Indexing Information for Data Forensics

  • Michael T. Goodrich
  • Mikhail J. Atallah
  • Roberto Tamassia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3531)


We introduce novel techniques for organizing the indexing structures of how data is stored so that alterations from an original version can be detected and the changed values specifically identified. We give forensic constructions for several fundamental data structures, including arrays, linked lists, binary search trees, skip lists, and hash tables. Some of our constructions are based on a new reduced-randomness construction for nonadaptive combinatorial group testing.


data forensics data integrity data marking combinatorial group testing information hiding tamper detection data structures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Kiernan, J.: Watermarking relational databases. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, Hong Kong, pp. 155–166. ACM Press, New York (2002)Google Scholar
  2. 2.
    Alon, N., Goldreich, O., H°astad, J., Peralta, R.: Simple construction of almost k-wise independent random variables. Random Structures and Algorithms 3, 289–304 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Anagnostopoulos, A., Goodrich, M.T., Tamassia, R.: Persistent authenticated dictionaries and their applications. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 379–393. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Ar, S., Blum, M., Codenotti, B., Gemmell, P.: Checking approximate computations over the reals. In: Proc. ACM Symp. on the Theory of Computing, pp. 786–795 (1993)Google Scholar
  5. 5.
    Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture (1997)Google Scholar
  6. 6.
    Azar, Y., Motwani, R., Naor, J.: Approximating probability distributions using small sample spaces. Combinatorica 18(2), 151–171 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Blum, M., Kannan, S.: Designing programs that check their work. J. ACM 42(1), 269–291 (1995)zbMATHCrossRefGoogle Scholar
  8. 8.
    Bright, J.D., Sullivan, G.: Checking mergeable priority queues. In: Digest of the 24th Symposium on Fault-Tolerant Computing, pp. 144–153. IEEE Computer Society Press, Los Alamitos (1994)CrossRefGoogle Scholar
  9. 9.
    Bright, J.D., Sullivan, G.: On-line error monitoring for several data structures. In: Digest of the 25th Symposium on Fault-Tolerant Computing, pp. 392–401. IEEE Computer Society Press, Los Alamitos (1995)Google Scholar
  10. 10.
    Bright, J.D., Sullivan, G., Masson, G.M.: Checking the integrity of trees. In: Digest of the 25th Symposium on Fault-Tolerant Computing, pp. 402–411. IEEE Computer Society Press, Los Alamitos (1995)Google Scholar
  11. 11.
    Buldas, A., Laud, P., Lipmaa, H.: Eliminating counterevidence with applications to accountable certificate management. Journal of Computer Security 10(3), 273–296 (2002)Google Scholar
  12. 12.
    Busschbach, P.: Constructive methods to solve the problems of: s-sujectivity conflict resoltuion, coding in defective memories. In: [26] (1984) (unpublished manuscript)Google Scholar
  13. 13.
    Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Cannella, S., Shin, M., Straub, C., Tamassia, R., Polivy, D.J.: Secure visualization of authentication information: A case study. In: Proc. IEEE Symp. on Visual Languages and Human-Centric Computing (2004)Google Scholar
  15. 15.
    Chang, H., Atallah, M.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Colbourn, C.J., Dinitz, J.H., Stinson, D.R.: Applications of combinatorial designs to communications, cryptography, and networking. In: Walker (ed.) Surveys in Combinatorics. London Mathematical Society Lecture Note Series, vol. 187, pp. 37–100. Cambridge University Press, Cambridge (1993)Google Scholar
  17. 17.
    Collberg, C., Thomborson, C.: On the limits of software watermarking. Technical Report 164, Department of Computer Science, The University of Auckland, Private Bag 92019, Auckland, New Zealand (August 1998)Google Scholar
  18. 18.
    Collberg, C., Thomborson, C.: Software watermarking: Models and dynamic embeddings. In: ACM Symp. on Principles of Programming Languages (POPL), pp. 311–324 (1999)Google Scholar
  19. 19.
    Collberg, C., Thomborson, C.: Software watermarking: models and dynamic embeddings. In: ACM SIGPLAN–SIGACT POPL 1999, San Antonio, Texas, USA (January 1999)Google Scholar
  20. 20.
    de Vel, O., Anderson, A., Corney, M., Mohay, G.: Mining e-mail content for author identification forensics. SIGMOD Record 30(4), 55–64 (2001)CrossRefGoogle Scholar
  21. 21.
    Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G., Stubblebine, S.G.: Flexible authentication of XML documents. In: Proc. ACM Conf. on Computer and Communications Security, pp. 136–145 (2001)Google Scholar
  22. 22.
    Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic data publication over the internet. Journal of Computer Security 11(3), 291–314 (2003)Google Scholar
  23. 23.
    Devillers, O., Liotta, G., Preparata, F.P., Tamassia, R.: Checking the convexity of polytopes and the planarity of subdivisions. Comput. Geom. Theory Appl. 11, 187–208 (1998)zbMATHMathSciNetGoogle Scholar
  24. 24.
    Di Battista, G., Liotta, G.: Upward planarity checking: “Faces are more than polygons”. In: Whitesides, S.H. (ed.) GD 1998. LNCS, vol. 1547, pp. 72–86. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  25. 25.
    Dorfman, R.: The detection of defective members of large populations. Ann. Math. Statist. 14, 436–440 (1943)CrossRefGoogle Scholar
  26. 26.
    Du, D.-Z., Hwang, F.K.: Combinatorial Group Testing and Its Applications, 2nd edn. World Scientific, Singapore (2000)zbMATHGoogle Scholar
  27. 27.
    Finkler, U., Mehlhorn, K.: Checking priority queues. In: Proc. 10th ACM-SIAM Symp. on Discrete Algorithms, pp. S901–S902 (1999)Google Scholar
  28. 28.
    Gassko, I., Gemmell, P.S., MacKenzie, P.D.: Efficient and fresh certification. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 342–353. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  29. 29.
    Goodrich, M.T.: Efficient packet marking for large-scale IP traceback. In: 9th ACM Conf. on Computer and Communications Security (CCS), pp. 117–126 (2002)Google Scholar
  30. 30.
    Goodrich, M.T., Shin, M., Tamassia, R., Winsborough, W.H.: Authenticated dictionaries for fresh attribute credentials. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 332–347. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  31. 31.
    Goodrich, M.T., Tamassia, R.: Efficient authenticated dictionaries with skip lists and commutative hashing. Technical report, Johns Hopkins Information Security Institute (2000), Available from
  32. 32.
    Goodrich, M.T., Tamassia, R., Hasic, J.: An efficient dynamic and distributed cryptographic accumulator. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 372–388. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  33. 33.
    Goodrich, M.T., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proc. 2001 DARPA Information Survivability Conference and Exposition, vol. 2, pp. 68–82 (2001)Google Scholar
  34. 34.
    Goodrich, M.T., Tamassia, R., Triandopoulos, N., Cohen, R.: Authenticated data structures for graph and geometric searching. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 295–313. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  35. 35.
    Gross-Amblard, D.: Query-preserving watermarking of relational databases and XML documents. In: ACM Symp. on Principles of Database Systems (PODS), pp. 191–201 (2003)Google Scholar
  36. 36.
    Guruswami, V.: ListDecoding of Error-correcting Codes. PhD thesis,Massachusetts Institute of Technology, Boston, MA (2001)Google Scholar
  37. 37.
    Guruswami, V., Sudan, M.: Improved decoding of Reed-Solomon and algebraic-geometric codes. IEEE Transactions on Information Theory 45, 1757–1767 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  38. 38.
    Horne, B., Matheson, L., Sheehan, C., Tarjan, R.: Dynamic self-checking techniques for improved tamper resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 141–159. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  39. 39.
    Khanna, S., Zane, F.: Watermarking maps: Hiding information in structured data. In: ACM/SIAM Symp. on Discrete Algorithms, pp. 596–605 (2000)Google Scholar
  40. 40.
    King, V.: A simpler minimum spanning tree verification algorithm. In: Workshop on Algorithms and Data Structures, pp. 440–448 (1995)Google Scholar
  41. 41.
    Kocher, P.: A quick introduction to certificate revocation trees, CRTs (1998),
  42. 42.
    Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  43. 43.
    Krsul, I., Spafford, E.H.: Authorship analysis: Identifying the author of a program. Computers and Society 16(3), 248–259 (1997)Google Scholar
  44. 44.
    Kuhn, M.: The trustno1 cryptoprocessor concept. Technical Report CERIAS-1997-04-30, Purdue University (1997)Google Scholar
  45. 45.
    Kurosawa, K., Johansson, T., Stinson, D.R.: Almost k-wise independent sample spaces and their cryptologic applications. Journal of Cryptology 14, 231–253 (2001)zbMATHMathSciNetGoogle Scholar
  46. 46.
    Lysyanskaya, A., Tamassia, R., Triandopoulos, N.: Multicast authentication in fully adversarial networks. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 241–255 (May 2004)Google Scholar
  47. 47.
    Martel, C., Nuckolls, G., Devanbu, P., Gertz, M., Kwong, A., Stubblebine, S.G.: A general model for authenticated data structures. Algorithmica 39(1), 21–41 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  48. 48.
    Mehlhorn, K., Näher, S.: LEDA: A Platform for Combinatorial and Geometric Computing. Cambridge University Press, Cambridge (2000)Google Scholar
  49. 49.
    Mehlhorn, K., Näher, S., Seel, M., Seidel, R., Schilz, T., Schirra, S., Uhrig, C.: Checking geometric programs or verification of geometric structures. Comput. Geom. Theory Appl. 12(1-2), 85–103 (1999)zbMATHGoogle Scholar
  50. 50.
    Menezes, J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  51. 51.
    Naor, J., Naor, M.: Small-bias probability spaces: Efficient constructions and applications. In: ACM Symposium on Theory of Computing, pp. 213–223 (1990)Google Scholar
  52. 52.
    Naor, M., Nissim, K.: Certificate revocation and certificate update. In: Proc. 7th USENIX Security Symposium, Berkeley, pp. 217–228 (1998)Google Scholar
  53. 53.
    Ostrovsky, R., Rackoff, C., Smith, A.: Efficient consistency proofs for generalized queries on a committed database. In: Díaz, J., Karhumäki, J., Lepistö, A., Sannella, D. (eds.) ICALP 2004. LNCS, vol. 3142, pp. 1041–1053. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  54. 54.
    Polivy, D.J., Tamassia, R.: Authenticating distributed data using Web services and XML signatures. In: Proc. ACM Workshop on XML Security (2002)Google Scholar
  55. 55.
    Qu, G., Potkonjak, M.: Analysis of watermarking techniques for graph coloring problem. In: IEEE/ACM Int. Conf. on Computer-Aided Design, pp. 190–193 (1998)Google Scholar
  56. 56.
    Ron, D.: Property testing. In: Pardalos, P.M., Rajasekaran, S., Reif, J., Rolim, J.D.P. (eds.) Handbook of Randomized Computing, pp. 597–649. Kluwer Academic Publishers, Dordrecht (2001)Google Scholar
  57. 57.
    Savage, S., Wetherall, D., Karlin, A.R., Anderson, T.: Practical network support for IP traceback. In: SIGCOMM, pp. 295–306 (2000)Google Scholar
  58. 58.
    Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. John Wiley and Sons, Inc., New York (1996)zbMATHGoogle Scholar
  59. 59.
    Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. on Information and System Security 2(2), 159–176 (1999)CrossRefGoogle Scholar
  60. 60.
    Sion, R., Atallah, M.J., Prabhakar, S.K.: Resilient information hiding for abstract semistructures. In: Kalker, T., Cox, I., Ro, Y.M. (eds.) IWDW 2003. LNCS, vol. 2939, pp. 141–153. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  61. 61.
    Sion, R., Atallah, M.J., Prabhakar, S.K.: Rights protection for relational data. In: Proc. 2003 ACM International Conference on Management of Data (SIGMOD), San Diego, California, pp. 98–109. ACM Press, New York (2003)CrossRefGoogle Scholar
  62. 62.
    Spafford, E.H., Kim, G.: The design and implementation of tripwire: A file system integrity checker. In: 2d ACM Conf. on Computer and Communication Security, CCS (1994)Google Scholar
  63. 63.
    Spafford, E.H., Weeber, S.A.: Software forensics: Tracking code to its authors. Computers and Society 12(6), 585–595 (1993)Google Scholar
  64. 64.
    Stinson, D.R.: Cryptography: Theory and Practice, Second Edition. CRC Press Series, Boca Raton (2002)Google Scholar
  65. 65.
    Stinson, D.R., van Trung, T., Wei, R.: Secure frameproof codes, key distribution patterns, group testing algorithms and related structures. Journal of Statistical Planning and Inference 86, 595–617 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  66. 66.
    Sullivan, G.F., Masson, G.M.: Certification trails for data structures. In: Digest of the 21st Symposium on Fault-Tolerant Computing, pp. 240–247. IEEE Computer Society Press, Los Alamitos (1991)CrossRefGoogle Scholar
  67. 67.
    Sullivan, G.F., Wilson, D.S., Masson, G.M.: Certification of computational results. IEEE Trans. Comput. 44(7), 833–847 (1995)zbMATHCrossRefGoogle Scholar
  68. 68.
    Tamassia, R.: Authenticated data structures. In: Di Battista, G., Zwick, U. (eds.) ESA 2003. LNCS, vol. 2832, pp. 2–5. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  69. 69.
    Tamassia, R., Triandopoulos, N.: Computational bounds on hierarchical data processing with applications to information security. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 153–165. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  70. 70.
    Venkatesan, R., Vazirani, V., Sinha, S.: A graph theoretic approach to software watermarking. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 157–168. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  71. 71.
    Yasinsac, A., Manzano, Y.: Policies to enhance computer and network forensics. In: IEEE Workshop on Information Assurance and Security, pp. 289–295 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Michael T. Goodrich
    • 1
  • Mikhail J. Atallah
    • 2
  • Roberto Tamassia
    • 3
  1. 1.University of CaliforniaIrvine
  2. 2.Purdue University 
  3. 3.Brown University 

Personalised recommendations