When query authentication meets fine-grained access control: A zero-knowledge approach

Cheng Xu; Jianliang Xu; Haibo Hu; Man Ho Au

doi:10.1145/3183713.3183741

When query authentication meets fine-grained access control: A zero-knowledge approach

Cheng Xu, Jianliang Xu, Haibo Hu, Man Ho Au

The Hong Kong Polytechnic University

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

39 Citations (Scopus)

Abstract

Query authentication has been extensively studied to ensure the integrity of query results for outsourced databases, which are often not fully trusted. However, access control, another important security concern, is largely ignored by existing works. Notably, recent breakthroughs in cryptography have enabled fine-grained access control over outsourced data. In this paper, we take the first step toward studying the problem of authenticating relational queries with fine-grained access control. The key challenge is how to protect information confidentiality during query authentication, which is essential to many critical applications. To address this challenge, we propose a novel access-policy-preserving (APP) signature as the primitive authenticated data structure. A useful property of the APP signature is that it can be used to derive customized signatures for unauthorized users to prove the inaccessibility while achieving the zero-knowledge confidentiality. We also propose a grid-indexbased tree structure that can aggregate APP signatures for efficient range and join query authentication. In addition to this, a number of optimization techniques are proposed to further improve the authentication performance. Security analysis and performance evaluation show that the proposed solutions and techniques are robust and efficient under various system settings.

Original language	English
Title of host publication	SIGMOD 2018 - Proceedings of the 2018 International Conference on Management of Data
Editors	Gautam Das, Christopher Jermaine, Ahmed Eldawy, Philip Bernstein
Publisher	Association for Computing Machinery
Pages	147-162
Number of pages	16
ISBN (Electronic)	9781450317436
DOIs	https://doi.org/10.1145/3183713.3183741
Publication status	Published - 27 May 2018
Event	44th ACM SIGMOD International Conference on Management of Data, SIGMOD 2018 - Houston, United States Duration: 10 Jun 2018 → 15 Jun 2018

Conference

Conference	44th ACM SIGMOD International Conference on Management of Data, SIGMOD 2018
Country/Territory	United States
City	Houston
Period	10/06/18 → 15/06/18

Keywords

Data integrity
Fine-grained access control
Query processing

ASJC Scopus subject areas

Software
Information Systems

More information

10.1145/3183713.3183741

Cite this

@inproceedings{27e3f65d92cc4347afd661f692ab4cc3,

title = "When query authentication meets fine-grained access control: A zero-knowledge approach",

abstract = "Query authentication has been extensively studied to ensure the integrity of query results for outsourced databases, which are often not fully trusted. However, access control, another important security concern, is largely ignored by existing works. Notably, recent breakthroughs in cryptography have enabled fine-grained access control over outsourced data. In this paper, we take the first step toward studying the problem of authenticating relational queries with fine-grained access control. The key challenge is how to protect information confidentiality during query authentication, which is essential to many critical applications. To address this challenge, we propose a novel access-policy-preserving (APP) signature as the primitive authenticated data structure. A useful property of the APP signature is that it can be used to derive customized signatures for unauthorized users to prove the inaccessibility while achieving the zero-knowledge confidentiality. We also propose a grid-indexbased tree structure that can aggregate APP signatures for efficient range and join query authentication. In addition to this, a number of optimization techniques are proposed to further improve the authentication performance. Security analysis and performance evaluation show that the proposed solutions and techniques are robust and efficient under various system settings.",

keywords = "Data integrity, Fine-grained access control, Query processing",

author = "Cheng Xu and Jianliang Xu and Haibo Hu and Au, {Man Ho}",

year = "2018",

month = may,

day = "27",

doi = "10.1145/3183713.3183741",

language = "English",

pages = "147--162",

editor = "Gautam Das and Christopher Jermaine and Ahmed Eldawy and Philip Bernstein",

booktitle = "SIGMOD 2018 - Proceedings of the 2018 International Conference on Management of Data",

publisher = "Association for Computing Machinery",

note = "44th ACM SIGMOD International Conference on Management of Data, SIGMOD 2018 ; Conference date: 10-06-2018 Through 15-06-2018",

}

Xu, C, Xu, J, Hu, H & Au, MH 2018, When query authentication meets fine-grained access control: A zero-knowledge approach. in G Das, C Jermaine, A Eldawy & P Bernstein (eds), SIGMOD 2018 - Proceedings of the 2018 International Conference on Management of Data. Association for Computing Machinery, pp. 147-162, 44th ACM SIGMOD International Conference on Management of Data, SIGMOD 2018, Houston, United States, 10/06/18. https://doi.org/10.1145/3183713.3183741

When query authentication meets fine-grained access control: A zero-knowledge approach. / Xu, Cheng; Xu, Jianliang; Hu, Haibo et al.
SIGMOD 2018 - Proceedings of the 2018 International Conference on Management of Data. ed. / Gautam Das; Christopher Jermaine; Ahmed Eldawy; Philip Bernstein. Association for Computing Machinery, 2018. p. 147-162.

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - When query authentication meets fine-grained access control: A zero-knowledge approach

AU - Xu, Cheng

AU - Xu, Jianliang

AU - Hu, Haibo

AU - Au, Man Ho

PY - 2018/5/27

Y1 - 2018/5/27

N2 - Query authentication has been extensively studied to ensure the integrity of query results for outsourced databases, which are often not fully trusted. However, access control, another important security concern, is largely ignored by existing works. Notably, recent breakthroughs in cryptography have enabled fine-grained access control over outsourced data. In this paper, we take the first step toward studying the problem of authenticating relational queries with fine-grained access control. The key challenge is how to protect information confidentiality during query authentication, which is essential to many critical applications. To address this challenge, we propose a novel access-policy-preserving (APP) signature as the primitive authenticated data structure. A useful property of the APP signature is that it can be used to derive customized signatures for unauthorized users to prove the inaccessibility while achieving the zero-knowledge confidentiality. We also propose a grid-indexbased tree structure that can aggregate APP signatures for efficient range and join query authentication. In addition to this, a number of optimization techniques are proposed to further improve the authentication performance. Security analysis and performance evaluation show that the proposed solutions and techniques are robust and efficient under various system settings.

AB - Query authentication has been extensively studied to ensure the integrity of query results for outsourced databases, which are often not fully trusted. However, access control, another important security concern, is largely ignored by existing works. Notably, recent breakthroughs in cryptography have enabled fine-grained access control over outsourced data. In this paper, we take the first step toward studying the problem of authenticating relational queries with fine-grained access control. The key challenge is how to protect information confidentiality during query authentication, which is essential to many critical applications. To address this challenge, we propose a novel access-policy-preserving (APP) signature as the primitive authenticated data structure. A useful property of the APP signature is that it can be used to derive customized signatures for unauthorized users to prove the inaccessibility while achieving the zero-knowledge confidentiality. We also propose a grid-indexbased tree structure that can aggregate APP signatures for efficient range and join query authentication. In addition to this, a number of optimization techniques are proposed to further improve the authentication performance. Security analysis and performance evaluation show that the proposed solutions and techniques are robust and efficient under various system settings.

KW - Data integrity

KW - Fine-grained access control

KW - Query processing

UR - http://www.scopus.com/inward/record.url?scp=85048820745&partnerID=8YFLogxK

U2 - 10.1145/3183713.3183741

DO - 10.1145/3183713.3183741

M3 - Conference article published in proceeding or book

SP - 147

EP - 162

BT - SIGMOD 2018 - Proceedings of the 2018 International Conference on Management of Data

A2 - Das, Gautam

A2 - Jermaine, Christopher

A2 - Eldawy, Ahmed

A2 - Bernstein, Philip

PB - Association for Computing Machinery

T2 - 44th ACM SIGMOD International Conference on Management of Data, SIGMOD 2018

Y2 - 10 June 2018 through 15 June 2018

ER -

When query authentication meets fine-grained access control: A zero-knowledge approach

Abstract

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this