Privacy-Preserving Database Fingerprinting

Database sharing may bring about privacy disclosure and illegal redistribution. A previously proposed entry-level Differential Privacy FingerPrinting mechanism (DPFP) for relational database achieves privacy and liability guarantees simultaneously. However, it is only robust against common attacks from a vicious Data Analyzer (DA) and lacks robustness against logical AND or OR collusion attack even if Anti-Collusion Code (ACC) is used to trace who the colluders are. In this work, we propose a Collusion-Resilient entry-level DP FingerPrinting mechanism (CRDPFP) for uniquely identifying colluders by directly using ACCs. Specifically, we firstly theoretically and experimentally demonstrate the vulnerabilities of existing fingerprinting schemes by identification of logical AND/OR collusion attack. To survive 5 types of collusion attacks and identify colluders, a Group-oriented Concatenated (GC) ACC based on I-code and Cover Free Family code is constructed and a catch-all detector is designed. By leveraging the randomization nature of fingerprint, we transform GC code into provable entry-level DP guarantees on the entire database. We also show that CRDPFP inherits the same connection properties between privacy, fingerprint robustness, and database utility from DPFP. Via experiments on two real-world relational databases, we exhibit that our mechanism supplies stronger robustness against 50% random flipping attack from a vicious DA, achieves higher and lower detecting rates of at least one colluder and innocent, uniquely traces all colluders for logical AND or OR collusion attack and obtains near-optimal utility with fingerprint parameter being close to 2 compared to existing schemes.