Security against Compromised Servers: Verifiable DB Queries

Abstract

In this modern age, we are marching towards automation, data centralization in every field of life. We are dependent on databases for storage of data from applications like medical, banking, and stock exchange. Integrity of data is dependent on the security of the server hosting databases. Security of servers cannot be guaranteed because of sophisticated hacking tools, advance malwares, viruses and widespread vulnerabilities in software. So, there is a need to build secure web based framework that can ensure the integrity of data in fully compromised environment. In fully compromised environment an attacker has full access to the server and can change data in databases. User of an application cannot detect that data coming from server is not corrupted. So, solution for this problem is verifiable queries, which means that user can verify with cryptographic proof at web browser end that the data coming from database against his query is correct. This solution is implemented to provide data integrity in fully compromised environment. In this implementation, proof is calculated at the time of write operation to the database. Write operations consist of insert, update and delete functions. This proof is stored on blockchain. Later on, when a user performs read operation (i.e. read, find, and sum) from databases, user gets results along with some proof helpers. User can verify the integrity of result at browser end by calculating proof from proof helper and comparing with proof from blockchain. Properties of integrity correctness, completeness, and freshness are ensured in our solution. Our solution can be integrated with all web applications with high integrity requirements. However, as a proof of concept, we have integrated this solution with a medical application. The performance evaluation of our solution shows that both proof calculation and verification is efficient in terms of memory requirements and latency.