The Curse of Correlations for Robust Fingerprinting of Relational Databases

03/11/2021
by   Tianxi Ji, et al.
0

Database fingerprinting schemes have been widely adopted to prevent unauthorized sharing of data and identify the source of data leakages. Although existing schemes are robust against common attacks, such as random bit flipping and subset attack, their robustness degrades significantly if attackers utilize the inherent correlations among database entries. In this paper, we first demonstrate this vulnerability of the existing database fingerprinting schemes by identifying different correlation attacks: column-wise correlation attack, row-wise correlation attack, and the integration of them. To provide robust fingerprinting against the identified correlation attacks, we then develop mitigation techniques, which can work as post-processing steps for any off-the-shelf database fingerprinting schemes. The proposed mitigation techniques also preserve the utility of the fingerprinted database considering different utility metrics. We empirically investigate the impact of the identified correlation attacks and the performance of mitigation techniques using two real-world relational databases. Our results show (i) high success rates of the identified correlation attacks against existing fingerprinting schemes (e.g., the integrated correlation attack can distort 64.8 bits by just modifying 14.2 high robustness of the proposed mitigation techniques (e.g., after the proposed mitigation techniques, the integrated correlation attack can only distort 3 fingerprint bits). Furthermore, we show that the proposed mitigation techniques effectively alleviate correlation attacks even if the database owner has less accurate knowledge about data correlations compared to the attacker.

READ FULL TEXT

page 1

page 2

page 3

page 4

04/04/2022

Robust Fingerprinting of Genomic Databases

Database fingerprinting has been widely used to discourage unauthorized ...
05/31/2019

Comparative Analysis of State-of-the-Art EDoS Mitigation Techniques in Cloud Computing Environment

A new variant of the DDoS attack, called Economic Denial of Sustainabili...
04/14/2021

Phishing Mitigation Techniques: A Literature Survey

Email is a channel of communication which is considered to be a confiden...
04/16/2020

Learning the Associations of MITRE ATT CK Adversarial Techniques

The MITRE ATT CK Framework provides a rich and actionable repository o...
12/13/2018

LAMP: Prompt Layer 7 Attack Mitigation with Programmable Data Planes

While there are various methods to detect application layer attacks or i...
05/15/2017

Simulated Penetration Testing and Mitigation Analysis

Penetration testing is a well-established practical concept for the iden...
09/07/2020

Passwords: Divided they Stand, United they Fall

Today, offline attacks are one of the most severe threats to password se...