Database fingerprinting schemes have been widely adopted to prevent unauthorized sharing of data and identify the source of data leakages. Although existing schemes are robust against common attacks, such as random bit flipping and subset attack, their robustness degrades significantly if attackers utilize the inherent correlations among database entries. In this paper, we first demonstrate this vulnerability of the existing database fingerprinting schemes by identifying different correlation attacks: column-wise correlation attack, row-wise correlation attack, and the integration of them. To provide robust fingerprinting against the identified correlation attacks, we then develop mitigation techniques, which can work as post-processing steps for any off-the-shelf database fingerprinting schemes. The proposed mitigation techniques also preserve the utility of the fingerprinted database considering different utility metrics. We empirically investigate the impact of the identified correlation attacks and the performance of mitigation techniques using two real-world relational databases. Our results show (i) high success rates of the identified correlation attacks against existing fingerprinting schemes (e.g., the integrated correlation attack can distort 64.8% fingerprint bits by just modifying 14.2% entries in a fingerprinted database), and (ii) high robustness of the proposed mitigation techniques (e.g., after the proposed mitigation techniques, the integrated correlation attack can only distort 3% fingerprint bits). Furthermore, we show that the proposed mitigation techniques effectively alleviate correlation attacks even if the database owner has less accurate knowledge about data correlations compared to the attacker.
翻译:为了防止未经授权分享数据并查明数据泄漏的来源,广泛采用了数据库指纹计划,以防止未经授权分享数据并查明数据泄漏的来源。虽然现有计划对普通攻击,例如随机的比特翻和子集攻击十分健全,但如果攻击者利用数据库条目之间的内在关联性,这些计划的稳健性就会大大降低。在本文件中,我们首先通过识别不同的相关攻击,即:列前后相关攻击、行前后相关攻击以及这些攻击的整合,来证明现有数据库指纹的这种脆弱性。为了针对已查明的相关攻击提供强有力的指纹,我们随后开发了减缓技术,这些技术可以作为任何现成数据库指纹识别计划的后处理步骤发挥作用。提议的减缓技术还维护了指纹数据库的效用,同时考虑到不同的实用指标。我们用两个真实世界关系数据库对已查明的关联性攻击的影响和减缓技术的绩效进行了实证性调查。我们的结果显示:(一) 与现有指纹识别的关联攻击计划(例如,综合相关攻击可以扭曲64.8%的指纹比点,只需修改指纹数据库中的14.2%的条目),以及(二)拟议的减缓准确性数据库的高度坚固性,我们提议的减缓了拟议中的相关性技术。