Databases Reference
In-Depth Information
RSA
scheme uses the multiplicative homomorphic property of RSA to combine
multiple signatures generated by a single signer into one “condensed” signa-
ture. The result can then be verified quickly by comparing it with the product
of the signatures of each record returned to the client in response to his query.
In case of multiple owners the client has to verify the different sets of records
(i.e., corresponding to the different owners) separately. The second scheme
is similar to the first and we point the the interested reader to [37] for the
technical details. Further work on authentication and query completeness can
be found in [23, 43].
3.3 Key Management in DAS
There have been several proposals for key-management in DAS applications
[28, 29, 14]. We briefly summarize the schemes proposed in [28].
The data owner first decides the key-assignment granularity, as to whether
it will be at the database level, table level or row-level. The first choice gen-
erates a single key for the whole database. In the second case, tables within
the database maybe grouped based on some criteria and one key generated
for each group. In the third option, grouping is carried out at the record level
within tables and each group of records are encrypted with a separate key.
Note that the key assignment granularity is different from the encryption gran-
ularity. For instance, a single key might be used for the whole database, but
encryption may be carried out at the row level. The key generation process
itself is classified into two classes:
pre-computation
based and
re-computation
based approaches. In the first case, all keys are generated ahead of time and
stored in the
key registry
of the system. In the second case, instead of the key,
the key generating information is stored, e.g.,
seed
for the random key gener-
ating function. In DAS key generation can be carried out at the client-side or
at a third-party trusted server. Key registry is the data structure (table) that
stores the information about the keys, namely the key-Id, key correspondence
information (i.e., the database object to which the key is assigned), key mode
(pre-computation or re-computation) and key-material (the actual key or the
seed with which to compute the key). Besides key generation, the other issue
addressed is that of key updates. The authors investigate the compatibility
of key updates along with other data transactions (read/write/update). The
eciency issues related to key-updates is tackled separately in [29].
4 Summary & Related Work
In this chapter, we summarized some of the work done in encrypted data
management in the context of database as a service model. Much of the exist-
ing work on querying encrypted data have studied the problem in one of the
three contexts: keyword search over encrypted text documents, SQL search
over encrypted relational data, and XPATH queries over XML data. Since the
