DESIGN AND DEVELOPMENT OF KEY REPRESENTATION AUDITING SCHEME FOR SECURE ONLINE AND DYNAMIC STATISTICAL DATABASES

A statistical database (SDB) publishes statistical queries (such as sum, average, count,
etc.) on subsets of records. Sometimes by stitching the answers of some statistics, a
malicious user (snooper) may be able to deduce confidential information about some
individuals. When a user submits a query to statistical database, the difficult problem
is how to decide whether the query is answerable or not; to make a decision, past
queries must be taken into account, which is called SDB auditing. One of the major
drawbacks of the auditing, however, is its excessive CPU time and storage
requirements to find and retrieve the relevant records from the SDB.
The key representation auditing scheme (KRAS) is proposed to guarantee the
security of online and dynamic SDBs. The core idea is to convert the original
database into a key representation database (KRDB), also this scheme involves
converting each new user query from a string representation into a key representation
query (KRQ) and storing it in the Audit Query table (AQ table). Three audit stages are
proposed to repel the attacks of the snooper to the confidentiality of the individuals.
Also, efficient algorithms for these stages are presented, namely the First Stage
Algorithm (FSA), the Second Stage Algorithm (SSA) and the Third Stage Algorithm
(TSA). These algorithms enable the key representation auditor (KRA) to conveniently
specify the illegal queries which could lead to disclosing the SDB.
A comparative study is made between the new scheme and the existing methods,
namely a cost estimation and a statistical analysis are performed, and it illustrates the
savings in block accesses (CPU time) and storage space that are attainable when a
KRDB is used. Finally, an implementation of the new scheme is performed and all the
components of the proposed system are discussed.