Data Leak Detection As a Service: Challenges and Solutions

We describe a network-based data-leak detection (DLD) technique, the main feature of which is that the detection does not require the data owner to reveal the content of the sensitive data. Instead, only a small amount of specialized digests are needed. Our technique – referred to as the fuzzy fingerprint – can be used to detect accidental data leaks due to human errors or application flaws. The privacy-preserving feature of our algorithms minimizes the exposure of sensitive data and enables the data owner to safely delegate the detection to others.We describe how cloud providers can offer their customers data-leak detection as an add-on service with strong privacy guarantees. We perform extensive experimental evaluation on the privacy, efficiency, accuracy and noise tolerance of our techniques. Our evaluation results under various data-leak scenarios and setups show that our method can support accurate detection with very small number of false alarms, even when the presentation of the data has been transformed. It also indicates that the detection accuracy does not degrade when partial digests are used. We further provide a quantifiable method to measure the privacy guarantee offered by our fuzzy fingerprint framework

Survey on Data Leak Detection of Sensitive Data Exposure for Preserving Privacy

Now-a-days large amount of data leaks occur in various research institutions, organization and security firms. The data leakage occurs due to the improper protection to the data. Deliberately planned attacks, inadvertent leaks (e.g. forwarding confidential emails to unclassified email accounts), and human mistakes (e.g. assigning the wrong privilege) lead to most of the data-leak incidents .The common way is used to monitor the data that are stored in a organizational local network. However, this requirement is undesirable, as it may threaten the confidentiality of the sensitive information .For existing method we require plaintext sensitive data. A privacy preserving data-leak detection solution is proposed which can be outsourced and be deployed in a semi-honest detection environment. In this paper, fuzzy fingerprint technique is designed and implemented to enhance data privacy during data leak detection operation. The DLD provider computes fingerprints from network traffic and identifies potential leaks in them. The estimation result shows that this method can provide accurate detection

Distribution Grid Line Outage Detection with Privacy Data

Change point detection is important for many real-world applications. While sensor readings enable line outage identification, they bring privacy concerns by allowing an adversary to divulge sensitive information such as household occupancy and economic status. In this paper, to preserve privacy, we develop a decentralized randomizing scheme to ensure no direct exposure of each user's raw data. Brought by the randomizing scheme, the trade-off between privacy gain and degradation of change point detection performance is quantified via studying the differential privacy framework and the Kullback-Leibler divergence. Furthermore, we propose a novel statistic to mitigate the impact of randomness, making our detection procedure both privacy-preserving and have optimal performance. The results of comprehensive experiments show that our proposed framework can effectively find the outage with privacy guarantees.Comment: 5 page

Privacy-preserving automated exposure notification

Contact tracing is an essential component of public health efforts to slow the spread of COVID-19 and other infectious diseases. Automating parts of the contact tracing process has the potential to significantly increase its scalability and efficacy, but also raises an array of privacy concerns, including the risk of unwanted identification of infected individuals and clandestine collection of privacy-invasive data about the population at large. In this paper, we focus on automating the exposure notification part of contact tracing, which notifies people who have been in close proximity to infected people of their potential exposure to the virus. This work is among the first to focus on the privacy aspects of automated exposure notification. We introduce two privacy-preserving exposure notification schemes based on proximity detection. Both systems are decentralized - no central entity has access to sensitive data. The first scheme is simple and highly efficient, and provides strong privacy for non-diagnosed individuals and some privacy for diagnosed individuals. The second scheme provides enhanced privacy guarantees for diagnosed individuals, at some cost to efficiency. We provide formal definitions for automated exposure notification and its security, and we prove the security of our constructions with respect to these definitions.First author draf

Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version

Routes for breaching and protecting genetic privacy

We are entering the era of ubiquitous genetic information for research, clinical care, and personal curiosity. Sharing these datasets is vital for rapid progress in understanding the genetic basis of human diseases. However, one growing concern is the ability to protect the genetic privacy of the data originators. Here, we technically map threats to genetic privacy and discuss potential mitigation strategies for privacy-preserving dissemination of genetic data.Comment: Draft for comment