Freshness Authentication for Outsourced Multi-Version Key-Value Stores

Yidan Hu, Xin Yao, Rui Zhang, Yanchao Zhang

Research output: Contribution to journalArticlepeer-review


Data outsourcing is a promising technical paradigm to facilitate cost-effective real-time data storage, processing, and dissemination. In data outsourcing, a data owner proactively pushes a stream of data records to a third-party cloud server for storage, which in turn processes various types of queries from end users on the data owner's behalf. However, the popular outsourced multi-version key-value stores pose a critical security challenge that a third-party cloud server cannot be fully trusted to return both authentic and fresh data in response to end users' queries. Although several recent attempts have been made on authenticating data freshness in outsourced key-value stores, they either incur excessively high communication cost or can only offer very limited real-time guarantee. To fill this gap, this article introduces KV-Fresh, a novel freshness authentication scheme for outsourced key-value stores that offers strong real-time guarantee for both point query and range query. KV-Fresh is designed based on a novel data structure, Linked Key Span Merkle Hash Tree, which enables highly efficient freshness proof by embedding chaining relationship among records generated at different time. Extensive simulation studies using a synthetic dataset generated from real data confirm the efficacy and efficiency of KV-Fresh.

Original languageEnglish (US)
Pages (from-to)2071-2084
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Issue number3
StatePublished - May 1 2023


  • Freshness authentication
  • data outsourcing
  • multi-version key-value store

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Science(all)


Dive into the research topics of 'Freshness Authentication for Outsourced Multi-Version Key-Value Stores'. Together they form a unique fingerprint.

Cite this