Data modeling is the process of structuring and organizing data. These data structures are then typically implemented in a database management system . In addition to defining and organizing the data, data modeling may also impose constraints or limitations on the data placed within the structure.
In the Outsourced Database Model (ODB) , organizations outsource their data management needs to an external service provider. The service provider hosts client's databases and offers seamless mechanisms to create, store, update and access (query) their databases. This model introduces several research issues
|
| System Model |
Related to data security, which we explore. |
|
The Outsourced Database Model consists of 3 entities: (1) the data owner (s), (2) the database service provider (server) and (3) the client (s) (also referred to querier (s)). The data owner creates, modifies and deletes the contents of the database. The server hosts the owner's database, i.e., the owner outsources its database to the server. The clients issue queries about the database to the server.
Some of the parameters identifying a specific ODB include the number of owners and clients and the type of trust in the server. Is the server trusted with the data contents but not with integrity? Or do we not trust the database administrators and therefore need to employ encryption to provide data privacy?
|
| Objectives |
|
We wish to address various security issues that arise in the Outsourced Database Model. These range from providing data confidentiality, authenticity and integrity, to enabling an untrusted server to run queries over encrypted data. We also focus on the performance aspects of our solutions.
|
 |
Authenticity and Integrity |
Using signatures we provide mechanisms to allow the querier (client) to ensure that the records returned from the untrusted server originated from the data owner and have not been tampered with. We aim at minimizing the bandwidth and computation required to enable this verification. A new signature scheme, Condensed-RSA, is proposed and we compare its performance with an elliptic curve based signature scheme introduced by Boneh, etal.
|
|
Data Privacy |
|
If the database server is fully untrusted, the measures need to be taken such as to protect the owner's data privacy. The goal is to hide the data contents from the server, by employing data encryption, while still allowing the server to operate the database. In other words the challenge can be formulated as: how to allow the server to perform queries over encrypted data.
|
|
Efficient Secure Storage Model in RDBMS |
|
Several database vendors already offer integrated solutions that aim to provide data privacy within existing products. Treating security and privacy issues as an afterthought often results in inefficient implementations. Some notable RDBMS storage models (such as the N-ary Storage Model) suffer from this problem. We analyze issues in storage, looking at trade-offs between security and efficiency, and then propose a secure storage model, Partition Plaintext Cipher text (PPC), which enables efficient cryptographic operations while maintaining a high level of security.
|
