Approach of Tamper Detection for Sensitive Data based on Negotiable Hash Algorithm

Sensitive data is a very important to information safety. The real-world sensitive data is often illegally altered because database administrators (DBAs) have special identity and permissions in database system. However, the traditional secure measures, such as user authentication and access control, do not work well for them. For this case, it is necessary to identify effectively whether the sensitive data in database in enterprise trusted domain is illegally altered or not. Therefore, combining active detection at the security server with passive detection at the security client, a detection approach of the tampered sensitive data based on negotiable hash algorithm is proposed in this paper. Experiments show our algorithm can performs well for sensitive data tamper detection, and it is adapt to protect sensitive data in medical database.

[1]  Carlos Cid,et al.  Recent developments in cryptographic hash functions: Security implications and future directions , 2006, Inf. Secur. Tech. Rep..

[2]  Jianhong Zhang,et al.  IPad: ID-based public auditing for the outsourced data in the standard model , 2015, Cluster Computing.

[3]  Marc Stevens,et al.  Fast Collision Attack on MD5 , 2006, IACR Cryptol. ePrint Arch..

[4]  Greeshma Sarath,et al.  Securing Database Server Using Homomorphic Encryption and Re-encryption , 2015, SSCC.

[5]  Fathi E. Abd El-Samie,et al.  An SVD audio watermarking approach using chaotic encrypted images , 2011, Digit. Signal Process..

[6]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[7]  Marc Stevens Single-block collision attack on MD5 , 2012, IACR Cryptol. ePrint Arch..

[8]  Ajeet Ram Pathak,et al.  A secure threshold secret sharing framework for database outsourcing , 2014, 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies.

[10]  P. Parthasarathi,et al.  Enhanced audit services for the correctness of outsourced data in cloud storage , 2013 .

[11]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[12]  Xingming Sun,et al.  A Hybrid Watermarking Scheme for Relational Databases Copyright Protection and Tamper Proofing , 2011 .

[13]  Christian S. Collberg,et al.  Tamper Detection in Audit Logs , 2004, VLDB.

[14]  Attila Altay Yavuz,et al.  Immutable Authentication and Integrity Schemes for Outsourced Databases , 2018, IEEE Transactions on Dependable and Secure Computing.

[15]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[16]  Lifa Wu,et al.  Dual Watermarking Algorithm for Medical Image , 2017 .

[17]  Sushil Jajodia,et al.  A fragile watermarking scheme for detecting malicious modifications of database relations , 2006, Inf. Sci..

[18]  Xiaofeng Meng,et al.  Integrity Auditing of Outsourced Data , 2007, VLDB.

[19]  Xingming Sun,et al.  A Fragile Zero-Watermarking Technique for Authentication of Relational Databases , 2011 .

[20]  Huiping Guo,et al.  Tamper detection and localization for categorical data using fragile watermarks , 2004, DRM '04.

[21]  Stelvio Cimato,et al.  Visual Cryptography Based Watermarking: Definition and Meaning , 2012, IWDW.

[22]  Steve Mead,et al.  Unique file identification in the National Software Reference Library , 2006, Digit. Investig..

[23]  Zhang Jing Method of data tamper detection by using improved MD5 algorithm , 2008 .