Refined game-theoretic approach to improve authenticity of outsourced databases

Abstract

The verifiable database (VDB) model is characterized by the fact that the database owner, a computationally weak client, delegates the database management to a database service provider on the cloud, which is considered untrusted third party. In this model, users can query the data and verify the integrity of query results. Motivated by the desire to reduce the computational cost and communication overhead of such a verification process, and to support sophisticated query types, such as aggregated queries, some recent VDB approaches used randomized periodic verifications. These new approaches dedicate a new entity called verifier, whose responsibility is to perform the verification process instead of database users. To improve the randomization effectiveness of the verification operations, our previous work has employed game theory and modeled the VDB problem as a leader–follower Stackelberg security game. The model aimed to randomize what database tables to verify at each verification moment. The main problem of this work is its limitation to only one attacker type, which limits its deployment in real and open cloud environments. In this paper, we extend and refine the Stackelberg security game to be a Bayesian security game which further optimizes the mixed strategy of the verifier by considering multiple follower types. Moreover, we analyze the need for randomization of verification moments and identify the best method allowing us to achieve this randomization. Furthermore, we describe and discuss in detail the implementation settings of each component involved in the model. We have implemented and tested the performance of the Bayesian game model against the single follower-type model and the uniform randomization model. Experiment results show that the Bayesian game model performs better when dealing with multiple attacker types.