research-article

Verifiable outsourced database in the cloud using game theory

Authors:

Faryed Eltayesh,

Jamal BentaharAuthors Info & Claims

SAC '17: Proceedings of the Symposium on Applied Computing

Pages 370 - 377

https://doi.org/10.1145/3019612.3019628

Published: 03 April 2017 Publication History

Abstract

In the verifiable database (VDB) model, a computationally weak client (database owner) delegates his database management to a database service provider on the cloud, which is considered untrusted third party, while users can query the data and verify the integrity of query results. Since the process can be computationally costly and has a limited support for sophisticated query types such as aggregated queries, we propose in this paper a framework that helps bridge the gap between security and practicality trade-offs. The proposed framework remodels the verifiable database problem using Stackelberg security game. In the new model, the database owner creates and uploads to the database service provider the database and its authentication structure (AS). Next, the game is played between the defender (verifier), who is a trusted party to the database owner and runs scheduled randomized verifications using Stackelberg mixed strategy, and the database service provider. The idea is to randomize the verification schedule in an optimized way that grants the optimal payoff for the verifier while making it extremely hard for the database service provider or any attacker to figure out which part of the database is being verified next. We have implemented and compared the proposed model performance with a uniform randomization model. Simulation results show that the proposed model outperforms the uniform randomization model. Furthermore, we have evaluated the efficiency of the proposed model against different cost metrics.

References

[1]

B. An, M. Tambe, F. Ordonez, E. A. Shieh, and C. Kiekintveld. Refinement of strong stackelberg equilibria in security games. In Proc. of AAAI, 2011.

Digital Library

[2]

X. Chen, J. Li, X. Huang, J. Ma, and W. Lou. New publicly verifiable databases with efficient updates. IEEE Transactions on Dependable and Secure Computing, 12(5):546--556, 2015.

Digital Library

[3]

X. Chen, J. Li, J. Weng, J. Ma, and W. Lou. Verifiable computation over large database with incremental updates. In European Symposium on Research in Computer Security, pages 148--162. Springer, 2014.

Digital Library

[4]

P. Devanbu, M. Gertz, C. Martel, and S. G. Stubblebine. Authentic third-party data publication. In Proc. of the Annual Working Conference on Database Security: Data and Application Security, Development and Directions, pages 101--112. Kluwer, 2000.

Digital Library

[5]

M. T. Goodrich, R. Tamassia, and N. Triandopoulos. Super-efficient verification of dynamic outsourced databases. In Topics in Cryptology-CT-RSA 2008, pages 407--424. Springer, 2008.

Digital Library

[6]

D. Korzhyk, V. Conitzer, and R. Parr. Complexity of computing optimal stackelberg strategies in security resource allocation games. In Proc. of AAAI, 2010.

Digital Library

[7]

F. Li, M. Hadjieleftheriou, G. Kollios, and L. Reyzin. Dynamic authenticated index structures for outsourced databases. In Proc. of the 2006 ACM SIGMOD international conference on Management of Data, pages 121--132. ACM, 2006.

Digital Library

[8]

D. Ma, R. H. Deng, H. Pang, and J. Zhou. Authenticating query results in data publishing. In International Conference on Information and Communications Security, pages 376--388. Springer, 2005.

Digital Library

[9]

R. C. Merkle. A certified digital signature. In Conference on the Theory and Application of Cryptology, pages 218--238. Springer, 1989.

Digital Library

[10]

M. A. M'hamdi and J. Bentahar. Scheduling reputation maintenance in agent-based communities using game theory. Journal of Software, 7(7):1514--1523, 2012.

[11]

E. Mykletun, M. Narasimha, and G. Tsudik. Providing authentication and integrity in outsourced databases using merkle hash trees. UCI-SCONCE Technical Report, 2003.

[12]

M. Narasimha and G. Tsudik. Authentication of outsourced databases using signature aggregation and chaining. In International Conference on Database Systems for Advanced Applications, pages 420--436. Springer, 2006.

Digital Library

[13]

H. Pang, J. Zhang, and K. Mouratidis. Scalable verification for outsourced dynamic databases. Proc. of the VLDB Endowment, 2(1):802--813, 2009.

Digital Library

[14]

C. Papamanthou and R. Tamassia. Time and space efficient algorithms for two-party authenticated data structures. In International Conference on Information and Communications Security, pages 1--15. Springer, 2007.

Digital Library

[15]

P. Paruchuri, J. P. Pearce, J. Marecki, M. Tambe, F. Ordonez, and S. Kraus. Efficient algorithms to solve bayesian stackelberg games for security applications. In Proc. of AAAI, pages 1559--1562, 2008.

Digital Library

[16]

P. Paruchuri, J. P. Pearce, J. Marecki, M. Tambe, F. Ordonez, and S. Kraus. Playing games for security: an efficient exact algorithm for solving bayesian stackelberg games. In Proc. of the International Conference on AAMAS, pages 895--902, 2008.

Digital Library

[17]

J. Pita, M. Jain, J. Marecki, F. Ordóñez, C. Portway, M. Tambe, C. Western, P. Paruchuri, and S. Kraus. Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport. In Proc. of the International Conference on AAMAS: industrial track, pages 125--132, 2008.

Digital Library

[18]

B. Thompson, S. Haber, W. G. Horne, T. Sander, and D. Yao. Privacy-preserving computation and verification of aggregate queries on outsourced databases. In International Symposium on Privacy Enhancing Technologies Symposium, pages 185--201. Springer, 2009.

Digital Library

[19]

O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad. A stackelberg game for distributed formation of business-driven services communities. Expert Systems with Applications, 45:359--372, 2016.

Digital Library

[20]

J. Wang, X. Chen, X. Huang, I. You, and Y. Xiang. Verifiable auditing for outsourced database in cloud computing. IEEE Transactions on Computers, 64(11):3293--3303, 2015.

Digital Library

[21]

M. Xie, H. Wang, J. Yin, and X. Meng. Integrity auditing of outsourced data. In Proc. of the 33rd international conference on Very large data bases, pages 782--793. VLDB Endowment, 2007.

Digital Library

[22]

Y. Yang, D. Papadias, S. Papadopoulos, and P. Kalnis. Authenticated join processing in outsourced databases. In Proc. of the 2009 ACM SIGMOD International Conference on Management of Data, pages 5--18. ACM, 2009.

Digital Library

[23]

J. Yuan and S. Yu. Flexible and publicly verifiable aggregation query for outsourced databases in cloud. In Communications and Network Security (CNS), 2013 IEEE Conference on, pages 520--524. IEEE, 2013.

[24]

Y. Zhu, G.-J. Ahn, H. Hu, S. S. Yau, H. G. An, and C.-J. Hu. Dynamic audit services for outsourced storages in clouds. IEEE Transactions on Services Computing, 6(2):227--238, 2013.

Digital Library

Cited By

Sun BZhao STian G(2024)SQL queries over encrypted databases: a surveyConnection Science10.1080/09540091.2024.232305936:1Online publication date: 5-Mar-2024
https://doi.org/10.1080/09540091.2024.2323059
Das SSharma SSrivastava SGarg SRajpal R(2023)Game Theory Strategies in Cloud Security with ImplementationAdvances in Data Science and Computing Technologies10.1007/978-981-99-3656-4_44(429-440)Online publication date: 30-Sep-2023
https://doi.org/10.1007/978-981-99-3656-4_44
Eltayesh FBentahar JMizouni ROtrok HShakshuki E(2017)Refined game-theoretic approach to improve authenticity of outsourced databasesJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-017-0448-x8:3(329-344)Online publication date: 9-Feb-2017
https://doi.org/10.1007/s12652-017-0448-x

Index Terms

Verifiable outsourced database in the cloud using game theory
1. Computing methodologies
  1. Artificial intelligence
    1. Planning and scheduling
      1. Planning under uncertainty
2. Security and privacy
  1. Database and storage security
    1. Database activity monitoring
    2. Information accountability and usage control
  2. Systems security
    1. Distributed systems security

Recommendations

Verifiable Computation over Large Database with Incremental Updates
Computer Security - ESORICS 2014
Abstract
The notion of verifiable database (VDB) enables a resource-constrained client to securely outsource a very large database to an untrusted server so that it could later retrieve a database record and update a record by assigning a new value. Also, ...
Publicly verifiable databases with efficient insertion/deletion operations

The notion of verifiable database (VDB) enables a resource-constrained client to securely outsource a very large database to an untrusted server and the client could later retrieve a database record and update it efficiently. Meanwhile, any tampering ...
Verifiable Computation on Outsourced Encrypted Data
Computer Security - ESORICS 2014
Abstract
On one hand, homomorphic encryption allows a cloud server to perform computation on outsourced encrypted data but provides no verifiability that the computation is correct. On the other hand, homomorphic authenticator, such as homomorphic ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '17: Proceedings of the Symposium on Applied Computing

April 2017

2004 pages

ISBN:9781450344869

DOI:10.1145/3019612

Conference Chair:
Sung Y. Shin
South Dakota State University
,
Program Chairs:
Dongwan Shin
New Mexico Tech
,
Maria Lencastre
University of Pernambuco, Brazil

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC 2017

Sponsor:

SIGAPP

SAC 2017: Symposium on Applied Computing

April 3 - 7, 2017

Marrakech, Morocco

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
218
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sun BZhao STian G(2024)SQL queries over encrypted databases: a surveyConnection Science10.1080/09540091.2024.232305936:1Online publication date: 5-Mar-2024
https://doi.org/10.1080/09540091.2024.2323059
Das SSharma SSrivastava SGarg SRajpal R(2023)Game Theory Strategies in Cloud Security with ImplementationAdvances in Data Science and Computing Technologies10.1007/978-981-99-3656-4_44(429-440)Online publication date: 30-Sep-2023
https://doi.org/10.1007/978-981-99-3656-4_44
Eltayesh FBentahar JMizouni ROtrok HShakshuki E(2017)Refined game-theoretic approach to improve authenticity of outsourced databasesJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-017-0448-x8:3(329-344)Online publication date: 9-Feb-2017
https://doi.org/10.1007/s12652-017-0448-x

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents