Abstract
Data streaming is widely used in various environments. Resource-limited devices outsource the processing and storage of massive numbers of sequential elements to cloud-based servers, and security protection is of primary importance for the outsourced streams. The streaming authenticated data structure schemes and verifiable data streaming schemes are introduced to provide data owners and verifiers with the ability to verify streaming elements. However, due to their enormous numbers of key parameters, expensive updating overheads, signature revocation, and other security and application problems, few of the existing schemes are feasible when massive numbers of streaming elements are involved and allowed to be updated. In this paper, we define and construct a new primitive, namely, dimension-increasing vector commitment (DIVC). Then, we present the definition of constant verifiable data streaming (CVDS), which is an extension of the original verifiable data streaming (VDS) scheme. Moreover, with the proposed DIVC scheme, which is based on the CDH assumption in bilinear pairings, we construct two concrete CVDS schemes, namely, the probabilistic verifiability CVDS (P-CVDS) scheme and the deterministic verifiability CVDS (D-CVDS) scheme, by respectively employing the counting Bloom filter and a dynamic accumulator, which is based on the q-SDH assumption in bilinear pairings. The analyses prove that both the P-CVDS and D-CVDS schemes satisfy the security requirements that are formulated in the CVDS definition. Finally, the efficiency and performance evaluation demonstrate that the proposed schemes are feasible in practical applications.
Notes
When we want to refer to the cell commitment value of a completed cell, for simplicity, in this context, we may employ any index that falls into the same cell, rather than only using the last index. In other words, for a completed cell, only the cell commitment value and its signature are stored in the server.
The purpose of splitting the proof is to support the security requirement of accountability; the core idea comes from the basic concept of verifiable outsourcing computation, which can be found in related works, such as [37, 38]. To reduce the client’s workload, the client proof πci can be released by a trusted agent or proxy instead of the client. In addition, in data streaming environments, since the client is always online until the data streaming has finished, there is no need to distinguish between when the client is online or offline in related algorithms.
In this scheme, n is equal to the maximum number of cells in the data stream, which means there could be n × s stream elements.
According to the characteristics of the CBF scheme, if this step of verification is not passed, the final result of the CVDS.Verify(⋅) algorithm cannot be passed; however, if this verification step is passed, the final result could be correct or not. That is the reason why we say that this SVDS scheme is probabilistically verifiable.
These parameters are mainly the security-related parameters, such as the security parameter in the setup algorithm of a verifiable data streaming scheme, the security parameter of an accumulator scheme, and the upper bound of element number within one Bloom filter.
References
Babcock B, Babu S, Datar M, Motwani R, Widom J (2002) Models and issues in data stream systems. In: ACM Sigmod-Sigact-Sigart symposium on principles of database systems, pp 1–16
Abadi DJ, Carney D, Çetintemel U, Cherniack M, Convey C, Lee S, Stonebraker M, Tatbul N, Zdonik S (2003) Aurora: a new model and architecture for data stream management. VLDB J 12(2):120–139
Golab L, Tamer Özsu M (2003) Issues in data stream management. Acm Sigmod Record 32(2):5–14
Krishnaswamy S (2005) Mining data streams: a review. Acm Sigmod Record 34(2):18–26
Papamanthou C, Shi E, Tamassia R, Yi K (2013) Streaming authenticated data structures. In: Advances in cryptology – EUROCRYPT 2013, Springer, Berlin, pp 353–370.
Yi Q, Zhang Y, Xi C, Papamanthou C (2014) Streaming authenticated data structures: abstraction and implementation. In: Edition of the ACM workshop on cloud computing security, pp 129–139
Schröder D, Schröder H (2012) Verifiable data streaming. In: Proceedings of the ACM conference on computer and communications security, ACM, pp 953–964
Schöder Dominique, Simkin Mark (2015) Veristream – a framework for verifiable data streaming. In: International conference on financial cryptography and data security. pp 548–566
Krupp J, Schröder D, Simkin M, Fiore D, Ateniese G, Nuernberger S (2016) Nearly optimal verifiable data streaming. In: Proceedings, Part I, of the 19th IACR international conference on public-key cryptography – PKC 2016, vol 9614. Springer, New york inc., pp 417–445
Merkle RC (1980) Protocols for public key cryptosystems. In: IEEE symposium on security and privacy(SP). pp 122–134
Chen X, Zhang F, Susilo W, Tian H, Li J, Kim K (2014) Identity-based chameleon hashing and signatures without key exposure. Information Sciences An International Journal 265(5):198– 210
Zhang Z, Chen X, Li J, Tao X, Ma J (2018) Hvdb: a hierarchical verifiable database scheme with scalable updates. Journal of Ambient Intelligence and Humanized Computing
Chen X, Li J, Huang X, Ma J, Lou W (2015) New publicly verifiable databases with efficient updates. IEEE Trans Dependable Secure Comput 12(5):546–556
Li J, Liu Z, Chen X, Xhafa F, Tan X, Wong DS (2015) L-encdb: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl-Based Syst 79:18–26
Wang J, Chen X, Huang X, You I, Xiang Y (2015) Verifiable auditing for outsourced database in cloud computing. IEEE Trans Comput 64(11):3293–3303
Li T, Liu Z, Li J, Jia C, Li KC (2017) CDPS: a cryptographic data publishing system. J Comput Syst Sci 89:80–91
Liu Q, Guo Y, Wu J, Wang G (2017) Effective query grouping strategy in clouds. J Comput Sci Technol 32(6):1231–1249
Li P, Li J, Huang Z, Gao CZ, Chen WB, Chen K (2017) Privacy-preserving outsourced classification in cloud computing. Cluster Computing
Li J, Huang X, Li J, Chen X, Xiang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210
Chen X, Huang X, Li J, Ma J, Lou W, Wong DS (2015) New algorithms for secure outsourcing of large-scale systems of linear equations. IEEE Trans Inf Forensics Secur 10(1):69–78
Chen X, Li J, Weng J, Ma J, Lou W (2016) Verifiable computation over large database with incremental updates. IEEE Trans Comput 65(10):3184–3195
Li J, Li J, Xie D, Cai Z (2016) Secure auditing and deduplicating data in cloud. IEEE Trans Comput 65(8):2386–2396
Wang J, Chen X, Li J, Zhao J, Shen J (2016) Towards achieving flexible and verifiable search for outsourced database in cloud computing. Futur Gener Comput Syst 67
Benabbas S, Gennaro R, Vahlis Y (2011) Verifiable delegation of computation over large datasets. In: Annual cryptology conference, Springer, pp 111–131
Catalano D, Fiore D (2013) Vector commitments and their applications. In: Public key cryptography, Springer, pp 55–72
Merkle RC (1980) Protocols for public key cryptosystems. ieee symposium on security and privacy, pp 122–122
Merkle RC (1990) A certified digital signature. In Advances in cryptology — CRYPTO’ 89 proceedings, Springer, New York, pp 218–238
Tamassia R (2003) Authenticated data structures. In: European symposium on algorithms, pp 2–5
Miller A, Hicks M, Katz J, Shi E (2014) Authenticated data structures, generically. In: ACM Sigplan-sigact symposium on principles of programming languages, pp 411–423
Ajtai M (1996) Generating hard instances of lattice problems. In: Twenty-Eighth ACM symposium on theory of computing, pp 99–108
Do J-M, Song Y-J (2014) Secure streaming media data management protocol. International Journal of Security and Its Applications 8(2):193–202
Puthal D, Nepal S, Ranjan R, Chen J (2015) A dynamic key length based approach for real-time security verification of big sensing data stream, In: International conference on web information systems engineering, pp 93–108
Chen C-Y, Wu H-M, Wang L, Yu C-M (2017) Practical integrity preservation for data streaming in cloud-assisted healthcare sensor systems. Comput Netw 129:472–480. Special Issue on 5G Wireless Networks for IoT and Body Sensors
Yi S, Chen X, Du X, Xu J (2017) Dynamic authenticated data structures with access control for outsourcing data stream. IET Inf Secur 11(5):235–242
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, pp 321–334
Boneh D, Boyen X (2004) Short signatures without random oracles. In: International conference on the theory and applications of cryptographic techniques, Springer, pp 56–73
Chen X, Li J, Ma J, Tang Q, Lou W (2014) New algorithms for secure outsourcing of modular exponentiations. IEEE Trans Parallel Distrib Syst 25(9):2386–2396
Chen X, Li J, Huang X, Li J, Xiang Y, Wong DS (2014) Secure outsourced attribute-based signatures. IEEE Trans Parallel Distrib Syst 25(12):3285–3294
Bloom BH (1970) Space/time trade-offs in hash coding with allowable errors. Commun ACM 13(7):422–426
Li F, Cao P, Almeida J, Broder AZ (2000) Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM Trans Networking 8(3):281–293
Rottenstreich O, Kanizo Y, Keslassy I (2014) The variable-increment counting bloom filter. IEEE/ACM Transactions on Networking (TON) 22(4):1092–1105
Benaloh J, de Mare M (1994) One-way accumulators: A decentralized alternative to digital signatures. In: Advances in cryptology — EUROCRYPT ’93, Springer, Berlin, pp 274–285
Camenisch J, Lysyanskaya A (2002) Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Annual international cryptology conference, Springer, pp 61–76
Nguyen L (2005) Accumulators from bilinear pairings and applications. In: Cryptographers’ track at the RSA conference, Springer, pp 275–292
Funding
This work is supported by the National Natural Science Foundation of China (no. 61572382), Key Project of Natural Science Basic Research Plan in Shaanxi Province of China (no. 2016JZ021), China 111 Project (no. B16037), Guangxi Cooperative Innovation Center of cloud computing and Big Data (no. YD17X07), and Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems (no. YF17103).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhang, Z., Chen, X., Ma, J. et al. New efficient constructions of verifiable data streaming with accountability. Ann. Telecommun. 74, 483–499 (2019). https://doi.org/10.1007/s12243-018-0687-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-018-0687-7