Authentication of published data

Online databases that provide critical information are often vulnerable to malicious and inadvertent corruption. Authentic Publication allows an untrusted data publisher to securely answer user database queries on behalf of trusted off-line data owners. Publishers provide proofs, or verification object ( VOs ), to users who verify that answers are correct. This approach improves scalability and security, but to be practical, the VO s should be small and efficient to compute and verify. This has lead researchers to independently develop several schemes for efficient VO computation based on specific data structures. Chapter 3 presents a unifying framework for these results, leading to a generalized security result. We characterize a broad class of data structures which we call Search DAGs, and develop a generalized algorithm for the construction of VO s for Search DAGs, proving them secure and efficient to compute and verify. We demonstrate how this approach easily captures existing work on simple structures such as binary trees, multi-dimensional range trees, tries, and skip lists, and thus provides the security and efficiency results from our general theorems. We also use Search DAGs to produce and prove the security of authenticated versions of two complex data models for efficient multi-dimensional range searches. This allows efficient VO s to be computed for 1D and 2D range queries and for I/O efficient schemes using linear size structures. Chapter 4 presents efficient mechanisms that enable a group of data owners to rely on an untrusted publisher to collect, organize and integrate each owner's individual data set into a single data structure. Each owner gets a proof from the publisher that his data is properly represented, and the publisher answers and provides proofs for user queries as before. We show that a group of data owners can efficiently certify that the publisher has correctly constructed the data structure from the owners' individual data sets. Users can then verify that the answers they get from the publisher are the same as a fully trusted publisher would provide, or detect if they are not. The results presented support both single attribute and multiple attribute selection and range queries.