Research On Outsourced Database Contents Protection Based On Digital Watermark

Outsourced database technology is the basic ingredient of the infrastructure of outsourced information system service. In outsourced database system, the organizations or individuals outsource their database business to the service provider, which offers mechanisms of creating, storing, updating and querying database to the data owner and the database users, as well as maintaining both the software and hardware of database server. The outsourced database scheme can share the professional database management services to whole society, save the investment for human resource and material resource, optimize the resources allocation, and get the better running performances and expansibility.The greatest challenge that the outsourced database faces is its security issue. In outsourced database scheme, since the database server, which is provided by the third part, is not in the trust domain, the data files take the risk of being pirated, as well as the data contents being tampered with. So the secure scheme of the outsourced database system needs to prevent the database from not only attacks coming from the outside, but also malicious operations coming from the server side.Current technologies of database contents protection are mostly implemented via cryptography. Since the data encryption, data decryption and the key management scheme involve complicate computing procedure, the availability of the encrypted database system is limited; The randomization of encrypted data may betray the importance of the message, thus results in new insecurity; Once the encrypted data are decrypted, the cryptography loses its protective function for database contents; The cryptography based digital signature technology authenticates the integrity of database contents by adding redundant verification message, which can by removed due to being separated form the sheltered data.To overcome shortcomings mentioned above, a novel solution for outsourced database contents protection based on database watermarking is proposed in this thesis. Database watermarking, which embeds implicit and un-removable marks in database through the method of signal processing, reaches the aim of protecting the database security without damaging the content and the availability of database. What the technology of database watermarking can provide are the abilities of proving the ownership of the database, verifying the integrity of the data contents and presenting the electronic evidences for accusing the piracy and attack to the database, rather than constraining regular data accessing. Meanwhile, database watermarking can work conjointly with cryptography to reinforce database security.This thesis focuses on the technologies of database watermarking and its application in outsourced database contents protection. The theoretical framework of database watermarking is established. The algorithms of database robust watermark, digital fingerprint and fragile watermark, as well as the corresponding watermarking protocols, are designed. The prototype system, which realizes the copyright certification, traitor tracing and query authentication, is developed. Both the theoretical analysis and the practical experiments prove that the technology of outsourced database contents protection based on watermarking meets the system requirements for both the security and the availability.Work in this thesis mainly consists of the following five aspects, among them the second, the third and the forth one include the key innovative ideas:1) Research on formalized model and basic theories of database watermarking. Due to the short history of research, the maturational theoretical framework for database watermarking has not been formed so far. In this thesis, the definition of database watermarking is presented, the formalized model is established, the main properties and catalog approach are analyzed, and the application areas are generalized. The architecture of database watermarking system is described, the basic technologies of database watermarking, including watermark signals, watermark carrier channels, tuple marking, watermark embedment, watermark detection and extraction, are explained, as well as their special features and implement methods are summarized, compared and evaluated. Common types of attacks towards database watermark are listed, meanwhile, the preventive methods against them are proposed. The metric hierarchy for evaluating the performances of database watermark is presented, the balance relations between these performances are exposed, and some computational methods are provided.2) Research on database copyright certification based on robust watermark. Robust watermark is commonly used in copyright certification. Traditional algorithms of database robust watermarking have their shortcomings, including weak attack- resisting, coarse error-control, and being prone to syndrome phenomena. In this thesis, chaotic sequences are applied in database watermarking, the watermarks are embedded into the numeric data by changing their parity of the low order numbers, thus avoids the syndrome phenomena caused by the usual Least Significant Bit (LSB) watermarking algorithm, and gets better robustness and imperceptibility. Based on its properties of non-repetitive iterative operation and sensitiveness to the initial input, the chaos system is applied to generate multi-bit watermark signals according to the primary keys of the database tuples and the randomized chaotic sequences under the control of the secret key. The process of embedding and detecting watermarks needs only the secret key and the current tuple, thus meets the requirement of the database for synchronous dynamic updating. The detection of watermarks need no original database, thus realizes the blind-detection.3) Research on outsourced database traitor tracing based on digital fingerprint. In order to prevent the outsourced service providers from pirating database via collusion, it is necessary to deploy secure scheme for tracing the original source of the pirate copy. The technology of robust watermark can be used to certificate copyright of database, while the technology of anti-collusion fingerprinting can be used to tracing the traitors among collusive users. Traditional algorithms of database fingerprinting have their shortcomings, including disjointed relation between copyright certification and traitor tracing, and high computational density of fingerprint detection. In this thesis, a scheme of anti-collusion database fingerprinting, which is based on the C-Secure Coding framework and combined with copyright watermark, is proposed. The corresponding algorithms of fingerprint generation, fingerprint embedment, fingerprint detection and traitor tracing are designed. Due to the copyright watermark being introduced into the fingerprint coding, the computational complexities of fingerprint detection and traitor tracing are degraded.4) Research on outsourced query authentication based on fragile watermark. Since the outsourced database server runs at third party that cannot be fully trusted, attackers from server side may add forged tuples into the database or tamper with the database, it is necessary to verify the validity and integrity of the database contents. To overcome shortcomings of traditional solutions that mainly based on redundant authentication coding, a novel scheme of outsourced database query authentication based on fragile watermark is proposed in this thesis. The m sequences are generated based on the secret key coming from a connection polynomial array, and are used for the watermark signals and the control signals for watermark embedment. The fragile watermarks are embedded into the numeric data by changing the parity of their low order numbers. When the database user receives his query results from the server, the data are verified by detecting the watermarks in the result set using the secret key, which is provided by the data owner. This solution is applicable to the validity authentication for projection-selection query under the Unified Client Model of outsourced database. Since the authentication information is embodied in the fragile watermark, the redundant storage capacity and communication flow are little, the authentication information is hard to be removed, and the tamper with the database can be located at the grain of tuple attribute.5) Design and implement of contents protection system for outsourced database based on digital watermark. In this thesis, a system for outsourced database contents protection in network environment is built, which is based on algorithms of database robust watermarking, digital fingerprinting and fragile watermarking, as well as their corresponding protocols, and is combined with technologies of PKI (public key infrastructure), digital signature and USB Key. The system performs such functions as copyright certification, traitor tracing and query authentication for outsourced database. In the built system, such secure services, as identity authentication, digital credential issuing, trusted time stamp service, are implemented via PKI scheme. The watermarking is combined with data encryption and signature, thus makes up the watermarking for its shortcoming in active protection. The design of watermarking protocols meets the requirements of database system for mass data and frequent updating, as well as the ability for resisting common attacks towards watermarks. As a trusted hardware module, the USB Key reinforces the data protection and the secure communication.There are some shortcomings in this thesis. The proposed algorithm of database robust watermarking is only applicable for numeric attributes that can tolerate somewhat distortion within curtain extent; The proposed solution of outsourced database fingerprinting is based on the symmetric fingerprinting scheme, which cannot perform the function of preventing legal users from being framed; The security of the built system for outsourced database contents protection is based on the security of third trusted party, thus would be a certain amount of security risk.Compared with traditional solutions of data encryption or digital signature, the technology of watermark-based database contents protection possesses the advantages of less redundant capacity either for storage or for communication, better imperceptibility, more fine grain for locating tamper, and easier to implement. Therefore, it is a novel technique for database security in the opening networks via non-cryptography, and it illustrates a good prospect of research and application.