Configuration

    Watermark is disabled by default in IoTDB. To enable watermark embedding, the first thing is to modify the following fields in the configuration file :

    Notes:

    • watermark_module_opened: Set it to be true if you want to enable watermark embedding
    • watermark_secret_key: Character ‘&’ is not allowed. There is no constraint on the length of the secret key. Generally, the longer the key is, the higher the bar to intruders.
    • watermark_bit_string: There is no constraint on the length of the bit string (except that it should not be empty). But note that it is difficult to reach the required significance level at the watermark detection phase if the bit string is way too short.
    • watermark_method: Now only GroupBasedLSBMethod is supported, so actually you can only tune the two parameters of this method, which are embed_row_cycle and embed_lsb_num.
      • Both of them should be positive integers.
      • embed_row_cycle controls the ratio of rows watermarked. The smaller the embed_row_cycle, the larger the ratio of rows watermarked. When embed_row_cycle equals 1, every row is watermarked.
      • GroupBasedLSBMethod uses LSB embedding. embed_lsb_num controls the number of least significant bits available for watermark embedding. The biggger the embed_lsb_num, the larger the varying range of a data point.
    • watermark_secret_key, watermark_bit_string and watermark_method should be kept secret from possible attackers. That is, it is your responsiblity to take care of iotdb-engine.properties.

    Usage Example

    • step 1. Create a new user Alice, grant read privilege and query

    A newly created user doesn’t use watermark by default. So the query result is the original data.

    • step 2. grant watermark_embedding to Alice

    Usage: grant watermark_embedding to Alice

    Note that you can use grant watermark_embedding to user1,user2,... to grant watermark_embedding to multiple users.

    1. .\start-cli.bat -u root -pw root
    2. grant watermark_embedding to Alice
    3. exit
    5. .\start-cli.bat -u Alice -pw '1234'
    7. |                               Time|root.vehicle.d0.s0|
    8. +-----------------------------------+------------------+
    9. |      1970-01-01T08:00:00.001+08:00|              21.5|
    10. |      1970-01-01T08:00:00.002+08:00|              22.5|
    11. |      1970-01-01T08:00:00.003+08:00|         23.500008|
    12. |      1970-01-01T08:00:00.004+08:00|         24.500015|
    13. |      1970-01-01T08:00:00.005+08:00|              25.5|
    14. |      1970-01-01T08:00:00.006+08:00|         26.500015|
    15. |      1970-01-01T08:00:00.007+08:00|              27.5|
    16. |      1970-01-01T08:00:00.008+08:00|         28.500004|
    17. |      1970-01-01T08:00:00.009+08:00|              29.5|
    18. |      1970-01-01T08:00:00.010+08:00|              30.5|
    19. |      1970-01-01T08:00:00.011+08:00|              31.5|
    20. |      1970-01-01T08:00:00.012+08:00|              32.5|
    21. |      1970-01-01T08:00:00.013+08:00|              33.5|
    22. |      1970-01-01T08:00:00.014+08:00|              34.5|
    23. |      1970-01-01T08:00:00.015+08:00|         35.500004|
    24. |      1970-01-01T08:00:00.016+08:00|              36.5|
    25. |      1970-01-01T08:00:00.017+08:00|              37.5|
    26. |      1970-01-01T08:00:00.018+08:00|              38.5|
    27. |      1970-01-01T08:00:00.020+08:00|              40.5|
    28. |      1970-01-01T08:00:00.021+08:00|              41.5|
    30. |      1970-01-01T08:00:00.023+08:00|              43.5|
    31. |      1970-01-01T08:00:00.024+08:00|         44.500008|
    32. |      1970-01-01T08:00:00.025+08:00|          45.50003|
    33. |      1970-01-01T08:00:00.026+08:00|         46.500008|
    34. |      1970-01-01T08:00:00.027+08:00|         47.500008|
    35. |      1970-01-01T08:00:00.028+08:00|              48.5|
    36. |      1970-01-01T08:00:00.029+08:00|              49.5|
    37. |      1970-01-01T08:00:00.030+08:00|              50.5|
    38. |      1970-01-01T08:00:00.031+08:00|         51.500008|
    39. |      1970-01-01T08:00:00.032+08:00|              52.5|
    40. |      1970-01-01T08:00:00.033+08:00|              53.5|
    41. +-----------------------------------+------------------+
    • step 3. revoke watermark_embedding from Alice

    Usage: revoke watermark_embedding from Alice

    Note that you can use revoke watermark_embedding from user1,user2,... to revoke watermark_embedding from multiple users.

    Only root can run this command. After root revokes watermark_embedding from Alice, all query results of Alice are original again.

    Watermark Detection

    detect-watermark.sh and detect-watermark.bat are provided for different platforms.

    Usage: ./detect-watermark.sh [filePath] [secretKey] [watermarkBitString] [embed_row_cycle] [embed_lsb_num] [alpha] [columnIndex] [dataType: int/float/double]

    Notes:

    • filePath: You can use export-csv tool to generate such data file. The first row is header and the first column is time. Data in the file looks like this:

    • watermark_secret_key, watermark_bit_string, embed_row_cycle and embed_lsb_num should be consistent with those used in the embedding phase.

    • alpha: It should be in the range of [0,1]. The watermark detection is based on the significance test. The smaller the alpha is, the lower the probability that the data without the watermark is detected to be watermark embedded, and thus the higher the credibility of the result of detecting the existence of the watermark in data.

    • columnIndex: It should be a positive integer.