with r..k ⁇ t t .k ⁇ r M .k, and creating a signature for each t, .
  • a method of providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k comprising the steps of providing matched real data entries [r a ,...,r b ] sorted in ascending order by k, providing signatures for said matched real data entries, and providing left and right digest values; wherein the left digest value comprises a hash function of the real or a first bound data entry r a _ ⁇ having the next lower value for k compared to r a , and the right digest value comprises a hash function of the real or a second bound data entry r b ⁇ having the next higher value for k compared to r b .
  • the method may comprise selecting a shadow data entry t s , where r j .k ⁇ a, ⁇ ⁇ r J+ ⁇ .k , and returning the query result including a signature sig(t j ) ; if a ⁇ t j .k, the left digest value equal to h a ⁇ rj k (r j ), else the left digest value comprising h tj k ⁇ rj k ⁇ r j ) ⁇ if ⁇ > t s .k , the right digest value equal to h r ' +lJc ⁇ (r y+1 ) , else the right digest value equal to h rj "- k ⁇ tj - k ⁇ T J ) .
  • a method of verifying a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k comprising the steps of receiving the query result including matched real data entries [r a ,...,r b ] sorted in ascending order by k, signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or a first bound data entry r a _ x having the next lower value for k compared to r a , and the right digest value comprises a hash function of the real or a second bound data entry r b+l having the next higher value for k compared to r b ; hashing the digest left value; hashing the digest right value; and verifying the signatures provided utilising a public key.
  • the query result may include a signature sig ⁇ t d ) , where t j is a shadow data entry with r j .k ⁇ a, ⁇ ⁇ r J+ ⁇ .k ; if a ⁇ t j .k, the left digest value equal to h a ⁇ rj k ⁇ r j ) , else the left digest value comprising h' j k ⁇ rj k (r j ) ; if /7 > t j k , the right digest value equal to h rj+ ⁇ k ⁇ (r J+l ) , else the right digest value equal to h rj * l ' k ⁇ tj k ⁇ r s ) ; and the method comprises, if t j Jc > a , hashing the left digest value by (t j Jc-a) times, else using the left digest value provided; if t j .k
  • a data storage medium having stored thereon computer code means for instructing a computer system to execute a method of providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k, the method comprising the steps of sorting real data entries ⁇ in the database by r..k, creating a lower bound data entry r 0 having a value of r o .k lower than any of the i ⁇ , creating an upper bound data entry r n+I having a value of r ⁇ +1 .k higher than any of the r. ; creating a signature for each r. based on a digest value of said each r.
  • the left digest value comprises a hash function of the real or bound data entry r ⁇ _, having the next lower value for k compared to r a
  • the right digest value comprises a hash function of the real or bound data entry r b+l having the next higher value for k compared to r b .
  • a data storage medium having stored thereon computer code means for instructing a computer system to execute a method of manipulating data in a database for deposition of the database with a publisher processor unit, the method comprising the steps of sorting real data entries /;. in the database by r..k, where k is an attribute; creating a lower bound data entry r 0 having a value of r 0 .k lower than any of the /;. ; creating an upper bound data entry /; +1 having a value of r n+l .k higher than any of the r. ; and creating a signature for each r.
  • a data storage medium having stored thereon computer code means for instructing a computer system to execute a method of providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k, the method comprising the steps of providing matched real data entries [r a ,...,r b ] sorted in ascending order by k, providing signatures for said matched real data entries, and providing left and right digest values; wherein the left digest value comprises a hash function of the real or a first bound data entry r a _ x having the next lower value for k compared to r a , and the right digest value comprises a hash function of the real or a second bound data entry r
  • a data storage medium having stored thereon computer code means for instructing a computer system to execute a method of verifying a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k, the method comprising the steps of receiving the query result including matched real data entries [r a ,..., r b ] sorted in ascending order by k, signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or a first bound data entry r a _ ⁇ having the next lower value for k compared to r a , and the right digest value comprises a hash function of the real or a second bound data entry r b+l having the next higher value for k compared to /y, hashing the digest left value by (r a .k-a) times; hashing the digest right value by ( ⁇ - r b .
  • Figure 1 is a schematic drawings illustrating a system 100 for providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k.
  • Figure 2 is a schematic diagram illustrating a computer system for implementing components of the method and system of Figure 1.
  • Figure 3 shows a flow chart illustrating a method of providing a query result in response to a database query associated with a range ⁇ , ⁇ of an attribute k.
  • Figure 4 shows a flow chart illustrating a method of manipulating data in a database for deposition of the database with a publisher processor unit.
  • Figure 5 shows a flow chart illustrating a method of providing a query result in response to a database query associated with a range ⁇ , ⁇ of an attribute k.
  • Figure 6 shows a flow chart illustrating a method of verifying a query result in response to a database query associated with a range ⁇ , ⁇ of an attribute k.
  • the embodiment described can provide a method and system for verifying the authenticity and completeness of query results produced by untrusted third-party publishers, that avoid releasing unqualified records to users by employing the used of hash iteration to embed attribute values of records into the signature of neighbouring records.
  • the described embodiment is further secured against dictionary attacks, and can yield better performance compared with existing techniques.
  • the following terms are briefly defined for clarity. However, the given definitions are not intended to limit the scope of the present invention, but rather are intended only for better clarity of the description of the example embodiment.
  • Owner Refers to the creator of the relational data. Note that the owner must be trusted by the user since an attempt on his part to generate incorrect data cannot be detected by the user.
  • Third-party publisher A third-party who has been delegated the task to handle user queries. Our scheme removes the need for the publisher to be a party trusted by the user. Any attempt on his part to generate incorrect answer will be detected by the user. On the other hand, the publisher can also be a trusted party (can even be the owner himself). In this case, our scheme would help guard against attempts by adversaries to comprise the system or intercept and alter the answer generated by the publisher before the answer reaches the user.
  • Figure 1 is a schematic drawings illustrating a system 100 for providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k.
  • the system comprises an owner processor unit 102 coupled to a database 101 for sorting real data entries r. in the database 101 by ⁇ .k, for creating a lower bound data entry r 0 having a value of r o .k lower than any of the ⁇ , for creating an upper bound data entry r n+l having a value of r n+ , .k higher than any of the r. , and for creating a signature for each ⁇ based on a digest value of said each r.
  • the sorted real data entries r. in the database 101 together with the lower and upper bound data entries r 0 , r n+l and with the signatures for each /;. are deposited in a database 105 coupled to a publisher processor unit 104 in a one-time process as part of a data publishing arrangement between the owner and the publisher.
  • the publisher processor unit 104 provides the query results in response to a query received from a user utilising a user processor unit 106.
  • Each query result includes matched real data entries [r a ,...,r b ] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function h ⁇ r "- i k ⁇ r ⁇ _ x ) of the real or bound data entry r ⁇ _ x having the next lower value for k compared to r a , and the right digest value comprises a hash function h rM k ⁇ ⁇ r M ) of the real or bound data entry r M having the next higher value for k compared to r b .
  • the user processor unit 106 verifies the query result.
  • the verifying comprises the steps of hashing the digest left value by (r ⁇ .k - ⁇ ) times; hashing the digest right value by ( ⁇ - r b .Ic) times; and verifying the signatures provided utilising a public key of the owner.
  • the processor units 102, 104, 106 are each connected to the Internet 108, and implemented as web-based application programs.
  • the processor units 102, 104, and 106 can each be implemented on a computer system 200, schematically shown in Figure 2. They may be implemented as software, such as a computer program being executed within the computer system 200, and instructing the computer system 200 to conduct the described steps.
  • the computer system 200 comprises a computer module 202, input modules such as a keyboard 204 and mouse 306 and a plurality of output devices such as a display 208, and printer 210.
  • the computer module 202 is connected to a computer network 212 via a suitable transceiver device 214, to enable access to e.g. the Internet or other network systems such as Local Area Network (LAN) or Wide Area Network (WAN).
  • LAN Local Area Network
  • WAN Wide Area Network
  • the computer module 202 in the example includes a processor 218, a Random Access Memory (RAM) 220 and a Read Only Memory (ROM) 222.
  • the computer module 202 also includes a number of Input/Output (I/O) interfaces, for example I/O interface 224 to the display 208, and I/O interface 226 to the keyboard
  • the components of the computer module 202 typically communicate via an interconnected bus 228 and in a manner known to the person skilled in the relevant art.
  • the application program is typically supplied to the user of the computer system 200 encoded on a data storage medium such as a CD-ROM or flash memory carrier and read utilising a corresponding data storage medium drive of a data storage device 230.
  • the application program is read and controlled in its execution by the processor 218.
  • Intermediate storage of program data maybe accomplished using RAM 220.
  • An owner has a set of n records ⁇ - [r p ..., ⁇ , r M , ..., r ⁇ ] sorted in order of ascending k values, i.e., r r k ⁇ r M .k, where k is an arbitrary record attribute with an exclusive lower bound L and upper bound U , i.e., L ⁇ k ⁇ U .
  • a user issues a query for all the records whose k values lie between a and ⁇ , i.e., a ⁇ k ⁇ ⁇ .
  • the untrusted publisher with whom the owner would have deposited the set of n records and who generates the query answer on behalf of the owner, needs to prove to the user that ⁇ ' is authentic and complete without exposing records before r a and after r b .
  • Table 1 ⁇ The data in Table 1 ⁇ is used to denote a record set which contains information of
  • An example query is for the list of employees whose salary ( k ) is greater than 1500 ⁇ a ) but less than 5500 (/? ).
  • the publisher should prove to the user that ⁇ x is authentic and complete without exposing any information about r, and r 6 .
  • the owner prior to depositing the data with the publisher for query processing, the owner generates a set of signatures for ⁇ utilising an application program executed on the owner processor unit 102 (Figure 1) in the following manner: • First, the owner defines the values for L and U based on the domain of k . These two values are made known to the publisher and the user. • Next, the owner creates two boundary records r 0 and r ⁇ +1 , whose k values are L and U respectively, and inserts them into ⁇ to obtain [r 0 , r x , ..., r n , r n+l ] . The purpose of this is to simplify the process of generating the signatures. • The owner then creates a signature for each record (except for the boundary records) using the following equation:
  • the publisher generates query answer ⁇ ' and correctness proof from ⁇ and S respectively.
  • the owner makes available his public key to the user through a secure channel. This can be an offline process.
  • the public key shall be used by the user to verify the authenticity of the records and correctness returned by the publisher.
  • Table 2 shows the corresponding signatures of the records.
  • Each signature is a function of its corresponding record, and its immediately preceding and following records.
  • sig(r 4 ) s(A(A 7OO (r 3 )
  • 700 reflects the difference between the salary values of r 3 and r 4 while 1200 reflects that of r 4 and r 5 . This is synonymous to saying that the salary of previous record is 700 less that than of r 4 and the salary of the next record is 1200 more than that of r 4 .
  • Signature subset 5" [sig(r a ), ..., sig(r b )] ,
  • Signature subset 6 [sig(r 2 ), sig(rj, sig(r 4 ), sig(r 5 )]
  • the publisher needs to generate a valid signature sig ⁇ r s ) based on (r 3 , r s , r 4 ) .
  • the publisher needs to generate valid signatures for r 3 and r 4 based on (r 2 , r 3 , r s ) and (r s , r A , r 5 ) respectively. Without the owner's secret key, it is computationally infeasible for him to do so.
  • Signature sig ⁇ r ⁇ is a function of the record r t , the preceding record r M and trailing record r i+l , when the records are sorted in ascending order of k values.
  • digest left h a ⁇ r ⁇ - ⁇ k (r a _ x ) .
  • the user can derive the required component by hashing left (r a k - a) times. If sig(r a ) is verified to be correct, the user is sure that h r ° k ⁇ r °- ⁇ k ⁇ r a _ ⁇ ) is derived correctly. While the user does not know the exact value of r a _ v k , he is sure that r a k - r ⁇ _, k ⁇ r a k- a and hence r a _ x k ⁇ a .
  • the publisher cannot disclose r v salary to the user. But if the publisher can prove that r v salary is less than r 2 salary by at least 600, then that is sufficient.
  • a 1+1 Oc) • Given left A 70 V 1 ) , the user is not able to derive A 69 V 1 ) , A 69 V 1 ) AV 1 ) . Furthermore, the user does not know where is the start of the chain, i.e., he does not know if he has obtained AV 1 ) .
  • the user can generate components h rb k ⁇ rb - vk (r b _ x ) and h°(r b ) from r w and r b , which are returned as part of ⁇
  • the publisher could return r M .
  • digest right h rbM k ⁇ (r M ) .
  • the user can derive the required component by hashing right ( ⁇ - r b .k) times. If sig(r b ) is verified to be correct, the user is sure that h rM k ⁇ rb k (r M ) is derived correctly. While the user does not know the exact value of r M .k , he is sure that r M .k - r b .k ⁇ ⁇ - r b .k and hence r M .k ⁇ ⁇ .
  • the user is sure that the records in ⁇ ' are authentic.
  • the user is also sure that ⁇ x occupies a contiguous range in ⁇ .
  • the user does not know the exact values of r a _ x k and r M .k , the user is sure that both values do not satisfy the query condition (i.e., a ⁇ k ⁇ ⁇ ). Hence, the user can conclude that the answer is both authentic and complete.
  • A°(r ( .) refers to the digest value of /;..
  • the present disclosure is not limited to a particular digest (hash) function. However, it may be desirable to take into consideration the structure of the data set when deciding on which digest function to use. In the following, examples of data sets and digest functions will be described, together with respective characteristics in terms of vulnerability to dictionary attacks.
  • a V) h(r r name ⁇ ⁇ jsalary) ,
  • the user can try to find out r a _ v name and r a _ v salary by generating h a ⁇ x ⁇ Alice ⁇ x) and h a ⁇ x ⁇ Felix
  • the one that tallies with left will be the correct values of r a _, .
  • Example shadow records ⁇ for the data set of Table 2 is shown in Table 4.
  • the user verifies t j against sigif j ) . To do so, the user
  • the user generates the following:
  • Figure 3 shows a flow chart 300 illustrating a method of providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k.
  • real data entries r t are sorted in the database by r ( ..k.
  • a lower bound data entry r 0 is created having a value of r o .k lower than any of the r..
  • an upper bound data entry r n+1 is created having a value of r n+1 .k higher than any of the ⁇ .
  • a signature is created for each r t based on a digest value of said each r. and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each r. and the next higher value for k compared to ⁇ respectively.
  • the query result is provided including matched real data entries
  • the left digest value comprises a hash function of the real or bound data entry r ⁇ _, having the next lower value for k compared to r a
  • the right digest value comprises a hash function of the real or bound data entry r b+x having the next higher value for k compared to r b .
  • Figure 4 shows a flow chart 400 illustrating a method of manipulating data in a database for deposition of the database with a publisher processor unit.
  • real data entries r ( . in the database are sorted by ⁇ .k, where k is an attribute.
  • a lower bound data entry r 0 is created having a value of r 0 .k lower than any of the r.
  • an upper bound data entry r n+l is created having a value of r ⁇ + ⁇ .k higher than any of the r..
  • a signature is created for each r. based on a digest value of said each ⁇ and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each ⁇ and the next higher value for k compared to ⁇ respectively;
  • Figure 5 shows a flow chart 500 illustrating a method of providing a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k.
  • matched real data entries [r a ,...,r b ] sorted in ascending order by k are provided.
  • signatures for said matched real data entries are provided.
  • left and right digest values are provided; wherein the left digest value comprises a hash function of the real or a first bound data entry r ⁇ _, having the next lower value for k compared to r a , and the right digest value comprises a hash function of the real or a second bound data entry r b+l having the next higher value for k compared to r b .
  • Figure 6 shows a flow chart 600 illustrating a method of verifying a query result in response to a database query associated with a range ( ⁇ , ⁇ ) of an attribute k.
  • the query result is received including matched real data entries [r ⁇ ,...,r b ] sorted in ascending order by k, signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or a first bound data entry r ⁇ _ x having the next lower value for k compared to r a , and the right digest value comprises a hash function of the real or a second bound data entry r M having the next higher value for k compared to r b .
  • the digest left value is hashed.
  • the digest right value is hashed.
  • the signatures provided are verified utilising a public key.
  • the publisher proves to the user that the query result is authentic and complete by returning the qualified records along with their associated signatures.
  • the publisher computes and returns two intermediate hashes based on the boundary records.
  • the user After receiving the records, the associated signatures and the intermediate hashes, the user performs a set of computation to verify the authenticity and completeness of the result. - Unqualified records are not required to be exposed to the user. Based on the intermediate hashes, the user can verify that the boundary records indeed do not satisfy the query conditions but is not able to derive their actual values.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A method is provided for an owner of data to make data available to a user by transmitting it to an untrusted third party publisher. The user is able to query the data for records within particular ranges on certain attributes and verify that the publisher is sending all relevant results without omission, insertion or modification by the publisher. This is done by the owner transmitting in addition to the data, upper and lower bound values and signatures for all records obtained by combining the record and each adjacent record hashed a number of times equivalent to the difference between the record and the adjacent records when sorted by a particular attribute in relation to which queries are to be processed. The method is also adapted to provide for queries returning no valid results.

Description

Method And System For Providing A Query Result In Response To A Database Query
FIELD OF INVENTION
The present invention relates broadly to a method and system for providing a query result in response to a database query, a method of manipulating data in a database for deposition of the database with a publisher processor unit, to a method of verifying a query result in response to a database query associated with a range (α, β) of an attribute k, and to respective data storage media for instructing a computer system to execute the respective methods.
BACKGROUND
Databases are often hosted in an insecure environment (e.g., the Internet), where they are susceptible to attacks which can compromise the databases integrity. Even in a protected environment (e.g., in a corporate LAN), exclusion from insider attacks may not be guaranteed.
Where data outsourcing is concerned, the problem is compounded as the owner delegates the task of satisfying user queries to a third-party publisher. With the publisher servers outside of the owner's administrative domain, and in fact the publisher servers may reside on poorly secured platforms, the query results that the publisher servers generate cannot be accepted at face value, especially where they are used as the basis for making critical decisions.
Instead, there should be provisions for the user to check the correctness of a query result, in terms of:
• Authenticity - All records in the results originated from the data owner. No spurious records have been added or values of valid records altered. • Completeness - All records that satisfy the query conditions are included in the result, i.e., no qualified records have been omitted.
Currently, there are several methods available for verifying the authenticity and completeness of query results produced by untrusted third-party publishers. For example, the method by Devanbu et al [P. Devanbu, M. Gertz, C. Martel, and S. G.
Stubblebine. Authentic Data Publication over the Internet. In Journal of Computer of
Computer Security, vol. 11, pp. 291-314, 2003] is among the first solutions proposed.
However, this method requires the publisher to release unqualified records to users for completeness verification which may contradict the access control policies of the database.
Another method is disclosed in Pang et al [H. Pang, A. Jain, K. Ramamritham, and K.-L. Tan. Verifying Completeness of Relational Query Results in Data Publishing. In Proceedings of the 2005 ACM SIGMOD International Conference on Management of Data, September 2005]. However, the method described in Pang et al. has been identified as being vulnerable against dictionary attacks, and as being computationally expensive.
A need therefore exists to provide an alternative method and system for verifying the authenticity and completeness of query results that seek to address one or more of the above problems.
SUMMARY
In accordance with a first aspect of the present invention there is provided a method of providing a query result in response to a database query associated with a range (α, β) of an attribute k (i.e. α < k < β), the method comprising the steps of sorting real data entries η in the database by η .k, creating a lower bound data entry r0 having a value of r0.k lower than any of the r. ; creating an upper bound data entry rn+, having a value of rπ+1.k higher than any of the η ; creating a signature for each r. based on a digest value of said each η and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each rt and the next higher value for k compared to rt respectively; providing the query result including matched real data entries [ra,...,rb] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values; wherein the left digest value comprises a hash function of the real or bound data entry rα_, having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or bound data entry rb+l having the next higher value for k compared to rb.
The digest values of the real or bound data entries may be based on attribute values of the respective real or bound data entry and a random value attribute assigned to each real or bound data entry.
The signature may comprise sig(rt) = s(h(hr-k'r'-l k(r._l) | h\η) \ h***"-* (rM))) , the left digest value comprises ha~r°-] !ζ(ra_ι) , the right digest value comprises hrMjc~β{rb +1) , and the method may further comprise verifying the query result, the verifying comprising the steps of hashing the digest left value by (rαir-α) times; hashing the digest right value by (β- rb.k) times; and verifying the signatures provided utilising a public key.
The method may further comprise creating a unique shadow data entry tt for each pair of consecutive real data entries (r. , ri+l ), each tt having a value of trk, with η .k < tt .k < rM .k, and creating a signature for each t. , where s^(tt) = s(h(k'1'^* (T1) I t1Jt \ hηH-k~tlJc(rM))) -, and wherein, if no real data entry matches the query, the method further comprises selecting the shadow data entry tj , where ι-j.k ≤ a,β ≤ rJ+vk , and returning the query result including the signature sig(tj) ; if a < tjk , the left digest value equal to ha~rj k(rj) , else the left digest value comprising htj k~rj k (TJ) ; if β > tjk , the right digest value equal to hrj+> k~β (rJ+l) , else the right digest value equal to hrj+l k~tj k (^) .
The method may further comprise verifying the query result, the verifying comprising the steps of if tjk > a , hashing the left digest value by (tjk -a) times, else using the left digest value provided; if tj.k < β , hashing the right digest value by (β-tjJc) times, else using the right digest value provided; and verify the signature provided utilising a public key.
The method may further comprise re-writing a given query condition in the form of the database query associated with the range (α, β) of the attribute k.
In accordance with a second aspect of the present invention there is provided a system for providing a query result in response to a database query associated with a range (α, β) of an attribute k, the system comprising a first processor unit for sorting real data entries r. in the database by r..k, for creating a lower bound data entry r0 having a value of r0.k lower than any of the η , for creating an upper bound data entry rπ+1 having a value of rπ+1.k higher than any of the η , and for creating a signature for each rt based on a digest value of said each r. and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each r(. and the next higher value for k compared to η respectively; a second processor unit for providing the query result including matched real data entries [ra,...,rb] sorted in ascending order by k, the' signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or bound data entry ra_{ having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or bound data entry r6+1 having the next higher value for k compared to rb. The digest values of the real or bound data entries may be based on attribute values of the respective real or bound data entry and a random value attribute assigned to each real or bound data entry.
The signature may comprise sig(η) = s(h(hr'k~n-' k :(rM) | h°(r.) \ hrM k~η k (r!+l))) , the left digest value comprises ha~r-i k {i^) , the right digest value comprises hrh*'k~β (rM) , and the system may further comprise a third processor unit for verifying the query result, the verifying comprising the steps of hashing the digest left value by (ra.k- a) Wmes; hashing the digest right value by (β -rb.k) times; and verifying the signatures provided utilising a public key.
The first processor unit may create a unique shadow data entry tt for each pair of consecutive real data entries (rt , rM ), each tt having a value of t..k, with η .k < t. .k < rM .k, and creates a signature for each tn where slg(t,)
Figure imgf000007_0001
I trk I h**++*(rM))) .
If no real data entry matches the query, the second processor unit may select the shadow data entry tJ Λ where rs.k < a,β ≤ rJ+ι.k , and returns the query result including the signature sig(tj) ; \f a < tj.k , the left digest value equal to ha~rj k(rj) , else the left digest value comprising hCj k~rj k(rj) \ \1 β > t}.k , the right digest value equal to hrj÷ιΛ~β (rJ+1) , else the right digest value equal to hrj+yk~tj k (rj) .
The system may further comprising a third processor unit for verifying the query result, the verifying comprising the steps of if tj.k > a , hashing the left digest value by (tj.k-a) times, else using the left digest value provided; if tj.k < β , hashing the right digest value by (β -tj.k) times, else using the right digest value provided; and verify the signature provided utilising a public key. The second processor unit may re-write a given query condition in the form of the database query associated with the range (a, β) of the attribute k for use by the respective processor units.
In accordance with a third aspect of the present invention there is provided a method of manipulating data in a database for deposition of the database with a publisher processor unit, the method comprising the steps of sorting real data entries r. in the database by r{ .k, where k is an attribute; creating a lower bound data entry r0 having a value of r0.k lower than any of the r. ; creating an upper bound data entry rπ+I having a value of rn+l .k higher than any of the η ; and creating a signature for each η based on a digest value of said each r. and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each η and the next higher value for k compared to rt respectively.
The method may further comprise creating a unique shadow data entry tt for each pair of consecutive real data entries (rπ rf+1 ), each tt having a value of tt .k, with r..k< tt .k< rM .k, and creating a signature for each t, .
In accordance with a fourth aspect of the present invention there is provided a method of providing a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of providing matched real data entries [ra,...,rb] sorted in ascending order by k, providing signatures for said matched real data entries, and providing left and right digest values; wherein the left digest value comprises a hash function of the real or a first bound data entry ra_γ having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rb÷ι having the next higher value for k compared to rb. If no real data entry matches the query, the method may comprise selecting a shadow data entry ts, where rj.k ≤ a,β ≤ rJ+ι.k , and returning the query result including a signature sig(tj) ; if a < tj.k, the left digest value equal to ha~rj k(rj), else the left digest value comprising htj k~rj k{rj)\ if β > ts.k , the right digest value equal to hr'+lJc~β (ry+1 ) , else the right digest value equal to hrj"-k~tj-k {TJ ) .
In accordance with a fifth aspect of the present invention there is provided a method of verifying a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of receiving the query result including matched real data entries [ra,...,rb] sorted in ascending order by k, signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or a first bound data entry ra_x having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rb+l having the next higher value for k compared to rb; hashing the digest left value; hashing the digest right value; and verifying the signatures provided utilising a public key.
If no real data entry matches the query, the query result may include a signature sig{td) , where tj is a shadow data entry with rj.k ≤ a,β ≤ rJ+ι.k ; if a < tj.k, the left digest value equal to ha~rj k{rj) , else the left digest value comprising h'j k~rj k (rj) ; if /7 > tjk , the right digest value equal to hrj+ι k~β (rJ+l) , else the right digest value equal to hrj*l'k~tj k {rs) ; and the method comprises, if tjJc > a , hashing the left digest value by (tjJc-a) times, else using the left digest value provided; if tj.k < β , hashing the right digest value by (β-tj.k) times, else using the right digest value provided; and verifying the signature provided utilising the public key. In accordance with a sixth aspect of the present invention there is provided a data storage medium having stored thereon computer code means for instructing a computer system to execute a method of providing a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of sorting real data entries η in the database by r..k, creating a lower bound data entry r0 having a value of ro .k lower than any of the iγ, creating an upper bound data entry rn+I having a value of rπ+1 .k higher than any of the r. ; creating a signature for each r. based on a digest value of said each r. and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each r. and the next higher value for k compared to η respectively; providing the query result including matched real data entries IΛ »J r ft] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values; wherein the left digest value comprises a hash function of the real or bound data entry rα_, having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or bound data entry rb+l having the next higher value for k compared to rb.
In accordance with a seventh aspect of the present invention there is provided a data storage medium having stored thereon computer code means for instructing a computer system to execute a method of manipulating data in a database for deposition of the database with a publisher processor unit, the method comprising the steps of sorting real data entries /;. in the database by r..k, where k is an attribute; creating a lower bound data entry r0 having a value of r0.k lower than any of the /;. ; creating an upper bound data entry /;+1 having a value of rn+l .k higher than any of the r. ; and creating a signature for each r. based on a digest value of said each rt and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each r. and the next higher value for /f compared to η respectively. In accordance with an eighth aspect of the present invention there is provided a data storage medium having stored thereon computer code means for instructing a computer system to execute a method of providing a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of providing matched real data entries [ra,...,rb] sorted in ascending order by k, providing signatures for said matched real data entries, and providing left and right digest values; wherein the left digest value comprises a hash function of the real or a first bound data entry ra_x having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rb+l having the next higher value for k compared to rb.
In accordance with a ninth aspect of the present invention there is provided a data storage medium having stored thereon computer code means for instructing a computer system to execute a method of verifying a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of receiving the query result including matched real data entries [ra ,..., rb] sorted in ascending order by k, signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or a first bound data entry ra_γ having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rb+l having the next higher value for k compared to /y, hashing the digest left value by (ra.k-a) times; hashing the digest right value by (β - rb .k) times; and verifying the signatures provided utilising a public key.
BRIEF DESCRIPTION OF THE DRAWINGS Embodiments of the invention will be better understood and readily apparent to one of ordinary skill in the art from the following written description, by way of example only, and in conjunction with the drawings, in which:
Figure 1 is a schematic drawings illustrating a system 100 for providing a query result in response to a database query associated with a range (α, β) of an attribute k.
Figure 2 is a schematic diagram illustrating a computer system for implementing components of the method and system of Figure 1.
Figure 3 shows a flow chart illustrating a method of providing a query result in response to a database query associated with a range {α, β} of an attribute k.
Figure 4 shows a flow chart illustrating a method of manipulating data in a database for deposition of the database with a publisher processor unit.
Figure 5 shows a flow chart illustrating a method of providing a query result in response to a database query associated with a range {α, β} of an attribute k.
Figure 6 shows a flow chart illustrating a method of verifying a query result in response to a database query associated with a range {α, β} of an attribute k.
DETAILED DESCRIPTION
The embodiment described can provide a method and system for verifying the authenticity and completeness of query results produced by untrusted third-party publishers, that avoid releasing unqualified records to users by employing the used of hash iteration to embed attribute values of records into the signature of neighbouring records. The described embodiment is further secured against dictionary attacks, and can yield better performance compared with existing techniques. For the purpose of this description, the following terms are briefly defined for clarity. However, the given definitions are not intended to limit the scope of the present invention, but rather are intended only for better clarity of the description of the example embodiment.
Owner. Refers to the creator of the relational data. Note that the owner must be trusted by the user since an attempt on his part to generate incorrect data cannot be detected by the user.
User. Someone who issues relational queries based on the data generated by the creator. There may be some access control policy in place that restricts the user's access to the data. Hence, there is a need to prevent the release of unqualified data to the user.
Third-party publisher. A third-party who has been delegated the task to handle user queries. Our scheme removes the need for the publisher to be a party trusted by the user. Any attempt on his part to generate incorrect answer will be detected by the user. On the other hand, the publisher can also be a trusted party (can even be the owner himself). In this case, our scheme would help guard against attempts by adversaries to comprise the system or intercept and alter the answer generated by the publisher before the answer reaches the user.
Figure 1 is a schematic drawings illustrating a system 100 for providing a query result in response to a database query associated with a range (α, β) of an attribute k. The system comprises an owner processor unit 102 coupled to a database 101 for sorting real data entries r. in the database 101 by η .k, for creating a lower bound data entry r0 having a value of ro .k lower than any of the η , for creating an upper bound data entry rn+l having a value of rn+, .k higher than any of the r. , and for creating a signature for each η based on a digest value of said each r. and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each η and the next higher value for k compared to η respectively. The sorted real data entries r. in the database 101 together with the lower and upper bound data entries r0 , rn+l and with the signatures for each /;. are deposited in a database 105 coupled to a publisher processor unit 104 in a one-time process as part of a data publishing arrangement between the owner and the publisher.
The publisher processor unit 104 provides the query results in response to a query received from a user utilising a user processor unit 106. Each query result includes matched real data entries [ra,...,rb] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function hα~r"-i k{rα_x) of the real or bound data entry rα_x having the next lower value for k compared to ra, and the right digest value comprises a hash function hrM k~β{rM) of the real or bound data entry rM having the next higher value for k compared to rb.
The user processor unit 106 verifies the query result. The verifying comprises the steps of hashing the digest left value by (rα.k -ά) times; hashing the digest right value by (β - rb .Ic) times; and verifying the signatures provided utilising a public key of the owner. In the example embodiment, the processor units 102, 104, 106 are each connected to the Internet 108, and implemented as web-based application programs.
The processor units 102, 104, and 106 can each be implemented on a computer system 200, schematically shown in Figure 2. They may be implemented as software, such as a computer program being executed within the computer system 200, and instructing the computer system 200 to conduct the described steps. The computer system 200 comprises a computer module 202, input modules such as a keyboard 204 and mouse 306 and a plurality of output devices such as a display 208, and printer 210.
The computer module 202 is connected to a computer network 212 via a suitable transceiver device 214, to enable access to e.g. the Internet or other network systems such as Local Area Network (LAN) or Wide Area Network (WAN).
The computer module 202 in the example includes a processor 218, a Random Access Memory (RAM) 220 and a Read Only Memory (ROM) 222. The computer module 202 also includes a number of Input/Output (I/O) interfaces, for example I/O interface 224 to the display 208, and I/O interface 226 to the keyboard
204.
The components of the computer module 202 typically communicate via an interconnected bus 228 and in a manner known to the person skilled in the relevant art.
The application program is typically supplied to the user of the computer system 200 encoded on a data storage medium such as a CD-ROM or flash memory carrier and read utilising a corresponding data storage medium drive of a data storage device 230. The application program is read and controlled in its execution by the processor 218. Intermediate storage of program data maybe accomplished using RAM 220.
In the following, examples of data sets and digest functions will be described, together with respective characteristics in terms of vulnerability to dictionary attacks. An owner has a set of n records λ - [rp ..., η, rM, ..., rπ] sorted in order of ascending k values, i.e., rrk ≤ rM.k, where k is an arbitrary record attribute with an exclusive lower bound L and upper bound U , i.e., L < k < U . A user issues a query for all the records whose k values lie between a and β , i.e., a < k < β . With λ arranged in order of ascending k values, the answer to the query occupies a contiguous range in λ , Λ'=[ra, ..., rb], where ra and rb denotes the first and last record respectively in λ to satisfy the query condition. The untrusted publisher, with whom the owner would have deposited the set of n records and who generates the query answer on behalf of the owner, needs to prove to the user that λ' is authentic and complete without exposing records before ra and after rb .
Figure imgf000016_0001
Table 1
The data in Table 1~is used to denote a record set which contains information of
6 employees in a company. An example query is for the list of employees whose salary ( k ) is greater than 1500 {a ) but less than 5500 (/? ). In this example, the correct result is λ'= [r2, r3, r4, r5]. The publisher should prove to the user that λx is authentic and complete without exposing any information about r, and r6.
In the described system and method, prior to depositing the data with the publisher for query processing, the owner generates a set of signatures for λ utilising an application program executed on the owner processor unit 102 (Figure 1) in the following manner: • First, the owner defines the values for L and U based on the domain of k . These two values are made known to the publisher and the user. • Next, the owner creates two boundary records r0 and rπ+1 , whose k values are L and U respectively, and inserts them into λ to obtain [r0, rx, ..., rn, rn+l] . The purpose of this is to simplify the process of generating the signatures. • The owner then creates a signature for each record (except for the boundary records) using the following equation:
*ig(r,)
Figure imgf000017_0001
I A°(rf) I Λ'"**VW)))
Where | represents concatenation, s() is a signature function using the publisher's private key and hx(η) applies a collision-resistant hash function A on η iteratively for x times, i.e., : hx*i(rl) = h(h'(rl)), for x≥O , and A°(r.) denotes the digest value of η .
• The owner deposits λ and the corresponding signature set S =[sig(f\), ..., sig(rπ)] with the publisher. The publisher generates query answer λ' and correctness proof from λ and S respectively.
• The owner makes available his public key to the user through a secure channel. This can be an offline process. The public key shall be used by the user to verify the authenticity of the records and correctness returned by the publisher.
Figure imgf000017_0002
Figure imgf000018_0002
Table 2
Table 2 shows the corresponding signatures of the records. Here, L = O and U = 10000. Each signature is a function of its corresponding record, and its immediately preceding and following records. For example, sig(r4) = s(A(A7OO(r3) | Ao(r4) | A1200(r5))) is a function of r3 , r4 and r5 , and is also dependent on the difference in their salary values. 700 reflects the difference between the salary values of r3 and r4 while 1200 reflects that of r4 and r5. This is synonymous to saying that the salary of previous record is 700 less that than of r4 and the salary of the next record is 1200 more than that of r4.
With respect to each query received, the publisher computes and returns the following items, utilising an application program executed on the publisher processor unit 104 (Figure 1): • Answer λ'= [ra, ..., rb],
• Signature subset 5"= [sig(ra), ..., sig(rb)] ,
• Digest left = ha~r-' k (^1) , and
• Olgestright = hrM k~β (rM) . In the salary example, this would be: • Answer
Figure imgf000018_0001
[r2, r3, r4, r5] ,
• Signature subset 6"= [sig(r2), sig(rj, sig(r4), sig(r5)]
• Digest left = A700 (rx ) , since a = 1500 , rx .salary = 800 ,
• Digest right = AS00(r6) , since β = 5500, r^alary = 6000. Based on the objects returned, the user verifies the correctness of λ' in the following manner, utilising an application program executed on the user processor unit 106 (Figure 1):
• The user hashes digest left by {ra.k- a) times to get hr°jc~r°^'k {r^ . This will be used in the signature verification for sig(ra) .
• The user hashes digest right by (β - rb.k) times to get hrM k~r"-k {rM) . This will be used in the signature verification for sig{rb) .
• The user verifies λ' against 5" . For each record rt in /L' , the user computes the following: Kh^-^ir^) I A0Cr1) | h****Λ(rM)) and performs signature verification against its corresponding signature sig(η) in
S' using the owner's public key.
In the given example, the user thus:
• hashes digest left = h700 Xr1) by (2100-1500) times to get .
• hashes digest right = h500 (r6) by (5500-5400) times to get
computes
Figure imgf000019_0001
from r2 and r3 (note that hmo(rx) was computed above), and verifies against sig(r2) . • computes h(hιm(r2) \ h0 (r3) \ h100 (r4)) from r2 , r3 and r4 , and verifies it against sig(r3) . computes h(h7OO(r3) \ h°(r4) \ hmo(r5)) from r3 , r4 and r5 , and verifies it against sig(r4) . computes h(hm°(r4) \
Figure imgf000019_0002
\ hm(r6)) from r4 and r5 (note that hm(r6) was computed above), and verifies against sig(r5) . Given that the owner's secret key has not been compromised and all the signature verifications are successful, the user is confident that:
• All the records in A' are authentic since it is computationally infeasible for an adversary to create valid digital signatures for spurious records or records whose attributes have been tampered with.
For example, if the publisher tries to return ^= [r2, r3, rs, r4, rs], where rjs a spurious record. The publisher needs to generate a valid signature sig{rs) based on (r3, rs, r4) . Also, the publisher needs to generate valid signatures for r3 and r4 based on (r2, r3, rs) and (rs, rA, r5) respectively. Without the owner's secret key, it is computationally infeasible for him to do so.
If the publisher tries to return
Figure imgf000020_0001
[>2, r3', r4, r5] where r3' is a valid record but having one of its attributes changed (can be any attribute beside salary), the publisher must generate a valid signature for sig(r3') . New signatures must be generated for r2 and r4 as well. Again, this is computationally infeasible.
• λ' occupies a contiguous range in λ . Signature sig{r^) is a function of the record rt , the preceding record rM and trailing record ri+l , when the records are sorted in ascending order of k values. An adversary cannot omit an intermediate record as it is computationally infeasible for him to create valid record signatures for the incomplete list of records.
If the publisher tries to return A1=: [r2, r4, r5] , the publisher needs to generate a new signature for r2 based on {rv r2, rA) . Likewise, the publisher needs to generate a new signature for r4 based on (r2, r4, r5) . Without the owner's secret key, it is computationally infeasible for the publisher to do so.
• ra_vk ≤ a . During the process of verifying ra against sig(ra) , the user needs to generate
A(A--*"-**^) I A°(r.) I Ar-^-*(rrt)) The user can generate components A0Ca1) and hr"*l k~ra k(ra+l) directly from ra and rα+1 since they are returned as part of λ\ To assist the user in generating component hr° k~raA k(ra_l) , the publisher could return rα_, . However, this would violate the access control policy, since rα_, does not satisfy the query condition. Rather the publisher returns digest left = ha~r<-χ k (ra_x) . The user can derive the required component by hashing left (rak - a) times. If sig(ra) is verified to be correct, the user is sure that hr° k~r°-χ k {ra_γ) is derived correctly. While the user does not know the exact value of ra_vk , he is sure that ra k - rα_, k ≥ rak- a and hence ra_x k ≤ a . In the salary example, rvsalary = 800 , α = 1500 , r2 salary = 2100 and rvsalary = 3500. The publisher cannot disclose rvsalary to the user. But if the publisher can prove that rvsalary is less than r2salary by at least 600, then that is sufficient. The publisher computes and returns left = A700 Cr1) . Because the user can generate the component correctly by hashing left 600 times, he knows that r2jsalary - ι\salary > 600. Hence, ^.salary < 1500. Also, by revealing only left ~ H700Cr1) , the publisher is sure that the user is not able to derive η or any of its attributes. A hash function has the property of a one-way function, i.e., given y = h(x) , it is computationally infeasible to derive x when given y . This property can be extended to a hash iteration function, i.e., given hM{x) = h{h\x)) , it is computationally infeasible to derive h'(x) when given
A1+1Oc) • Given left = A70V1) , the user is not able to derive A69V1) , A69V1) AV1) . Furthermore, the user does not know where is the start of the chain, i.e., he does not know if he has obtained AV1) .
If the publisher returns λ"= [r3, r4, r5] , as part of the signature verification process, the user generates
A(A1400(r2) I A°(r3) I A700Cr4)) Since r3.salary = 3500, the user expects r2£alary to be less than rvsalary by at least 2000. Else r2 would have qualified as part of λ' . Hence, the user would hash left iteratively by 2000 times. As mentioned above, it is computationally infeasible for the publisher to generate a new but valid signature for r3 . In order for the user to correctly derive A1400Cr2) , the publisher must return left = A-600Cr2) . The publisher knows the correct value of A0Cr2) . But due to the one-way property of the hash function, it is computationally infeasible for him to derive A-600Cr2) from it.
• rb+ι.k ≥ β. During the process of verifying rb against sig(rb) , the user generates
Kh^-^ir^) I /z°(r6) I *»"^-*(rw))
The user can generate components hrb k~rb-vk (rb_x) and h°(rb) from rw and rb, which are returned as part of λ\ To assist the user in generating component hrb+lM~r" k (rb+l) , the publisher could return rM . However, this would violate the access control policy, since rM does not satisfy the query condition.
Rather, the publisher returns digest right = hrbM k~β(rM) . The user can derive the required component by hashing right (β - rb.k) times. If sig(rb) is verified to be correct, the user is sure that hrM k~rb k(rM) is derived correctly. While the user does not know the exact value of rM.k , he is sure that rM.k - rb.k ≥ β - rb.k and hence rM.k ≥ β .
In the example, rΛsalary = 4200, r5.salωγ = 5400, α = 5500 and r6^α/αry = 6000. The publisher cannot disclose r^άlary to the user. But if he can prove that r6jsalary is greater than rs.salary by at least 100, then that is sufficient. So the publisher computes and returns right = h500 (r6) . Because the user can generate the correct component by hashing right 100 times, he knows that r6. salary - r5. salary ≥ 100. Hence, r6.salary ≥ 5500. If the publisher returns λy— [r2, r3, r4] . As part of the signature verification process, the user generates
A(A700Cr3)IA0Cr4)IA1200Cr5))
Since rA.salary = 4200 , the user expects r5.salary to be greater than r±salary by at least 1300. Hence, the user would hash right iteratively by 1300 times. In order for the user to correctly derive A1200(r5) , the publisher must return right = h (rs) . However, it is computationally infeasible for him to do so.
Based on the above, the user is sure that the records in λ' are authentic. The user is also sure that λx occupies a contiguous range in λ . While the user does not know the exact values of ra_xk and rM.k , the user is sure that both values do not satisfy the query condition (i.e., a < k < β ). Hence, the user can conclude that the answer is both authentic and complete.
In the described example, A°(r(.) refers to the digest value of /;.. The present disclosure is not limited to a particular digest (hash) function. However, it may be desirable to take into consideration the structure of the data set when deciding on which digest function to use. In the following, examples of data sets and digest functions will be described, together with respective characteristics in terms of vulnerability to dictionary attacks.
Figure imgf000023_0001
Figure imgf000024_0001
Table 3
To demonstrate the vulnerability, a record set as shown in Table 3 is first considered. The data set is similar to the record set in Table 2 above, except that there are only two attributes per record (name and salary). If the digest function is defined as:
A V) = h(rrname \ ηjsalary) ,
in response to the same query example where « = 1500 and /7 = 5500 , the publisher returns left = A700Cr1) . If the user has the list of employee's names, given λ) , the user knows that ra_vname is either Alice of Felix, as the remaining names will be identified in the provided results.
Now, the user can try to find out ra_vname and ra_vsalary by generating ha~x {Alice \ x) and ha~x {Felix | JC) , for 0 < x ≤ a . The one that tallies with left will be the correct values of ra_, .
One possible way to defeat this vulnerability is by introducing an additional attribute to each record, in the form of a sufficiently long random byte array and make
A0Cr1) dependent on this attribute. For example, A°(r.) = h{rrname \ ηjsalary \ ηxandom) . Now, the user does not know ra_vrandom . He must guess correctly its value before conducting the above-mentioned attack. If ra_vrandom is 40-bit length, he must try, on the average 239 times to guess its value correctly. A modification of the previously described example to handle queries with null query results will now be described.
For each pair of consecutive records (r., rM) , where O≤i≤n, if η.k and rM.k are neither equal nor consecutive values in the domain of k , the owner creates:
• A unique shadow record tt, where trk\s a randomly chosen value such that ri.k<ti.k<rM.k,
• And its associated signature sigb) = s(h(ti>k-r>k(η) I t.λ i h^^'*irM)))
Example shadow records ή for the data set of Table 2 is shown in Table 4.
Figure imgf000025_0001
Table 4
If a user submits a query for all the records which satisfy a<k<β and there are no records which satisfy the query condition, the publisher returns the following:
• The shadow record ts , where tj eT = { t0, ... , t< } and rj.k≤a,β≤rJ+vk, • Its associated signature sig(tj) ,
• If a < tj.k , return left = h"-rjk(rj) , else return left = tijJζ-rjk (j-j) , .• If β>tj.k, return right = hrjnk~p (rJ+l) , else return right = hr^k-'-k(rJ+l).
Based on the objects returned, the user verifies tj against sigifj) . To do so, the user
Constructs h{htjk-rjk (r, ) | t, k \ h***-1'-* (ry+1 ))
• To generate component htjk~rjk(rj) , the user checks the value of tjk. If tj.k>a, then the user hashes left = ha'rjk :(rj-) by (tj.k-a) times to obtain tijk~rjk(rj) . Otherwise, left = hCjk~rjk(fj) is already returned by the publisher.
• To generate hrj+>k~'jk(rJ+l), the user checks the value of ts.k. If tj.k < β, then the user hashes right = hrj+l k~β(rJ+ι) by {β-tj.k) times to obtain hrj+lk~tjk(rJ+l). Otherwise, right = hrj÷lk~tjk (rJ+l) is already returned by the publisher.
If the verification is correct, the shadow record is authentic. Based on the intermediate digests, the user is sure that there exist two consecutive records rs.k and rJ+l.k where Tjk<a,β< rJ+lk . For example, a user issues a query where α = 1000 and /? = 2000. Since
T1A = 800 and r2.& = 2100, there is no record that satisfy the query. In this case, the publisher return J1 , where tvk = 1300. The user generates the following:
Figure imgf000026_0001
Since a<tvk and tvk-a = 300, the user expects rvk to be less than tvk by at least 300. Thus the publisher generates and returns left = /*200(/i) • The user can generate the component h'l k~r[ k (rj by hashing left = h200 (rx) 300 times. If the signature verification is correct, the user is sure that rvk is less than tvk by at least 300.
If α = 1600 and β = 2000, which is greater than tvk, publisher returns tvk = 1300. As the user therefore knows that rx.k < tvk , he is certain that r\.k < 1300. The publisher returns left = A500Oj) .
Since β > tvk and tvk- β = 700 , the user expects r2.k to be greater than tvk by at least 700. The publisher generates and returns right = hm (r2) . The user can generate component h"2 k~h k (r2) by hashing right = hm{r2) 700 times. If the signature verification is correct, the user is sure that r2k is greater than tvk by at least 700.
If a = 1000 and suppose /? = 1200 , β lesser than tvk , the publisher returns tvk = 1300. Since the user does knows that r2.k > tvk , the user is certain that r2i: > 1300. The publisher returns right = hso° (r2) , and the user can perform the signature verification.
While the example embodiment has been described in the context of range queries with condition a < k < β , it will be appreciated by a person skilled in the art that the example embodiment can also handle conditions such as a ≤ k ≤ β , a < k , k < β , a ≤ k , k ≤ β where they can be written into the form a'< k < β\ Likewise, point query can also be covered.
Figure 3 shows a flow chart 300 illustrating a method of providing a query result in response to a database query associated with a range (α, β) of an attribute k. At step 302, real data entries rt are sorted in the database by r(..k. At step 304, a lower bound data entry r0 is created having a value of ro.k lower than any of the r.. At step 306, an upper bound data entry rn+1 is created having a value of rn+1 .k higher than any of the η . At step 308, a signature is created for each rt based on a digest value of said each r. and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each r. and the next higher value for k compared to η respectively.
At step 310, the query result is provided including matched real data entries
[/-„,.., ,rb] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or bound data entry rα_, having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or bound data entry rb+x having the next higher value for k compared to rb.
Figure 4 shows a flow chart 400 illustrating a method of manipulating data in a database for deposition of the database with a publisher processor unit. At step 402, real data entries r(. in the database are sorted by η .k, where k is an attribute.
At step 404, a lower bound data entry r0 is created having a value of r0.k lower than any of the r.. At step 406, an upper bound data entry rn+l is created having a value of rπ+ι .k higher than any of the r.. At step 408, a signature is created for each r. based on a digest value of said each η and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each η and the next higher value for k compared to η respectively;
Figure 5 shows a flow chart 500 illustrating a method of providing a query result in response to a database query associated with a range (α, β) of an attribute k. At step 502, matched real data entries [ra,...,rb] sorted in ascending order by k are provided. At step 504, signatures for said matched real data entries are provided. At step 506, left and right digest values are provided; wherein the left digest value comprises a hash function of the real or a first bound data entry rα_, having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rb+l having the next higher value for k compared to rb.
Figure 6 shows a flow chart 600 illustrating a method of verifying a query result in response to a database query associated with a range (α, β) of an attribute k. At step 602, the query result is received including matched real data entries [rα,...,rb] sorted in ascending order by k, signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or a first bound data entry rα_x having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rM having the next higher value for k compared to rb.
At step 602; the digest left value is hashed. At step 604, the digest right value is hashed. At step 606, the signatures provided are verified utilising a public key.
The disclosed methods and systems can provide the following features and advantages.
- Verifying the correctness of a relational database query result. We consider a query result to be correct only if it is authentic and complete.
- Pre-processing of the records, which involves generating a record signature for each of them, before sending both the records and signatures to the publisher.
- The publisher proves to the user that the query result is authentic and complete by returning the qualified records along with their associated signatures. In addition, the publisher computes and returns two intermediate hashes based on the boundary records.
- After receiving the records, the associated signatures and the intermediate hashes, the user performs a set of computation to verify the authenticity and completeness of the result. - Unqualified records are not required to be exposed to the user. Based on the intermediate hashes, the user can verify that the boundary records indeed do not satisfy the query conditions but is not able to derive their actual values.
It will be appreciated by a person skilled in the art that numerous variations and/or modifications may be made to the present invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects to be illustrative and not restrictive.

Claims

1. A method of providing a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of sorting real data entries r. in the database by η .k, creating a lower bound data entry r0 having a value of ro.k lower than any of the r. ; creating an upper bound data entry rn+l having a value of rπH .k higher than any of the r. ; creating a signature for each η based on a digest value of said each η and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each η and the next higher value for k compared to η respectively; providing the query result including matched real data entries [ra ,...,rb] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values; wherein the left digest value comprises a hash function of the real or bound data entry rα_, having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or bound data entry rb+l having the next higher value for k compared to rb.
2. The method as claimed in claim 1, wherein the digest values of the real or bound data entries is based on attribute values of the respective real or bound data entry and a random value attribute assigned to each real or bound data entry.
3. The method as claimed in claims 1 or 2, wherein the signature comprises sig(rt) = s(h(hη^Λ(rM) \ h°(rι) \ h-k^-k(rM))) , the left digest value comprises ha~r-l k {ra_x) , the right digest value comprises hrM'k~β (rbH) , and the method further comprises verifying the query result, the verifying comprising the steps of: hashing the digest left value by (rα .k - a) times; hashing the digest right value by (β - rb.k) times; and verifying the signatures provided utilising a public key.
4. The method as claimed in claims 1 or 2, further comprising creating a unique shadow data entry tt for each pair of consecutive real data entries {rn rM ), each t. having a value of t, .k, with /;..k < tt .k < rM .k, and creating a signature for each t, , where sig(t,) = s(h(h'-k-r-k (η) | t,Jc \ &«**'* (rM))) ; and wherein, if no real data entry matches the query, the method further comprises selecting the shadow data entry tJ t where rj.k ≤ a,β ≤ rJ+ι.k , and returning the query result including the signature sig{tj) ; if a < tjJc, the left digest value equal to ha~rjM (V7) , else the left digest value comprising tij k~rj k(rj) ; if β > tjJc , the right digest value equal to hrj+l k~p(rJH) , else the right digest value equal to hrj*χ k~tj k (rs) .
5. The method as claimed in claim 4, further comprising verifying the query result, the verifying comprising the steps of: if tj.k > a , hashing the left digest value by (tj.k-a) times, else using the left digest value provided; if tj.k < β, hashing the right digest value by (β -ts .k) times, else using the right digest value provided; and verify the signature provided utilising a public key.
6. The method as claimed in any one of the preceding claims, further comprising re-writing a given query condition in the form of the database query associated with the range (α, β) of the attribute k.
7. A system for providing a query result in response to a database query associated with a range (α, β) of an attribute k, the system comprising a first processor unit for sorting real data entries r. in the database by r..k, for creating a lower bound data entry r0 having a value of r0.k lower than any of the r. , for creating an upper bound data entry rn+I having a value of rπ+1 .k higher than any of the r. , and for creating a signature for each η based on a digest value of said each rt and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each η and the next higher value for k compared to η respectively; a second processor unit for providing the query result including matched real data entries [ra,...,rb] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or bound data entry ra_λ having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or bound data entry r6+1 having the next higher value for k compared to rb.
8. The system as claimed in claim 7, wherein the digest values of the real or bound data entries is based on attribute values of the respective real or bound data entry and a random value attribute assigned to each real or bound data entry.
9. The system as claimed in claims 7 or 8, wherein the signature comprises sig(rl) = s(h(hn-h^Λ(ri^) \ h°(rl) \ h^Λ~n-k(rM))) , the left digest value comprises ha~r°-l k (^1) , the right digest value comprises hrM'k~β(rM) , and the system further comprisies a third processor unit for verifying the query result, the verifying comprising the steps of: hashing the digest left value by (rαi:-α) times; hashing the digest right value by (/? - rb.k) times; and verifying the signatures provided utilising a public key.
10. The system as claimed in claims 7 or 8, wherein the first processor unit creates a unique shadow data entry tt for each pair of consecutive real data entries (η , rM ), each ts having a value of tt .k, with η .k < tt..k < rM ./ς and creates a signature for each tt , where sig(tt) = s(h(fϊ' k~η k (rt) | tt.k | hr'*1 k~h k{rM))) .
11. The system as claimed in claim 10, wherein, if no real data entry matches the query, the second processor unit selects the shadow data entry tj , where rj.k ≤ a,β ≤ rJ+l.k , and returns the query result including the signature sig(tj) ; if a < tj.k , the left digest value equal to ha~rj k(rj) , else the left digest value comprising tij k~rj k{rj) \ if β > tj.k , the right digest value equal to hrj*lJc~p (rJ+l) , else the right digest value equal to hrj^k~tj k {rs) .
12. The system as claimed in claim 11, further comprising a third processor unit for verifying the query result, the verifying comprising the steps of: if tj.k > a , hashing the left digest value by (tj.k-a) times, else using the left digest value provided; if tj.k < β , hashing the right digest value by (/? -*,.&) times, else using the right digest value provided; and verify the signature provided utilising a public key.
13. The system as claimed in any one of claims 7 to 12, wherein the second processor unit re-writes a given query condition in the form of the database query associated with the range (α, β) of the attribute k for use by the respective processor units.
14. A method of manipulating data in a database for deposition of the database with a publisher processor unit, the method comprising the steps of sorting real data entries η in the database by r(..k, where k is an attribute; creating a lower bound data entry r0 having a value of r0.k lower than any of the r,. ; creating an upper bound data entry rπ+ι having a value of rn+l .k higher than any of the r. ; and creating a signature for each η based on a digest value of said each η and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each rt and the next higher value for k compared to i) respectively.
15. The method as claimed in claim 14, further comprising creating a unique shadow data entry t. for each pair of consecutive real data entries (r. , riH ), each t. having a value of t. .k, with rt .k < tt..k < rM .k, and creating a signature for each tt ..
16. A method of providing a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of providing matched real data entries \ra ,..., rb ] sorted in ascending order by k, providing signatures for said matched real data entries, and providing left and right digest values; wherein the left digest value comprises a hash function of the real or a first bound data entry ra_x having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rM having the next higher value for k compared to rb.
17. The method as claimed in claim 16, wherein the signature comprises sig(ri)
Figure imgf000036_0001
\ hrM k~n k(rM))) , the left digest value comprises
/iβ~r-'"* Cr0^1) , the right digest value comprises hrM k~β{rM) , and wherein, if no real data entry matches the query, the method comprises selecting a shadow data entry tj , where rj.k ≤ a,β ≤ rJ+l.k , and returning the query result including a signature sig(tj) ; if a < tj.k , the left digest value equal to ha~rj k{rj) , else the left digest value comprising htj k~rj k(rj) \ if β > tj.k , the right digest value equal to hrj+l k~β (rJ+l) , else the right digest value equal to hrj^k~tj k (r,) .
18. A method of verifying a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of receiving the query result including matched real data entries [ra,...,rb] sorted in ascending order by k, signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or a first bound data entry ra_{ having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rM having the next higher value for k compared to rb; hashing the digest left value; hashing the digest right value; and verifying the signatures provided utilising a public key.
19. The method as claimed in claim 18, wherein, if no real data entry matches the query, the query result includes: a signature $ig(tj) , where tj is a shadow data entry with Tj.k ≤ a,β ≤ rJ+l.k ; if a <tj.k, the left digest value equal to ha~rj k(rj) , else the left digest value comprising h'-f k~rj k(rJ); if β > tj.k , the right digest value equal to h ry+1 k~p(rJ+l) , else the right digest value equal to hrjH k~tj k(rj) ; and the method comprises, if tj.k > a , hashing the left digest value by (tj.k-a) times, else using the left digest value provided; if tj.k < β , hashing the right digest value by (/7 -^i;) times, else using the right digest value provided; and verifying the signature provided utilising the public key.
20. A data storage medium having stored thereon computer code means for instructing a computer system to execute a method of providing a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of: sorting real data entries r. in the database by η .k, creating a lower bound data entry r0 having a value of r0.k lower than any of the /;. ; creating an upper bound data entry rπ+1 having a value of rπ+1.k higher than any of the /;. ; creating a signature for each η based on a digest value of said each r. and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each r. and the next higher value for k compared to η respectively; providing the query result including matched real data entries [ra,...,rb] sorted in ascending order by k, the signatures for said matched real data entries, and left and right digest values; wherein the left digest value comprises a hash function of the real or bound data entry ra-1 having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or bound data entry rM having the next higher value for k compared to rb.
21. A data storage medium having stored thereon computer code means for instructing a computer system to execute a method of manipulating data in a database for deposition of the database with a publisher processor unit, the method comprising the steps of sorting real data entries r. in the database by η .k, where k is an attribute; creating a lower bound data entry r0 having a value of ro.k lower than any of the r. \ creating an upper bound data entry rH+1 having a value of rB+1 .k higher than any of the η ; and creating a signature for each r. based on a digest value of said each η and based on hash functions of digest values of the real or bound data entry having the next lower value for k compared to each r. and the next higher value for k compared to r( respectively.
22. A data storage medium having stored thereon computer code means for instructing a computer system to execute a method of providing a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of providing matched real data entries [rα,...,rb] sorted in ascending order by k, providing signatures for said matched real data entries, and providing left and right digest values; wherein the left digest value comprises a hash function of the real or a first bound data entry rα_x having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rM having the next higher value for k compared to rb.
23. A data storage medium having stored thereon computer code means for instructing a computer system to execute a method of verifying a query result in response to a database query associated with a range (α, β) of an attribute k, the method comprising the steps of: receiving the query result including matched real data entries [ra ,...,rb] sorted in ascending order by k, signatures for said matched real data entries, and left and right digest values, wherein the left digest value comprises a hash function of the real or a first bound data entry ra_x having the next lower value for k compared to ra, and the right digest value comprises a hash function of the real or a second bound data entry rM having the next higher value for k compared to rb; hashing the digest left value ; hashing the digest right value ; and verifying the signatures provided utilising a public key.
PCT/SG2006/000126 2006-05-17 2006-05-17 Method and system for providing a query result in response to a database query WO2007136346A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SG2006/000126 WO2007136346A1 (en) 2006-05-17 2006-05-17 Method and system for providing a query result in response to a database query

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SG2006/000126 WO2007136346A1 (en) 2006-05-17 2006-05-17 Method and system for providing a query result in response to a database query

Publications (1)

Publication Number Publication Date
WO2007136346A1 true WO2007136346A1 (en) 2007-11-29

Family

ID=38723573

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2006/000126 WO2007136346A1 (en) 2006-05-17 2006-05-17 Method and system for providing a query result in response to a database query

Country Status (1)

Country Link
WO (1) WO2007136346A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050234908A1 (en) * 2004-04-09 2005-10-20 Capital One Financial Corporation Methods and systems for verifying the accuracy of reported information

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050234908A1 (en) * 2004-04-09 2005-10-20 Capital One Financial Corporation Methods and systems for verifying the accuracy of reported information

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DEVANBU ET AL.: "Authentic data publication over the Internet", JOURNAL OF COMPUTER SECURITY, vol. 11, no. 3, 2003, pages 291 - 294, XP008093089 *
PANG ET AL.: "Verifying Completeness of Relational Query Results in Data Publishing", PROCEEDINGS OF THE 2005 ACM SIGMOD INTERNATIONAL CONFERENCE ON MANAGEMENT OF DATA, September 2005 (2005-09-01), pages 407 - 418, XP002479510 *

Similar Documents

Publication Publication Date Title
US11061887B2 (en) Event verification receipt system and methods
US10447480B2 (en) Event verification receipt system and methods
US7000118B1 (en) Asymmetric system and method for tamper-proof storage of an audit trial for a database
Boyen Reusable cryptographic fuzzy extractors
US7941667B2 (en) Electronic document authenticity guarantee method, and electronic document disclosure system
US20220253538A1 (en) Method and system for data security, validation, verification and provenance within independent computer systems and digital networks
WO2010094685A1 (en) System and method for efficient trust preservation in data stores
Pang et al. Verifying completeness of relational query answers from online servers
CN110704864B (en) Block chain-based government integrity archive license management method
Goodrich et al. Super-efficient verification of dynamic outsourced databases
US11818271B2 (en) Linking transactions
CN106302859B (en) A kind of response and processing method of DNSSEC negative response
CA2981202C (en) Hashed data retrieval method
Pawar et al. Performance analysis of e-certificate generation and verification using blockchain and ipfs
CN109918451A (en) Data base management method and system based on block chain
CN117037988A (en) Electronic medical record storage method and device based on blockchain
CN112804050A (en) Multi-source data query system and method
CN110851848B (en) Privacy protection method for symmetric searchable encryption
Singh et al. Ensuring correctness over untrusted private database
Elbegbayan Winnowing, a document fingerprinting algorithm
WO2007136346A1 (en) Method and system for providing a query result in response to a database query
CN110445756B (en) Method for realizing searchable encryption audit logs in cloud storage
CN1547136A (en) Data once writing method and database safety management method based on the same method
RU2785484C1 (en) Method for cryptographic recursive integrity control of a relational database
Roisum et al. Completeness integrity protection for outsourced databases using semantic fake data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06748081

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06748081

Country of ref document: EP

Kind code of ref document: A1