Using Checksums to Detect Data Corruption

In this paper, we consider the problem of malicious and intended corruption of data in a database, acting outside of the scope of the database management system. Although detecting an attacker who changes a set of database values at the disk level is a simple task (achievable by attaching signatures to each block of data), a more sophisticated attacker may corrupt the data by replacing the current data with copies of old block images, compromising the integrity of the data. To prevent successful completion of this attack, we provide a defense mechanism that enormously increases the intruders workload, yet maintains a low system cost during an authorized update. Our algorithm calculates and maintains two levels of signatures (checksum values) on blocks of data. The signatures are grouped in a manner that forces an extended series of block copying for any unauthorized update. Using the available information on block sizes, block reference patterns and amount of concurrently active transactions in the database, we calculate the length of this chain of copying, proving that the intruder has to perform a lot of work in order to go undetected. Therefore, our technique makes this type of attack very unlikely. Previous work has not addressed protection methods against this knowledgeable and equipped intruder who is operating outside the database management system.