A Persistent Public Watermarking of Relational Databases Raju Halder, Agostino Cortesi Department of Computer Science Universita` Ca’ Foscari Venezia, Italy {halder, cortesi}@unive.it
ICISS’2010, Gujrat, India
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
1 / 22
Outline 1
Introduction to Database Watermarking
2
Why Public Watermarking?
3
Why Persistent Watermarking?
4
Invariants of Database States
5
Abstract Databases
6
Way to improve existing schemes in terms of persistency
7
Proposed Scheme Public Watermarking Private Watermarking
8
Time and Space Complexity
9
Discussions
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
2 / 22
Introduction Information systems are shared by many people around the world. - Example: “Database as a Service model” Content of the databases faces serious challenges: - Illegal redistribution, ownership claims, forgery, theft, etc. Encryption/Decryption? so restrictive. Alternative way is Digital watermarking. Digital watermarking embeds some kind of information into the underlying data of the databases. Purpose: ownership proof, traitor tracing, tamper detection, localization, etc.
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
3 / 22
Introduction Key (K) Original Database
Watermarking
Watermarked Database
Signature S Figure: Watermarking Phase
Key (K) Suspicious Database
Watermark Verification
Signature S’
Compare
Claim as true or false
Original Signature S Figure: Watermark Verification Phase
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
4 / 22
Why Public Watermarking? Private Watermarking: Based on some secret parameters. Only authorized people who knows these secret parameters (e.g. DB owners) are able to verify the watermark. Suffers from disclosure of secret parameters to dishonest people once the watermark is verified in presence of the public. Public Watermarking: No secret parameter is needed during verification. Any end-user can perform the verification as many times as necessary. Robustness and fragileness are burning issues. One Example of Use: To ensure correctness and originality of sensitive data, say currency exchange rates or stock prices, by all customers. Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
5 / 22
Why Persistent Watermarking?
Existing watermarking schemes rely on the content of the database. Benign Updates or any intensional processing may change database content, and may damage/distort the existing watermark. Notion of persistency comes into the context.
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
6 / 22
Persistent Watermarking
Let hdB, Qi be a database model, where Q is the set of queries bounded with the database dB. Watermark W is embedded in initial state d0 .
Definition (Persistent Watermark) Watermark W embedded in the state d0 is called persistent w.r.t. Q if ∀ i ∈ [2 . . . n] : verify(d0 , W ) = verify(di , W ) where “verify(d, W )” is a boolean function such that probability of “verify(d, W ) = true” is negligible when W , watermark embedded in d.
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
7 / 22
Invariants of Database States
Static versus Non-static Database States: Static part: data cells are not affected by processing of queries in Q. Non-static part: data cells may change under processing of queries in Q.
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
8 / 22
Invariants of Database States Semantics-based Properties: Intra-cell (IC) property: - Represents specific properties of individual cells. - Ex: Integer attribute values x represented by Interval [a, b], a ≤ x ≤ b. Intra-tuple (IT) property: - Property based on the inter-relation between two or more attribute values. - Represented by relational abstract domain (e.g. domain of octagons). - Ex: Inter-relation between basic and gross salary. Intra-attribute among-tuples (IA) property: - Property extracted from the set of tuples. - Represented by relational or non-relational abstract domain. - Ex: # male employee = # female employee + 1. - Ex: # employees ≥ 3.
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
9 / 22
Abstract Databases Data values are replaced by abstract values from abstract domains representing specific properties of interest. Although concrete values change, their abstract values representing properties do not change under processing of queries in Q. eID E001 E002 E003 E004 E005
eID] E001 E002 E003 E004 E005
Name Bob Alice Matteo Tom Marry
Name] Bob Alice Matteo Tom Marry
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
The concrete table emp Basic Sal (euro) Gross Sal (euro) 1000 1900 900 1685 1200 2270 600 1190 1350 2542.5 The abstract table emp ] Basic Sal] (euro) Gross Sal] (euro) [1000, 1300] [1900, 2470] [900, 1170] [1685, 2191] [1200, 1560] [2270, 2951] [600, 780] [1190, 1547] [1350, 1755] [2543, 3305]
A Persistent Public Watermarking of Relational Databases
Age 48 29 58 30 55
Age] 48 29 58 30 55
DNo 2 1 2 2 1
DNo] 2 1 2 2 1
ICISS’2010
10 / 22
Improvement in terms of persistency
Roles of Invariants and Abstract Databases in Persistency: Invariants: Static Part of DB state and Semantics-based properties. Partial Abstract Database: Obtained by abstracting only non-static part. Exploit these invariants and abstract databases to obtain a persistent watermarking.
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
11 / 22
Outline 1
Introduction to Database Watermarking
2
Why Public Watermarking?
3
Why Persistent Watermarking?
4
Invariants of Database States
5
Abstract Databases
6
Way to improve existing schemes in terms of persistency
7
Proposed Scheme Public Watermarking Private Watermarking
8
Time and Space Complexity
9
Discussions
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
12 / 22
Public watermarking Performed by: Database Owner Original Database DB(PK,A0, . . . , A β − 1 ) in state d associated with Q
Signature S Parameter
GenPublicKey
Performed by: End-Users Suspicious Database DB(PK,A0, . . . , A β − 1 ) in state d’ associated with Q
Parameter ξ
PublicVerify
ξ An intermediate table in binary form B’(PK,a0, . . . , ap-1)
Public Key B(PK,b0, . . . , bp-1) in binary form
ExtractSig Signature S’ MatchSig
p≤β
Original Signature S
Signature Verification Claim as True or False
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
13 / 22
Public watermarking (Performed by Owner) eID
Name
Basic_Sal
Gross_Sal
Age
Dno
E002
Alice
900
1685
29
1
-
-
-
-
-
-
Persistency
< E002; Alice; - ; - ; 29; 1 > Fragileness
S=”RAJU”= 0101001…101 |S| m= = 31 =11 3 | Astatic | S=(S1)(S2)…(S10)=(010)(100)…(101)
h =HASH(E002||Alice||29||1, 3)=001 i = PRSG(E002)%11 = 2 W =h ⊗ S2= 001 ⊗ 100= 101
Signature embedding
K’alice’=HASH(E002|| Alice)% ξ =2 K’29’=HASH(E002|| 29)% ξ =3 K’1’=HASH(E002|| 1)% ξ =1
Assuming Q increases only Basic and Gross Salaries of employees!!
Robustness
2nd MSB of ‘Alice’ ⊗ W[0]= 0 ⊗ 1=1 3rd MSB of ‘29’ ⊗ W[1]=1 ⊗ 0=1 1st MSB of ‘1’ ⊗ W[2]= 1 ⊗ 1=0
ID
b0
E002
1
b1 1
b2 0
-
-
-
-
< E002; 1; 1; 0;>
Public Key Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
14 / 22
Public watermarking (Performed by End-Users) eID
Name
Basic_Sal
Gross_Sal
Age
Dno
E002
Alice
900
1685
29
1
-
-
-
-
-
-
< E002; Alice; - ; - ; 29; 1 > Public Key ID
b0
E002
1
b1 1
b2 0
-
-
-
-
h =HASH(E002||Alice||29||1, 3)=001
Public Key K’alice’=HASH(E002|| Alice)% ξ =2 K’29’=HASH(E002|| 29)% ξ =3 K’1’=HASH(E002|| 1)% ξ =1 2nd MSB of ‘Alice’ ⊗ h[0]= 0 ⊗ 0=0 3rd MSB of ‘29’ ⊗ h[1]=1 ⊗ 0=1 1st MSB of ‘1’ ⊗ h[2]= 1 ⊗ 1=0
b0 ⊗ a0= 1 ⊗ 0=1 b0 ⊗ a0= 1 ⊗ 1=0 b0 ⊗ a0= 0 ⊗ 0=0
< E002; 0; 1; 0;>
S2 ==100 Signature S=S1S2. . . .S10
ID E002
a0 0
a1 1
a2 0
-
-
-
-
Intermediate Binary Table Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
15 / 22
Outline 1
Introduction to Database Watermarking
2
Why Public Watermarking?
3
Why Persistent Watermarking?
4
Invariants of Database States
5
Abstract Databases
6
Way to improve existing schemes in terms of persistency
7
Proposed Scheme Public Watermarking Private Watermarking
8
Time and Space Complexity
9
Discussions
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
16 / 22
Private Watermarking (Performed by Owner) Q = increase the basic and gross salary of the employees by at most 30%
PK
Stable part
Unstable part
Abstract Tuple Persistency
< E002; Alice; [900, 1170]; [1685, 2191]; 29; 1 > Randomize based on Pseudorandom Seq. Generator based on tuples values’ and secret key
Robustness
Intra-cell Property (ICdQ) : Basic Sal: [900, 1170] Gross Sal: [1685, 2191]
Encoded by k1
< E002; [1685, 2191]; 1; 29; [900, 1170] ; Alice > Prevent Value Modification Attacks
Extract MSB
Intra-tuple Property (ITdQ) :
Gross Sal ≥
< E002; 0; 1; 1; 0; 1 >
165 × BasicSal +200 100
Encoded by k1 Append semantics-based Properties < E002; 0; 1; 1; 0; 1; k1; k2; k3 >
Intra-attribute among-tuples Property (IAdQ) : “The number of employees in every department is more than 2” represented by [3;+ ∞ ]
Encoded by k3 Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
17 / 22
Time and Space Complexity
η= total number of tuples in a database state. µ = complexity of the abstraction operation applied on each tuple. Public Key Generation and Verification: - Time complexity: O(η) - Space complexity: O(η) Private Watermark Generation and Verification: - Time complexity: O(η × µ) - Space complexity: O(η)
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
18 / 22
Discussions and Conclusions
Do not restrict to any particular data type of the attributes. Blind and Distortion-free. Preserve Persistency, Fragileness, and Robustness. Watermark verification algorithms are deterministic in both cases. No need of recomputation when tuples are updated by the queries associated with the database. We strictly improve the scheme of Li and Deng [2].
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
19 / 22
References Rakesh Agrawal, Peter J. Haas, and Jerry Kiernan, Watermarking relational data: framework, algorithms and analysis. The VLDB Journal, vol. 12, no. 2, pp. 157-169, 2003. Yingjiu Li and Robert Huijie Deng, Publicly verifiable ownership protection for relational databases. In Proceedings of the 2006 ACM Symposium on Information, computer and communications security (ASIACCS ’06), Taipei, Taiwan: ACM Press, 2006, pp. 78-89. Raju Halder and Agostino Cortesi, Persistent watermarking of relational databases. In Proceedings of the IEEE International Conference on Advances in Communication, Network, and Computing (CNC 2010), Calicut, India: IEEE CS, 2010, pp. 46-52. Raju Halder and Agostino Cortesi, Abstract interpretation for sound approximation of database query languages. In Proceedings of the IEEE 7th International Conference on INFOrmatics and Systems (INFOS ’2010), Advances in Data Engineering and Management Track, Cairo, Egypt: IEEE Press, 2010, pp. 53-59.
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
20 / 22
Thank you for your attention !
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
21 / 22
Suggestions Please !!!!
Raju Halder, Agostino Cortesi (Ca’ Foscari Univ.)
A Persistent Public Watermarking of Relational Databases
ICISS’2010
22 / 22