Whether it's checking stock prices, looking up government information or booking a flight, we're relying more and more on information provided over the Internet from electronic databases. But if hackers break into those databases, they could remove files or plant false information, potentially causing huge financial losses. University of California, Davis, computer scientists are working on the Truthsayer project which lets computers go on providing useful, accurate information, even though they are open to attack by hackers.
In the Truthsayer system, developed by Premkumar Devanbu, Michael Gertz, Charles Martell and Phil Rogaway at UC Davis and independent consultant Stuart Stubblebine, the original database is kept on a "trusted" computer which is not connected to the Internet. Copies of the database are given out to other computers which publish it on the Internet, along with a digital signature from the trusted computer.
When a user sends a query over the Internet to the database, it sends back the answer, plus a "proof" that guarantees that the answer has come from the correct database. Together, the answer and the proof should give the original signature. If the database has been tampered with, the proof will automatically be wrong.
The researchers have already developed a scheme to "sign" documents in the popular XML Web language. Anyone reading a copy of an XML document signed in this way, even a small piece of it, can compare it to the signature to check its authenticity.
Truthsayer has important implications, Devanbu said. It would mean you don't need a high level of security to protect your Web site from hackers, as it is very difficult to change information without being detected. That should make it cheaper and easier to run e-commerce and information sites.
The project is funded by an Information Technology Research grant from the National Science Foundation.
Media Resources
Andy Fell, Research news (emphasis: biological and physical sciences, and engineering), 530-752-4533, ahfell@ucdavis.edu