一种保序加密域数据库认证水印算法

加密域水印技术适用于云环境下的隐私保护（加密）和数据安全认证（加水印）.通过结合保序加密、离散余弦变换、密码哈希和数字水印技术，提出了加密域数据库认证水印算法.首先对数据进行保序加密，以达到对敏感数据内容的隐私保护；对加密后的数据进行分组和离散余弦变换处理，然后将交流系数的哈希（Hashing）值作为认证信息嵌入到直流系数中来认证数据的完整性；可通过比对交流系数的哈希值和从直流系数中提取的水印信息，来判断加密数据是否受到篡改.水印嵌入设计很好地结合了保序加密的特性，使得对加密数据的水印嵌入不会影响到明文数据的正确恢复，利用密钥对加水印的加密数据库直接解密可得到原数据库.实验结果表明：所提出的算法不仅能够用于保护数据库中的内容隐私，而且能检测出不同程度的篡改和有效认证数据库数据的完整性.

Database Authentication Watermarking Algorithm in Order Preserving Encrypted Domain

Digital watermarking in encrypted domain is a potential technology for privacy protection (with encryption) and integrity authentication (with watermarking) in cloud computing environments. Based on order-preserving encryption scheme (OPES), discrete cosine transformation (DCT), cryptography hash and watermarking technologies, this paper proposes a new database authentication watermarking algorithm in encrypted domain. Firstly, data in a database are encrypted with OPES for privacy protection. Then, the encrypted data are divided into groups for DCT operations. The watermark bits generated by hashing AC coefficients are embedded into DC coefficients for authenticating the encrypted data. The receiver can determine whether the data have been tampered by matching the hash value of AC coefficients and the extracted watermark bits from DC coefficients. The watermark embedding process in encrypted domain is lossless to plaintext data by exploring order-preserving property of OPES. In the receiver, an illegal user can recover the original database by directly decrypting the watermarked ciphertext data. Experimental results have shown that the algorithm can efficiently detect different tampering operations while protecting data content privacy with the encryption.